Security

The results of a six-month investigation into a botnet that targets a vulnerability in content management systems have been released today by Imperva Research Labs.

The botnet known as 'KashmirBlack' first appeared around November 2019 and is still active. It's managed by a single command and control server and uses more than 60 servers -- mostly innocent surrogates -- as part of its infrastructure.

The US government said today that a Russian state-sponsored hacking group has targeted and successfully breached US government networks.

Government officials disclosed the hacks in a joint security advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI).

Unbeknownst to Windows 10 users until now, a security vulnerability existed in Windows Setup, the process with runs when installing Feature Updates for the operating system.

The vulnerability (CVE-2020-16908) made it possible for a locally authenticated attacker to run arbitrary code with elevated system privileges. This flaw could be exploited to install software, create new user accounts, or interfere with data.

While Apple’s Face ID pretty much works as advertised, there are times when using one’s fingerprint is much more efficient. This has led to some wondering if Apple could potentially implement both solutions in future iPhones. While Touch ID did not return in the iPhone 12, it has been rumored that this is a feature Apple is still looking to bring back.

Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs—and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.

By: Weixien Toh

Microsoft has been working hard on improving the Chromium-based Edge web browser and the company's upcoming feature will allow users to disable the password reveal button on different websites.

Prison video visitation systems are sometimes the only way family and lawyers can talk to inmates, particularly during the COVID-19 pandemic, but the security of those systems recently suffered a major lapse. Researcher Bob Diachenko told TechCrunch that video visitation provider HomeWAV left a database dashboard publicly accessible without a password since April, exposing “thousands” of calls between inmates and their attorneys. Anyone could read call logs and transcripts.

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.

Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

Google’s latest effort to protect the safety and privacy of its users involves more prominent security alerts. Moving forward, when the company detects a potentially serious issue with your account, it will notify you directly through the Google app you’re using at the moment.