A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.
Named Silex, this malware began operating earlier today, about three-four hours before this article's publication.
Hackers thought to be affiliated with China's government have broken into the systems of more than a dozen global telecommunications carriers, taking with them "large amounts" of consumer and business data, according to Boston-based cybersecurity firm Cybereason.
Cybereason, which was first to identify the attacks, said that the hacks were long-running and appeared to be an intelligence operation because it targeted specific individuals. The tracked activity in the report occurred in 2018 and perhaps 2017.
Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system.
The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS Gatekeeper security feature, which verifies downloaded applications before allowing them to run on Macs. Researchers now say that they have spotted new samples of malware, dubbed OSX/Linker, which they claim are being developed to target the vulnerability.
With tensions between the US and Iran on the rise following the downing of a US military drone last week, the director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is warning that Iran is elevating its efforts to do damage to US interests through destructive malware attacks on industrial and government networks.
In a statement issued on Saturday, June 22, CISA Director Christopher C. Krebs said:
VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program.
Last year, the European Commission announced that they were expanding their Free and Open Source Software Audit (FOSSA) project to support bug bounty programs for free and open source programs that they use.
Traffic destined for some of Europe's biggest mobile providers was misdirected in a roundabout path through the Chinese-government-controlled China Telecom on Thursday, in some cases for more than two hours, an Internet-monitoring service reported. It's the latest event to stoke concerns about the security of the Internet's global routing system, known as the Border Gateway Protocol.
Two-factor authentication, the added security step that requires people enter a code sent to their phone or email, has traditionally worked to keep usernames and passwords safe from phishing attacks.
However, security experts have demonstrated an automated phishing attack that can cut through that added layer of security—also called 2FA—potentially tricking unsuspecting users into sharing their private credentials.
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide.
Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated.
Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.
The mayor and city council president of Baltimore are pushing for the ransomware attack that brought Baltimore's city government to a standstill to be designated a disaster, and officials are seeking federal aid to help pay for the cleanup from the RobbinHood malware's damage. This call came after a New York Times report that the ransomware used the EternalBlue exploit developed by the National Security Agency to spread across the city's network.
