The nation-state hackers who orchestrated the SolarWinds supply chain attack compromised a Microsoft worker's computer and used the access to launch targeted attacks against company customers, Microsoft said in a terse statement published late on a Friday afternoon. The hacking group also compromised three entities using password-spraying and brute-force techniques, which gain unauthorized access to accounts by bombarding login servers with large numbers of login guesses. READ MORE...
Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact. It appears the data breach exposed credit card information, social security numbers, and driver license numbers of under 1,000 Mercedes-Benz customers and potential buyers. READ MORE...
Since Microsoft's announcement of Windows 11 yesterday, one concern has reverberated around the web-what's this about a Trusted Platform Module requirement? Windows 11 is the first Windows version to require a TPM, and most self-built PCs (and cheaper, home-targeted OEM PCs) don't have a TPM module on board. Although this requirement is a bit of a mess, it's not as onerous as millions of people have assumed. READ MORE...
For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs-along with a wide variety of point-of-sale terminals-in a new way: with a wave of his phone over a contactless credit card reader. READ MORE...
Researchers have dropped a proof-of-concept (PoC) exploit on Twitter for a known cross-site scripting (XSS) vulnerability in the Cisco Adaptive Security Appliance (ASA). The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for the bug (CVE-2020-3580) on Thursday. One of the researchers there, Mikhail Klyuchnikov, noted that there were a heap of researchers now chasing after an exploit for the bug, which he termed "low-hanging" fruit. READ MORE...