Emergency Alert System Flaws Could Let Attackers Transmit Fake Messages
By: Ravie Lakshmanan
The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices.
If left unpatched, the issues could allow an...
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally...
Fresh RapperBot Malware Variant Brute-Forces Its Way Into SSH Servers
Tracked by analysts since mid-June, RapperBot malware has spread through brute-force attacks on SSH servers. The IoT botnet targets devices running on ARM, MIPS, SCARC, and x86 architectures, researchers...
Stolen Data Gives Attackers Advantage Against Text-Based 2FA
Companies that rely on texts for a second factor of authentication are putting about 20% of their customers at risk because the information necessary to attack the system is available in...
A Ransomware Explosion Fosters Thriving Dark Web Ecosystem
The underground economy is booming — fomented by a surging and evolving ransomware sector. The Dark Web now has hundreds of thriving marketplaces where a wide variety of professional ransomware products and services...
Genesis IAB Market Brings Polish to the Dark Web
The growing role of so-called initial access brokers (IABs) in the underground cybercrime economy is reflected in evolution of Genesis Marketplace, one of the earliest full-fledged markets for IABs,...
Nomad announces $19-million bounty for lost funds from recent hack
Nomad announced a bounty of up to 10% for the return of the stolen funds from the Nomad bridge. In a website announcement and tweet, the company publicly provided...
Experts find private keys on Slope servers, still puzzled over access
Blockchain auditing firms are still trying to figure out how hackers gained access to about 8,000 private keys used to drain Solana-based wallets. Investigations are ongoing after attackers managed to...
Time to Patch VMware Products Against a Critical New Vulnerability
Several VMware products need to be patched against a critical flaw that would allow authentication bypass for on-premises implementations.
The latest VMware bug is being tracked under CVE-2022-31656 and has a CVSSv3 base...
Massive China-Linked Disinformation Campaign Taps PR Firm for Help
A fake-news influence campaign based in China is leveraging at least 72 inauthentic news sites to push content strategically aligned with the political interests of the People's Republic of...
