Companies Respond to 'Downfall' Intel CPU Vulnerability
Several major companies have published security advisories in response to the recently disclosed Intel CPU vulnerability named Downfall. Discovered by Google researchers and officially tracked as CVE-2022-40982, Downfall is a side-channel attack method that allows a local attacker - or a piece of malware - to obtain potentially sensitive information such as passwords and encryption keys from the targeted device. READ MORE...
Suncor CEO says company mostly recovered from June cyberattack
Suncor Energy executives said the Canadian energy giant has recovered most of its normal operations since a June cyberattack. But the incident was serious, executives said, and Suncor learned significant lessons. As previously reported, Suncor said the attackers breached the company on or around June 21, but disclosed the attack on June 25. Right after the attack, the company isolated its operational IT systems and backup databases. READ MORE...
LinkedIn under attack, malicious hackers seize accounts
Security researchers have identified that a widespread LinkedIn malicious hacking campaign has seen many users locked out of their accounts worldwide. Some users who have had their access to their LinkedIn accounts blocked by the cybercriminals changing their passwords have been pressured into paying a ransom, according to a report from Cyberint, and threatened with permanent account deletion. READ MORE...
Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams
Back in January 2020, we blogged about a tech support scam campaign dubbed WoofLocker that was by far using the most complex traffic redirection scheme we had ever seen. In fact, the threat actor had started deploying infrastructure in earnest as early as 2017, about 3 years prior to our publication. Fast forward to 2023, another 3 years have gone by and this campaign is still going as if nothing has happened. READ MORE...
Karma Catches Up to Global Phishing Service 16Shop
You've probably never heard of "16Shop," but there's a good chance someone using it has tried to phish you. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor, one of his alleged facilitators, and a third suspect in Japan. READ MORE...
Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks. PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes. READ MORE...
- ...in 1868, French astronomer Pierre Janssen discovers helium while studying the Sun's spectrum during a solar eclipse.
- ...in 1956, Elvis Presley's single "Don't Be Cruel" (with B-side "Hound Dog") reaches #1 on the Pop, Country, and R&B charts.
- ...in 1963, James Meredith becomes the first African-American student to graduate (with a degree in political science) from the previously segregated University of Mississippi.
- ...in 1982, Pete Rose sets a record with his 13,941st plate appearance.
