SolarWinds left hardcoded credentials in its Web Help Desk product that can be used by remote, unauthenticated attackers to log into vulnerable instances, access internal functionality, and modify sensitive data The software maker has now issued an update to address that critical oversight; its users are encouraged to install the fix, which presumably removes the Read more about SolarWinds left hardcoded credentials in helpdesk product[…]

[…] For those who rely on Microsoft Authenticator, the experience can go beyond momentary frustration to full-blown panic as they become locked out of their accounts. That’s because, due to an issue involving which fields it uses, Microsoft Authenticator often overwrites accounts when a user adds a new account via QR scan — the most Read more about Design flaw has Microsoft Authenticator overwriting MFA accounts, locking users out[…]

Last week, the world reacted as 8.5 million computers crashed to bluescreen, grounding flights, crippling hospitals, and bringing down 911 services. This week, the world is reacting to the company responsible—Crowdstrike—offering its staff and the companies it works with a $10 Uber Eats voucher as way of apology for all their extra work over the Read more about Crowdstrike apologises for breaking the world to own IT Workers With $10 Uber Eats Coupons that are flagged by Uber as Fraudulent[…]

Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan. As the tech industry deals with the fallout from the CrowdStrike incident, Microsoft is facing questions. Why is Read more about MS tries to blame EU for Crowdstrike Fail[…]

Cisco just dropped a patch for a maximum-severity vulnerability that allows attackers to change the password of any user, including admins. Tracked as CVE-2024-20419, the bug carries a maximum 10/10 CVSS 3.1 rating and affects the authentication system of Cisco Smart Software Manager (SSM) On-Prem. Cisco hasn’t disclosed too many details about this, which is Read more about Critical Cisco bug allows anyone to change all (including admin) passwords[…]

A troubling report from the Belgian consumer protection group Testaankoop: several models of Velop Pro routers from Linksys were found to be sending WiFi configuration data out to a remote server during the setup process. That would be bad enough, but not only are these routers reporting private information to the mothership, they are doing Read more about Linksys Velop Routers Caught Sending WiFi Creds In The Clear – alerted in November 2023 still not fixed[…]

A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet. Wiz Research disclosed the flaw, tracked as CVE-2024-37032 and dubbed Probllama, on May 5 and its maintainers Read more about Patch now: ‘Easy-to-exploit’ RCE in open source Ollama[…]

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple Read more about Wi-Fi Routers are like an trackers available to everyone[…]

An unknown financially motivated crime crew has swiped a “significant volume of records” from Snowflake customers’ databases using stolen credentials, according to Mandiant. “To date, Mandiant and Snowflake have notified approximately 165 potentially exposed organizations,” the Google-owned threat hunters wrote on Monday, and noted they track the perps as “UNC5537.” The crew behind the Snowflake Read more about Over 165 Snowflake customers didn’t use MFA, says Mandiant[…]

Hackers working for the Chinese government gained access to more than 20,000 VPN appliances sold by Fortinet using a critical vulnerability that the company failed to disclose for two weeks after fixing it, Netherlands government officials said. The vulnerability, tracked as CVE-2022-42475, is a heap-based buffer overflow that allows hackers to remotely execute malicious code. Read more about China state hackers infected 20,000 govt and defence Fortinet VPNs, due to at least 2 month unfixed critical vulnerability[…]

Between 27 and 29 May 2024 Operation Endgame, coordinated from Europol’s headquarters, targeted droppers including, IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and freezing illegal proceeds. This approach had a global impact on the dropper ecosystem. The malware, Read more about Largest ever operation by Europol against botnets hits dropper malware ecosystem[…]

Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering. TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which Read more about Attack against virtually all VPN apps neuters their entire purpose[…]