Security News

Over 60,000 parked domains were vulnerable to AWS hijacking
2021-09-03 07:00

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

Over 60,000 parked domains were left up for hijacking
2021-09-03 07:00

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking
2021-07-21 20:54

The Spanish National Police have, at the request of America, arrested UK citizen Joseph O'Connor in Estepona, Spain, in connection with the July 2020 takeover of more than 130 Twitter accounts. The US Department of Justice said that, in addition to the alleged Twitter account joyride, O'Connor, 22, has been charged in a federal district court in northern California with computer intrusions tied to the commandeering of TikTok and Snapchat user accounts.

Microsoft's Halo dev site breached using dependency hijacking
2021-06-29 07:40

Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.

Microsoft successfully hit by dependency hijacking again
2021-06-29 07:40

Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.

Researchers Detail Exploit Chain for Hijacking Atlassian Accounts
2021-06-25 08:45

Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code. The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company's products a tempting target for malicious actors.

Comcast now blocks BGP hijacking attacks and route leaks with RPKI
2021-05-20 19:16

One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."

Vulnerability Exposes F5 BIG-IP to Kerberos KDC Hijacking Attacks
2021-04-29 15:04

F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager, but fixes are not available for all impacted versions. Tracked as CVE-2021-23008, the high-severity vulnerability allows for the bypass of BIG-IP APM AD authentication if the attacker can hijack a Kerberos KDC connection using a spoofed AS-REP. Authentication bypass is also possible from an AD server that the attacker has already compromised, F5 explains.

Easy SMS Hijacking
2021-03-19 11:21

For businesses, sending text messages to hundreds, thousands, or perhaps millions of customers can be a laborious task. A wide ecosystem of these companies exist, each advertising their own ability to run text messaging for other businesses.

Smart sex toys come with Bluetooth and remote hijacking weaknesses
2021-03-11 18:45

Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. In examples provided by the researchers, technologies like Bluetooth and inadequately secured remote APIs make these IoT personal devices vulnerable to attacks that go beyond just compromising user privacy.