The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city's network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city's internal IT network, public website and court systems - forcing Friday court sessions to be rescheduled. READ MORE...
Bad guys find unprotected Elasticsearch servers exposed on the web faster than search engines can index them. A study found that threat actors are mainly going for cryptocurrency mining and credential theft. For the duration of the experiment, a honeypot with a fake database recorded more than 150 unauthorized requests, the first one occurring less than 12 hours since being exposed. READ MORE...
For the past year, a site called Privnotes[.]com has been impersonating Privnote[.]com, a legitimate, free service that offers private, encrypted messages which self-destruct automatically after they are read. Until recently, I couldn't quite work out what Privnotes was up to, but today it became crystal clear: Any messages containing bitcoin addresses will be automatically altered to include a different bitcoin address, as long as the Internet addresses of the sender and receiver of the message are not the same. READ MORE...
Magecart attackers have compromised web shops belonging to large retail chains Claire's and Intersport and equipped them with payment card skimmers. The compromise of Claire's online store and that of its sister brand Icing has been flagged by Sansec researchers. The skimmer was served from a domain made to look like it might belong to the company (claires-assets[.]com), and it was added to the two online stores between April 25th and 30th. READ MORE...
Taiwanese consumer technology manufacturer D-Link has issued security fixes for a series of bugs that, if exploited, could have enabled hackers to steal passwords and other sensitive data from home internet routers during the coronavirus pandemic. If used in concert, the vulnerabilities would have allowed attackers to scan network traffic to steal session cookies, and upload or download sensitive files. READ MORE...
This week, Intel patched a CPU security bug that hasn't attracted a funky name, even though the bug itself is admittedly pretty funky. Known as CVE-2020-0543 for short, or Special Register Buffer Data Sampling in its full title, it serves as one more reminder that as we expect processor makers to produce ever-faster chips that can churn through ever more code and data in ever less timeā¦ READ MORE...