Security News
Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settings to redirect browsers to malicious sites, reconfigure the gateway, and cause other general mischief and irritation.
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.
The Spanish National Police have, at the request of America, arrested UK citizen Joseph O'Connor in Estepona, Spain, in connection with the July 2020 takeover of more than 130 Twitter accounts. The US Department of Justice said that, in addition to the alleged Twitter account joyride, O'Connor, 22, has been charged in a federal district court in northern California with computer intrusions tied to the commandeering of TikTok and Snapchat user accounts.
Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.
Microsoft has once again been successfully hit by a dependency hijacking attack. After publishing a public dependency by the same name, he began receiving messages from Microsoft's Halo game dev servers.
Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code. The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company's products a tempting target for malicious actors.
One of America's largest broadband providers, has now deployed RPKI on its network to defend against BGP route hijacks and leaks. "In practical terms, it means that Comcast now both cryptographically signs route information and validates the cryptographic signatures of other networks' route information."
F5 Networks this week released patches to address an authentication bypass vulnerability affecting BIG-IP Access Policy Manager, but fixes are not available for all impacted versions. Tracked as CVE-2021-23008, the high-severity vulnerability allows for the bypass of BIG-IP APM AD authentication if the attacker can hijack a Kerberos KDC connection using a spoofed AS-REP. Authentication bypass is also possible from an AD server that the attacker has already compromised, F5 explains.
For businesses, sending text messages to hundreds, thousands, or perhaps millions of customers can be a laborious task. A wide ecosystem of these companies exist, each advertising their own ability to run text messaging for other businesses.