Getty Images reader comments 63 with 54 posters participating Share this story When Apple released the latest version 11.3 for macOS on Monday, it didn’t just introduce support for new features and optimizations. More importantly, the company fixed a zero-day vulnerability that hackers were actively exploiting to install malware without triggering core Mac security mechanisms,… Read More »
reader comments 38 with 31 posters participating Share this story For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—the brainchild behind the Signal messaging app—has turned the tables. On Wednesday, Marlinspike… Read More »
reader comments 51 with 41 posters participating Share this story Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said. At least one of the security… Read More »
Getty Images reader comments 15 with 13 posters participating Share this story A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities, a researcher said. Research company Juniper started monitoring what it’s calling the Sysrv botnet in December. One of the botnet’s… Read More »
Getty Images reader comments 15 with 13 posters participating Share this story Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. The ransomware known as Cring came to public attention… Read More »
reader comments 1 with 1 posters participating Share this story The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities… Read More »
(credit: Aurich Lawson / Ars Technica) Microsoft Exchange servers compromised in a first round of attacks are getting infected for a second time by a ransomware gang that is trying to profit from a rash of exploits that caught organizations around the world flat-footed. The ransomware—known as Black Kingdom, DEMON, and DemonWare—is demanding $10,000 for… Read More »
Getty Images reader comments 27 with 23 posters participating Share this story In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5… Read More »
reader comments 39 with 32 posters participating Share this story A team of advanced hackers exploited no fewer than 11 zeroday vulnerabilities in a nine-month campaign that used compromised websites to infect fully patched devices running Windows, iOS, and Android, a Google researcher said. Using novel exploitation and obfuscation techniques, a mastery of a wide… Read More »
reader comments 48 with 41 posters participating Share this story The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did… Read More »