exploits

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

Enlarge The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. One vulnerability …

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling Read More »

Morgan Stanley discloses data breach that resulted from Accellion FTA hacks

Enlarge Getty Images Morgan Stanley suffered a data breach that exposed sensitive customer data, and it became the latest known casualty of hackers exploiting a series of now-patched vulnerabilities in Accellion FTA, a widely used third-party file-transfer service. The data obtained included names, addresses dates of birth, social security numbers, and affiliated corporate company names, …

Morgan Stanley discloses data breach that resulted from Accellion FTA hacks Read More »

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Enlarge Getty Images An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print spooler, …

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability Read More »

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

Enlarge Getty Images Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. The vulnerability is remarkable because it made it trivial to wipe what is …

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices Read More »

This is not a drill: VMware vuln with 9.8 severity rating is under attack

Enlarge A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software. The vulnerability, tracked as CVE-2021-21985, resides in the vCenter Server, a tool for …

This is not a drill: VMware vuln with 9.8 severity rating is under attack Read More »

4 vulnerabilities under attack give hackers full control of Android devices

Enlarge Getty Images Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has released security updates to device manufacturers, who …

4 vulnerabilities under attack give hackers full control of Android devices Read More »

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. Samuel Axon A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch two …

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices Read More »

More US agencies potentially hacked, this time with Pulse Secure exploits

Enlarge Getty Images At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday. The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, include …

More US agencies potentially hacked, this time with Pulse Secure exploits Read More »

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants

Enlarge Getty Images Ransomware operators shut down two production facilities belonging to a European manufacturer after deploying a relatively new strain that encrypted servers that control manufacturer’s industrial processes, a researcher from Kaspersky Lab said on Wednesday. The ransomware known as Cring came to public attention in a January blog post. It takes hold of …

How a VPN vulnerability allowed ransomware to disrupt two manufacturing plants Read More »

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities

Enlarge Getty Images The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities or other common exploitation techniques to gain …

Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities Read More »