Security News

An Indian national who moved to California on an H1-B work visa was sentenced to 24 months in prison last week for accessing and damaging Cisco's network. Ramesh is a former Cisco employee, who resigned in April 2018.

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world. Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

Kevin Thompson, SolarWinds president and CEO, said his company is "Aware of a potential vulnerability" that may have been in "Updates which were released between March and June 2020 to our Orion monitoring products." The vandalized SolarWinds code is said to have been exploited by miscreants to sneak into networks within the US government bodies, among them the Treasury and the Department of Commerce's telecoms agency NTIA, where Orion is used.

Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem. The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company's own hacking tools.

The EMA, based in Amsterdam in The Netherlands, is responsible for the evaluation and approval of medicines in the European Union - a role reflected in its former name, the European Agency for the Evaluation of Medicinal Products. There's no suggestion of when the attack was discovered, how it was found, when it probably started, how extensive it seems to have been, how much disruption it has caused, whether anyone outside the EMA was potentially affected, how long it's likely to take to restore the network to normal, or what the EMA is doing right now to stop it happening again.

Google has updated its Chrome web browser, fixing four bugs with a severity rating of "High" and eight overall. An updated 87.0.4280.88 version of Chrome addresses the bugs and will "Roll out over the coming days/weeks," Google wrote.

Over the past several months, the "Mercenary" advanced persistent threat group known as DeathStalker has been using a new PowerShell backdoor in its attacks, Kaspersky reports. Kaspersky's security researchers, who have been tracking the group since 2018, identified a previously unknown implant the group has been using in attacks since mid-July.

In this episode: we look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump. In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year's most popular songs, the streaming service is grappling with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke and others.

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."