Security News

Some commercial Nespresso machines in Europe that incorporate a smart card payment system can be manipulated to add unlimited funds to purchase coffee, thanks to reliance on technology that's been known to be insecure for more than a decade. In a coordinated vulnerability disclosure published this week, Polle Vanhoof, a security researcher, describes a vulnerability affecting unspecified Nespresso Pro machines equipped with a smart card reader: the problem? Some rely on outdated Mifare Classic smart cards.

The FBI has discovered that the National Finance Center, a U.S. Department of Agriculture federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

Here's our latest Naked Security Live talk, where we answer the thorny question, "What if my password manager gets hacked?". We often recommend password managers, as we did last week in our article Cybersecurity tips for university students.

The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access that are used to provide users with remote access to internal resources. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," the company exclusively told The Hacker News.

SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access VPN device and its NetExtender VPN client in a "Sophisticated" attack on their internal systems.

A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service. The seller says that they obtained the database recently, following a successful SQL injection attack and that it can be used to steal the funds of premium members.

It turns out people are more concerned about being hacked compared to acts of physical violence a la being murdered or mugged, according to a recent Atlas VPN post. Overall, nearly three-quarters of respondents said they worry frequently or occasionally about having their "Personal, credit card, or financial information stolen by computer hackers," while 12% of respondents said they never worry about this scenario.

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member.

Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members. Over the weekend, IObit forum members began receiving emails claiming to be from IObit stating that they are entitled to a free 1-year license to their software as a special perk of being a forum member.

Threat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active. In 2018, scammers raked in $180,000 using a successful Elon Musk giveaway scam promoted on Twitter.