• Search for:
    8 Feb, 2022
    Microsoft Patch Tuesday, February 2022 Edition
    Cybersecurity , , , , , , , , , , , , ,

    Microsoft today released software updates to plug security holes in its Windows operating systems and related software. This month’s relatively light patch batch is refreshingly bereft of any zero-day threats, or even scary critical vulnerabilities. But it does fix four dozen flaws, including several that Microsoft says will likely soon be exploited by malware or malcontents. …

    Read MoreMicrosoft Patch Tuesday, February 2022 Edition

    28 Sep, 2021
    Apple AirTag Bug Enables ‘Good Samaritan’ Attack
    Cybersecurity , , , , , , ,

    The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner’s phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. …

    Read MoreApple AirTag Bug Enables ‘Good Samaritan’ Attack

    2 Jul, 2021
    Another 0-Day Looms for Many Western Digital Users
    Cybersecurity , , , , , , , , , , ,

    Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system. …

    Read MoreAnother 0-Day Looms for Many Western Digital Users

    25 Jun, 2021
    MyBook Users Urged to Unplug Devices from Internet
    Cybersecurity , , , , , , , , , ,

    Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device. …

    Read MoreMyBook Users Urged to Unplug Devices from Internet

    18 Dec, 2020
    VMware Flaw a Vector in SolarWinds Breach?
    Cybersecurity, VMware , , , , , , , , , , , , , , , , ,

    U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. …

    Read MoreVMware Flaw a Vector in SolarWinds Breach?

    31 Jan, 2020
    Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security
    Cybersecurity , , , , , , , , , , , , ,

    On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below). …

    Read MoreIowa Prosecutors Drop Charges Against Men Hired to Test Their Security