The massive Twitter security breach that took over the accounts of President Barack Obama, Bill Gates, Elon Musk, Apple and more. The one that appeared to be the work of state-sponsored attackers or organization criminal organizations. Yeah, it was two teens and a 22-year-old from Florida.
It was pretty clear from the start that the hack against Twitter was more than a simple security breach of a handful of user accounts. The smash and grab attack struck celebrities, politicians, and billionaires including Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Joe Biden, Barack Obama, Kayne West, Binance and companies like Apple,…
If you or your ISP are running BIG-IP devices, they are almost certainly under active attack right now. On Wednesday, F5 Networks issued patches for a remote code execution vulnerability in BIG-IP devices. Within hours, security researchers reported targeted attacks against BIG-IP devices.
It’s so stupidly simple, you gotta wonder how we missed this all these years. Adding a dot to the end of a domain name throws off the browser’s cookie handling (breaks CORS too). This hack works on YouTube (for now, anyway) and many other websites that operate behind paywalls (e.g. New York Times).
Twitter announced Thursday that it deleted more than 170,000 accounts tied to the Chinese government. The accounts were pushing narratives around the Hong Kong protests and Covid-19 that Twitter considered deceptive. Twitter is officially blocked in China. Many of the accounts had only been set up this year and were classified in two categories. 23,750…
Researchers just announced the discovery of a UPnP vulnerability that impacts any UPnP device exposed on the Internet. The attack, called CallStranger (CVE-2020-12695), is being used for massive DDoS attacks , to exfiltrate data, and to scan ports from Internet-facing UPnP devices. How the CallStranger exploit works The attack takes advantage of a Callback header…
Somewhat unusual cast of characters today. IPHostCountryBlock Count45.235.36.98ANMAX TELECOMUNICACIONES MAXIMILIANO BIONDI EIRL Chile302177.41.23.8Diretoria de Planejamento e Tecnologia Brazil263103.62.140.205CIRCLE NETWORK Bangladesh197103.219.206.80Knet Solutions P. Ltd India91202.47.35.198Cyber Internet Services Pakistan Pakistan30 Most of these are blocking probes.
Evidence shows BellTroX InfoTech Services, aka Dark Basin or Mercenary.Amanda, targeted government officials, celebrities, non-profit organizations, advocacy groups, journalists, investors, and large and small corporations in a hacking spree that is believed to be under investigation by U.S. law enforcement.
The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA). Also known as “Sandworm,” this group has been hacking Exim servers since August 2019 by exploiting a critical…
A research team from Purdue University has created a tool, USBFuzz, which fuzzes calls to the USB driver stack. Apparently the tool is pretty groundbreaking. The researchers said, “At its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations).” The researchers tested the tool on:…
