Spotify Users Hit with Rash of Account Takeovers
Subscribers of Spotify streaming music service may have experienced some disruption, thanks to a likely credential-stuffing operation. Credential stuffing takes advantage of people who reuse the same passwords across multiple online accounts. Attackers will use IDs and passwords stolen from another source, such as a breach of another company or website, that they then try to use to gain unauthorized access to other accounts, trying the stolen logins against various accounts using automated scripts. READ MORE...
FBI warns of criminals spoofing its website domain names
The FBI is warning internet users to be on their guard against copycat websites that spoof FBI-related domain names. According to a public service announcement issued today by Federal Bureau of Investigation, it has observed cybercriminals registering "numerous domains spoofing legitimate FBI websites." It's easy to imagine how a fraudster might concoct an official-looking email, that might appear authentic to the typical user but actually link to a website under their control with a similar looking URL. READ MORE...
TrickBot Gets Updated to Survive Takedown Attempts
Following a takedown attempt in October, the TrickBot malware has received various improvements that are designed to make it more resilient. On October 12, Microsoft announced that, together with several partners, it managed to legally disable existing TrickBot infrastructure and prevent operators from registering additional command and control (C&C) domains. READ MORE...
New WAPDropper malware stealthily subscribes you to premium services
Security researchers are warning of a new malware family that currently targets mobile phone users to subscribe them silently to legitimate premium-rate services. Named WAPDropper, the malware is a multi-function dropper that can deliver second-stage malware and uses a machine learning solution to bypass image-based CAPTCHA challenges. READ MORE...
VMware Working on Patches for Critical Workspace ONE Access Vulnerability
VMware on Monday published an advisory to inform users that it's working on patching a critical command injection vulnerability affecting Workspace ONE Access and some related components. The flaw, tracked as CVE-2020-4006 and having a CVSS score of 9.1, was reported privately to VMware, but the virtualization giant has not credited anyone in its advisory. The company says it's working on patches and in the meantime it has shared some workarounds to help organizations reduce the risk of exploitation. READ MORE...
Tesla Model X key fobs could be hacked to steal cars, fix released
Researchers at the University of Leuven in Belgium found vulnerabilities in the keyless entry system of the Tesla Model X that would have allowed attackers to steal the $100,000 car within just a few minutes. The security bugs allowed taking full control of the key fob and of the car by remotely updating the Tesla Model X's BLE chip with specially crafted firmware. Once the key fob was compromised, the researchers were able to capture valid unlock messages which allowed them to unlock the car at any time. READ MORE...
Security Researchers Sound Alarm on Smart Doorbells
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them. Consumers looking to purchase video doorbells this holiday season would do well to stick with reputable and trusted brands. A recent review of nearly a dozen inexpensive video doorbells sold via online markets such as Amazon and eBay uncovered multiple security vulnerabilities in each device. READ MORE...
How a Thanksgiving Day gag ruffled feathers in Mission Control
The phone call from the "Mountain" to Mission Control in Houston came at just about the worst possible time. It was the wee hours of Thanksgiving morning in 1991. Up in space, the crew members on board space shuttle Atlantis were sleeping. Now all of a sudden, Lead Flight Director Milt Heflin faced a crisis. Mission Control informed Heflin that the Cheyenne Mountain Air Force Station had called to warn that a dormant satellite had a potential conjunction with the space shuttle in only 15 minutes. READ MORE...
AstraZeneca's COVID-19 vaccine shows success: Here's how it stacks up to others
AstraZeneca announced in a press release on Monday that its COVID-19 vaccine showed positive results in an interim analysis of clinical trial data. The announcement marks the third vaccine to show strong efficacy in late-stage trials against the pandemic coronavirus, SARS-CoV-2. Though AstraZeneca's vaccine efficacy numbers are not as impressively high as those for the vaccines before it-mRNA vaccines from Pfizer/BioNTech and Moderna-AstraZeneca's does offer some advantages over those vaccines. READ MORE...
- ...in 1864, French painter and illustrator Henri de Toulouse-Lautrec, who immortalized the colorful world of Parisian nightlife, is born in Albi, France.
- ...in 1938, early NBA star and Cincinnati Royals point guard Oscar Robinson is born in Charlotte, TN.
- ...in 1968, the Beatles released the album that became known as "The White Album". It went on to sell 30 million copies in the first year.
- ...in 1971, an unidentified man known as "D.B. Cooper" hijacks a Northwest Airlines 727 and parachutes away with a $200,000 ransom, never to be seen or apprehended since.
