by Paul Ducklin Earlier this week we wrote about a jailbreak hack against Apple’s newly introduced AirTag product. In that story, the researcher @ghidraninja was able to modify the firmware on the AirTag itself, despite the anti-tampering protection implemented by Apple’s own AirTag firmware programming. But this “attack” (if that . . . Read more
by Paul Ducklin Remember when a whole bunch of celebs and top brands apparently went crazy tweeting about Bitcoin? It happened in July 2020, when many prominent blue-badged Twitter accounts suddenly starting sending out scammy cryptocoin messages. Fake tweets were blasted out from compromised accounts belonging to an eclectic range . . . Read more
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more
Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group – and have been hired by SolarWinds. SolarWinds, which has been embroiled in a recent, widescale hack, has called in two security powerhouses for help: Former director of the . . . Read more
Researcher uses an old unCAPTCHA trick against latest the audio version of reCAPTCHA, with a 97 percent success rate. An old attack method dating back to 2017 that uses voice-to-text to bypass CAPTCHA protections turns out to still work on Google’s latest reCAPTCHA v3. That’s according to researcher Nikolai Tschacher, . . . Read more
Several Ticketmaster executives conspired a hack against a rival concert presales firm, in attempt to ‘choke off’ its business. Ticketmaster must pay a hefty $10 million fine after several employees utilized unlawfully obtained passwords to hack a rival company’s computer systems – in attempts to “choke off” its business. The . . . Read more
An attacker stole FireEye’s Red Team assessment tools that the company uses to test its customers’ security.
Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump. In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year’s most popular songs, the streaming service is grappling with a security breach, . . . Read more
Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers. A day after proof-of-concept (PoC) exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management . . . Read more