NAME:WRECK vulnerabilities impact millions of smart and industrial devices
Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria — which the company describes as “an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks.”
Security researcher drops Chrome and Edge exploit on Twitter
An Indian security researcher has published details today about a zero-day vulnerability impacting Google Chrome, Microsoft Edge, and other Chromium-based browsers like Opera and Brave.
‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails
Former Acting Secretary for the Department of Homeland Security Chad Wolf on Monday recounted the intense first days of the SolarWinds crisis, and remarked on recent reports that the suspected Russian hackers behind the attack had gained access to his email account. “My first question was: were these unclassified email accounts? The answer was yes,” Wolf said at a virtual talk hosted by the Heritage Foundation. “It’s still concerning, but it would have been even more of a concern if they had access to the lines that DHS does its most sensitive work on.”
White House announces leadership picks for CISA and National Cyber Director role
The Biden administration on Monday said it has picked two National Security Agency veterans to serve in top cybersecurity leadership roles. Chris Inglis will be nominated to serve as the country’s first National Cyber Director, and Jen Easterly will be tapped to run the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA. Both positions require Senate confirmation, which could take several months…
LinkedIn denies 500 million user data breach
LinkedIn has formally denied a rumor that it suffered a devastating security breach that exposed the account details of more than 500 million of its registered users.
Microsoft: Malware gang uses website contact forms for distribution
Microsoft said today it spotted a cybercrime operation abusing contact forms on legitimate websites to target companies and their workers in attempts to infect them with the IcedID malware.
Official client for the APKPure Android app store compromised with malware
The official client for APKPure, the second-largest Android app store after the Google Play Store, was compromised with malware this week, three security firms said on Friday.
US arrests suspect who wanted to blow up AWS data center
The FBI has arrested on Thursday a Texas man who planned to blow up one of the Amazon Web Services (AWS) data centers in an attempt to “kill of about 70% of the internet.”
Maze/Egregor ransomware cartel estimated to have made $75 million
The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.
Android malware found on Huawei’s official app store
A security firm said this week it found malware on Huawei’s official Android app store, the AppGallery. Russian antivirus maker Dr.Web said it found ten apps from three developers that were infected with Joker, a type of Android malware that subscribes users to premium phone services in a tactic known as WAP fraud.