Security News

Sophos cybersecurity expert Chester Wisniewski provides excellent, topical and timely commentary on the FBI's recent use of a malware-like method to forcibly clean up hundreds of servers still infected in the Hafnium aftermath. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

The Biden administration on Thursday announced the U.S. is expelling 10 Russian diplomats and imposing sanctions against dozens of companies and people, holding the Kremlin accountable for interference in last year's presidential election and the cyber hacking of federal agencies. U.S. intelligence officials alleged in a declassified report last month that Russian President Vladimir Putin authorized influence operations to help Donald Trump in his unsuccessful bid for reelection as president, though there's no evidence Russia or anyone else changed votes or manipulated the outcome.

A former Kansas utility worker has been charged with remotely tampering with a public water system's cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers. Wyatt Travnichek, 22, was charged last month with remotely accessing the Post Rock Rural Water District's systems in March 2019, about two months after he quit his job with the utility.

A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players. Exceptions are games built with Source 2 or those that run a modified version of the Source engine, like Titanfall.

On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products. The competition's organizer, Trend Micro's Zero Day Initiative, said there were seven attempts on the first day and five of them were successful.

From the Facebook data samples seen by BleepingComputer, almost every user record had a mobile phone number, a Facebook ID, a name, and the member's gender associated with it. Facebook has shed some light on the recent data leak comprising 533 million Facebook user profiles, data from which was posted on a hacker forum last week.

A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility's computer system, jeopardizing the residents' safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access, according to the Department of Justice.

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software.

A former CIA employee cannot get espionage charges against him dismissed on the grounds that there weren't enough Hispanic or Black individuals on the grand jury that indicted him, a judge ruled Wednesday. U.S. District Judge Paul A. Crotty issued his ruling in the case against Joshua Schulte, finding that there was nothing illegal about a suburban grand jury in White Plains returning the indictment during the coronavirus pandemic rather than a grand jury in Manhattan that normally would have done so.

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. The attacker's likely motivation was to cause "Maximum disruption" to the site, according to MangaDex.