20793 matches found
Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...
Google Speech-to-Text API Can Help Attackers Easily Bypass Google reCAPTCHA
A three-year-old attack technique to bypass Google's audio reCAPTCHA by using its own Speech-to-Text API has been found to still work with 97% accuracy. Researcher Nikolai Tschacher disclosed his findings in a proof-of-concept PoC of the attack on January 2. "The idea of the attack is very simple...
British Court Rejects U.S. Request to Extradite WikiLeaks' Julian Assange
A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa...
British Court Rejects U.S. Request to Extradite WikiLeaks' Julian Assange
A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the country on charges pertaining to illegally obtaining and sharing classified material related to national security. In a hearing at Westminster Magistrates' Court today, Judge Vanessa...
Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company
Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...
Ticketmaster To Pay $10 Million Fine For Hacking A Rival Company
Ticketmaster has agreed to pay a $10 million fine after being charged with illegally accessing computer systems of a competitor repeatedly between 2013 and 2015 in an attempt to "cut the company off at the knees." A subsidiary of Live Nation, the California-based ticket sales and distribution...
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 CVSS score 7.8,...
Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...
Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code
Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...
A Google Docs Bug Could Have Allowed Hackers See Your Private Documents
Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...
AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users
Threat actors have been discovered distributing a new credential stealer written in AutoHotkey AHK scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a...
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as a zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used t...
Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...
Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data
21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo.com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber...
Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on...
Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on...
Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...
Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller ADC devices that attackers are abusing to launch amplified distributed denial-of-service DDoS attacks against several targets. "An attacker or bots can overwhe...
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...
Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to rectify it with...
North Korean Hackers Trying to Steal COVID-19 Vaccine Research
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a...
North Korean Hackers Trying to Steal COVID-19 Vaccine Research
Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a...
How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis
As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government...
How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis
As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government...
Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace
The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...
Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace
The US Federal Bureau of Investigation FBI and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week ...
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
The US Cybersecurity Infrastructure and Security Agency CISA has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service DoS attacks. The four flaws affect...
New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
The US Cybersecurity Infrastructure and Security Agency CISA has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service DoS attacks. The four flaws affect...
Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action
Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre EC3, announced today the coordinated takedown of Safe-Inet, a popular virtual private network VPN service that was used to facilitate criminal activity. The three domai...
Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action
Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre EC3, announced today the coordinated takedown of Safe-Inet, a popular virtual private network VPN service that was used to facilitate criminal activity. The three domai...
A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...
A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says
As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the...
Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...
Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
A team of researchers today unveiled two critical security vulnerabilities in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provide...
Common Security Misconfigurations and Their Consequences
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...
Common Security Misconfigurations and Their Consequences
Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first o...
iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit
Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...
iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit
Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36...
Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...
Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack
The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of...
How to Use Password Length to Set Best Password Expiration Policy
One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limite...
How to Use Password Length to Set Best Password Expiration Policy
One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limite...
Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority VGCA that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, t...
Software Supply-Chain Attack Hits Vietnam Government Certification Authority
Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority VGCA that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, t...
New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...
New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A ne...