The VPN approach for remote security may not be as secure as previously believed, new research has found. That’s particularly troubling, which is especially unfortunate given on the work-at-home reality brought on by COVID-19, according to a blog post from Claroty. Remote code execution (RCE) vulnerabilities affecting VPN implementations primarily used to provide remote access…
Overdraft protection and cash advance service Dave suffered a data breach that appeared to involve the practices of a former third-party vendor, resulting in its database containing 7.5 million user records being sold at auction and then released later for free on hacker forums. The stolen information, which appeared to be taken by hacking group…
Garmin expects its operations to be back up in the next few days, with some delays, after suffering a targeted WastedLocker ransomware attack that reinforced that the best cybersecurity strategy is to prepare for the worst. The smart watch/wearable tech firm admitted on its website the attack encrypted some of its systems on July 23,…
A new cryptocurrency-mining botnet attack called Prometei bypasses detection systems and monetizes its campaigns in less intrusive ways. It is the first time that anyone’s documented a multi-modular botnet, according to Talos, which discovered the botnet and dubbed it “Prometei.” The botnet, which has been active since March, spreads a payload to provide financial benefits…
The pandemic has served as a catalyst for much of the hacking increases during the first half of 2020, with weekly COVID-19-related phishing attacks growing from under 5,000 in February to more than 200,000 in late April. All types of cyberattacks were up 34 percent from March to April, according to Check Point’s mid-year report.…
Fast-charging technology might let users charge their mobile phones within minutes instead of hours – that is, if a hacker doesn’t cause them to catch on fire. Some charging bricks can melt a mobile phone, and if they fall into the wrong hands, their firmware can be further compromised, according to a blog post from…
Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing…
The U.K. government violated data privacy regulated Europe’s GDPR by implementing a NHS Test and Trace program to monitor the spread of COVID-19 without also establishing a required Data Protection Impact Assessment (DPIA). Privacy advocacy organization Open Rights Group (ORG) issued a complaint against Public Health England (PHE), which launched the program on May 28,…
By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren’t built with security in mind. American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs…
Counterfeit Cisco devices were behind the failure of an IT company’s network switches last fall after a software upgrade, an investigation has found. Underscoring the security challenges posed by counterfeit hardware, the real-life anecdote prompted the victimized purchaser to commission F-Secure’s hardware security team to perform a thorough analysis of the components. The company discovered that…
