Archives: November 2015
You are here: Home \ 2015 \ November
UPDATE VTech, a company that manufactures electronic learning devices, baby monitors, toys, and other equipment, announced Monday that information from five million customer accounts, which include identity information belonging to children, were accessed in an attack earlier this month. The news follows up a statement from the company late last week that attackers had infiltrated one of...
Lenovo has patched two serious vulnerabilities that hackers could abuse in targeted attacks, or at scale, to easily guess administrator passwords on a compromised device, or elevate privileges to Windows SYSTEM user. The vulnerabilities were patched last Thursday by the manufacturer and details were disclosed Tuesday by researchers at IOActive, who privately reported the flaws...
In short order, the newest version of Cryptowall has begun showing up in exploit kits. The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that...
A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed 10 days ago. Researcher Randy Westergren found and reported an issue in United’s mobile app in May, shortly after the airline announced its bug bounty program, the...
eDellroot is not the only self-signed trusted root certificate on Dell computers. Researchers at Duo Security found two more on a Dell Inspiron 14-inch laptop purchased by Darren Kemp, one of its researchers who is based in Calgary, Canada, including one cert related to eDellroot that also ships with a corresponding private key, and a...
Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor. Brazilian researcher Bernardo Rodrigues stumbled upon the issues several months ago while researching cable modem security for a conference and disclosed them...
A remote access Trojan used sparingly in targeted attacks has been found after living under cover for three years, undetected by most security gear. The RAT, dubbed GlassRAT, was signed with a certificate belonging to a popular Chinese software company with hundreds of millions of users worldwide. The RAT was used to spy on Chinese...
Travelers who stayed at either a Westin, Sheraton, or W hotel over the last year or so are going to want to check their bank statements sooner rather than later. Starwood Hotels and Resorts, a company that owns and operates approximately 1,200 hotels across North America, including the aforementioned brands, announced last week that a handful...
Mac malware is a thing. It’s real. Granted it hasn’t reached the critical mass of malicious code for Windows, but recent encounters with WireLurker, XcodeGhost and YiSpecter among others have elevated the conversation to levels where it’s been legitimized. Adding further credence, Google-owned online malware scanner VirusTotal this week announced the availability of sandbox execution...
12 November 2015 - 10:43, by , in Uncategorized, No comments
If you were born in California since 1983, the state owns your DNA. The data of every Californian born since that year is kept in a bland office building in Richmond, a city located in the eastern section of the San Francisco Bay Area. That data’s not just passively kept, mind you: it’s also being...