Security News
Microsoft has published a tool that scans for and detects MikroTik-powered Internet-of-Things devices that have been hijacked by the Trickbot gang. The open-source scanner comes after an investigation by Redmond's Defender for IoT research team into how the nefarious malware crew takes over MikroTik routers and sets them up to funnel communications to and from Trickbot-infected computers on the network and the criminals' backend servers.
Three vulnerabilities in ubiquitous APC Smart-UPS devices could allow remote attackers to use them as an attack vector, disable or completely destroy them, Armis researchers have discovered. "The latest APC Smart-UPS models are controlled through a Cloud connection. Armis researchers found that an attacker exploiting the TLStorm vulnerabilities could remotely take over devices via the Internet without any user interaction or signs of attack. As a result, attackers can perform a remote-code execution attack on a device, which in turn could be used to alter the operations of the UPS to physically damage the device itself or other assets connected to it," the researchers noted.
Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers at Royal Holloway, University of London. Executing the attack requires exploitation of Amazon Alexa Skills.
Finland's National Cyber Security Centre warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats. In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.
Threat actors are hijacking Alibaba Elastic Computing Service instances to install cryptominer malware and harness the available server resources for their own profit. Even better, to protect against malware such as cryptominers, ECS comes with a pre-installed security agent.
Security researchers from Germany's CISPA Helmholtz Center for Information Security have developed software to help identify Chrome extensions that are vulnerable to exploitation by malicious webpages and other extensions. Under its old platform rules, known as Manifest v2, Chrome extensions had broad powers that could easily be misused.
Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. Today, developers around the world were left surprised to notice new releases for npm library 'coa'-a project that hasn't been touched for years, unexpectedly appear on npm.
Popular npm library 'coa' was hijacked today with malicious code injected into it, ephemerally impacting React pipelines around the world. Today, developers around the world were left surprised to notice new releases for npm library 'coa'-a project that hasn't been touched for years, unexpectedly appear on npm.
Apple fixes security feature bypass in macOSApple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers. Good security habits: Leveraging the science behind how humans develop habitsIn this interview with Help Net Security, George Finney, CSO at Southern Methodist University, explains what good security habits are, how to successfully implement them and why are they important.
The library's lightweight npm package is extremely popular: according to the numbers on its npm registry page, it surpasses 8 million weekly downloads. The compromised packages were removed from the repository and a security advisory was published.