reader comments 24 with 21 posters participating Share this story A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset… Read More »
Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) T3 Magazine/Getty Images reader comments 19 with 14 posters participating Share this story Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them… Read More »
reader comments 30 with 17 posters participating, including story author Share this story A couple of days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom.… Read More »
reader comments 41 with 35 posters participating, including story author Share this story Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide… Read More »
reader comments 60 with 47 posters participating Share this story Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website. The malware was a full-featured backdoor that was written from scratch, an indication that… Read More »
reader comments 11 with 11 posters participating Share this story Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the… Read More »
reader comments 67 with 51 posters participating, including story author Share this story The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam,… Read More »
Enlarge / You did a bad bad thing. reader comments 19 with 19 posters participating Share this story Governments, vigilantes, and criminal hackers have a new way to disrupt botnets running the widely used attack software Cobalt Strike, courtesy of research published on Wednesday. Cobalt Strike is a legitimate security tool used by penetration testers… Read More »
reader comments 59 with 43 posters participating Share this story Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity… Read More »
reader comments 116 with 71 posters participating Share this story The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful… Read More »