Microsoft-Owned GitHub Takes Down Exchange Server ExploitSecurity researchers warned this week that a full, public proof-of-concept exploit for recently-patched Microsoft Exchange Server vulnerabilities would further roil a hacking frenzy that had already escalated in recent days.
Longtime Mac security researcher Patrick Wardle published findings on Wednesday about a Safari adware extension that was originally written to run on Intel x86 chips, but has now been redeveloped specifically for M1.
But independent security researcher Andrea Downing says the stakes are much higher should active duty members of the US military—many of whom would likely get caught up in broader Facebook targeting of this sort—face misinformation online that could impact their understanding of world events or expose them to scams.
The global effort, known as Operation Ladybird, coordinated with private security researchers to disrupt and take over Emotet's command-and-control infrastructure—located in more than 90 countries, according to Ukrainian police—while simultaneously arresting at least two of the cybercriminal crew's Ukrainian members.
There will be more news to come about the SolarWinds supply chain attack and possible other elements of the extensive campaign, but in the meantime officials, security practitioners, and researchers are all puzzling over questions of where to draw the line on global espionage and how to deter destructive and otherwise unacceptable hacking.
But one security researcher has shown how vulnerabilities in the Tesla Model X's keyless entry system allow a different sort of update: A hacker could rewrite the firmware of a key fob via Bluetooth connection, lift an unlock code from the fob, and use it to steal a Model X in just a matter of minutes.
Earlier this week, Dutch security researcher Victor Gevers told De Volkskrant that he had recently accessed Donald Trump's Twitter account simply by guessing the password: maga2020!A few days later, he says, he saw that Trump's Twitter account had added two-factor authentication, freezing him out.
And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier.
Today at the digital Virus Bulletin security conference, Facebook researchers presented a detailed picture of how the malware, dubbed SilentFade, actually works and some of its novel methods, including proactively blocking a user's notifications so the victim wouldn't be aware that anything was amiss.
At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnets—made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.
There are still plenty of details outstanding about how they might have pulled it off, but court documents show how a trail of bitcoin and IP addresses led investigators to the alleged hackers .A Garmin ransomware hack disrupted more than just workouts during a days-long outage; security researchers see it as part of a troubling trend of "big game hunting" among ransomware groups .
Plus, most jailbreaks only work on outdated hardware and old versions of the firmware, Apple argues, because the vulnerabilities used to achieve jailbreaks get patched.iOS-focused security researchers told WIRED on Wednesday that the new devices will be useful in many ways.
And we took a fresh look at an old debate: whether TikTok actually poses a security threat to the US.Russian hackers are targeting Covid-19 vaccine research .
The units F-Secure analyzed posed as Cisco Catalyst 2960-X Series switches—trusted devices that connect computers on an internal network to route data between them.In their analysis, the F-Secure researchers found subtle cosmetic differences between the counterfeit devices and a genuine Cisco 2960-X Series switch used for reference.
Security researchers have long insisted, though, that there is no technical way to build a backdoor in encryption for law enforcement that won't fundamentally undermine the protection.But Evil Corp's activity is notable, because the group was indicted by the Justice Department in December for hacking.
An arm of the nonprofit Internet Security Research Group, Let’s Encrypt is a so-called certificate authority that lets websites implement encrypted connections at no cost.Let's Encrypt uses software called Boulder to make sure that it's allowed to issue a certificate to a site.
In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.
Security researcher Oliver Hough found a database with information related to 51,000 customer service interactions, which included some personally identifiable information and full online chats.
Last year, the company began paying bounties for certain bugs researchers might find in third-party services that integrate with Facebook.“Reports submitted to us thanks to security researchers allow us to learn from their insights," says Dan Gurfinkel, who heads Facebook's bug bounty program.
This afternoon, its organizers released findings from this year's event—including urgent vulnerabilities from a decade ago that still plague voting machines currently in use.Participants vetted dozens of voting machines at Defcon this year, including a prototype model built on secure, verified hardware through a Defense Advanced Research Projects Agency program.
"If you want to compromise an iPhone, these are the best ways to do it," says independent security researcher Linus Henze of the two apps.
But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.
At the Defcon hacker conference today, independent security researcher Pedro Cabrera showed off in a series of hacking proofs-of-concept attacks how modern TVs—and particularly Smart TVs that use the internet-connected HbbTV standard implemented in his native Spain, across Europe, and much of the rest of the world—remain vulnerable to hackers.
But a group of security researchers told Motherboard this week they found what look like election infrastructure online in 10 states, including swing states like Wisconsin, Michigan, and Florida.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.
Ars Technica reporter Dan Goodin brings the news of a major new privacy failure recently unearthed by security researchers: widely used Chrome and Firefox browser extensions scraped and sold the data of more than 4.1 million people, until the researcher alerted Google and Mozilla.
Cybereason says that the company found no evidence that the hackers stole the actual content of communications from victims, but the firm's principal security researcher Amit Serper argues that the metadata alone—device and SIM identifiers, call records, and which cell tower a phone connected to at any given time—can provide a frighteningly high-resolution picture of a target's life.
Scammers are taking advantage of default calendar settings to try to trick users into clicking malicious links. "For the calendar attack, the scammers use a prepared email list to send their fraudulent invitations," says Maria Vergelis, a security researcher at Kaspersky who has been following the method.