A week after arrests, Cl0p ransomware group dumps new tranche of stolen data
A week after Ukrainian police arrested criminals affiliated with the notorious Cl0p ransomware gang, Cl0p has published a fresh batch of what's purported to be confidential data stolen in a hack of a previously unknown victim. Ars won't be identifying the possibly victimized company until there is confirmation that the data and the hack are genuine. READ MORE...
Email Bug Allows Message Snooping, Credential Theft
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to Open Email Survey. READ MORE...
SonicWall bug affecting 800K firewalls was only partially fixed
New findings have emerged that shed light on a critical SonicWall vulnerability disclosed last year, which was initially thought to have been patched. In October last year, a critical stack-based Buffer Overflow vulnerability, tracked as CVE-2020-5135, was discovered affecting over 800,000 SonicWall VPNs. When exploited, the vulnerability allows unauthenticated remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service (DoS). READ MORE...
USB-based malware is a growing concern for industrial firms, new Honeywell findings show
The number of cyber threats designed to use USB sticks and other external media devices as launching pads doubled in 2021, according to new research from Honeywell, the industrial automation giant. Of those threats, 79% could be used to disrupt operational technology systems, researchers found. The report was based on cybersecurity threat data collected from hundreds of industrial facilities over a 12-month period. The company did not immediately provide details on the specific type of threat data detected. READ MORE...
Krebs on Security: How Cyber Sleuths Cracked an ATM Shimmer Gang
In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn't decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring. READ MORE...
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
An unpatched stored cross-site-scripting (XSS) security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, KDE Discover App Store, Pling[.]com and XFCE-Look. To boot, the PlingStore application is affected by an unpatched remote code-execution (RCE) vulnerability. READ MORE...
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
Lexmark printers - those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government - have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution. According to an advisory filed by researcher Julio Aviña, the flaw could lead to a low-complexity attack that could allow a local attacker to execute arbitrary code. READ MORE...
- ...in 1868, inventor Christopher Latham Sholes receives a patent for a revolutionary labor-saving (and labor-creating) device: The typewriter.
- ...in 1955, punk/heavy metal singer Glenn Danzig is born in Lodi, NJ.
- ...in 1969, Warren E. Burger is sworn in as Chief Justice of the US Supreme Court by retiring Chief Justice Earl Warren.
- ...in 2013, daredevil Nik Wallenda becomes the first person to successfully walk across the Grand Canyon on a tightrope.
