Security

Researchers have known for years about security issues with the foundational computer code known as firmware. It's often riddled with vulnerabilities, it's difficult to update with patches, and it's increasingly the target of real-world attacks. Now a well-intentioned mechanism to easily update the firmware of Dell computers is itself vulnerable as the result of four rudimentary bugs. And these vulnerabilities could be exploited to gain full access to target devices.

The nation-state hackers who orchestrated the SolarWinds supply chain attack compromised a Microsoft worker’s computer and used the access to launch targeted attacks against company customers, Microsoft said in a terse statement published late on a Friday afternoon.

Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.

The mass incidents of disk wiping came to light in this thread on Western Digital’s support forum. So far, there are no reports of deleted data later being restored.

Jeff Bezos has a hidden weapon: your data. While Amazon’s retail empire is built on a complex web of infrastructure and murky working practices, its selling success is based on an intricate knowledge of what millions of people buy and browse every day.

For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now one researcher has found a collection of bugs that allow him to hack ATMs—along with a wide variety of point-of-sale terminals—in a new way: with a wave of his phone over a contactless credit card reader.

Leaked instructions for GrayShift's GrayKey iPhone unlocking device have surfaced, giving an idea of what the device intended for law enforcement officials can do, and how it works.

GrayShift's GrayKey is an infamous device used to unlock and pull data from iPhones and iPads owned by suspects, as part of an investigation by law enforcement officials. While the device is known to exist, and has even been photographed as part of FCC filings, a release of details from written instructions for the device provides a better idea of the device's capabilities.

The news that games giant Electronic Arts was hacked and the source code and software development kits to many popular games like FIFA 21 and 22 as well as the source code to Frostbite, the games engine that powers many of popular titles such as Madden, Need for Speed and Battlefield, has spread like wildfire in the past 24 hours. In all, the hackers claim to have pilfered 780GB of EA's proprietary data.

Google has announced that end-to-end encryption is rolling out to users of Google Messages, Android's default SMS and RCS app. The feature has been in testing for months, and now it's coming to everyone.

An advanced persistent threat that Russia found inside government systems was too crude to have been the work of a Western nation, says security researcher Juan Andrés Guerrero-Saade of Sentinel Labs, before suggesting the malware came from a Chinese entity.

Russian telco and IT services provider Rostelecom and the nation’s National Coordination Center for Computer Incidents, an arm of the Russian Federal Security Service (FSB), in May published a joint report that detailed their assessment of attacks on several Russian government entities detected in 2020.

Cybersecurity researchers have identified four security vulnerabilities in Microsoft Excel and Microsoft Office 365 that can be exploited to execute malicious code.

The vulnerabilities, reported by Check Point, come from the legacy code that stems from Excel95, giving them reason to believe that the vulnerabilities have existed for several years.