Security

Microsoft released patches Tuesday for four critical vulnerabilities Chinese hackers are using in targeted attacks on Exchange Server, SC Media has learned.

On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access.

Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.

This morning, South Korean intelligence officials warned the country's lawmakers of North Korean attempts to hack into a "local drug manufacturer" to illicitly obtain COVID-19 vaccine and treatment data.

As reported by The Washington Post, South Korean intelligence services committee member Ha Tae-Keung told reporters that the data sought included COVID-19 vaccine and treatment technology. Tae-Keung went on to say that South Korea detected a 32 percent year-on-year increase in North Korean cyber-attack attempts.

Hackers have spent up to three years breaking into organizations by targeting monitoring software made by the French company Centreon, France’s cybersecurity watchdog said on Monday.

The watchdog, known by its French acronym ANSSI, stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group often nicknamed “Sandworm.”

ANSSI, Centreon, and the Russian embassy in Paris did not immediately return messages seeking comment.

Microsoft has patched 56 flaws in its latest Patch Tuesday round of fixes including a critical vulnerability in the win32k component of Windows 10 that could allow hackers to escalate privileges on a targeted device.

The critical zero-day flaw, tracked as CVE-2021-1732, is under active exploitation and is rated 7.8 on the CVSS threat severity scale. It’s been exploited to allow hackers to run malicious code on a targeted system with elevated privileges, according to researchers with DBAPPSecurity, who first discovered the flaw.

Security researchers have discovered vulnerabilities in multiple TCP/IP stacks that affect millions of internet-connected devices and could enable hackers to hijack them.

Ten people have been arrested in connection with a series of SIM-swapping attacks that reaped more than $100 million by taking over the mobile phone accounts of high-profile individuals, authorities said on Wednesday.

The Florida water treatment facility whose computer system experienced a potentially hazardous computer breach last week used an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees, government officials have reported.

If your choice of encrypted messaging app is a toss-up between Signal, Telegram and WhatsApp, do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy. If that's what you're after, nothing beats Signal.

Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome's sync feature to bypass firewalls. Let’s discuss them one by one.