Security News

NVD published two advisories this week for critical command injection vulnerabilities purportedly impacting Fortinet's FortiSIEM products, but there's more to what meets the eye. BleepingComputer has confirmed that these CVEs are not "New," but duplicates of a previously known FortiSIEM vulnerability and were issued in error.

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members.

Internet, phone lines, websites, and more went down on Saturday morning The British Library has confirmed to The Register that a "cyber incident" is the cause of a "major" multi-day IT outage.…

The University of Michigan has isolated itself from the internet but, hey, everything's fine! The institute's president on Tuesday published a letter to the school community thanking everyone for their patience as technical staff work to restore internet access following an undisclosed security incident.

Colourful web forum Reddit has revealed it has suffered a security breach. Here's what we know Reddit's founding engineer and CTO "KeyserSosa" - aka Christopher Slowe - explained that late on February 5th "We became aware of a sophisticated phishing campaign that targeted Reddit employees."

Dashlane's sixth annual list of the year's worst password offenders reveals the biggest password security mishaps for 2021. A weak password can create far more trouble for an organization that holds user data and other sensitive information.

A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu.Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".

A 3D printer remote monitoring company accidentally exposed users' printers to each other after a cloud reconfiguration snafu. Jiang added that his team had been "Notified of a case in which a user started a print on someone else's printer" - and linked through to a Reddit post where someone had used a stranger's printer to print the words: "TSD is not secure/ I randomly connected /sorry had to inform u.".

Poly Network, a Chinese software biz that processes cryptocurrency transactions across different blockchain platforms, urged hackers to return $600m worth of stolen digital cash in what it called the "Biggest [attack] in DeFi history." Protocols like Poly Network allow cryptocurrency traders to exchange digicash across various blockchains; they can be used to swap Bitcoin for Ethereum, for example.

US-based Zoom users may have a little cash coming their way after the video meeting outfit lodged a preliminary settlement in a class action related to some of its less-than-brilliant security and data protection practices. The settlement was filed Saturday in an attempt to end a class action that alleged Zoom indulged in unlawful activities - including misrepresenting its end-to-end encryption capabilities and unauthorized transfer of personal data to third parties like Facebook, Google and LinkedIn - as well as implementing grossly inadequate security and privacy controls.