What Is Zero Trust? It Depends What You Want to Hear

What Is Zero Trust? It Depends What You Want to Hear

Under the old model, all the computers, servers, and other devices physically in an office building were on the same network and trusted each other.Once an attacker slipped by those perimeter defenses, remotely or by physically infiltrating an organization, the network would instantly grant them a lot of trust and freedom.

6 Things You Need to Do to Prevent Getting Hacked

6 Things You Need to Do to Prevent Getting Hacked

Even if you do have a password that’s easy to guess (we’ll get to that shortly), an attacker is unlikely to get access to an account with multi-factor authentication turned on unless they have your phone.

The Accellion Breach Keeps Getting Worse—and More Expensive

The Accellion Breach Keeps Getting Worse—and More Expensive

Since then, dozens of companies and government organizations worldwide have acknowledged that they were breached as a result of the flaws—and many face extortion, as the ransomware group Clop has threatened to make the data public if they don't pay up.

A Windows Defender Vulnerability Lurked Undetected for 12 Years

A Windows Defender Vulnerability Lurked Undetected for 12 Years

The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender—renamed Microsoft Defender last year—uses to delete the invasive files and infrastructure that malware can create.

Russia’s Hacking Frenzy Is a Reckoning

Russia’s Hacking Frenzy Is a Reckoning

This week, several major United States government agencies—including the Departments of Homeland Security, Commerce, Treasury, and State—discovered that their digital systems had been breached by Russian hackers in a months-long espionage operation .

The Christchurch Shooter and YouTube’s Radicalization Trap

The Christchurch Shooter and YouTube’s Radicalization Trap

According to the report, released last night, the terrorist regularly watched extremist content online and donated to organizations like the Daily Stormer, a white supremacist site, and Stefan Molyneux’s far-right Freedomain Radio.

The US Used the Patriot Act to Justify Logging Website Visitors

The US Used the Patriot Act to Justify Logging Website Visitors

This week, three years later, Twitter finally took the step—a welcome change, if a belated one, given that attackers are more attuned than ever to the potential value of taking over a high-profile Twitter account .Hacker Defaces Spotify Pages of Celebrity MusiciansA hacker going by the name "Daniel" took control of prominent Spotify pages on Wednesday from artists like Dua Lipa, Lana Del Rey, Future, and Pop Smoke.

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

This ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range

The genius of the attack, though, is that the bug was exploitable through an iPhone's Wi-Fi features, meaning that an attacker just needed some antennas and adapters to launch the assault whenever they chose, compromising any nearby iOS device.

A Facebook Messenger Flaw Could Have Let Hackers Listen In

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Discovered by Natalie Silvanovich of Google's Project Zero bug hunting team , the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack.

Apple's T2 Security Chip Has an Unfixable Flaw

Apple's T2 Security Chip Has an Unfixable Flaw

A recently released tool is letting anyone exploit an unusual Mac vulnerability to bypass Apple's trusted T2 security chip and gain deep system access.

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

Paying Evil Corp Ransomware Might Land You a Big Federal Fine

And we took a closer look at the election threats that US intelligence officials are actually worried about .Hackers managed to break into Facebook accounts and steal $4 million dollars that they spent on ads.

A Critical Flaw Is Affecting Thousands of WordPress Sites

A Critical Flaw Is Affecting Thousands of WordPress Sites

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday.

An Alexa Bug Could Have Exposed Your Voice History to Hackers

An Alexa Bug Could Have Exposed Your Voice History to Hackers

Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses.

Hackers Could Use IoT Botnets to Manipulate Energy Markets

Hackers Could Use IoT Botnets to Manipulate Energy Markets

At the Black Hat security conference on Wednesday, the researchers will present their findings, which suggest that high-wattage IoT botnets—made up of power-guzzling devices like air conditioners, car chargers, and smart thermostats—could be deployed strategically to increase demand at certain times in any of the nine private energy markets around the US.

Thieves Are Emptying ATMs Using a New Form of Jackpotting

Thieves Are Emptying ATMs Using a New Form of Jackpotting

In previous jackpotting attacks, the attached devices, known in the industry as black boxes, usually invoked programming interfaces contained in the ATM operating system to funnel commands that ultimately reached the hardware component that dispenses cash.

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment

The agencies recommended security professionals immediately implement a patch to protect the devices from hacking techniques that could fully take control of the networking equipment, offering access to all the traffic they touch and a foothold for deeper exploitation of any corporate network that uses them.

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

NSA: Russia's Sandworm Hackers Have Hijacked Mail Servers

On Thursday, the NSA issued an advisory that the Russian hacker group known as Sandworm , a unit of the GRU military intelligence agency, has been actively exploiting a known vulnerability in Exim, a commonly used mail transfer agent—an alternative to bigger players like Exchange and Sendmail—running on email servers around the world.

Cryptocurrency Hardware Wallets Can Get Hacked Too

Cryptocurrency Hardware Wallets Can Get Hacked Too

Shapeshift fixed a vulnerability in its KeepKey wallet with a firmware update in February.The attack the researchers developed against KeepKey wallets took time to prepare, but with enough planning a hacker could have quickly grabbed a target's PIN in the field.

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Thunderbolt Flaws Expose Millions of PCs to Hands-On Hacking

Now one Dutch researcher has demonstrated how that sort of physical access hacking can be pulled off in an ultra-common component: The Intel Thunderbolt port found in millions of PCs. On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he's calling Thunderspy.

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets

But by momentarily undervolting a processor by 25 or 30 percent, and precisely timing that voltage change, an attacker can cause the chip to make errors in the midst of computations that use secret data.

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Researchers from the security firm Pen Test Partners published findings this week that an attacker would just need a person's username to track them.A new vulnerability and corresponding exploit of Bluetooth could allow an attacker to determine the encryption keys used during device pairing and let themselves in on the party.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

How Apple Pay Buttons Can Make Websites Less Safe

How Apple Pay Buttons Can Make Websites Less Safe

Maddux has since noticed that Apple has revised its documentation for adding an Apple Pay button to make it less likely that sites will integrate it in this potentially vulnerable way.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

Povolny says that with the Avaya desk phones, it took only basic hacking skills to gain access to the device's systems and firmware (the foundational code that coordinates a device's hardware and software) and analyze them for flaws.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

Hackers Made an App That Kills to Prove a Point

Hackers Made an App That Kills to Prove a Point

Two years ago, researchers Billy Rios and Jonathan Butts discovered disturbing vulnerabilities in Medtronic's popular MiniMed and MiniMed Paradigm insulin pump lines. Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature.

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

Zoom patched this DoS issue in a May update but for now is only adjusting its auto-join video settings, giving users a more prominent way of choosing whether their video feed automatically launches when they click a Zoom call link.

Ransomware Hits Georgia Courts As Municipal Attacks Spread

Ransomware Hits Georgia Courts As Municipal Attacks Spread

And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance.