Tag Archives: exploits

Hackers hammer SpringShell vulnerability in attempt to install cryptominers

Getty Images reader comments 5 with 4 posters participating Share this story Malicious hackers have been hammering servers with attacks that exploit the recently discovered SpringShell vulnerability in an attempt to install cryptomining malware, researchers said. SpringShell came to light late last month when a researcher demonstrated how it could be used to remotely execute… Read More »

Trend says hackers have weaponized SpringShell to install Mirai malware

Getty Images reader comments 3 with 3 posters participating Share this story Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open-source piece of malware that wrangles routers and other network-connected devices into sprawling botnets. When SpringShell (also known as… Read More »

Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks

reader comments 5 with 5 posters participating Share this story Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses. The flaw is an authentication bypass vulnerability that stems from… Read More »

Explaining Spring4Shell: The Internet security disaster that wasn’t

Getty Images reader comments 8 with 8 posters participating Share this story Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug… Read More »

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22

reader comments 24 with 21 posters participating Share this story A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset… Read More »

Attackers can force Amazon Echos to hack themselves with self-issued commands

Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) T3 Magazine/Getty Images reader comments 19 with 14 posters participating Share this story Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them… Read More »

Hacking group is on a tear, hitting US critical infrastructure and SF 49ers

reader comments 30 with 17 posters participating, including story author Share this story A couple of days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom.… Read More »

A bug lurking for 12 years gives attackers root on every major Linux distro

reader comments 41 with 35 posters participating, including story author Share this story Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide… Read More »

Booby-trapped sites delivered potent new backdoor trojan to macOS users

reader comments 60 with 47 posters participating Share this story Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website. The malware was a full-featured backdoor that was written from scratch, an indication that… Read More »

If you like the data on your WD My Cloud OS 3 device, patch it now

reader comments 11 with 11 posters participating Share this story Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the… Read More »