Security News

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software.

A former CIA employee cannot get espionage charges against him dismissed on the grounds that there weren't enough Hispanic or Black individuals on the grand jury that indicted him, a judge ruled Wednesday. U.S. District Judge Paul A. Crotty issued his ruling in the case against Joshua Schulte, finding that there was nothing illegal about a suburban grand jury in White Plains returning the indictment during the coronavirus pandemic rather than a grand jury in Manhattan that normally would have done so.

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. The attacker's likely motivation was to cause "Maximum disruption" to the site, according to MangaDex.

Cybersecurity researchers on Sunday disclosed multiple critical vulnerabilities in remote student monitoring software Netop Vision Pro that a malicious attacker could abuse to execute arbitrary code and take over Windows computers. The vulnerabilities, tracked as CVE-2021-27192, CVE-2021-27193, CVE-2021-27194, and CVE-2021-27195, were reported to Netop on December 11, 2020, after which the Denmark-based company fixed the issues in an update released on February 25.

Project Zero, Google's zero-day bug-hunting team, discovered a group of hackers that used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year. The Project Zero team revealed that the hacking group behind these attacks ran two separate campaigns, in February and October 2020.

Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla's Nevada Gigafactory. Kriuchkov also told the Tesla employee that he was earlier involved in other similar "Projects" where one of the victim companies paid $4 million after negotiating down from an initial $6 million ransom.

Blender.org, the official website of the popular 3D computer graphics software Blender, is now in maintenance mode according to a message displayed on the site. According to Blender, parts of the blender.org website and some of the blogs are still down and will remain offline for several hours.

It's looking like the exploitation of critical Exchange flaws that Microsoft revealed at the start of the month could be much worse than folks first suspected. An analysis by Slovak security shop ESET claims that six advanced criminal hacking groups, thought to have some level of state sponsorship, used the zero days to attack government and industry sites before the flaws were patched.

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks. The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.

More state-sponsored hacking groups have joined the ongoing attacks targeting tens of thousands of on-premises Exchange servers impacted by severe vulnerabilities tracked as ProxyLogon. Exchange servers attacked by multiple hacking groups.