Security News

A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop. He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.

The Utah Attorney General's Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs on Thursday. Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign.

The cybersecurity firm told SecurityWeek that its Mandiant Intelligence team tracks nearly 100 tools that can be used to exploit vulnerabilities in ICS or interact with industrial equipment in an effort to support intrusions or attacks. Of the ICS hacking tools tracked by FireEye - the company calls them ICS cyber operation tools - 28% are designed for discovering ICS devices on a network and 24% for software exploitation.

I previously wrote about hacking voice assistants with lasers. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company's intellectual property. Kight accessed computer networks and servers of multiple companies and organizations in Georgia without authorization, prosecutors said.

Cross-border investigations, Europol announced on Friday that it's arrested more than two dozen people suspected of draining bank accounts by hijacking victims' phone numbers via SIM-swap fraud. As we've explained, SIM swaps work because phone numbers are actually tied to the phone's SIM card - in fact, SIM is short for subscriber identity module, a special system-on-a-chip card that securely stores the cryptographic secret that identifies your phone number to the network.

Hackers are getting hacked via trojanized hacking toolsSomeone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. SECURE Magazine: RSAC 2020 special issue releasedRSA Conference, the world's leading information security conference and exposition, concluded its 29th annual event in San Francisco.

Criminals targeting other criminals is nothing new, but researchers have now uncovered a years-long campaign that trojanizes hacking tools in order to infect other hackers with njRAT. Just as trojanized mobile apps can be downloaded from app stores and installed by trusting users, so trojanized hacking tools are downloaded and installed by trusting hackers. The njRAT infection route in the campaign appears to be via cracked and trojanized hacking tools.

Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. "So far, we have found samples that are either pretending to be various hacking tools or pretending to be installers of the Chrome Internet browser," they noted.

A former CIA software engineer accused of stealing a massive trove of the agency's hacking tools and handing it over to WikiLeaks was convicted of only minor charges Monday, after a jury deadlocked on the more serious espionage charges against him. Joshua Schulte, who worked as a coder at the agency's headquarters in Langley, Virginia, was convicted by a jury of contempt of court and making false statements after a four-week trial in Manhattan federal court that offered an unusual window into the CIA's digital sleuthing and the team that designs computer code to spy on foreign adversaries.