Cybersecurity News and Product Reviews | SC Media

Home

Justice charges Chinese nationals in hacking campaign

Two Chinese hackers working with the Ministry of State Security, and charged by the Justice Department on Tuesday, allegedly ran a more-than-decade-long campaign hacking into the systems of hundreds of companies, governments, NGOs, dissidents, human rights activists and even clergy, nicking intellectual property and proprietary business research and more recently targeting companies developing COVID-19 vaccines,…

Adobe fixes 12 critical bugs in second round of July patches

Just one week after issuing its last batch of patches, Adobe Systems has issued additional security updates fixing 13 vulnerabilities, 12 of them critical out-of-bounds read or write flaws that can lead to arbitrary code execution in either Prelude, Photoshop or Bridge. One additional bug of “important” severity was all located in Mobile Reader, for…

charger

Fast-charging hacks can melt phones, compromise firmware

Fast-charging technology might let users charge their mobile phones within minutes instead of hours – that is, if a hacker doesn’t cause them to catch on fire. Some charging bricks can melt a mobile phone, and if they fall into the wrong hands, their firmware can be further compromised, according to a blog post from…

cloud server

Phishing attack hid in Google Cloud Services

Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing…

Biden will punish foreign election interference, hacking

Former Vice President and presumptive Democratic presidential nominee Joe Biden said he would take harsh action against any nation-state that attempted to meddle in the U.S. presidential election, “whether by hacking voting systems and databases, laundering money into our political system, systematically spreading disinformation, or trying to sow doubt about the integrity of our elections.”…

U.K. Covid-19 Test and Trace violated GDPR

The U.K. government violated data privacy regulated Europe’s GDPR by implementing a NHS Test and Trace program to monitor the spread of COVID-19 without also establishing a required Data Protection Impact Assessment (DPIA). Privacy advocacy organization Open Rights Group (ORG) issued a complaint against Public Health England (PHE), which launched the program on May 28,…

Legacy ICS puts critical infrastructure at risk

By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren’t built with security in mind. American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs…

Akamai NOCC

Rise in DDoS attacks lost in pandemic

Though they might get lost in all the other security threats exacerbated by the Covid-19 pandemic, DDoS attacks, unsurprisingly, ticked up during the first part of 2020, most handily absorbed by the internet backbone – and the defensive efforts of targeted companies. Disruptions at AT&T, Sprint, T-Mobile and Verizon and streaming companies in mid-June stoked…

Leaked videos offer rare behind-the-scenes look at Iranian APT operation

Threat analysts hit the cyber intel mother lode after uncovering a 40GB data leak that included training videos shedding light on the activities of an Iranian advanced persistent threat group. In a company blog post this week, IBM X-Force Incident Response Intelligence Services (IRIS) said that the leaked assets were the result of an OPSEC error on…

Covid-19 vaccines, economies in peril after Russian APT29 attacks

Warnings by officials in the U.S., U.K. and Canada that Russia’s Cozy Bear, APT29, is actively trying to steal Covid-19 vaccine research by hacking vaccine trials and dropping WellMess and WellMail malware proves at least two things: Russia military intelligence is still going hard against U.S. targets, and the health care industry, particularly during the…

Next post in APTs/cyberespionage