В спецификациях Bluetooth Core и Mesh Profile выявили уязвимости, позволяющие злоумышленникам выдавать себя за легитимное устройство при создании пары. За счёт эксплуатации обнаруженных брешей киберпреступники могут запустить атаки вида «Человек посередине» (man-in-the-middle, MitM).
Governance & Risk Management , IT Risk Management GAO Offers Recommendations to Improve Space Agency’s Cyber Protections Scott Ferguson (Ferguson_Writes) • June 29, 2021 Photo: NASA via Flickr/CC A government watchdog is urging NASA‘s administrator to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency’s…
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. Web shells are tools (scripts or programs) deployed by threat actors to gain and/or maintain access to hacked servers, remotely execute arbitrary code or commands, move laterally within a target’s…
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called “more_eggs.” To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims’ job titles taken…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced that it has appointed Kiersten Todt as its new chief of staff. Before joining CISA as chief of staff, Todt served as managing director of the non-profit Cyber Readiness Institute (CRI). She also served as president and managing partner at risk management consulting firm…
Ethical hackers now have many more targets within the Defense Department, DOD officials announced. The department is expanding its Vulnerability Disclosure Program to include all publicly accessible DOD information systems. The program grew out of the success of the “Hack the Pentagon” initiative that began in 2016. That initiative enabled the Defense Digital Service…
Four individuals from Eastern Europe face 20 years in prison for Racketeer Influenced Corrupt Organization (RICO) charges after pleading guilty to running a bulletproof hosting service as a safe haven for cybercrime operations targeting US entities. The bulletproof hosting service was founded by Russian citizens Aleksandr Grichishkin and Andrei Skvortsov, who hired Lithuanian Aleksandr Skorodumov…
