Two state-sponsored hackers in China targeted US businesses in a "sophisticated and prolific threat" for more than 10 years, both for financial gain and to steal trade secrets, the Department of Justice said today. The 11-count indictment (PDF), which was made public today, alleges Li Xiaoyu and Dong Jiazhi worked with China's Ministry of State Security (MSS) and other agencies to hack into hundreds of organizations and individuals in the United States and abroad. READ MORE...
Twilio today confirmed one or more miscreants sneaked into its unsecured cloud storage systems and modified a copy of the JavaScript SDK used by its customers. The cloud communications giant detailed the intrusion to The Register after we were tipped off to the security blunder by a source who wished to remain anonymous. "Twilio believes the security of our customers' accounts is of paramount importance," a spokesperson told us. READ MORE...
Maybe Coinbase should send Twitter an invoice, because it certainly sounds like their quick thinking helped prevent last week's hack from leaving a lot more Twitter users with empty wallets. As we reported at the time, cybercriminals successfully managed to seize control of a number of high profile Twitter accounts last week, using them to tweet out messages designed to trick unsuspecting followers into handing over their Bitcoins. READ MORE...
From malicious hacks to accidental misconfigurations, Chris Vickery has seen it all. But as cybercriminals continue to innovate, Vickery, the director of risk research with UpGuard, said one emerging security threat will "blindside" the world: "fakeable" voices. More bad actors using artificial intelligence (AI) will create copycat voices of a trusted family member or executive, he said - and they then call individuals - and even enterprises - and scam them out of money or valuable data. READ MORE...
A week after July 2020 Patch Tuesday, Adobe has released out-of-band security updates to fix thirteen vulnerabilities - twelve of which critical - in Adobe Photoshop, Bridge, Prelude, and Reader Mobile. The good news is that none of these vulnerabilities are currently being exploited in the wild, and that most of them are in products that have historically not been a target for attackers. READ MORE...
Telecom Argentina, one of the country's largest Internet Service Providers (ISPs), has suffered a major ransomware attack, according to a local report. The cybercriminals behind the attack demanded US$7.5 million in Monero cryptocurrency to unlock the encrypted files, but the company claims that it has restored access to its systems and that it hasn't caved in to the extortionists' demands. READ MORE...
Citrix informed customers this week that it has patched a vulnerability in its Workspace app that can allow an attacker to remotely hack the computer running the affected application. The security hole, tracked as CVE-2020-8207 and classified as high severity, affects the automatic update service used by the Citrix Workspace app for Windows, and it can be exploited by a local attacker to escalate privileges or by a remote attacker for arbitrary command execution. READ MORE...