/ Security News /

Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details …

/ Security News /

A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a “scalable technique” to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met …

/ Security News /

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol (VoIP) appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices. “Two backdoor passwords were found in the firmware of the COMpact 5500R PBX,” researchers …

/ Security News /

Facebook’s newly-rebranded parent company Meta on Tuesday announced plans to discontinue its decade-old “Face Recognition” system and delete a massive trove of more than a billion users’ facial recognition templates as part of a wider initiative to limit the use of the technology across its products. The Menlo Park tech giant described the about-face as …

/ Security News /

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, …

/ Security News /

Microsoft’s Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed “SeriousSAM.” “Starting with Windows …

/ Security News /

A 22-year-old man from the U.S. state of Kansas has been indicted on charges that he unauthorizedly accessed a public water facility’s computer system, jeopardizing the residents’ safety and health in the local community. Wyatt A. Travnichek, 22, of Ellsworth County, Kansas, has been charged with one count of tampering with a public water system …

/ Security News /

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app …

/ Security News /

Hackers successfully infiltrated the computer system controlling a water treatment facility in the U.S. state of Florida and remotely changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water. During a press conference held yesterday, Pinellas County Sheriff Bob Gualtieri said an operator managed to catch the manipulation in real-time …

/ Security News /

If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password …