Getty Images reader comments 9 Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft decommissioned… Read More »
Getty Images reader comments 19 One of the most widely used network protocols is vulnerable to a newly discovered attack that can allow adversaries to gain control over a range of environments, including industrial controllers, telecommunications services, ISPs, and all manner of enterprise networks. Short for Remote Authentication Dial-In User Service, RADIUS harkens back to… Read More »
reader comments 45 This story was originally published by ProPublica. Investigating how the world’s largest software provider handles the security of its own ubiquitous products. After Russian intelligence launched one of the most devastating cyber espionage attacks in history against US government agencies, the Biden administration set up a new board and tasked it to… Read More »
Getty Images reader comments 33 More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t… Read More »
reader comments 23 Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to give attackers complete control of Linux and Unix servers with no authentication required. The vulnerability, tracked as CVE-2024-6387, allows unauthenticated remote code execution with root system rights on Linux systems that are based on glibc,… Read More »
Aurich Lawson reader comments 19 Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to supply-chain attacks. Hackers could have added malicious code compromising the security of millions or billions of people who installed them, researchers said Monday. The vulnerabilities, which were fixed last October, resided in a “trunk”… Read More »
reader comments 70 Cryptocurrency has always made a ripe target for theft—and not just hacking, but the old-fashioned, up-close-and-personal kind, too. Given that it can be irreversibly transferred in seconds with little more than a password, it’s perhaps no surprise that thieves have occasionally sought to steal crypto in home-invasion burglaries and even kidnappings. But… Read More »
Getty Images reader comments 34 Mac malware that steals passwords, cryptocurrency wallets, and other sensitive data has been spotted circulating through Google ads, making it at least the second time in as many months the widely used ad platform has been abused to infect web surfers. The latest ads, found by security firm Malwarebytes on… Read More »
reader comments 35 A critical vulnerability recently discovered in a widely used piece of software is putting huge swaths of the Internet at risk of devastating hacks, and attackers have already begun actively trying to exploit it in real-world attacks, researchers warn. The software, known as MOVEit and sold by Progress Software, allows enterprises to… Read More »
reader comments 18 WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the… Read More »