Security News

Researchers warn of 100,000 industrial control systems exposed online
2023-10-04 17:35

About 100,000 industrial control systems were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems.

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware
2023-10-04 15:09

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka...

Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
2023-10-03 09:29

Firewall and distributed denial-of-service (DDoS) attack prevention mechanisms in Cloudflare can be circumvented by exploiting gaps in cross-tenant security controls, defeating the very purpose of...

Security researchers believe mass exploitation attempts against WS_FTP have begun
2023-10-02 13:45

Security researchers have spotted what they believe to be a "Possible mass exploitation" of vulnerabilities in Progress Software's WS FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS FTP. Progress released fixes for eight separate vulnerabilities in WS FTP on Wednesday, including one rated a maximum score of 10 on the CVSS severity scale.

Security researcher stopped at US border for investigating crypto scam
2023-09-28 14:52

Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Why, you ask? All because his IP address landed in the logs of a crypto wallet associated with a phishing scam that Curry had earlier helped investigate as a part of his job-a scam that the feds were now investigating.

Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
2023-09-27 12:55

A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. "This channel exploits an optimization that is data...

Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
2023-09-21 12:51

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023. "This increase in P2PInfect...

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
2023-09-19 09:31

Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. "The exposure came as the result of an overly permissive SAS token - an Azure feature that allows users to share data in a manner that is both hard to track and hard to revoke," Wiz said in a report.

Researchers Detail 8 Vulnerabilities in Azure HDInsight Analytics Service
2023-09-13 13:31

More details have emerged about a set of now-patched cross-site scripting flaws in the Microsoft Azure HDInsight open-source analytics service that could be weaponized by a threat actor to carry out malicious activities. "The identified vulnerabilities consisted of six stored XSS and two reflected XSS vulnerabilities, each of which could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads," Orca security researcher Lidor Ben Shitrit said in a report shared with The Hacker News.

North Korean hackers target security researchers with zero-day exploit
2023-09-08 09:22

North Korean threat actors are once again attempting to compromise security researchers' machines by employing a zero-day exploit. The warning comes from Google's own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.