Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol Flaws
New research shows that over 4 million systems on the internet, including VPN servers and home routers, are vulnerable to attacks due to tunneling protocol vulnerabilities. The research was conducted by Mathy Vanhoef, a professor at the KU Leuven university in Belgium, and PhD student Angelos Beitis, in collaboration with VPN testing company Top10VPN. Vanhoef is well known for his Wi-Fi security research, including for the attacks named Dragonblood, KRACK and FragAttacks. READ MORE...
Avery had credit card skimmer stuck on its site for months
The consequences of a wave of credit card skimmers-which is normal around the holidays-are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its systems. An investigation showed that cybercriminals had inserted malicious software that was used to "scrape" credit card information used on its website. READ MORE...
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
In 2024, organizations informed the US government about more than 580 healthcare data breaches affecting a total of nearly 180 million user records. SecurityWeek has conducted an analysis of the healthcare breach database maintained by the US Department of Health and Human Services Office for Civil Rights (HHS OCR), which stores information on incidents impacting the protected health information of over 500 individuals. READ MORE...
Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
The collection has been leaked on Monday and publicized on an underground forum by the threat actor that goes by "Belsen_Group", supposedly as a free offering to solidify the name of the group in the forum users' memory. The leaked 1.6 GB archive contains folders ordered by country, and inside each are folders named after IP addresses. Inside those are full configuration files and a txt file with a list of admin and VPN user credentials. READ MORE...
Windows Patch Tuesday hits snag with Citrix software, workarounds published
Devices that have Citrix's Session Recording software installed are having problems completing this month's Microsoft Patch Tuesday update, which includes important fixes. Microsoft noted the problem in the list of known issues with the update, which arrived on January 14. According to the Windows vendor, affected devices will download and apply the update, but, after restarting to complete the installation, will show an error. READ MORE...
Attackers Hijack Google Advertiser Accounts to Spread Malware
In an especially brazen tactic, multiple threat actors are impersonating Google Ads login pages to trick advertisers into handing over their account credentials. The attackers - from regions as geographically dispersed as South America, Asia, and Eastern Europe - are then using the hijacked accounts in real-time to buy and distribute malicious advertisements and malware via Google Ads. READ MORE...
Even modest makeup can thwart facial recognition
Researchers at cyber-defense contractor PeopleTec have found that facial-recognition algorithms' focus on specific areas of the face opens the door to subtler surveillance avoidance strategies. In a pre-print paper titled "Novel AI Camera Camouflage: Face Cloaking Without Full Disguise," David Noever, chief scientist, and Forrest McKee, data scientist, describe their efforts to baffle face recognition systems through the minimal application of makeup and manipulation of image files. READ MORE...
Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. Rsync is an open-source file synchronization and data transferring tool valued for its ability to perform incremental transfers, reducing data transfer times and bandwidth usage. READ MORE...
- ...in 1909, the Ernest Shackleton expedition locates the Earth's magnetic South Pole.
- ...in 1948, horror/sci-fi director and composer John Carpenter ("Halloween", "Escape From New York") is born in Carthage, NY.
- ...in 1969, the Soviet spacecraft Soyuz 4 and Soyuz 5 perform the first-ever docking maneuver in orbit.
- ...in 1980, actor, composer, and playwright Lin-Manuel Miranda ("Hamilton", "In The Heights") is born in New York City.
