GitHub has made its automated code-scanning tools available to all open-source projects free of charge. The aim, said the code repo house, is to help developers suss out potential security vulnerabilities ahead of time, and to do so at a scale that will work for both small and large projects. The feature, based on the Read more about GitHub blasts code-scanning tool into all open-source projects[…]
There’s a hacker/security researcher with the Twitter handle GreenTheOnly that has been doing some interesting work with used Tesla parts. This time specifically, he’s acquired three Tesla Model 3 integrated media control units (MCU) and Autopilot (HW) units (known as the ICE computer, just for Models 3 and Y), and a Model X MCU unit. Read more about Researcher Discovers That Old Tesla Media Control Units Are Full Of Owner’s Private Data Even After A Factory Reset[…]
Not only can malicious people make airliners climb and dive without pilot input – they can also control where and when they do so, research from Pen Test Partners (PTP) has found. TCAS spoofing, the practice of fooling collision detection systems aboard airliners, can be controlled to precisely determine whether an airliner fitted with TCAS Read more about Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers[…]
Israeli cyber-security side-channel expert Mordechai Guri has devised a way to pilfer data from devices that have been air-gapped and silenced. Organizations with extreme security needs may keep certain computer hardware disconnected from any network, a practice known as air-gapping, to preclude the possibility of miscreants hacking in from compromised systems on the network, or Read more about OK, so you’ve air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit…[…]
De Universiteit Antwerpen verbiedt het gebruik van videobelapp Zoom. De applicatie zou niet veilig genoeg en de universiteit wil geen risico’s nemen nadat men vorig jaar al eens het slachtoffer is geworden van een cyberaanval. Ook Google en de Amerikaanse ruimtevaartorganisatie NASA namen onlangs het besluit om Zoom niet meer te gebruiken. Bij de stad Read more about Antwerpen Uni bans video app Zoom – city of Antwerp is stupid enough to keep using it[…]
Netsweeper’s internet filter has a nasty security vulnerability that can be exploited to hijack the host server and tamper with lists of blocked websites. There are no known fixes right now. For those unfamiliar, Netsweeper makes software that monitors and blocks connections to undesirable websites and servers. It’s aimed at parents, schools, government offices, and Read more about annoying Netsweeper internet filter comes with a pre-auth remote-command execution hole and there’s no patch[…]
An employee of controversial surveillance vendor NSO Group abused access to the company’s powerful hacking technology to target a love interest, Motherboard has learned. The previously unreported news is a serious abuse of NSO’s products, which are typically used by law enforcement and intelligence agencies. The episode also highlights that potent surveillance technology such as Read more about NSO Employee Abused Phone Hacking Tech to Target a Love Interest[…]
A vulnerability existed in Microsoft’s Slack for Suits tool, Teams, that could have let a remote attacker take over accounts by simply sending a malicious GIF, infosec researchers claim. The pwn-with-GIF vuln was possible, said Cyberark, thanks to two compromisable Microsoft subdomains along with a carefully crafted animated image file. Although it was a responsibly Read more about We could have pwned Microsoft Teams with a GIF, claims Israeli infosec outfit[…]
In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal. The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. Read more about Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard[…]
Financial Times reporter Mark Di Stefano allegedly spied on Zoom meetings at rival newspapers the Independent and the Evening Standard to get scoops on staff cuts and furloughs due to the coronavirus pandemic, according to a report from the UK’s Independent. And Di Stefano he did a comedically bad job of covering his tracks. Di Read more about Journalist Allegedly Spied on Zoom Meetings of Rivals in Hilariously Dumb Ways[…]
IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure. At least some versions of the Linux-powered suite included four exploitable holes, identified and, at first, privately disclosed by security researcher Pedro Ribeiro at no charge. Three are considered to be critical, and one is high risk. Read more about IBM No-auth remote root exec exploit in Data Risk Manager (an enterprise security program!) drops after Big Blue snubs bug report[…]
One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. Read more about Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox – in 2018![…]
