The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that's believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said that the breach wasn't discovered until December 24, which is nine days after the hack campaign came to light. READ MORE...
Nissan is examining whether source code for its North American division's mobile apps, marketing tools and more have leaked online, the company said. "We are aware of a claim regarding a reported improper disclosure of Nissan's confidential information and source code," said a Nissan spokesperson. "We take this type of matter seriously and are conducting an investigation." READ MORE...
The SolarWinds security breach disclosed last month, which US authorities believe was of Russian origin and led to the compromise of at least 18,000 organizations, may have been enabled in part by software from JetBrains. The company, founded by Russian software developers and based in the Czech Republic, makes software development tools. One of these, build management and continuous integration system TeamCity, is used by SolarWinds as part of its application build process. READ MORE...
Mozilla Firefox is disabling the browser's backspace key to prevent users from accidentally losing data typed into forms. In 2014, Google removed the ability to go back to a previous page by using the backspace key as it could cause the loss of data entered into forms on the current page. Seven years ago, Mozilla opened a bug post to discuss whether the backspace key should be disabled but decided at the time not to make any changes. READ MORE...
2020 has ended with a stunning display of nation-state cyber capabilities. The Kremlin's SVR shocked the cybersecurity industry and U.S. government with its intrusions into FireEye and the U.S. Office of the Treasury by way of SolarWinds, revealing only traces of its long-term, sophisticated campaigns. These breaches are reminders that no organization is immune to cyber risk or to hacking. Every company is subject to the same reality: compromise is inevitable. READ MORE...
Towards the end of 2020, a researcher at Dutch cybersecurity company EYE was taking a look at the firmware of a Zyxel network router. He examined the password database that shipped in the firmware and noticed an unusual username of zyfwp. That name didn't show up in the official list of usernames shown in the router's user interface, yet it did have a password hash in the database itself, which was interesting all on its own. READ MORE...
Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them. A German software developer, SoftMaker Software GmbH offers individuals and enterprises a popular office software suite that includes word processing, spreadsheet, presentation, and database software components. The firm's SoftMaker Office suite provides support for common and internal document file formats. READ MORE...