Sergiu Gatlan reports: Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication….
Category: Commentaries and Analyses
Israeli cyber company detects severe Amazon security breach
The Jersualem Post reports: A severe security breach was detected in Amazon’s e-book tablet Kindle by Israeli cybersecurity provider Check Point, the company revealed on Friday. According to the company’s Israeli cyber investigators, the security breach found allowed them to hack the tablets, gain full control and steal the e-reader users’ Amazon accounts. Read more on The…
PwnedPiper
By Ben Seri and Barak Hadad Nine vulnerabilities in critical infrastructure used by 80% of major hospitals in North America. Swisslog’s Translogic Pneumatic Tube System (PTS), a solution that plays a crucial role in patient care, found vulnerable to devastating attack. Read more on ARMIS.
Secrets and Lies: The Games Ransomware Attackers Play
Mathew J. Schwartz reports: If you’re a criminal, practicing good operational security would seem to preclude granting tell-all news media interviews. And yet we’ve seen a spate of attackers who wield ransomware – including MountLocker, LockBit, REvil and DarkMatter – sharing insights into their inclinations, motivations and tactics. One perhaps inadvertent takeaway from their interviews…
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break
Gareth Corfield reports: SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Insisting that it was “the victim of the most sophisticated cyberattack in history” in a…
Disgruntled ransomware affiliate leaks the Conti gang’s technical manuals
Catalin Cimpanu reports: A disgruntled member of the Conti ransomware program has leaked today the manuals and technical guides used by the Conti gang to train affiliate members on how to access, move laterally, and escalate access inside a hacked company and then exfiltrate its data before encrypting files. Leaked on an underground cybercrime forum…