Author Archives: Lindsey O'Donnell

Critical MobileIron RCE Flaw Under Active Attack

Posted on November 25, 2020 by Lindsey O'Donnell

Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others. Continue reading Critical MobileIron RCE Flaw Under Active Attack→

Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram

Posted on November 24, 2020 by Lindsey O'Donnell

Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram. Continue reading Post-Breach, Peatix Data Reportedly Found on Instagram, Telegram→

Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues

Posted on November 24, 2020 by Lindsey O'Donnell

Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay. Continue reading Smart Doorbells on Amazon, eBay, Harbor Serious Security Issues→

Blackrota Golang Backdoor Packs Heavy Obfuscation Punch

Posted on November 24, 2020 by Lindsey O'Donnell

Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze. Continue reading Blackrota Golang Backdoor Packs Heavy Obfuscation Punch→

TA416 APT Rebounds With New PlugX Malware Variant

Posted on November 23, 2020 by Lindsey O'Donnell

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader. Continue reading TA416 APT Rebounds With New PlugX Malware Variant→

Joe Biden Campaign Subdomain Down After Hacktivist Defacement

Posted on November 23, 2020 by Lindsey O'Donnell

A Turkish hacktivist defaced a subdomain of the president-elect’s campaign website. Continue reading Joe Biden Campaign Subdomain Down After Hacktivist Defacement→

VMware Fixes Critical Flaw in ESXi Hypervisor

Posted on November 20, 2020 by Lindsey O'Donnell

The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge. Continue reading VMware Fixes Critical Flaw in ESXi Hypervisor→

New Grelos Skimmer Variants Siphon Credit Card Data

Posted on November 20, 2020 by Lindsey O'Donnell

Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far. Continue reading New Grelos Skimmer Variants Siphon Credit Card Data→

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Posted on November 19, 2020 by Lindsey O'Donnell

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums. Continue reading Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack→

IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk

Posted on November 19, 2020 by Lindsey O'Donnell

Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices. Continue reading IoT Cybersecurity Improvement Act Passed, Heads to President’s Desk→