GoDaddy notified some of its customers that an unauthorized party used their web hosting account credentials to connect to their hosting account via SSH. The security incident took place on October 19, 2019, after the company's security team discovered suspicious activity on a subset of GoDaddy's servers. GoDaddy is the world's largest domain registrar and a web hosting company that provides services to roughly 19 million customers around the world. READ MORE...
Google this week released the May 2020 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the System component. A total of 39 vulnerabilities were patched with the release, split into two parts: 15 received fixes as part of the 2020-05-01 security patch level, and 24 addressed with the 2020-05-05 security patch level. READ MORE...
A feature of the LockBit ransomware allows threat actors to breach a corporate network and deploy their ransomware to encrypt hundreds of devices in just a few hours. Started in September 2019, LockBit is a relatively new Ransomware-as-a-Service (RaaS) where the developers are in charge of the payment site and development and 'affiliates' sign up to distribute the ransomware. READ MORE...
The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride - much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and a rogue transponder, for communicating with aircraft. READ MORE...
Days after researchers warned of critical vulnerabilities in popular data-management software, hackers have exploited the flaws to breach two organizations that rely on the technology. LineageOS, a free Android-based operating system, and Ghost, a nonprofit behind widely used blogging software, reported Sunday that unidentified hackers had breached their infrastructure in apparently separate incidents. READ MORE...
A proof-of-concept (PoC) exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service (DoS) attacks. OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl_check_chain function. The flaw, tracked as CVE-2020-1967, was patched on April 21 with the release of OpenSSL 1.1.1g. READ MORE...
A researcher has demonstrated that threat actors could exfiltrate data from an air-gapped device over an acoustic channel even if the targeted machine does not have any speakers, by abusing the power supply. Researcher Mordechai Guri from the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel has shown that a piece of malware can cause a device's power supply unit to generate sounds that can be picked up by a nearby receiver. READ MORE...