Crowdstrike apologises for breaking the world to own IT Workers With $10 Uber Eats Coupons that are flagged by Uber as Fraudulent

Posted on July 25, 2024 by Robin Edgar

Last week, the world reacted as 8.5 million computers crashed to bluescreen, grounding flights, crippling hospitals, and bringing down 911 services. This week, the world is reacting to the company responsible—Crowdstrike—offering its staff and the companies it works with a $10 Uber Eats voucher as way of apology for all their extra work over the Read more about Crowdstrike apologises for breaking the world to own IT Workers With $10 Uber Eats Coupons that are flagged by Uber as Fraudulent[…]

MS tries to blame EU for Crowdstrike Fail

Posted on July 22, 2024 by Robin Edgar

Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan. As the tech industry deals with the fallout from the CrowdStrike incident, Microsoft is facing questions. Why is Read more about MS tries to blame EU for Crowdstrike Fail[…]

So that Global Microsoft IT outage – turns out a Crowdstrike update borked your PC. Here’s some memes to make you feel better.

Posted on July 20, 2024July 20, 2024 by Robin Edgar

Businesses worldwide grappled with an ongoing major IT outage Friday, as financial services and doctors’ offices were disrupted, while some TV broadcasters went offline. Air travel has been hit particularly hard, with planes grounded, services delayed and airports issuing advice to passengers. The outage came as cybersecurity giant CrowdStrike experienced a major disruption early Friday Read more about So that Global Microsoft IT outage – turns out a Crowdstrike update borked your PC. Here’s some memes to make you feel better.[…]

Critical Cisco bug allows anyone to change all (including admin) passwords

Posted on July 19, 2024 by Robin Edgar

Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1 rating and affects the authentication system of Cisco Smart Software Manager (SSM) On-Prem. Cisco hasn’t disclosed too many details about this, which is Read more about Critical Cisco bug allows anyone to change all (including admin) passwords[…]

Linksys Velop Routers Caught Sending WiFi Creds In The Clear – alerted in November 2023 still not fixed

Posted on July 16, 2024 by Robin Edgar

A troubling report from the Belgian consumer protection group Testaankoop: several models of Velop Pro routers from Linksys were found to be sending WiFi configuration data out to a remote server during the setup process. That would be bad enough, but not only are these routers reporting private information to the mothership, they are doing Read more about Linksys Velop Routers Caught Sending WiFi Creds In The Clear – alerted in November 2023 still not fixed[…]

384,000 sites still pulling code from sketchy polyfill.io code library recently bought by Chinese firm

Posted on July 7, 2024 by Robin Edgar

More than 384,000 websites are linking to a site that was caught last week performing a supply-chain attack that redirected visitors to malicious sites, researchers said. For years, the JavaScript code, hosted at polyfill[.]com, was a legitimate open source project that allowed older browsers to handle advanced functions that weren’t natively supported. By linking to Read more about 384,000 sites still pulling code from sketchy polyfill.io code library recently bought by Chinese firm[…]

CocoaPods Vulnerabilities from 2014 Affects almost all Apple devices, Facebook, TikTok apps and more

Posted on July 5, 2024 by Robin Edgar

CocoaPods vulnerabilities reported today could allow malicious actors to take over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications, potentially affecting “almost every Apple device.” E.V.A Information Security researchers found that the three vulnerabilities in the open source CocoaPods dependency manager were present in applications Read more about CocoaPods Vulnerabilities from 2014 Affects almost all Apple devices, Facebook, TikTok apps and more[…]

Microsoft finally tells more customers their emails have been stolen

Posted on July 2, 2024 by Robin Edgar

It took a while, but Microsoft has told customers that the Russian criminals who compromised its systems earlier this year made off with even more emails than it first admitted. We’ve been aware for some time that the digital Russian break-in at the Windows maker saw Kremlin spies make off with source code, executive emails, Read more about Microsoft finally tells more customers their emails have been stolen[…]

ID verification service that works with TikTok and X left its admin credentials wide open for a year

Posted on June 27, 2024 by Robin Edgar

An ID verification company that works on behalf of TikTok, X and Uber, among others, has left a set of administrative credentials exposed for more than a year, as reported by 404 Media. The Israel-based AU10TIX verifies the identity of users by using pictures of their faces and drivers’ licenses, potentially opening up both to Read more about ID verification service that works with TikTok and X left its admin credentials wide open for a year[…]

Patch now: ‘Easy-to-exploit’ RCE in open source Ollama

Posted on June 25, 2024 by Robin Edgar

A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet. Wiz Research disclosed the flaw, tracked as CVE-2024-37032 and dubbed Probllama, on May 5 and its maintainers Read more about Patch now: ‘Easy-to-exploit’ RCE in open source Ollama[…]

Microsoft fixes hack-me-via-Wi-Fi Windows security hole

Posted on June 24, 2024 by Robin Edgar

[…] CVE-2024-30078, a Wi-Fi driver remote code execution hole rated 8.8 in severity. It’s not publicly disclosed, not yet under attack, and exploitation is “less likely,” according to Redmond. “An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution,” Read more about Microsoft fixes hack-me-via-Wi-Fi Windows security hole[…]

ASUS Releases Firmware Update for Critical Remote Authentication Bypass Affecting Seven Routers

