Enlarge Getty Images The FBI and the Cybersecurity and Infrastructure Security Agency said that advanced hackers are likely exploiting critical vulnerabilities in the Fortinet FortiOS VPN in an attempt to plant a beachhead to breach medium and large-sized businesses in later attacks. “APT actors may use these vulnerabilities or other common exploitation techniques to gain […]
Enlarge BeeBright / Getty Images / iStockphoto A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said. Two updates pushed to the PHP Git server over the weekend added a […]
Enlarge Getty Images Facebook said it has disrupted a hacking operation that used the social media platform to spread iOS and Android malware that spied on Uyghur people from the Xinjiang region of China. Malware for both mobile OSes had advanced capabilities that could steal just about anything stored on an infected device. The hackers, […]
Enlarge Getty Images In a development security pros feared, attackers are actively targeting yet another set of critical server vulnerabilities that leave corporations and governments open to serious network intrusions. The vulnerability this time is in BIG-IP, a line of server appliances sold by Seattle-based F5 Networks. Customers use BIG-IP servers to manage traffic going […]
Enlarge Getty Images Now organizations using Microsoft Exchange have a new security headache: never-before seen ransomware that’s being installed on servers that were already infected by state-sponsored hackers in China. Microsoft reported the new family of ransomware deployment late Thursday, saying that it was being deployed after the initial compromise of servers. Microsoft’s name for […]
Enlarge Getty Images Hackers say they broke into the network of Silicon Valley startup Verkada and gained access to live video feeds from more than 150,000 surveillance cameras the company manages for Cloudflare, Tesla, and a host of other organizations. The group published videos and images they said were taken from offices, warehouses, and factories […]
Enlarge Getty Images By now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company’s customers. On Monday, researchers published evidence that hackers from China also targeted SolarWinds customers in what security analysts have said […]
Enlarge Drew Angerer | Getty Images The hackers behind one of the worst breaches in US history read and downloaded some Microsoft source code, but there’s no evidence they were able to access production servers or customer data, Microsoft said on Thursday. The software maker also said it found no evidence the hackers used the […]
Enlarge Getty Images Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the devices it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t slated […]
Enlarge Getty Images Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies. The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system and using it to infect the networks of customers who used SolarWinds’ […]
Enlarge Getty Images Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the […]
Enlarge Gregory Varnum The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said that the breach wasn’t discovered until December […]
Enlarge Zyxel Hackers are attempting to exploit a recently discovered backdoor built into multiple Zyxel device models that hundreds of thousands of individuals and businesses use as VPNs, firewalls, and wireless access points. The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, a […]
The hackers gained more access than the company previously understood, though they were unable to modify code or get into its products and emails. Microsoft said on Thursday that the far-reaching Russian hack of U.S. government agencies and private corporations had gone further into its network than the company previously understood. While the hackers, suspected […]
Getty Images Hackers have stolen the data of a large cosmetic surgery chain and are threatening to publish patients’ before and after photos, among other details. The Hospital Group, which has a long list of celebrity endorsements, has confirmed the ransomware attack. It said it had informed the Information Commissioner of the breach. On its […]