Catalin Cimpanu reports: More than 47,000 workstations and servers, possibly more, running on Supermicro motherboards are currently open to attacks because administrators have left an internal component exposed on the internet. These systems are vulnerable to a new set of vulnerabilities named USBAnywhere that affect the baseboard management controller (BMC) firmware of Supermicro motherboards. Read…
Category: Commentaries and Analyses
Malicious websites were used to secretly hack into iPhones for years, says Google
Zack Whittaker reports: Security researchers at Google say they’ve found a number of malicious websites which, when visited, could quietly hack into a victim’s iPhone by exploiting a set of previously undisclosed software flaws. Google’s Project Zero said in a deep-dive blog post published late on Thursday that the websites were visited thousands of times…
Valve patches recent Steam zero-days, calls turning away researcher ‘a mistake’
Catalin Cimpanu reports: Gaming giant Valve has called turning away a security researcher who reported a vulnerability in the company’s Steam gaming client “a mistake.” A Valve representative told ZDNet in an email today that the company has shipped fixes for the Steam client, updated its bug bounty program rules, and is reviewing the researcher’s…
Hackers Targeting Healthcare with Financially Motivated Cyberattacks
Jessica Davis reports: Healthcare organizations are increasingly being targeted with financially motivated cyberattacks by hackers attempting to gain access to valuable patient records and others sensitive information, according to FireEye researchers. While it’s been clear for some time that hackers have targeted the healthcare sector given many providers operate on outdated or unsupported systems, new…
Intel, Google, Microsoft, and others launch Confidential Computing Consortium for data security
Khari Johnson reports: Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use. Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote…
Are thedarkoverlord’s victims entitled to damages from Athens Orthopedic Clinic? Georgia Supreme Court to rule.
Bill Rankin reports: In the spring of 2016, a cyber thief calling himself the “Dark Overlord” hacked into the databases of a Clarke County medical clinic and emerged with the personal information of an estimated 200,000 patients. The Athens Orthopedic Clinic refused to pay the hacker’s ransom and advised current and former patients to set…