Catalin Cimpanu reports: Security researchers have found tainted versions of the legitimate LoJack software that appeared to have been sneakily modified to allow hackers inside companies that use it. Researchers say domains found inside the tainted LoJack instances have been previously tied to other hacking operations carried out by APT28, a codename used to describe…
Category: Commentaries and Analyses
Hackers target Georgia Southern, Augusta restaurants
So if you want to prove a hacking bill is a bad idea, engaging in black hat/grey hat activities may not be the best way to persuade people. Tom Corwin reports: A hacking group upset with Georgia legislation that could criminalize what they do targeted Georgia Southern University and two Augusta restaurants in an ongoing…
The Digital Vigilantes Who Hack Back
Nicholas Schmidle reports: One day in the summer of 2003, Shawn Carpenter, a security analyst in New Mexico, went to Florida on a secret mission. Carpenter, then thirty-five, worked at Sandia National Laboratories, in Albuquerque, on a cybersecurity team. At the time, Sandia was managed by the defense contractor Lockheed Martin. When hundreds of computers…
Supreme Court to rule in Google referrer header privacy settlement case
David Zwier reports: The US Supreme Court granted certiorari [order list, PDF] in three cases Monday, including a dispute over a settlement in a Google privacy case and a Missouri death penalty case. In Frank v. Gaos [docket; cert. petition, PDF], the question before the court is, “in what circumstances a cy pres award of…
A former hacker reveals what he’s learned about cybersecurity
Jennifer Schlesinger reports: Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian…
Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch
Catalin Cimpanu reports: For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory. The April 2018 CPU contained a patch for CVE-2018-2628, a vulnerability in the WLS core component of WebLogic,…