Posted on June 19, 2024June 19, 2024 by Robin Edgar

A report from BleepingComputer notes that ASUS “has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.” But there’s more bad news: Taiwan’s CERT has also informed the public about CVE-2024-3912 in a post yesterday, which is a critical (9.8) arbitrary firmware Read more about ASUS Releases Firmware Update for Critical Remote Authentication Bypass Affecting Seven Routers[…]

Arm Memory Tag Extensions broken by speculative execution

Posted on June 19, 2024 by Robin Edgar

In 2018, chip designer Arm introduced a hardware security feature called Memory Tagging Extensions (MTE) as a defense against memory safety bugs. But it may not be as effective as first hoped. Implemented and supported last year in Google’s Pixel 8 and Pixel 8 Pro phones and previously in Linux, MTE aims to help detect Read more about Arm Memory Tag Extensions broken by speculative execution[…]

Wi-Fi Routers are like an trackers available to everyone

Posted on June 19, 2024 by Robin Edgar

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple Read more about Wi-Fi Routers are like an trackers available to everyone[…]

Over 165 Snowflake customers didn’t use MFA, says Mandiant

Posted on June 13, 2024June 13, 2024 by Robin Edgar

An unknown financially motivated crime crew has swiped a “significant volume of records” from Snowflake customers’ databases using stolen credentials, according to Mandiant. “To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organizations,” the Google-owned threat hunters wrote on Monday, and noted they track the perps as “UNC5537.” The crew behind the Snowflake Read more about Over 165 Snowflake customers didn’t use MFA, says Mandiant[…]

China state hackers infected 20,000 govt and defence Fortinet VPNs, due to at least 2 month unfixed critical vulnerability

Posted on June 13, 2024June 13, 2024 by Robin Edgar

Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a critical vulnerability that the company failed to disclose for two weeks after fixing it, Netherlands government officials said. The vulnerability, tracked as CVE-2022-42475, is a heap-based buffer overflow that allows hackers to remotely execute malicious code. Read more about China state hackers infected 20,000 govt and defence Fortinet VPNs, due to at least 2 month unfixed critical vulnerability[…]

Largest ever operation by Europol against botnets hits dropper malware ecosystem

Posted on May 30, 2024 by Robin Edgar

Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, Read more about Largest ever operation by Europol against botnets hits dropper malware ecosystem[…]

2.8M US folks’ personal info swiped in Sav-Rx IT heist – 8 months ago

Posted on May 29, 2024 by Robin Edgar

Sav-Rx has started notifying about 2.8 million people that their personal information was likely stolen during an IT intrusion that happened more than seven months ago. The biz provides prescription drug management services to more than 10 million US workers and their families, via their employers or unions. It first spotted the network “interruption” on Read more about 2.8M US folks’ personal info swiped in Sav-Rx IT heist – 8 months ago[…]

US Patent and Trademark Office confirms another leak of filers’ address data

Posted on May 12, 2024 by Robin Edgar

The federal government agency responsible for granting patents and trademarks is alerting thousands of filers whose private addresses were exposed following a second data spill in as many years. The U.S. Patent and Trademark Office (USPTO) said in an email to affected trademark applicants this week that their private domicile address — which can include Read more about US Patent and Trademark Office confirms another leak of filers’ address data[…]

Attack against virtually all VPN apps neuters their entire purpose

Posted on May 7, 2024 by Robin Edgar

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which Read more about Attack against virtually all VPN apps neuters their entire purpose[…]

Microsoft’s latest Windows security updates might break your VPN

Posted on May 6, 2024 by Robin Edgar

Microsoft says the April security updates for Windows may break your VPN. (Oops!) “Windows devices might face VPN connection failures after installing the April 2024 security update (KB5036893) or the April 2024 non-security preview update,” the company wrote in a status update. It’s working on a fix. Bleeping Computer first reported the issue, which affects Read more about Microsoft’s latest Windows security updates might break your VPN[…]

UK becomes first country to ban default bad passwords on IoT devices

Posted on April 30, 2024 by Robin Edgar

[…] On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with Read more about UK becomes first country to ban default bad passwords on IoT devices[…]

Apple’s ‘incredibly private’ Safari not so private in Europe, allows

Posted on April 30, 2024April 30, 2024 by Robin Edgar

Apple’s grudging accommodation of European antitrust rules by allowing third-party app stores on iPhones has left users of its Safari browser exposed to potential web activity tracking. Developers Talal Haj Bakry and Tommy Mysk looked into the way Apple implemented the installation process for third-party software marketplaces on iOS with Safari, and concluded Cupertino’s approach Read more about Apple’s ‘incredibly private’ Safari not so private in Europe, allows[…]

CSS allows HTML emails to change their content after they have been forwarded

Posted on April 15, 2024 by Robin Edgar

[…] The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email Read more about CSS allows HTML emails to change their content after they have been forwarded[…]

Intel CPUs still vulnerable to Spectre attack

Posted on April 11, 2024April 11, 2024 by Robin Edgar

[…] We’re told mitigations put in place at the software and silicon level by the x86 giant to thwart Spectre-style exploitation of its processors’ speculative execution can be bypassed, allowing malware or rogue users on a vulnerable machine to steal sensitive information – such as passwords and keys – out of kernel memory and other Read more about Intel CPUs still vulnerable to Spectre attack[…]