Security News

Critical Remote Hacking Flaws Disclosed in Linphone and MicroSIP Softphones
2021-10-14 09:16

Multiple security vulnerabilities have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information like password hashes by simply making a malicious call. SIP aka Session Initiation Protocol is a signaling protocol that's used to control interactive communication sessions, such as voice, video, chat and instant messaging, as well as games and virtual reality, between endpoints, in addition to defining rules that govern the establishment and termination of each session.

Medtronic urgently recalls insulin pump controllers over hacking concerns
2021-10-06 14:48

Medtronic is urgently recalling remote controllers for insulin pumps belonging to the 'MiniMed Paradigm' family of products, due to severe cybersecurity risks. The controllers that should be returned to the vendor are models MMT-500 and MMT-503, used with Medtronic MiniMed 508 insulin pump and the MiniMed Paradigm family of insulin pumps.

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries
2021-10-04 05:48

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. "The group compromised a subsidiary and penetrated the target company's network through it. Trusted relationship attacks are rare today due to the complexity of their execution. Using this method [], the ChamelGang group was able to achieve its goal and steal data from the compromised network."

EU officially blames Russia for 'Ghostwriter' hacking activities
2021-09-24 16:11

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. "These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data," European Council officials said in a press release today.

Hacking group used ProxyLogon exploits to breach hotels worldwide
2021-09-23 19:50

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."

Is hacking back effective, or does it just scratch an evolutionary itch?
2021-09-21 21:20

Retribution by hacking back might make you feel better, but experts urge caution and explain why it's a bad idea. In the tech realm, some victims of cyberattacks want to enact revenge by hacking their hackers, a.k.a. the hack back.

Former U.S. intel operatives to pay $1.6M for hacking for foreign govt
2021-09-15 23:22

The U.S. government has entered a Deferred Prosecution Agreement with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. "These services included the provision of support, direction and supervision in the creation of sophisticated"Zero-click" computer hacking and intelligence gathering systems - i.e., one that could compromise a device without any action by the target" - the U.S. Department of Justice.

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company
2021-09-15 22:03

The U.S. Department of Justice on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. "The defendants worked as senior managers at a United Arab Emirates-based company that supported and carried out computer network exploitation operations for the benefit of the U.A.E. government," the DoJ said in a statement.

Windows MSHTML zero-day exploits shared on hacking forums
2021-09-12 17:07

Threat actors are sharing Windows MSHTML zero-day tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.

Conti ransomware now hacking Exchange servers with ProxyShell exploits
2021-09-03 13:21

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.