Entries by govanguard

Senators Urge FTC to Probe ID.me Over Selfie Data

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS […]

Source

DOJ Says Doctor is Malware Mastermind

On Monday, the U.S. Attorney’s Office for the Eastern District of New York revealed criminal charges against 55 year-old cardiologist Moises Luis Zagala Gonzalez of Cuidad Bolivar, Venezuela accusing him of being the mastermind behind the prolific Thanos malware. The inditement alleges he “designed multiple ransomware tools—malicious software that cybercriminals use to extort money from […]

Source

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups (APTs) use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University of Trento in Italy did an assessment of how organizations can best defend themselves […]

Source

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

Recently reported VMware bugs are being used by hackers who are focused on using them to deliver Mirai denial-of-service malware and exploit the Log4Shell vulnerability. Security researchers at Barracuda discovered that attempts were made to exploit the recent vulnerabilities CVE-2022-22954 and CVE-2022-22960, both reported last month. “Barracuda researchers analyzed the attacks and payloads detected by […]

Source

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government employees aren't issued an approved card reader device that lets them use these […]

Source

Sysrv-K Botnet Targets Windows, Linux

Unpatched vulnerabilities in the Spring Framework and WordPress plugins are being exploited by cybercriminals behind the Sysrv botnet to target Linux and Windows systems. The goal, according to researchers, is to infect systems with cryptomining malware. The botnet variant is being called Sysrv-K by Microsoft Security Intelligence researchers that posted a thread on Twitter revealing […]

Source

iPhones Vulnerable to Attack Even When Turned Off

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication (NFC ) and Ultra-wideband ( UWB) technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element (SE), which stores sensitive info–stay on even when modern iPhones are […]

Source

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft is alerting customers that its May Patch Tuesday update is causing authentications errors and failures tied to Windows Active Directory Domain Services. In a Friday update, Microsoft said it was investigating the issue. The warning comes amid shared reports of multiple services and policies failing after installing the security update. “Authentication failed due to […]

Source

Read Novel (unverified) – 22,424,472 breached accounts

In May 2019, the Chinese literature website Read Novel allegedly suffered a data breach that exposed 22M unique email addresses. Data also included usernames, genders, phone numbers and passwords stored as salted MD5 hashes. The data was provided to HIBP by a source who requested it be attributed to “white_peacock@riseup.net”. Read more about Chinese data […]

Source