Security News

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks-even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks.

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Although Google addressed the vulnerability in March, new findings from Check Point Research show that many third-party app developers are yet to integrate the new Play Core library into their apps to mitigate the threat fully.

Russian-backed hacking group Turla has used a previously undocumented malware toolset to deploy backdoors and steal sensitive documents in targeted cyber-espionage campaigns directed at high-profile targets such as the Ministry of Foreign Affairs of a European Union country. Turla's Crutch malware was designed to help harvest and exfiltrate sensitive documents and various other files of interest to Dropbox accounts controlled by the Russian hacking group.

Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. The same team that last year mounted a signal-injection attack against a range of smart speakers merely by using a laser pointer are still unraveling the mystery of why the microelectro-mechanical systems microphones in the products turn the light signals into sound.

VMware on Thursday announced releasing patches for a couple of serious ESXi vulnerabilities that were demonstrated at a recent hacking contest in China. The 360 ESG Vulnerability Research Institute from Chinese cybersecurity company Qihoo 360 earned more than $740,000 of the total, including $180,000 for a VMware ESXi guest to host escape exploit.

VMware has revealed and repaired the flaws in its hypervisor discovered at China's Tianfu Cup white hat hacking competition. The bug needs patching in ESXi from version 6.5, VMware's Fusion and Workstation desktop hypervisors from versions 11 and 15 respectively, plus VMware Cloud Foundation from version 3.

Broadcom's security subsidiary Symantec has named a China-linked hacking gang known as "APT 10" and "Cicada" as the probable source of a year-long attack on Japanese interests around the world. Symantec's analysis of the campaign detailed how APT 10 used custom malware named Backdoor.

The government of Finland said Thursday it was preparing legislation that would allow citizens to change their personal identity codes in cases of gross data breaches that carry a high risk of identity theft. The government's fast-tracked proposal was designed primarily to assist thousands of people whose personal information was stolen during a hacking of patient records at a private Finnish psychotherapy center.

Mozilla and Google have already patched the critical Firefox and Chrome vulnerabilities exploited recently by white hat hackers at a competition in China. The flaw was fixed with the release of Firefox 82.0.3, Firefox ESR 78.4.1 and Thunderbird 78.4.2 just a couple of days after it was disclosed at the 2020 Tianfu Cup International PWN Contest, which took place over the past weekend in China.

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. 5.8 million RedDoorz user records sold online.