Canon has suffered a ransomware attack that impacts numerous services, including Canon's email, Microsoft Teams, USA website, and other internal applications. BleepingComputer has been tracking a suspicious outage on Canon's image.canon cloud photo and video storage service resulting in the loss of data for users of their free 10GB storage feature. The image.canon site suffered an outage on July 30th, 2020, and over six days, the site would show status updates until it went back in service. READ MORE...
Election Systems & Software, the biggest vendor of U.S. voting equipment, on Wednesday announced a policy to work more closely with security researchers to find software bugs in the company's IT networks and websites. "Hackers are going to hack, researchers are going to research, whether or not there's a policy in place," Chris Wlaschin, ES&S's vice president of systems security, told CyberScoop. "We think it's important to have that safe harbor language out there to set expectations." READ MORE...
Lafayette, Colorado, officials announced Tuesday the city's computer systems were hacked and they were forced to pay a ransom to regain access. Lafayette officials said hackers disabled the city's network services and blocked its access until the city paid a $45,000 fee, the Daily Camera reported. The attack caused city emails, phones, online payments and reservation systems to temporarily shut down. READ MORE...
Attacks that worked 10 years ago have only gotten worse despite growing use. More than a decade has passed since researchers demonstrated serious privacy and security holes in satellite-based Internet services. The weaknesses allowed attackers to snoop on and sometimes tamper with data received by millions of users thousands of miles away. You might expect that in 2020-as satellite Internet has grown more popular-providers would have fixed those shortcomings, but you'd be wrong. READ MORE...
t's no secret that the current pandemic is causing a major strain on consumers and businesses alike. As the U.S. teeters on the verge of a recession, companies are cutting their spending wherever they can - including in cybersecurity. Gartner estimates that security faces cuts as high as $6.7 billion - an unfortunate outcome, particularly since most organizations are also experiencing an expansion of their attack surface as a result of more people working from home. READ MORE...
Twitter today announced that it fixed a security vulnerability in the Twitter for Android app that could have allowed attackers to gain access to users' private Twitter data including direct messages. "We recently discovered and fixed a vulnerability in Twitter for Android related to an underlying Android OS security issue affecting OS versions 8 and 9," Twitter explained. "Our understanding is 96% of people using Twitter for Android already have an Android security patch installed. READ MORE...
Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. These exploits, one of which takes advantage of a zero-day vulnerability, could also allow hackers to send fake text messages if manipulated properly, researchers found. READ MORE...
At Black Hat 2020, Patrick Wardle disclosed an exploit chain that bypasses Microsoft's malicious macros protections to infect MacOS users. A new "zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The attack bypasses security measures that both Microsoft and Apple have put in place to protect MacOS users from malicious macros. READ MORE...
The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready. An abundance of deep-learning and open-source technologies are making it easy for cybercriminals to generate fake images, text and audio called "synthetic media". This type of media can be easily leveraged on Facebook, Twitter and other social media platforms to launch disinformation campaigns with hijacked identities. READ MORE...