Bitdefender researchers have recently found spearphishing campaigns, either impersonating a well-known Egyptian engineering contractor or a shipment company, dropping the Agent Tesla spyware Trojan. The impersonated engineering contractor (Enppi – Engineering for Petroleum and Process Industries) has experience in onshore and offshore projects in oil and gas, with attackers abusing its reputation to target the Read more about Oil & Gas Spearphishing Campaigns Drop Agent Tesla Spyware in Advance of Historic OPEC+ Deal[…]
Since it exploded onto the scene in January after a newspaper exposé, Clearview AI quickly became one of the most elusive, secretive and reviled companies in the tech startup scene. The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged Read more about Security lapse exposed creepy Clearview AI source code[…]
A critical vulnerability in VMware’s vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the Read more about That critical VMware vuln allowed anyone on your network to create new admin users, no creds needed[…]
India has effectively banned videoconferencing service Zoom for government users and repeated warnings that consumers need to be careful when using the tool. The nation’s Cyber Coordination Centre has issued advice (PDF) titled “Advisory on Secure use of Zoom meeting platform by private individuals (not for use by government offices/officials for official purpose)”. The document Read more about India says ‘Zoom is a not a safe platform’ and bans government users[…]
In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures. The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a Read more about The secret behind “unkillable” Android backdoor called xHelper has been revealed[…]
Router biz Linksys has reset all its customers’ Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. The mass reset took place after all user accounts were locked on 2 April, following infosec firm Bitdefender revealing that malicious persons were pwning Linksys devices through cred-stuffing attacks. Hackers Read more about Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware[…]
Over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free. These credentials are gathered through credential stuffing attacks where threat actors attempt to login to Zoom using accounts leaked in older data breaches. The successful logins are Read more about Over 500,000 Zoom accounts sold on hacker forums, some being given away for free[…]
As much of the world works from home, an explosion of video conference calls has provided a playground not just for Zoombombers, phishermen and cybercriminals, but also for spies. Everyone from top business executives to government officials and scientists are using conferencing apps to stay in touch during the new coronavirus lockdowns and U.S. counterintelligence Read more about Foreign Spies Target Zoom, U.S. Intel Officials Say[…]
US senators have been advised not to use videoconferencing platform Zoom over security concerns, the Financial Times reports. According to three people briefed on the matter, the Senate sergeant-at-arms – whose job it is to run law enforcement and security on the Capitol – told senators to find alternative methods for remote working, although he Read more about The US Senate reportedly advised members to stop using Zoom[…]
Singapore has suspended the use of video-conferencing tool Zoom by teachers after “very serious incidents” in the first week of a coronavirus lockdown that has seen schools move to home-based learning. FILE PHOTO: FILE PHOTO: Zoom logo is seen in front of diplayed coronavirus disease (COVID-19) in this illustration taken March 19, 2020. REUTERS/Dado Ruvic/Illustration Read more about Singapore stops teachers using Zoom app after ‘very serious incidents’ (Zoom bombing)[…]
PIJNACKER – Het Stanislascollege in Pijnacker stopt per direct met het gebruik van de video-app Zoom voor het geven van online lessen. De school heeft meerdere berichten ontvangen van leerlingen, ouders en docenten dat er tijdens de lessen beelden of teksten te zien zijn die niet door de beugel kunnen. Woensdag besloot het Zoetermeerse Erasmus Read more about Stanislascollege Pijnacker stopt ook met Zoom door ‘beelden die niet door de beugel kunnen’: porno en Hitler snor tijdens Duits[…]
ZOETERMEER – Leerlingen van een klas van het Zoetermeerse Erasmus College hebben woensdagochtend, tijdens een les via de video-app Zoom, pornobeelden te zien gekregen. De school is onmiddellijk gestopt met het gebruik van Zoom. ‘We snappen dat jullie ontzettend geschrokken zijn’, schrijft de school in een mail aan de betreffende leerlingen. ‘We hebben natuurlijk direct Read more about Porno tijdens online les van Zoetermeerse school dus stoppen met Zoom[…]
For decades, the use of fingerprints to authenticate users to computers, networks, and restricted areas was (with a few notable exceptions) mostly limited to large and well-resourced organizations that used specialized and expensive equipment. That all changed in 2013 when Apple introduced TouchID. Within a few years, fingerprint-based validation became available to the masses as Read more about Attackers can bypass fingerprint authentication with an ~80% success rate[…]