19 Sep 2019

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

The US Air Force wants to let hackers attempt to take over a satellite at next year’s Defcon cybersecurity conference in Las Vegas. This year, the Air Force let infosec experts at the conference have a go at an F-15 fighter-jet data system. Because the hackers exposed several severe vulnerabilities,

Read More
17 Sep 2019

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

New research by Independent Security Evaluators has uncovered a total of 125 security vulnerabilities in small office/home office (SOHO) routers and network-attached storage devices (NAS). The researchers tested 13 devices in total, from vendors including Asus, Lenovo and Netgear. The report warns that all of the devices under scrutiny “had

Read More
12 Sep 2019

Iranian Hackers Hit Over 60 Universities to Get Library Access

Between July and August of this year, Iranian state-backed hacking group Cobalt Dickens (aka Silent Librarian) targeted over 60 universities across four continents as part of a phishing campaign designed to obtain unauthorized access to university libraries. Secureworks tracked the campaign and recently revealed all known domains linked to the threat

Read More
12 Sep 2019

College student tried to hack into Trump’s taxes by creating a fake FAFSA application

Two US college students are facing up to two years in jail for trying to obtain unauthorized access to the tax returns of President Donald Trump. In 2016, when Trump was running for office, the students filled out a Free Application for Federal Student Aid (FAFSA) application using Trump’s social

Read More
12 Sep 2019

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers

A recently uncovered vulnerability in Instagram’s contact importer could have allowed threat actors to access private user data including full names, phone numbers and Instagram account numbers and handles. Facebook, which owns Instagram, has confirmed the flaw and resolved the issue. Exploitation of the vulnerability involved brute-forcing Instagram’s login form.

Read More
10 Sep 2019

Stealth Falcon Targets Middle East with Windows BITS Feature

New ESET research reveals that Stealth Falcon, a cyber espionage group targeting political activists and journalists in the Middle East, has changed tactics and is currently using a backdoor relying on Windows Background Intelligent Transfer Service (BITS), instead of the PowerShell-based backdoor used by the group in previous campaigns. The

Read More
10 Sep 2019

Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

Cybersecurity researchers with Vulnerability Lab have uncovered two security vulnerabilities in Imperial Dabman IoT radios that could enable attackers to gain control over more than a million devices and use them to plant malware, enslave them into a botnet, and retrieve sensitive data including the Wi-Fi password of the network

Read More
09 Sep 2019

Apple: Security Report on iPhone Hack Created ‘False Impression’

Apple on Friday slammed a recent Google report claiming that threat actors may have hacked into thousands of iPhones via an “indiscriminate” years-long campaign involving a number of malicious websites. According to Google, merely visiting one of the websites could have resulted in device exploitation along five different attack chains

Read More
06 Sep 2019

China Set Traps To Capture Dangerous NSA Cyberattack Weapons: New Report

A new report by Check Point indicates that Chinese state-backed hackers set deliberate traps to steal the NSA-linked cyber weapons that were leaked by the mysterious Shadow Brokers group in 2017. Earlier this year, Symantec already found evidence that Chinese cyber espionage group Buckeye (aka APT3, UPS Team, Gothic Panda,

Read More
06 Sep 2019

600,000 GPS trackers for people and pets are using 123456 as a password

Security researchers with Avast have discovered a range of critical flaws affecting around 600,000 GPS trackers designed for monitoring the location of children, seniors, and pets. The flaws include the presence of the same default password (123456) in all devices and the insecure transmission of data in plaintext. The vulnerabilities

Read More