Security News

Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools.

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold. One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.

Twitter has offered its initial analysis of the Wednesday mass hijacking of prominent twits' accounts - and suggested it all kicked off after its staff fell for social engineering. Judging from leaked screenshots of Twitter's internal systems circulating online and seen by El Reg, it appears one or more miscreants were able to gain direct or indirect access to an administration panel used by Twitter employees to configure accounts, by tricking or coercing the social network's staff.

The official Twitter accounts of Apple, Elon Musk, Jeff Bezos and others were hijacked on Wednesday by scammers trying to dupe people into sending cryptocurrency bitcoin, in a massive hack. The list of accounts commandeered simultaneously grew rapidly to include Joe Biden, Barack Obama, Uber, Microsoft co-founder Bill Gates, bitcoin specialty firms and many others.

Researchers are warning vulnerabilities in a smartwatch application for dementia patients could allow an attacker to convince patients to overdose. These smartwatches are utilized by elderly patients with dementia who need reminders for taking their medication and to carry out everyday tasks.

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.

A Michigan man has been indicted for the 2014 hack of the University of Pittsburgh Medical Center's HR databases and theft of employees' personal information - information that he allegedly wound up selling on the dark web to crooks who used it to file thousands of bogus tax returns. The theft involved personally identifying information belonging to 65,000 employees from the medical center's PeopleSoft human resources management system.

Those running VMWare guest machines on Mac will want to update their software to get a security fix for VMware Tools. Earlier this month, Microsoft dropped its usual boatload of Patch Tuesday updates, sans a set for Office for Mac.

Threat intel researchers have uncovered a phishing and malware campaign that targeted "a large European aerospace company" and which was run by the same North Koreans behind the hack of Sony Pictures. While there are quite a few European aerospace firms, Slovakian infosec biz ESET was more concerned with the phishing 'n' malware campaign it detected on behalf of its unnamed client.

The hack stems simply from a lightbulb hanging in the home. In November, researchers discovered a new way to hack Alexa and Siri by pointing a laser light beam at the smart speakers' microphones to send them remote, inaudible commands.