An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser’s executables to hijack homepages and steal browsing history. […]
New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users
Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.
The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and
The vulnerabilities “led to an entire break in the security of Sonos’s secure boot process across a wide range of devices and remotely being able to compromise several devices over the air,” NCC Group security researchers Alex Plaskett and
In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims
Noteworthy stories that might have slipped under the radar: KnowBe4 product vulnerabilities, SOCRadar responds to hacker’s claims, and SEC ends the MOVEit hack probe.
The post In Other News: KnowBe4 Product Flaws, SEC Ends MOVEit Probe, SOCRadar Responds to Hacking Claims appeared first on SecurityWeek.
Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says
Iranian actors have spent recent months creating fake news sites and impersonating activists, laying the groundwork to stoke division and potentially sway American voters this fall.
The post Iran Is Accelerating Cyber Activity That Appears Meant to Influence the US Election, Microsoft Says appeared first on SecurityWeek.
Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities
CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.
The post Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities appeared first on SecurityWeek.
Vulnerability Allowed Eavesdropping via Sonos Smart Speakers
Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.
The post Vulnerability Allowed Eavesdropping via Sonos Smart Speakers appeared first on SecurityWeek.
Physical Security Firm ADT Confirms Hack and Data Breach
ADT has confirmed that hackers have stolen information after 30,000 customer records were leaked recently.
The post Physical Security Firm ADT Confirms Hack and Data Breach appeared first on SecurityWeek.
DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs
The U.S. Department of Justice (DoJ) on Thursday charged a 38-year-old individual from Nashville, Tennessee, for allegedly running a “laptop farm” to help get North Koreans remote jobs with American and British companies.
Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional
Matthew Isaac Knoot is charged with conspiracy to cause damage to protected computers, conspiracy to launder monetary instruments, conspiracy to commit wire fraud, intentional
CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that threat actors are abusing the legacy Cisco Smart Install (SMI) feature with the aim of accessing sensitive data.
The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.”
It also
The agency said it has seen adversaries “acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature.”
It also
US dismantles laptop farm used by undercover North Korean IT workers
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. […]