"Huge flaw" threatens US emergency alert system, DHS researcher warns
The US Department of Homeland Security is warning of vulnerabilities in the nation's emergency broadcast network that makes it possible for hackers to issue bogus warnings over radio and TV stations. "We recently became aware of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to the most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network)," the DHS's Federal Emergency Management Agency (FEMA) warned. READ MORE...
German Chambers of Industry and Commerce hit by 'massive' cyberattack
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. DIHK is a coalition of 79 chambers representing companies within the German state, with over three million members comprising businesses ranging from small shops to large enterprises in the country. READ MORE...
Open Redirect Flaw Snags Amex, Snapchat User Data
Attackers are exploiting a well-known open redirect flaw to phish people's credentials and personally identifiable information (PII) using American Express and Snapchat domains, researchers have found. Threat actors impersonated Microsoft and FedEx among other brands in two different campaigns, which researchers from INKY observed from mid-May through late July, they said in a blog post published online. READ MORE...
New Linux malware brute-forces SSH servers to breach networks
A new botnet called 'RapperBot' is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. The researchers show that RapperBot is based on the Mirai trojan but deviates from the the original malware's normal behavior, which is uncontrolled propagation to as many devices as possible. READ MORE...
Hackers deploy new ransomware tool in attacks on Albanian government websites
Hackers apparently angry over the Iranian opposition group Mojahedin-e Khalq's upcoming conference in Albania carried out disruptive cyberattacks on Albanian government sites last month, researchers from the cybersecurity firm Mandiant said Thursday. Based on the timing of the attacks in July, technical indicators associated with the malware and the focus on MEK, the researchers are moderately confident that hackers working to further the Iranian government's goals were behind the attack, they said. READ MORE...
Cyber Front Z, a Russian troll operation ousted from Facebook, was clumsy, ineffective, according to Meta
Cyber Front Z, a pro-Russian troll operation exposed in the days after the Russian invasion of Ukraine, "was clumsy and largely ineffective" security officials with Meta said Thursday. n an analysis included in the company's quarterly adversarial threat report, Meta officials described the group as a "poorly executed attempt to create a perception of grassroots online support for Russia's invasion by using fake accounts to post pro-Russia comments on content by influencers and media." READ MORE...
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
A fake-news influence campaign based in China is leveraging at least 72 inauthentic news sites to push content strategically aligned with the political interests of the People's Republic of China (PRC) across the globe and in multiple languages. The sites are linked to a Chinese public-relations firm called Shanghai Haixun Technology, according to a report from Mandiant, which dubbed the campaign "HaiEnergy." READ MORE...
Zimbra Credential Theft Vulnerability Exploited in Attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations on Thursday that a recently patched vulnerability affecting the Zimbra enterprise email solution has been exploited in attacks. The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext credentials from a targeted Zimbra instance without any user interaction. READ MORE...
Amazon, IBM Move Swiftly on Post-Quantum Cryptographic Algorithms Selected by NIST
A month after the National Institute of Standards and Technology (NIST) revealed the first quantum-safe algorithms, Amazon Web Services (AWS) and IBM have swiftly moved forward. Google was also quick to outline an aggressive implementation plan for its cloud service that it started a decade ago. It helps that IBM researchers contributed to three of the four algorithms, while AWS had a hand in two. Google contributed to one of the submitted algorithms, SPHINCS+. READ MORE...
- ...in 1858, the first transatlantic telegraph cable is completed.
- ...in 1884, the cornerstone for the Statue of Liberty is laid on the former Bedloe's Island (now Liberty Island) in New York Harbor.
- ...in 1914, the first electric traffic signal lights are installed in Cleveland, Ohio.
- ...in 1926, magician and escape artist Harry Houdini performs his greatest feat, apparently spending 91 minutes in a sealed underwater tank before escaping.
