Security News
The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. "The attack used vulnerabilities in the site's content management systems and Log4j, as well as compromised accounts of employees of the development company," the SSU said, corroborating prior disclosure from the Ukraine CERT team.
It is possible to hijack and manipulate Cellebrite's phone-probing software tools by placing a specially crafted file on your handset, it is claimed. Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite's gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.
Iran blamed Israel on Monday for a sabotage attack on its underground Natanz nuclear facility that damaged its centrifuges, an assault that imperils ongoing talks over Tehran's tattered nuclear deal and brings a shadow war between the two countries into the light. "My policy as prime minister of Israel is clear: I will never allow Iran to obtain the nuclear capability to carry out its genocidal goal of eliminating Israel," Netanyahu said.
The European Medicines Agency today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines. EMA is the decentralized agency that reviews and approves COVID-19 vaccines in the European Union, and the agency that evaluates, monitors, and supervises any new medicines introduced to the EU. "The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines have been leaked on the internet," the agency disclosed today.
The FBI is worried that Ring doorbell owners can use footage collected from their smart devices to keep tabs on police, newly uncovered documents show. The FBI document outlines how Ring surveillance footage could present new "Challenges" for law enforcement.
A vulnerability in Thales' Cinterion EHS8 M2M module, a Java-powered embedded 3G system used in millions of Internet-of-Things devices for connectivity, was revealed yesterday by IBM's X-Force Red. The bug, disclosed to Thales and addressed in a patch made available to IoT vendors in February, makes it possible for an attacker to extract the code and other resources from a vulnerable device.
Advanced hackers could leverage unconventional, new attack vectors to sabotage smart manufacturing environments, according to Trend Micro. "Past manufacturing cyber attacks have used traditional malware that can be stopped by regular network and endpoint protection. However, advanced attackers are likely to develop Operational Technology specific attacks designed to fly under the radar," said Bill Malik, vice president of infrastructure strategies for Trend Micro.
Led by the University of Cincinnati, the new center will work with government and industry to conduct research on how to defend electronics and embedded systems from sabotage, hacking, and spying.
Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and...
Controversial Website Blames Malware on Democrats, China and Big TechInfoWars' website was briefly affected by the Magecart payment card skimming malware, a finding that triggered a fiery response...