A Facebook Messenger Flaw Could Have Let Hackers Listen In

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Discovered by Natalie Silvanovich of Google's Project Zero bug hunting team , the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack.

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit

The indictment also lays out new details of Sandworm's targeting of the nation of Georgia in 2019, which included an attempt to compromise the Georgian parliament in addition to a previously known campaign of web defacements across the country's internet, affecting 15,000 sites .Perhaps most significantly, the criminal charges mark the first global law enforcement response targeting Sandworm's hackers for their release of the NotPetya malware that ravaged networks across the world .

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

And we took a closer look at the election threats that US intelligence officials are actually worried about .Hackers managed to break into Facebook accounts and steal $4 million dollars that they spent on ads.

A Ransomware Attack Has Struck a Major US Hospital Chain

A Ransomware Attack Has Struck a Major US Hospital Chain

The company's statement did confirm that the "IT network across Universal Health Services facilities is currently offline, due to an IT security issue," and that patient and employee data appear not to have been compromised in the attack.

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hackers Target Porn Site Visitors Using Flash and Internet Explorer

Hartford invested roughly $500,000 last year to improve its cybersecurity defenses, and officials said that while this did not stop the attack, it did help the city recover quickly.šŸ“© Want the latest on tech, science, and more?

A Critical Flaw Is Affecting Thousands of WordPress Sites

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.

A Tesla Employee Thwarted an Alleged Ransomware Plot

A Tesla Employee Thwarted an Alleged Ransomware Plot

The next day, Kriuchkov took his Tesla contact to a Reno bar and made the offer: Half a million dollars in cash or bitcoin to install malware on Tesla's network, using either a USB drive or by opening an email's malicious attachment.

An Alexa Bug Could Have Exposed Your Voice History to Hackers

An Alexa Bug Could Have Exposed Your Voice History to Hackers

Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses.

Hackers Could Use IoT Botnets to Manipulate Energy Markets

Hackers Could Use IoT Botnets to Manipulate Energy Markets

At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnetsā€”made up of power-guzzling devices like air conditioners, car chargers, and smart thermostatsā€”could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.

Thieves Are Emptying ATMs Using a New Form of Jackpotting

Thieves Are Emptying ATMs Using a New Form of Jackpotting

In previous jackpotting attacks, the attached devices, known in the industry as black boxes, usually invoked programming interfaces contained in the ATM operating system to funnel commands that ultimately reached the hardware component that dispenses cash.

The Twitter Hack Could Have Been Much Worseā€”and Maybe Was

The Twitter Hack Could Have Been Much Worseā€”and Maybe Was

While the internal Twitter tool does not appear to let admins tweet on behalf of users, it does seemingly let them change the associated email account, which would make it relatively easy to take over a handle.

Microsoft Warns of a 17-Year-Old ā€˜Wormableā€™ Bug

Microsoft Warns of a 17-Year-Old ā€˜Wormableā€™ Bug

On top of all of that, says Check Point's head of vulnerability research Omri Herscovici, the Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack.

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them.

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm , a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agentā€”an alternative to bigger players like Exchange and Sendmailā€”running on email servers around the world.

Cryptocurrency Hardware Wallets Can Get Hacked Too

Cryptocurrency Hardware Wallets Can Get Hacked Too

Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February.The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target's PIN in the field.

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs. On Sunday, Eindhoven University of Technology researcher Bjƶrn Ruytenberg revealed the details of a new attack method he's calling Thunderspy.

The Covid-19 Pandemic Reveals Ransomware's Long Game

The Covid-19 Pandemic Reveals Ransomware's Long Game

New research from Microsoft shows that ransomware attackers are actively making that crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime.The Microsoft researchers often observed attackers getting their initial network access by exploiting unpatched vulnerabilities in victims' web infrastructure.

An Unfixable Flaw Threatens 5 Years of Intel Chips

An Unfixable Flaw Threatens 5 Years of Intel Chips

Crew suffered a so-called credential stuffing attack that impacted the the online accounts of fewer than 10,000 customers.It also reportedly got hit by a ransomware attack that resulted in the theft of at least some of its data.

Jeff Bezosā€™ Hacked Phone, Coronavirus Hits the US, and More News

Jeff Bezosā€™ Hacked Phone, Coronavirus Hits the US, and More News

Jeff Bezos was hacked and a new virus is on the attack, but first: a cartoon about social media breakups .Everything we know about the Jeff Bezos phone hack.You can sign up right here to make sure you get the news delivered fresh to your inbox every weekday!

How the US Knew Iranian Missiles Were Coming Before They Hit

How the US Knew Iranian Missiles Were Coming Before They Hit

Instead, he attributed it to ā€œan early warning system that worked very well.ā€ The US has a vast network of radars and satellites dedicated to tracking missile launches around the globe, which allowed troops stationed at the Iraqi bases to take cover before the missiles struck their targets.

How the US Prepares Its Embassies for Potential Attacks

How the US Prepares Its Embassies for Potential Attacks

The DSS deploys its special agents to almost 300 embassies and consulates globally, in addition to facilities in the United States.

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data.

Voltage Hacking, Big Tech's 'Green' Data Score Card, and More News

Voltage Hacking, Big Tech's 'Green' Data Score Card, and More News

Hackers are surging and cloud providers are splurging, but first: a cartoon about eyewear from the future .Here's the news you need to know, in two minutes or less.

Disparity in Tech Jobs, Green Monday Deals, and More News

Disparity in Tech Jobs, Green Monday Deals, and More News

Disparity in tech jobs is still a thing, and holiday deals are in full swing, but first: a cartoon about how video conferences spiral out of control .Here's the news you need to know, in two minutes or less.

A Major Legal Battle May Change How Digital Game Sales Work

A Major Legal Battle May Change How Digital Game Sales Work

According to a report in PC Gamer, the reason is an ongoing battle with a consumer rights organization called UFC-Que Choisir, which took Valve to court over the clause in its store policy that disallows the resell of games or Steam accounts, on penalty of being banned from the platform.

'Simjacker' Attack Can Track Phones Just by Sending a Text

'Simjacker' Attack Can Track Phones Just by Sending a Text

The good news is that the so-called Simjacker attack revealed this week by AdaptiveMobile Security doesn't appear to affect the major US carriers.The Treasury Department this week leveled sanctions against three North Korean hacking groups, including the Lazarus Group, a team thought responsible for the 2014 hack of Sony Pictures and other major targets.

A Moon Landing Goes Awry, Apple Opens Up on iOS Hacks, and More News

A Moon Landing Goes Awry, Apple Opens Up on iOS Hacks, and More News

India has lost contact with its lunar lander, Apple finally speaks out after an iPhone hack, and an electric dump truck has taken over the internet.Want to receive this two-minute roundup as an email every weekday?

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Researchers from the security firm Pen Test Partners published findings this week that an attacker would just need a person's username to track them.A new vulnerability and corresponding exploit of Bluetooth could allow an attacker to determine the encryption keys used during device pairing and let themselves in on the party.