The best hacker and cyber security news. Contact us on
Dec 10, 2020
U.S. drugmaker Pfizer and its German partner BioNTech said on Wednesday that documents related to development of their COVID-19 vaccine had been ‘unlawfully accessed’ in a cyberattack on Europe’s medicines regulator. The European Medicines Agency (EMA), which assesses medicines and vaccines for the European Union, said hours earlier it had been targeted in a cyberattack. It gave no further details.
Dec 2, 2020
Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm.
Nov 11, 2020
Operation Disruptor has led to a wave of arrests and seizures, but the dark web drug market has bounced back before. It’s one of the largest global dark web takedowns to date: 179 arrests spread across six countries; 500 kilograms of drugs seized; $6.5 million in cash and cryptocurrency confiscated. And while it was announced this morning, Operation Disruptor traces its roots back to May 3, 2019.
Nov 8, 2020
The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property. Intrusions have taken place since at least April 2020, the FBI said inan alertsent out last month and made public this week on its website.
Nov 7, 2020
Companies House has forced a company to change its name after it belatedly realised it could pose a security risk. The company now legally known as “THAT COMPANY WHOSE NAME USED TO CONTAIN HTML SCRIPT TAGS LTD” was set up by a British software engineer, who says he did it purely because he thought it would be “a fun playful name” for his consulting business.
Nov 3, 2020
A code error in the NHS Covid-19 app meant users had to be next to a highly infectious patient for five times as long as the NHS had decided was risky before being instructed to self-isolate, the Guardian has learned.
Source: theguardian.com
Oct 16, 2020
Tesla’s Autopilot system relies on vision rather than LIDAR, which means it can be tricked by messages on billboards and projections created by hackers. Security researchers have demonstrated how Tesla’s Autopilot driver-assistance systems can be tricked into changing speed, swerving or stopping abruptly, simply by projecting fake road signs or virtual objects in front of them. Their hacks worked on both a Tesla running HW3, which is the latest version of the company’s Autopilot driver-assistance system, and the previous generation, HW2.5.
Sep 25, 2020
Guardicore has discovered FritzFrog, a sophisticated peer-to-peer (P2P) botnet which has been actively breaching SSH servers since January 2020. Golang-Based Malware: FritzFrog executes a worm malware which is written in Golang, and is modular, multi-threaded and fileless, leaving no trace on the infected machine’s disk. Actively Targeting Government, Education, Finance and more: FritzFrog has attempted to brute force and propagate to tens of millions of IP addresses of governmental offices, educational institutions, medical centers, banks and numerous telecom companies.
Sep 25, 2020
I haven’t written an “attack of the week” post in a while, and it’s been bumming me out. This is not because there’s been a lack of attacks, but mostly because there hasn’t been an attack on something sufficiently widely-used that it can rouse me out of my blogging torpor. But today brings a beautiful attack called ReVoLTE, on a set of protocols that I particularly love to see get broken: namely, cellular protocols.
Sep 25, 2020
Gangs of cybercriminals forced British companies to pay out more than £200 million in ransoms last year, experts have revealed. The extortionists, many from Russia or Eastern European countries, are targeting well-known businesses with malicious software and then charging them tens of millions of pounds to regain access to networks. Companies fearful of public embarrassment, lost data and fines from regulators are now showing “more willingness to pay the ransom”, experts said.