
The 2020 SolarWinds cyberattack is the worst cyberattack in our nation’s history. It is literally “beyond measure” at this point. In fact, the government may never know how badly the attack compromised our nation’s digital infrastructure.
It was pretty clear from the start that the hack against Twitter was more than a simple security breach of a handful of user accounts. The smash and grab attack struck celebrities, politicians, and billionaires including Bill Gates, Elon Musk, Jeff Bezos, Warren Buffett, Joe Biden, Barack Obama, Kayne West, Binance and companies like Apple,…
Researchers just announced the discovery of a UPnP vulnerability that impacts any UPnP device exposed on the Internet. The attack, called CallStranger (CVE-2020-12695), is being used for massive DDoS attacks , to exfiltrate data, and to scan ports from Internet-facing UPnP devices. How the CallStranger exploit works The attack takes advantage of a Callback header…
The NSA says that members of Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, have been attacking email servers running the Exim mail transfer agent (MTA). Also known as “Sandworm,” this group has been hacking Exim servers since August 2019 by exploiting a critical…
A research team from Purdue University has created a tool, USBFuzz, which fuzzes calls to the USB driver stack. Apparently the tool is pretty groundbreaking. The researchers said, “At its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations).” The researchers tested the tool on:…
News erupted this week proclaiming the enigmatic hacker, Guccifer 2.0, accidentally dropped his VPN connection, revealing his secret identity. According to Daily Beast, his true IP address was revealed while he visited a social media site – and it tracked directly to Russia’s GRU headquarters. That’s akin to Batman forgetting to put on his mask…