Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.If ever there was something to ruin Christmas in the cybersecurity industry, it's...
Australian Border Force Seizes Meth Inside a Stuffed Llama
An Australian man was charged in the Perth Magistrate’s Court for attempting to import methamphetamine hidden in a children’s toy.After delivering the package, a man at the recipient’s address...
Facebook unfriends Australia: news sites go dark in content row
Australians woke to empty news feeds on their Facebook Inc pages on Thursday after the social media giant blocked all media content in a surprise and dramatic escalation of...
Internet Registry for Europe experienced a credential-stuffing attack, claims it was unsuccessful
The Regional Internet Registry for Europe and part of Asia (RIPE NCC) said its single sign-on (SSO) service experienced what appears to be a deliberate credential-stuffing attack, which caused...
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered.
Click to Register
A vulnerability in an SDK that...
Kia Motors Hit With $20M Ransomware Attack – Report
DoppelPaymer ransomware gang claims credit for Kia’s outage, demands $20 million in double-extortion attack.
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer...
Apple Outlines 2021 Security, Privacy Roadmap
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.
Click to Register
Apple released its 2021 Platform Security guide, Thursday, outlining its current and year-ahead...
Sensitive data of more than 257,000 online gamblers put for sale on hacker forum
A user on a popular hacking forum is selling a database that purportedly contains more than 257,000 user records from orakulas.lt (now known as Olybet.lt), a Lithuanian online betting...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two)
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a...
Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part One)
In 2019, Mandiant’s Red Team discovered a series of vulnerabilities present within Digi International’s ConnectPort X2e device, which allows for remote code execution as a privileged user. Specifically, Mandiant’s...
