Biz & IT

Backdoored developer tool that stole credentials escaped notice for 3 months

Enlarge Getty Images A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations. The Codecov bash uploader contained the backdoor from late January to …

Backdoored developer tool that stole credentials escaped notice for 3 months Read More »

US adds Chinese supercomputing companies to export blacklist

Enlarge / A staff member works beside China’s ‘Sunway TaihuLight’ supercomputer at the National Supercomputer Center on August 29, 2020 in Wuxi, Jiangsu Province of China. China News Service | Getty Images The US has placed Chinese groups accused of building supercomputers to help the Chinese military on an export blacklist, the first such move …

US adds Chinese supercomputing companies to export blacklist Read More »

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

Enlarge Getty Images Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. The ransomware known as Cring came to public attention in a January blog post. It takes hold of …

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants Read More »

Russia’s Twitter throttling may give censors never-before-seen capabilities

Enlarge / What’s happened to Russia’s flag? Sean Gladwell / Getty Images Russia has implemented a novel censorship method in an ongoing effort to silence Twitter. Instead of outright blocking the social media site, the country is using previously unseen techniques to slow traffic to a crawl and make the site all but unusable for …

Russia’s Twitter throttling may give censors never-before-seen capabilities Read More »

Malicious cheats for Call of Duty: Warzone are circulating online

Enlarge CHUYN / Getty Images Criminals have been hiding malware inside publicly available software that purports to be a cheat for Activision’s Call of Duty: Warzone, researchers with the game maker warned earlier this week. Cheats are programs that tamper with in-game events or player interactions so that users gain an unfair advantage over their …

Malicious cheats for Call of Duty: Warzone are circulating online Read More »

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities

Enlarge Getty Images The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities or other common exploitation techniques to gain …

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities Read More »

Android sends 20x more data to Google than iOS sends to Apple, study says

Enlarge / Insomnia people and mobile-addiction concepts. Getty Images Whether you have an iPhone or an Android device, it’s continuously sending data including your location, phone number, and local network details to Apple or Google. Now, a researcher has provided a side-by-side comparison that suggests that, while both iOS and Android collect handset data around …

Android sends 20x more data to Google than iOS sends to Apple, study says Read More »

New Android malware with full range of spying capabilities has been found

Enlarge Getty Images Researchers have discovered a new advanced piece of Android malware that finds sensitive information stored on infected devices and sends it to attacker-controlled servers. The app disguises itself as a system update that must be downloaded from a third-party store, researchers from security firm Zimperium said on Friday. In fact, it’s a …

New Android malware with full range of spying capabilities has been found Read More »

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call

Enlarge / FreeBSD’s core development team, for the most part, does not appear to see the need to update their review and approval procedures. Aurich Lawson (after KC Green) At first glance, Matthew Macy seemed like a perfectly reasonable choice to port WireGuard into the FreeBSD kernel. WireGuard is an encrypted point-to-point tunneling protocol, part …

Buffer overruns, license violations, and bad code: FreeBSD 13’s close call Read More »

Facebook shuts down hackers who infected iOS and Android devices

Enlarge Getty Images Facebook said it has disrupted a hacking operation that used the social media platform to spread iOS and Android malware that spied on Uyghur people from the Xinjiang region of China. Malware for both mobile OSes had advanced capabilities that could steal just about anything stored on an infected device. The hackers, …

Facebook shuts down hackers who infected iOS and Android devices Read More »