Larry Jaffee SC Media | Page 2 of 16

Larry Jaffee

Most recent articles by Larry Jaffee

Critical VPN vulnerabilities pose danger to OT networks

The VPN approach for remote security may not be as secure as previously believed, new research has found. That’s particularly troubling, which is especially unfortunate given on the work-at-home reality brought on by COVID-19, according to a blog post from Claroty. Remote code execution (RCE) vulnerabilities affecting VPN implementations primarily used to provide remote access…

Dave ShinyHunters hack exposes 7.5 million user records

Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group…

Garmin expects delays after WastedLocker ransomware attack

Garmin expects its operations to be back up in the next few days, with some delays, after suffering a targeted WastedLocker ransomware attack that reinforced that the best cybersecurity strategy is to prepare for the worst. The smart watch/wearable tech firm admitted on its website the attack encrypted some of its systems on July 23,…

New cryptominer botnet spreads payload, less intrusive

A new cryptocurrency-mining botnet attack called Prometei bypasses detection systems and monetizes its campaigns in less intrusive ways. It is the first time that anyone’s documented a multi-modular botnet, according to Talos, which discovered the botnet and dubbed it “Prometei.” The botnet, which has been active since March, spreads a payload to provide financial benefits…

charger

Fast-charging hacks can melt phones, compromise firmware

Fast-charging technology might let users charge their mobile phones within minutes instead of hours – that is, if a hacker doesn’t cause them to catch on fire. Some charging bricks can melt a mobile phone, and if they fall into the wrong hands, their firmware can be further compromised, according to a blog post from…

cloud server

Phishing attack hid in Google Cloud Services

Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing…

U.K. Covid-19 Test and Trace violated GDPR

The U.K. government violated data privacy regulated Europe’s GDPR by implementing a NHS Test and Trace program to monitor the spread of COVID-19 without also establishing a required Data Protection Impact Assessment (DPIA). Privacy advocacy organization Open Rights Group (ORG) issued a complaint against Public Health England (PHE), which launched the program on May 28,…

Legacy ICS puts critical infrastructure at risk

By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren’t built with security in mind. American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs…

Fake Cisco switches provoked network failures

Counterfeit Cisco devices were behind the failure of an IT company’s network switches last fall after a software upgrade, an investigation has found. Underscoring the security challenges posed by counterfeit hardware, the real-life anecdote prompted the victimized purchaser to commission F-Secure’s hardware security team to perform a thorough analysis of the components. The company discovered that…

Next post in Security News