schwit1 shares a report from ZDNet: Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. SEO optimization is used by webmasters to…
Tag: compromise
Flaws In Zoom’s Keybase App Kept Chat Images From Being Deleted
chicksdaddy writes: The Security Ledger reports that a flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. However, it could…
Astrophysicists design ‘radically different’ world map
You know the old problem of how to portray the round globe of Earth on a flat map? Now a trio of map experts has worked together to solve this problem. Their new map is 2-sided and round. Source: https://earthsky.org/earth/astrophysicists-new-design-world-map…
SolarWinds Hack Was ‘Largest and Most Sophisticated Attack’ Ever, Microsoft President Says
A hacking campaign that used a U.S. tech company as a springboard to compromise a raft of U.S. government agencies is “the largest and most sophisticated attack the world has ever seen,” Microsoft Corp President Brad Smith said. From a report: The operation, which was identified in December and that the U.S. government has said was likely orchestrated by Russia, breached…
Misleading Viral Claims Show Dangers of Preprint Servers, Researchers Warn
Scientific researchers worry that the capacity for spreading misinformation “goes far beyond the big-name social media sites,” warns the Washington Post. Citing pre-print servers and unvetted “research repositories,” they note that “Any online platform without robust and potentially expensive safeguards is equally vulnerable.” “This is similar to the debate we’re having with Facebook and Twitter. To what degree are we creating…
Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say
Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn’t run the SolarWinds software initially considered the main avenue of attack for the…
After SolarWinds Breach, Lawmakers Ask NSA for Help in Cracking Juniper Cold Case
As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach…
FireEye Releases Tool For Auditing Networks for Techniques Used by SolarWinds Hackers
Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report: Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any…
Researchers Test UN’s Cybersecurity, Find Personal Data On 100K Employees
chicksdaddy shares a report from The Security Ledger: Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based GitHub development account used by the U.N. and lift data on more than 100,000 staff and employees, according to a report by The Security Ledger. Researchers affiliated with Sakura Samurai, a newly formed collective…
Sealed US Court Records Exposed In SolarWinds Breach
An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The…