Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock doors, make phone calls and unauthorized purchases, and control furnaces, microwave ovens, and other smart appliances.
Any appearance of a new tool used by Russia's notorious, disruptive Sandworm hackers will raise the eyebrows of cybersecurity professionals braced for high-impact cyberattacks. When US and UK agencies warn of one such tool spotted in the wild just as Russia prepares a potential mass-scale invasion of Ukraine, it's enough to raise alarms.
Vladimir Putin’s attack on Ukraine has been met with fierce resistance throughout the country’s towns and cities. As Russian forces have moved closer to Kyiv, lawyers, students, and actors have taken up arms to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer “IT Army” that’s fighting back online.
Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus.
Microsoft is enabling a Microsoft Defender 'Attack Surface Reduction' security rule by default to block hackers' attempts to steal Windows credentials from the LSASS process.
When threat actors compromise a network, they attempt to spread laterally to other devices by stealing credentials or using exploits.
A proof-of-concept published by Russian security vendor Positive Technologies comes with detailed instructions on how to unlock processors to gain access.
Hardware hacker and director of Canberra-based security training company InfoSect, Dr Silvio Cesare, says the research allows people to reverse engineer Intel processors to a level that hasn't been possible before.
Meter, a blockchain infrastructure company that provides multi-chain bridging and allows users to trade multiple cryptocurrencies across Ethereum and other public chains, has been exploited for around $4.4 million, the company acknowledged via Twitter. The hack also affected the Moonriver network.
"Around 6am Pacific time we identified someone was able to leverage a vulnerability of the bridge to mint a large amount of BNB and WETH tokens and depleted the bridge reserve for BNB on WETH," the decentralized finance (DeFi) infrastructure provider tweeted on Saturday.
Researchers have uncovered advanced, never-before-seen macOS malware that was installed using exploits that were almost impossible for most users to detect or stop once the users landed on a malicious website.
The malware was a full-featured backdoor that was written from scratch, an indication that the developers behind it have significant resources and expertise. DazzleSpy, as researchers from security firm Eset have named it, provides an array of advanced capabilities that give the attackers the ability to fully monitor and control infected Macs. Features include:
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads UK's cyber security mission, is releasing NMAP Scripting Engine scripts to help defenders scan for and remediate vulnerable systems on their networks.
A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.
CVE-2021-4034 has been named PwnKit and its origin has been tracked to the initial commit of pkexec, more than 12 years ago, meaning that all Polkit versions are affected.
