Security News
The man accused of hacking LinkedIn, Dropbox and the Formspring Q&A forum, and later selling the stolen data of hundreds of millions of users, has seen his trial disrupted a third time by the coronavirus pandemic. At a hearing on Tuesday, Judge William Alsup again delayed the US trial of alleged Russian hacker Yevgeniy Nikulin until June 1; the third such delay since the COVID-19 virus appeared in San Francisco, where proceedings are unfolding.
The Supreme Court agreed Monday to decide a case from Georgia about the reach of a federal computer hacking law. The case involves Nathan Van Buren, who was a police sergeant in Cumming, Georgia.
Linksys has prompted users to reset passwords after learning that hackers were leveraging stolen credentials to change router settings and direct customers to malware. The security firm said at the time that the attack, which was mainly targeting Linksys routers, was aimed at modifying DNS IP addresses to ultimately direct users to the Oski infostealer.
The US government's Computer Emergency Response Team has posted a new report on the latest exploits of North Korea's Hidden Cobra hacking crews. The updated advisory details how the hacking groups believed to operate on behalf of the isolated government, have carried out various hacking operations in recent years in an effort to drum up cash for the sanctions-hit regime.
The United States Securities and Exchange Commission last week announced that it reached a settlement with two of the traders charged last year over their roles in a scheme that involved hacking the organization's EDGAR electronic filing system. The SEC revealed in September 2017 that a breach of its EDGAR system detected in 2016 had allowed hackers to obtain non-public information that was used by some traders to make a profit.
A white hat hacker says he has earned $75,000 from Apple for reporting several Safari vulnerabilities that can be exploited to hijack the camera and microphone of devices running iOS or macOS. Researcher Ryan Pickren identified a total of seven vulnerabilities in Apple's Safari web browser, three of which can be exploited to spy on users through the camera and microphone of their iPhone, iPad or Mac computer. Apple patched the vulnerabilities that allow hackers to spy on users in January, while the other flaws were fixed in March.
A team of cybersecurity researchers has discovered that a large number of mobile apps contain hardcoded secrets allowing others to access private data or block content provided by users. The study's findings: that the apps on mobile phones might have hidden or harmful behaviors about which end users know little to nothing, said Zhiqiang Lin, an associate professor of computer science and engineering at The Ohio State University and senior author of the study.
A patch has been released for a Linux kernel vulnerability that a researcher used at the recent Pwn2Own 2020 hacking competition to escalate privileges to root on Ubuntu Desktop. He leveraged an improper input validation bug in the Linux kernel to escalate privileges to root.
The Utah Attorney General's Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs on Thursday. Republican Aimee Winder Newton was about five minutes into the virtual event on the Zoom platform when the trouble began as all 130 state delegates on the call were unmuted, said Caroline Bena, a spokeswoman for the campaign.
The cybersecurity firm told SecurityWeek that its Mandiant Intelligence team tracks nearly 100 tools that can be used to exploit vulnerabilities in ICS or interact with industrial equipment in an effort to support intrusions or attacks. Of the ICS hacking tools tracked by FireEye - the company calls them ICS cyber operation tools - 28% are designed for discovering ICS devices on a network and 24% for software exploitation.