Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them.

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm , a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world.

Cryptocurrency Hardware Wallets Can Get Hacked Too

Cryptocurrency Hardware Wallets Can Get Hacked Too

Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February.The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target's PIN in the field.

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs. On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he's calling Thunderspy.

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data.

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Researchers from the security firm Pen Test Partners published findings this week that an attacker would just need a person's username to track them.A new vulnerability and corresponding exploit of Bluetooth could allow an attacker to determine the encryption keys used during device pairing and let themselves in on the party.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

How Apple Pay Buttons Can Make Websites Less Safe

How Apple Pay Buttons Can Make Websites Less Safe

Maddux has since noticed that Apple has revised its documentation for adding an Apple Pay button to make it less likely that sites will integrate it in this potentially vulnerable way.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

Povolny says that with the Avaya desk phones, it took only basic hacking skills to gain access to the device's systems and firmware (the foundational code that coordinates a device's hardware and software) and analyze them for flaws.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

Hackers Made an App That Kills to Prove a Point

Hackers Made an App That Kills to Prove a Point

Two years ago, researchers Billy Rios and Jonathan Butts discovered disturbing vulnerabilities in Medtronic's popular MiniMed and MiniMed Paradigm insulin pump lines. Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature.

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

Zoom patched this DoS issue in a May update but for now is only adjusting its auto-join video settings, giving users a more prominent way of choosing whether their video feed automatically launches when they click a Zoom call link.

Ransomware Hits Georgia Courts As Municipal Attacks Spread

Ransomware Hits Georgia Courts As Municipal Attacks Spread

And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance.

How Hackers Turn Microsoft Excel's Own Features Against It

How Hackers Turn Microsoft Excel's Own Features Against It

On Thursday, researchers from the threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks.

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I could see a public API endpoint that was returning the data for this feed, meaning that anyone could make a GET request (like a simple page load) to see the latest 20 transactions made on the app by anyone around the world.

A Plan to Stop Breaches With Dead Simple Database Encryption

A Plan to Stop Breaches With Dead Simple Database Encryption

That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either.

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports.

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.

Political Parties Still Have Cybersecurity Hygiene Problems

Political Parties Still Have Cybersecurity Hygiene Problems

Issie Lapowsky covers the intersection of tech, politics, and national affairs for WIRED.In the US, both the DNC and the RNC have worked to fortify their technical infrastructure since 2016, and, based on SecurityScorecard's findings from 2016, it shows, Casey says.

Google Recalls Titan Security Key Over a Bluetooth Flaw

Google Recalls Titan Security Key Over a Bluetooth Flaw

With the right timing, she could trick the victim's laptop, for instance, into pairing with her own Bluetooth dongle rather than the Titan key, thus gaining access to both a user's Google account and that computer.

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Like Meltdown and Spectre, the new MDS attack takes advantage of security flaws in how Intel's chips perform speculative execution, a feature in which a processor guesses at what operations and data it will be asked to execute or access ahead of time to speed up the chip's performance.

A Cisco Router Bug Has Massive Global Implications

A Cisco Router Bug Has Massive Global Implications

But the Red Balloon researchers found that the way the FPGA was implemented for Cisco’s Trust Anchor, they didn’t need to map the whole bitstream.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

An Android Vulnerability Went Unfixed for Over Five Years

An Android Vulnerability Went Unfixed for Over Five Years

But Toshin points out that attackers could also use the bug to gain inappropriate device access by tricking users into clicking a malicious link that would then open through Android's Instant App feature.

When Facebook Goes Down, Don't Blame Hackers

When Facebook Goes Down, Don't Blame Hackers

“If you’re a DDoS attacker and you’re trying for a big target, and you want to have a big impact, you would probably look for an organization or a brand that doesn’t have as much connectivity to begin with,” says Alex Henthorn-Iwane, vice president at network security firm ThousandEyes.

The Overlooked Security Threat of Sign-In Kiosks

The Overlooked Security Threat of Sign-In Kiosks

But X-Force interns Hannah Robbins and Scott Brink found flaws—now mostly patched—in all five mainstream systems they looked at from the visitor management companies Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist.

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

"Average consumers are at the risk of exposing their privacy to malicious third parties who sell location data and other private information." With the exception of the Piercer flaws, the vulnerabilities the researchers discovered would need to be fixed above the individual carrier level by the industry group GSMA, which oversees development of mobile data standards including 4G and 5G.

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

Now, new research from the IT security firm Check Point reveals a trio of vulnerabilities in Fortnite 's web infrastructure that could have allowed an attacker to take over user accounts.