“Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years,” reports CNN. The password in question, “solarwinds123,” was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server… It is still…
Tag: malicious
Clubhouse Chats Are Breached, Raising Concerns Over Security
A week after popular audio chatroom app Clubhouse said it was taking steps to ensure user data couldn’t be stolen by malicious hackers or spies, at least one attacker has proven the platform’s live audio can be siphoned. From a report: An unidentified user was able to stream Clubhouse audio feeds this weekend from “multiple rooms” into their own third-party website,…
Apple Is Going To Make It Harder to Hack iPhones With Zero-Click Attacks
Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version,…
The Long Hack: How China Exploited a U.S. Tech Supplier
Supermicro chips and software were tampered with by Chinese operatives in the past decade, Bloomberg reported Friday, doubling down on its 2018 report that was widely disputed by several tech giants and government agencies. Today’s report says that U.S. security and defense officials knew of the hack but kept it secret in an effort to learn more about China’s hacking capabilities….
Iran ‘Hides Spyware in Wallpaper, Restaurant and Games Apps’
Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents, according to a leading cyber-security company. From a report: The efforts were directed against individuals in Iran and 12 other countries, including the UK and US, Check Point said. It said the two groups involved were using new techniques to install spyware on targets’ PCs and mobile devices….
Google Chrome Sync Feature Can Be Abused For C&C and Data Exfiltration
Threat actors have discovered they can abuse the Google Chrome sync feature to send commands to infected browsers and steal data from infected systems, bypassing traditional firewalls and other network defenses. From a report: For non-Chrome users, Chrome sync is a feature of the Chrome web browser that stores copies of a user’s Chrome bookmarks, browsing history, passwords, and browser and…
Google Boots ‘The Great Suspender’ Off the Chrome Web Store For Being Malware
Google has blocked The Great Suspender extension from the Chrome store “because it contains malware.” The extension was very popular for users running Chrome with 8GB or less of RAM, as it would automatically suspend tabs you hadn’t used in a while, freeing up precious memory and CPU power. It would then allow you to return to the tab and reload…
Google Gave Top Spot For ‘Home Depot’ Searches to a Malicious Ad
“A malicious Home Depot advertising campaign is redirecting Google search visitors to tech support scams,” claims Bleeping Computer. Slashdot reader nickwinlund77 shares their report: BleepingComputer searched for ‘home depot’ and was shown the malicious advertisement on our first try. Even worse, the ad is the top spot in the research result, making it more likely to be clicked… [T]he ad clearly…
Trump Seeks To Curb Foreign Cyber Meddling on Last Day in Office
Outgoing President Donald Trump has signed an executive order aimed at thwarting foreign use of cloud computing products for malicious cyber operations against the United States, the White House said on Tuesday, Trump’s last full day in office. From a report: The order, first reported by Reuters, gives the Commerce Department authority to write rules to bar transactions with foreigners in…
MacOS Malware Used Run-Only AppleScripts To Avoid Detection For Five Years
An anonymous reader quotes a report from ZDNet: For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised…