Krebs On Security: Zyxel Fixes 0day in Network Storage Devices
Networking hardware vendor Zyxel today released an update to fix a critical flaw in many of its network attached storage (NAS) devices that can be used to remotely commandeer them. The patch comes 12 days after KrebsOnSecurity alerted the company that precise instructions for exploiting the vulnerability were being sold for $20,000 in the cybercrime underground. READ MORE...
Credit Card Skimmer Running on 13 Sites, Despite Notification
The tally of shopping websites infected by MageCart Group 12 with JavaScript that steals payment card info is seeing a sharp increase. Nearly 40 new victims have been discovered. Some of them were compromised as early as September 30, 2019, allowing attackers to collect payment card info for more than four months. MageCart is a generic name for attackers that inject in web shops a script that steal the payment details customers provide on checkout pages, essentially a skimmer in software form. READ MORE...
New Mozart Malware Gets Commands, Hides Traffic Using DNS
A new backdoor malware called Mozart is using the DNS protocol to communicate with remote attackers to evade detection by security software and intrusion detection systems. Typically when a malware phones home to receive commands that should be executed, it will do so over the HTTP/S protocols for ease of use and communication. Using HTTP/S communication to communicate, though, has its drawbacks as security software normally monitors this traffic for malicious activity. READ MORE...
Researchers trick autonomous car autopilot with phantom images
Researchers from Ben-Gurion University of the Negev's (BGU) Cyber Security Research Center have found that they can trick the autopilot on an autonomous car to erroneously apply its brakes in response to "phantom" images projected on a road or billboard. In a research paper the researchers demonstrated that autopilots and advanced driving-assistance systems (ADASs) in semi-autonomous or fully autonomous cars register depthless projections of objects (phantoms) as real objects. READ MORE...
Smart speakers mistakenly eavesdrop up to 19 times a day
That smart home speaker isn't listening to everything you say, according to new research - but it is listening a lot more than it should. Researchers have found some speakers activating by mistake up to 19 times each day. Virtual assistants like Siri and Alexa are programmed not to listen to your conversation constantly. Instead, they listen for a 'wake phrase'. The problem is that just like humans, virtual assistants often mishear things. READ MORE...
Apple Takes Heat Over 'Vulnerable' iOS Cut-and-Paste Data
Any cut-and-paste data temporarily stored to an iPhone or iPad's memory can be accessed by all apps installed on the specific device - even malicious ones. That data can then reveal private information such as a user's GPS coordinates, passwords, banking data or a spreadsheet copied into an email. Shedding light onto the potential harm of this scenario is German software engineer, Tommy Mysk, who is trying to raise awareness around what he believes is an Apple vulnerability. READ MORE...
One of NASA's greatest mathematicians, Katherine Johnson, has died
Katherine Johnson, a trailblazing mathematician best known for her contributions to NASA's human spaceflight program and who gained fame later in life due to the movie Hidden Figures, died Monday. She was 101 years old. "At NASA, we will never forget her courage and leadership and the milestones we could not have reached without her." said NASA Administrator Jim Bridenstine. READ MORE...
