Thousands of devices, including D-Link and Zyxel gear, remain vulnerable to takeover despite the availability of patches for the several bugs being exploited by IZ1H9 campaign.
...moreSummary
Top Articles:
- Exposed Travis CI API Leaves All Free-Tier Users Open to Attack
- Patch Now: Cisco AnyConnect Bug Exploit Released in the Wild
- WordPress Plug-in Ninja Forms Issues Update for Critical Bug
- SolarWinds Attackers Gear Up for Typosquatting Attacks
- Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
- GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
- Twitter 'Shadow Ban' Bug Gets Official CVE
- Facebook Bug Allows 2FA Bypass Via Instagram
- Jailbreak Trick Breaks ChatGPT Content Safeguards
- Intel Processor UEFI Source Code Leaked
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet
Published: 2023-10-09 19:15:30
Popularity: 38
Author: Dark Reading Staff, Dark Reading
Adobe Acrobat Reader Vuln Now Under Attack
Published: 2023-10-11 18:15:00
Popularity: 32
Author: Dark Reading Staff, Dark Reading
CISA flags use-after-free bug now being exploited in the wild.
...moreSIM Card Ownership Slashed in Burkina Faso
Published: 2023-10-20 18:05:00
Popularity: 17
Author: Dark Reading Staff, Dark Reading
Users could hold up to five SIM cards previously, but now they can only have two; it's a move that the government says is intended to cut down mobile spam levels.
...moreYubico Goes Public
Published: 2023-09-20 22:00:00
Popularity: 2
Author: Dark Reading Staff, Dark Reading
The Swedish maker of Yubikeys has merged with special purpose acquisition company ACQ Bure.
...morePatch Now: Cisco AnyConnect Bug Exploit Released in the Wild
Published: 2023-06-22 15:53:52
Popularity: 4887
Author: Dark Reading Staff, Dark Reading
A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.
...moreBilly Corgan Paid Off Hacker Who Threatened to Leak New Smashing Pumpkins Songs
Published: 2023-05-11 19:00:00
Popularity: 37
Author: Dark Reading Staff, Dark Reading
Corgan got FBI involved to track down the cybercriminal, who had stolen from other artists as well, he said.
...moreMeta Hit With $1.3B Record-Breaking Fine for GDPR Violations
Published: 2023-05-22 19:29:00
Popularity: 32
Author: Dark Reading Staff, Dark Reading
The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.
...moreTesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints
Published: 2023-05-26 17:32:00
Popularity: 28
Author: Dark Reading Staff, Dark Reading
Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.
...moreYet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
Published: 2023-05-31 21:08:00
Popularity: 192
Author: Dark Reading Staff, Dark Reading
The newly found misconfigured cloud services are discovered just two weeks after an initial data breach affecting millions came to light.
...moreHuman-Assisted CAPTCHA-Cracking Services Supercharge Shopper Bots
Published: 2023-05-30 21:39:00
Popularity: 48
Author: Dark Reading Staff, Dark Reading
On-demand human solvers are now augmenting automated website cyberattacks, offering a better way around tougher anti-bot puzzles.
...moreTwitter 'Shadow Ban' Bug Gets Official CVE
Published: 2023-04-06 19:20:29
Popularity: 94
Author: Dark Reading Staff, Dark Reading
A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.
...moreGitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository
Published: 2023-03-24 20:05:00
Popularity: 106
Author: Dark Reading Staff, Dark Reading
GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
...moreFacebook Bug Allows 2FA Bypass Via Instagram
Published: 2023-01-30 19:00:00
Popularity: 67
Author: Dark Reading Staff, Dark Reading
The Instagram rate-limiting bug, found by a rookie hunter, could be exploited to bypass Facebook 2FA in vulnerable apps, researcher reports.
...moreGoogle Fi Users Caught Up in T-Mobile Breach
Published: 2023-02-01 14:18:08
Popularity: 24
Author: Dark Reading Staff, Dark Reading
Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.
...moreJailbreak Trick Breaks ChatGPT Content Safeguards
Published: 2023-02-08 22:05:00
Popularity: 66
Author: Dark Reading Staff, Dark Reading
Jailbreak command creates ChatGPT alter ego DAN, willing to create content outside of its own content restriction controls.
...more$275M Fine for Meta After Facebook Data Scrape
Published: 2022-11-28 18:11:09
Popularity: 59
Author: Dark Reading Staff, Dark Reading
Meta has been found in violation of Europe's GDPR rules requiring the social media giant to protect user data by "design and default."
...moreIntel Processor UEFI Source Code Leaked
Published: 2022-10-11 17:49:46
Popularity: 66
Author: Dark Reading Staff, Dark Reading
Exposed code included private key for Intel Boot Guard, meaning it can no longer be trusted, according to a researcher.
...moreSignal to Ditch SMS/MMS Messaging on Android
Published: 2022-10-17 17:54:37
Popularity: 18
Author: Dark Reading Staff, Dark Reading
Main driver for the change: "Plaintext SMS messages are inherently insecure."
...moreIkea Smart Light System Flaw Lets Attackers Turn Bulbs on Full Blast
Published: 2022-10-05 20:00:00
Popularity: 59
Author: Dark Reading Staff, Dark Reading
With just one malformed Zigbee frame, attackers could take over certain Ikea smart lightbulbs, leaving users unable to turn the lights down.
...moreWhack-a-Mole: More Malicious PyPI Packages Spring Up Targeting Discord, Roblox
Published: 2022-08-16 18:51:56
Popularity: 19
Author: Dark Reading Staff, Dark Reading
Just as one crop of malware-laced software packages is taken down from the popular Python code repository, a new host arrives, looking to steal a raft of data.
...moreMalicious Chrome Extensions Plague 1.4M Users
Published: 2022-08-30 20:00:00
Popularity: 19
Author: Dark Reading Staff, Dark Reading
Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.
...moreWordPress Page Builder Plug-in Under Attack, Can't Be Patched
Published: 2022-07-18 17:55:01
Popularity: 29
Author: Dark Reading Staff, Dark Reading
An ongoing campaign is actively targeting the vulnerability in the Kaswara Modern WPBakery Page Builder Addon, which is still installed on up to 8,000 sites, security analysts warn.
...morePyPI Mandates 2FA, Plans Google Titan Key Giveaway
Published: 2022-07-12 22:42:37
Popularity: 23
Author: Dark Reading Staff, Dark Reading
Python's most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.
...moreWordPress Plug-in Ninja Forms Issues Update for Critical Bug
Published: 2022-06-17 18:53:38
Popularity: 4200
Author: Dark Reading Staff, Dark Reading
The code injection vulnerability is being actively exploited in the wild, researchers say.
...moreExposed Travis CI API Leaves All Free-Tier Users Open to Attack
Published: 2022-06-13 19:43:16
Popularity: 9178
Author: Dark Reading Staff, Dark Reading
Public Travis CI logs loaded with GitHub, AWS, Docker Hub account tokens, and other sensitive data could be leveraged for lateral cloud attacks.
...moreSolarWinds Attackers Gear Up for Typosquatting Attacks
Published: 2022-05-03 20:35:19
Popularity: 451
Author: Dark Reading Staff, Dark Reading
The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
...moreDetails Released on SonicWall Flaws in SMA-100 Devices
Published: 2022-01-11 19:05:00
Popularity: 20
Author: Dark Reading Staff, Dark Reading
The most serious of the five vulnerabilities disclosed today can lead to unauthenticated remote code execution on affected devices.
...more