Security News
Apple has released security updates to fix a zero-day vulnerability exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. The zero-day patched today [1, 2] was found in the XNU operating system kernel and was reported by Erye Hernandez and Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero.
"Time to find out who in your family secretly ran [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security. Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves with the Anonymous hacktivist collective label said that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses.
Apparently, a nation-state hacked Alaska's Department of Health and Social Services. Not sure why Alaska's Department of Health and Social Services is of any interest to a nation-state, but that's probably just my failure of imagination.
While most of Azure Active Directory's security features require an enterprise Microsoft 365 account, an E3 or better, you can still get some benefit from Azure Active Directory from an Office 365 account. It's worth using these tools to see what exposure you have to drive-by attacks, where techniques like password dictionary sprays are used to break into poorly secured accounts.
What does continuous mean in this context? And how do you look for something when the haystack is as big as your entire security footprint? The philosophy of BAS tools is that you simulate what real attacks do inside networks based on patterns drawn from threat intelligence. "Historically, we built these tools for quality assurance and test labs. It was built by geeks for geeks as a pre-deployment lab tool," explains Keysight's VP of security solutions, Scott Register.
We knew the basics of this story, but it’s good to have more detail. Here’s me in 2015 about this Juniper hack. Here’s me in 2007 on the NSA backdoor.
After major cyberattacks on the Colonial Pipeline and on meat supplier JBS, the idea of allowing companies to launch cyberattacks back at cyber criminals was proposed. While hack back is gaining traction as a hot topic with some legal minds and policymakers, this approach is shortsighted and very likely to have unintended consequences.
Atlas VPN analyzed financial hacks over the last two-and-a-half years and found that DeFi hacks represent 76% of all major hacks for the first half of 2021.The problem has jumped from basically zero dollars lost to DeFi hacks in 2019 to $129 million in 2020 and $361 million in the first half of this year.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. CVE-2020-17496 - vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability.
That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top threats and vulnerabilities affecting the operating system in the first half of 2021, based on data amassed from honeypots, sensors, and anonymized telemetry. CVE-2020-17496 - vBulletin 'subwidgetConfig' unauthenticated RCE vulnerability.