Author Archives: Ravie Lakshmanan

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of its integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
“Using stolen OAut… Continue reading Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach→

Researchers have demonstrated what they call the “first active contactless attack against capacitive touchscreens.”
GhostTouch, as it’s called, “uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen without the need to… Continue reading Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely→

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information.
The list of security vulnerabilities is as follows –

CVE-202… Continue reading Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices→

Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new research published today.
“An attacker running code on a vulnerable QCT server would be abl… Continue reading Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers→

A malvertising threat is witnessing a new surge in activity since its emergence earlier this year.
Dubbed ChromeLoader, the malware is a “pervasive and persistent browser hijacker that modifies its victims’ browser settings and redirects user traffic … Continue reading Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers→

Cybersecurity researchers are calling attention to a free-to-use browser automation framework that’s being increasingly used by threat actors as part of their attack campaigns.
“The framework contains numerous features which we assess may be utilized … Continue reading Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities→

The maintainers of the Tails project have issued a warning that the Tor Browser that’s bundled with the operating system is unsafe to use for accessing or entering sensitive information.
“We recommend that you stop using Tails until the release of 5.1… Continue reading Tails OS Users Advised Not to Use Tor Browser Until Critical Firefox Bugs are Patched→

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission (FTC) to settle allegations that it abused non-public information collected for security purposes to serve t… Continue reading Twitter Fined $150 Million for Misusing Users’ Data for Advertising Without Consent→

A year-long international investigation has resulted in the arrest of the suspected head of the SilverTerrier cybercrime group by the Nigeria Police Force.
“The suspect is alleged to have run a transnational cybercrime syndicate that launched mass phi… Continue reading Interpol Arrests Leader of SilverTerrier Cybercrime Gang Behind BEC Attacks→

A group of academics has devised a system that can be used on a phone or a laptop to identify and locate Wi-Fi-connected hidden IoT devices in unfamiliar physical spaces.
With hidden cameras being increasingly used to snoop on individuals in hotel roo… Continue reading Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room→