Security News

Over the past several months, the "Mercenary" advanced persistent threat group known as DeathStalker has been using a new PowerShell backdoor in its attacks, Kaspersky reports. Kaspersky's security researchers, who have been tracking the group since 2018, identified a previously unknown implant the group has been using in attacks since mid-July.

In this episode: we look at a network intrusion where the crooks tried to take over dozens of different online accounts from every user, we discuss the potential dangers of digital doorbells, and we give you some handy hints for improving your wireless security at home. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump. In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year's most popular songs, the streaming service is grappling with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke and others.

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "Wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "View all the photos, read all the email, copy all the private messages and monitor everything which happens on [the device] in real-time," said Beer in a lengthy blog post detailing his six-month-long efforts into building a proof-of-concept single-handedly. "A remote attacker may be able to cause unexpected system termination or corrupt kernel memory," the iPhone maker noted in its advisory, adding the "Memory corruption issue was addressed with improved input validation."

Sadly, continued attacks against healthcare and medical infrastructure will probably lead to serious consequences going into 2021. While there have been no known attacks against over-the-air updates to vehicle software, it will become a growing concern as more manufacturers adopt the technology.

Ticketmaster is claiming that the ICO's £1.25m data breach fine clears it of any responsibility for its network being infected by card-skimming malware, according to correspondence seen by The Register. Ticketmaster is insisting that it is not liable to a customer for the compromise of its network, attempting to exploit an apparent legal loophole to squeeze out of Reg reader Richard's fight for compensation.

Very simply put, the crooks were after as many accounts as they could access to buy as many gift cards as they could as quickly as possible. Crooks with access to a whole company's worth of users - in this story, the company's VPN supported about 200 people - can try to acquire not just one but potentially hundreds of pre-paid gift cards in short order.

Researchers have uncovered a new attack that lets bad actors snoop in on homeowners' private conversations - through their robot vacuums. The attack, called "LidarPhone" by researchers, in particular targets vacuums with LiDAR sensors, as the name suggests.

The contents of messages from encrypted chat service EncroChat may be admissible as evidence in English criminal trials, the High Court in London, England has ruled. The ruling, issued late last month, has profound implications for a number of criminal trials brought over evidence obtained from EncroChat messages.

The FBI and Spokane police are now investigating an incident in which the Gonzaga University Black Student Union was hacked during a Zoom meeting and bombarded with racial and homophobic slurs. The incident occurred last Sunday during a virtual call among members of the Black Student Union.