Starting June 8, Amazon will automatically enable a feature on your Alexa, Echo, or other Amazon device that will share some of your Internet bandwidth with your neighbors—unless you choose to opt out. Amazon intends to register its family of hardware devices that are operational in the U.S.—including Echo speakers, Ring Video Doorbells, Ring Floodlight […]
Read MoreAre you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn’t. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory – this means […]
Read MoreSiemens on Friday shipped firmed updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker’s “holy grail.” […]
Read MoreCybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document’s visible content by displaying malicious content over the certified content without invalidating its signature. “The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under […]
Read MoreA website for the M1racles M1 Apple chip flaw discovered by independent researcher Hector Martin. Some in the security research community are concerned that over marketing of vulnerability disclosures are misleading the public about their true impact. Earlier this week, a well-respected security researcher released new details on a hardware flaw in a brand new […]
Read MoreFBI’s cyber division personnel in front of a computer screen. (FBI) The breach aggregator Have I Been Pwned, one of the most popular tools to test the real-world strength of passwords, made two significant announcements on Friday: A collaboration with the FBI to obtain new, hacked passwords, and contributing some of its code-base to the […]
Read MoreCybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed “Facefish” by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to […]
Read MoreMicrosoft on Thursday disclosed that the threat actor behind the SolarWinds supply chain hack returned to the threat landscape to target government agencies, think tanks, consultants, and non-governmental organizations located across 24 countries, including the U.S. “This wave of attacks targeted approximately 3,000 email accounts at more than 150 different organizations,” Tom Burt, Microsoft’s Corporate […]
Read MoreToday’s columnist, Morey Haber of BeyondTrust, points out that in the SolarWinds case, lateral movement took place via auto-updates and not asset-to-asset and device-to-device. sfoskett CreativeCommons CC BY-NC-SA 2.0 We often hear the term lateral movement in the course of an attack. It’s used in relation to threat actors leveraging the stolen credentials of one […]
Read MoreCybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures (TTPs) adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye’s Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717, […]
Read More