Critical Atlassian 0-day is under active exploit. You’re patched, right?
Researchers who found vulnerability warn it's “dangerous and trivially exploited.”
Dan Goodin / Security Editor
Feeds
Recent stories by Dan Goodin
-
-
Meeting Owl videoconference device used by govs is a security disaster
No patch yet for easy-to-hack access point that leaks data and exposes networks to hacks.
-
Code execution 0-day in Windows has been under active exploit for 7 weeks
All supported versions of Windows affected.
-
US college VPN credentials for sale on Russian crime forums, FBI says
Trafficked data could lead to subsequent attacks, agency warns.
-
Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat
BMCs offer extraordinary control over cloud computers. So why hasn't Quanta patched?
-
Critical Zoom vulnerabilities fixed last week required no user interaction
If your machine failed to get them automatically, you're not alone.
-
Server hack yields harrowing images of life inside Chinese detention camps
Leak is latest bright light shined on China's persecution of ethnic minorities.
-
“Tough to forge” digital driver’s license is… easy to forge
A litany of security flaws allows forgeries that are easy, quick, and cheap.
-
Researchers find backdoor lurking in WordPress plugin used by schools
If you've used School Management Pro, it's time to check your site, stat.
-
Feature Story
New Bluetooth hack can unlock your Tesla—and all kinds of other devices
All it takes to hijack Bluetooth-secured devices is custom code and $100 in hardware.
-
2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms
Security flaws in VMware and F5's BIG-IP are being exploited by malicious hackers.
-
Researchers devise iPhone malware that runs even when device is turned off
Research is largely theoretical but exposes an overlooked security issue.
-
Zyxel silently patches command-injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices.
-
Backdoor in public repository used new form of attack to target big firms
Dependency confusion attacks exploit our trust in public code repositories.
-
US and its allies say Russia waged cyberattack that took out satellite network
February outage came an hour before Russia began its invasion of Ukraine.
-
Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating
Flaw in widely used gear from F5 executes root commands, no password necessary.
-
Feature Story
How Apple, Google, and Microsoft will kill passwords and phishing in one stroke
You've heard for years that easier, more secure logins are imminent. That day is here.
-
Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw
Vulnerability in 3rd-party libraries can send devices' users to malicious sites.
-
Botnet that hid for 18 months boasted some of the coolest tradecraft ever
Once-unknown group uses a tunnel fetish and a chameleon's ability to blend in.
-
One of the most powerful DDoSes ever targets cryptocurrency platform
15.3 million requests per second is HUGE, especially when delivered through HTTPS.
-
Russia wages “relentless and destructive” cyberattacks to bolster Ukraine invasion
Cyberattacks complement and are sometimes timed to military actions.
-
Microsoft finds Linux desktop flaw that gives root to untrusted users
Elevation of privilege vulnerabilities can be used to gain persistent root access.
-
Hackers hammer SpringShell vulnerability in attempt to install cryptominers
Thousands of hack attempts made in the days following discovery of the vulnerability.
-
Critical bug could have let hackers commandeer millions of Android devices
Flaw could be exploited with malicious audio file.
-
Major cryptography blunder in Java enables “psychic paper” forgeries
A failure to sanity check signatures for division-by-zero flaws makes forgeries easy.
-
Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?
Exploiting critical UEFI vulnerabilities could allow malware to hide in firmware.
-
Your iOS app may still be covertly tracking you, despite what Apple says
Apple's landmark App Tracking Transparency may not be as tough as some people think.
-
Trend says hackers have weaponized SpringShell to install Mirai malware
Researchers have been in search of vulnerable real-world apps. The wait continues.
-
Ransomware sent North Carolina A&T University scrambling to restore services
ALPHV/Black Cat ransomware group has claimed at least 3 victims so far.
-
WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers
Silently fixed authentication bypass remained a secret even after it was under attack.
-
Companies were slow to remove Russian spies’ malware, so FBI did it for them
How the FBI took down "Cyclops Blink," a Russia state botnet infecting network firewalls.
-
Hydra, the world’s biggest cybercrime forum, shut down in police sting
Hydra market facilitated $5 billion in transactions for 17 million customers.
-
Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks
Hackers can exploit authentication bypass flaw to gain administrative control.
-
Explaining Spring4Shell: The Internet security disaster that wasn’t
Vulnerability in the Spring Java Framework is important, but it's no Log4Shell.
-
Apple rushes out patches for two 0-days threatening iOS and macOS users
With 5 0-days this year, Apple is on track to meet or break its 2021 tally of 12.
-
Mystery solved in destructive attack that knocked out >10k Viasat modems
AcidRain is the seventh wiper associated with the Russian invasion of Ukraine.
| ← Older Stories | |