The Federal Bureau of Investigation (FBI) confirmed today that its fbi[.]gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities. READ MORE...
Hewlett Packard Enterprise (HPE) has confirmed that a small amount of customer data was compromised in a data breach involving its subsidiary Aruba Networks. The incident, HPE says, was discovered on November 2, and involved the use of an access key to gain unauthorized access to "a limited subset of information held in the Aruba Central cloud environment." READ MORE...
Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently. Some customers have been aware for weeks that something was fishy and have been sharing their suspicions on social media. The story was first picked up by BleepingComputer, which reported that the notification letters went out sometime this month. READ MORE...
Microsoft has released out-of-band updates to address authentication failures related to Kerberos delegation scenarios impacting Domain Controllers (DC) running supported versions of Windows Server. On impacted systems, end-users cannot sign into services or applications using Single Sign-On (SSO) in Active Directory on-premises or hybrid Azure Active Directory environments. READ MORE...
Video messaging technology giant Zoom has shipped patches for high-severity vulnerabilities that expose enterprise users to remote code execution and command injection attacks. The company released multiple security bulletins to warn of the risks and called special attention to a pair of "high-risk" bugs affecting its on-prem meeting connector software and the popular Keybase Client. READ MORE...
Researchers have shown that a widely used protocol named Data Distribution Service (DDS) is affected by vulnerabilities that could be exploited by threat actors for various purposes. Maintained by the standards development organization Object Management Group (OMG), DDS is a middleware protocol and API standard for data connectivity that is advertised as ideal for business-critical IoT systems. DDS has been used in various sectors including public transportation, aerospace, and military systems. READ MORE...
Some of the world's largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to prevent Magecart attacks, Cyberpion research revealed. Magecart is the common name for a style of cyber attack in which hackers compromise third party code (typically Javascript that runs in browsers) to steal, or scrape, information such as credit card data from web-applications or websites that incorporate the code. READ MORE...
The semiconductor industry lives at the cutting edge of technological progress. So why can't it churn out enough chips to keep the world moving? Nearly two years into pandemic-caused disruptions, a severe shortage of computer chips-the components at the heart of smartphones, laptops, and innumerable other products-continues to affect manufacturers across the global economy. READ MORE...