Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former employees, as well as beneficiaries, was exposed in a security incident experienced by one of GE's service providers. GE is a multinational operating in a wide range of tech segments including aviation, power, healthcare, and renewable energy, and it is currently ranked by Fortune 500 as the 21st-largest company in the U.S. by revenue. READ MORE...
"Elite" hackers have tried - and failed - to breach computer systems and networks of the World Health Organization (WHO) earlier this month, Reuters reported on Monday. In fact, since the start of the COVID-19 pandemic, the WHO has been fielding an increasing number of cyberattacks, as well as impersonation attempts. The attackers created a malicious site mimicking the WHO's internal email system in an attempt to phish the agency staffers' email credentials. READ MORE...
A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Vidar information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). READ MORE...
Fifty-six apps in Google's Play store included malicious software that leveraged victims' devices to click on mobile advertisements, artificially inflating the traffic to those ads and helping scammers make money. Research published Tuesday by the security firm Check Point Technologies details how fraudsters used the network of apps, which were downloaded more than 1 million times, to exploit users' trust and make a buck. READ MORE...
Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in "limited, targeted" attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist in the way that Windows' Adobe Type Manager Library handles certain fonts. Adobe Type Manager is a font management tool built into both Mac OS and Windows operating systems, and produced by Adobe. READ MORE...
Hackers could have caused a Tesla Model 3's central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability. A researcher who uses the online moniker Nullze discovered that the Tesla Model 3's web interface is affected by a denial-of-service (DoS) vulnerability. READ MORE...
A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept (PoC) exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for the "Ghostcat," security bug (tracked as CVE-2020-1938 and first publicly disclosed Feb. 20) reliably allows information disclosure via file retrieval on a vulnerable server. READ MORE...