For months, Microsoft's Power Apps portals exposed personal data tied to 38 million records ranging from COVID-19 vaccination status, Social Security numbers and email addresses. Consumers most affected by what is being called a "platform issue" are those doing business with American Airlines, Ford, the Indiana Department of Health and New York City public schools. READ MORE...
SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. READ MORE...
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits (SDK) deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector Research Lab. It took about 48 hours for attackers to start trying to exploit them. READ MORE...
The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations since at least November 2020 as a ransomware affiliate. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures (TTP), and mitigation measures in a flash alert published on Monday. READ MORE...
Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group's Pegasus spyware on devices belonging to Bahraini activists. In total, nine Bahraini activists (including members of the Bahrain Center for Human Rights, Waad, Al Wefaq) had their iPhones hacked in a campaign partially orchestrated by a Pegasus operator linked with high confidence to the government of Bahrain by Citizen Lab. READ MORE...
McAfee security researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient's medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. READ MORE...
Are you part of the Maker scene? If so, you probably have your very own 3D printer (or, depending on how keen you are, several 3D printers) stashed in your garage, shed, basement, attic or local makerspace. Unlike an old-school 2D plotter than can move its printing mechanism side-to-side and top-to-bottom in order to skim across a horizontal surface, a 3D printer can move its print head vertically as well. READ MORE...
Researchers have disclosed the details of a Zoom exploit that could have allowed malicious actors to achieve remote code execution without user interaction. The exploit was demonstrated on April 7 at the 2021 Pwn2Own hacking competition by Daan Keuper and Thijs Alkemade from Computest. The researchers earned $200,000 for demonstrating that the exploit could be used to remotely execute arbitrary code on the targeted system. READ MORE...