reader comments 55 with 26 posters participating Share this story The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published… Read More »
reader comments 29 with 24 posters participating Share this story SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line. Microsoft discovered the exploits and privately reported them… Read More »
reader comments 14 with 11 posters participating Share this story Morgan Stanley suffered a data breach that exposed sensitive customer data, and it became the latest known casualty of hackers exploiting a series of now-patched vulnerabilities in Accellion FTA, a widely used third-party file-transfer service. The data obtained included names, addresses dates of birth, social… Read More »
reader comments 39 with 29 posters participating Share this story An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. The threat, colloquially known as PrintNightmare, stems… Read More »
Getty Images reader comments 180 with 135 posters participating Share this story Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. The vulnerability is remarkable… Read More »
reader comments 40 with 35 posters participating Share this story A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software. The vulnerability, tracked as… Read More »
reader comments 35 with 25 posters participating, including story author Share this story Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said. The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that… Read More »
reader comments 24 with 21 posters participating Share this story Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has… Read More »
Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. reader comments 37 with 30 posters participating Share this story A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company… Read More »
Getty Images reader comments 23 with 19 posters participating Share this story At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday. The vulnerabilities in Pulse Connect Secure, a VPN that… Read More »