Getty Images reader comments 16 Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian… Read More »
Getty Images reader comments 61 Password-manager LastPass users were recently targeted by a convincing phishing campaign that used a combination of email, SMS, and voice calls to trick targets into divulging their master passwords, company officials said. The attackers used an advanced phishing-as-a-service kit discovered in February by researchers from mobile security firm Lookout. Dubbed… Read More »
reader comments 24 Kremlin-backed actors have stepped up efforts to interfere with the US presidential election by planting disinformation and false narratives on social media and fake news sites, analysts with Microsoft reported Wednesday. The analysts have identified several unique influence-peddling groups affiliated with the Russian government seeking to influence the election outcome, with the… Read More »
Matejmo | Getty Images reader comments 14 Cisco’s Talos security team is warning of a large-scale credential compromise campaign that’s indiscriminately assailing networks with login attempts aimed at gaining unauthorized access to VPN, SSH, and web application accounts. The login attempts use both generic usernames and valid usernames targeted at specific organizations. Cisco included a… Read More »
reader comments 88 When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. Despite the angst among policymakers, security experts, and competitors, Microsoft faced no consequences for its latest embarrassing failure. The United… Read More »
Getty Images reader comments 28 Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million. The indictment, filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles… Read More »
Enlarge / The Framework Laptop 13. Andrew Cunningham reader comments 16 Since Framework showed off its first prototypes in February 2021, we’ve generally been fans of the company’s modular, repairable, upgradeable laptops. Not that the company’s hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and flaws that range from… Read More »
reader comments 7 For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still. In March, the ransomware group… Read More »
reader comments 14 Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges,… Read More »
reader comments 24 Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly or indirectly incorporated it into their products. Researchers from security firm Binarly… Read More »