SimJacker attack allows hacking any phone with just an SMS September 14, 2019 | sento | Leave a comment Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. The SimJacker vulnerability resides in the S@T (SIMalliance Toolbox) Browser dynamic SIM toolkit that is embedded in most SIM cards… Read More
Israel accused of planting mysterious spy devices near the White House September 14, 2019 | sento | Leave a comment The U.S. government concluded within the past two years that Israel was most likely behind the placement of cellphone surveillance devices that were found near the White House and other sensitive locations around Washington, according to three former senior U.S. officials with knowledge of the matter. But unlike most other occasions when flagrant incidents of… Read More
Russian Hackers Behind Ukraine Power Outage May Have Sought More Damage September 14, 2019 | sento | Leave a comment The Russia-linked hackers who triggered a power outage in Ukraine back in 2016 may have hoped to cause much more damage, according to a report published recently by U.S.-based industrial cybersecurity firm Dragos. The threat group, which Dragos tracks as Electrum, used a piece of malware named Crashoverride and Industroyer to target industrial control systems… Read More
France to block Facebook’s Libra cryptocurrency in Europe September 14, 2019 | sento | Leave a comment The French finance minister, Bruno Le Maire, said plans for Libra could not move ahead until concerns over consumer risk and governments’ monetary sovereignty were addressed. Facebook unveiled plans for Libra in June, triggering immediate warnings from some experts that it could shift control over the economy from governments and their central banks to big… Read More
AWS power outage with data loss September 8, 2019 | sento | Leave a comment On August 31st, 2019, an Amazon AWS US-EAST-1 datacenter in North Virginia experienced a power failure at 4:33 AM, which led to the datacenter’s backup generators to kick on. Unfortunately, these generators started failing at approximately 6:00 AM , which led to 7.5% of the EC2 instances and EBS volumes becoming unavailable. ‘1:30 PM PDT… Read More
CVE-2019-15846 Exim mail server flaw allows Remote Code Execution as root September 8, 2019 | sento | Leave a comment A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges. The vulnerability… Read More
Backdoor code found in 11 Ruby libraries September 8, 2019 | sento | Leave a comment Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people’s Ruby projects. The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to… Read More
Backdoor discovered in Ruby strong_password library September 8, 2019 | sento | Leave a comment An eagle-eyed developer has discovered a backdoor recently sneaked into a library (or ‘gem’) used by Ruby on Rails (RoR) web apps to check password strength. A close shave, then. While the Ruby scripting language and RoR aren’t as popular as they once were, they’re still embedded in numerous enterprise development environments, an unknown number… Read More
Malicious attack on Wikipedia September 7, 2019 | sento | Leave a comment Today, Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site. As one of the world’s most popular sites, Wikipedia sometimes attracts “bad faith” actors.… Read More
Scammer Successfully Deepfaked CEO’s Voice To Fool Underling Into Transferring $243,000 September 4, 2019 | sento | Leave a comment The CEO of an energy firm based in the UK thought he was following his boss’s urgent orders in March when he transferred funds to a third-party. But the request actually came from the AI-assisted voice of a fraudster. The Wall Street Journal reports that the mark believed he was speaking to the CEO of… Read More