Tag Archives: Tech

Security firm Malwarebytes was infected by same hackers who hit SolarWinds

reader comments 24 with 17 posters participating Share this story Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies. The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system and using it to infect… Read More »

How law enforcement gets around your smartphone’s encryption

Enlarge / Uberwachung, Symbolbild, Datensicherheit, Datenhoheit Westend61 | Getty Images reader comments 61 with 41 posters participating Share this story Lawmakers and law enforcement agencies around the world, including in the United States, have increasingly called for backdoors in the encryption schemes that protect your data, arguing that national security is at stake. But new… Read More »

The NSA warns enterprises to beware of third-party DNS resolvers

Getty Images reader comments 74 with 43 posters participating Share this story DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over… Read More »

Hackers used 4 zero-days to infect Windows and Android devices

reader comments 8 with 8 posters participating Share this story Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside… Read More »

Hackers steal Mimecast certificate used to encrypt customers’ M365 traffic

reader comments 19 with 16 posters participating Share this story Email management provider Mimecast said that hackers have compromised a digital certificate it issued and used it to target select customers who use it to encrypt data they sent and received through the company’s cloud-based service. In a post published on Tuesday, the company said… Read More »

SolarWinds malware has “curious” ties to Russian-speaking hackers

reader comments 25 with 16 posters participating Share this story The malware used to hack Microsoft, security company FireEye, and at least a half-dozen federal agencies has “interesting similarities” to malicious software that has been circulating since at least 2015, researchers said on Monday. Sunburst is the name security researchers have given to malware that… Read More »

Hackers can clone Google Titan 2FA keys using a side channel in NXP chips

reader comments 45 with 37 posters participating Share this story There’s wide consensus among security experts that physical two-factor authentication keys provide the most effective protection against account takeovers. Research published today doesn’t change that, but it does show how malicious attackers with physical possession of a Google Titan key can clone it. There are… Read More »

DoJ says SolarWinds hackers breached its Office 365 system and read email

reader comments 34 with 21 posters participating Share this story The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said… Read More »

Bucking Trump, NSA and FBI say Russia was “likely” behind SolarWinds hack

Enlarge / Side view of colorful St. Basil’s Cathedral in Moscow on Red Square in front of the Kremlin, Russia. reader comments 15 with 12 posters participating Share this story Hackers working for the Russian government were “likely” behind the software supply chain attack that planted a backdoor in the networks of 180,000 private companies… Read More »