News

Ubiquiti suffered a data breach, which they disclosed in January 2021. Recent information, however, claims that the data breach report was potentially a cover-up of a larger incident that put customer data and devices deployed on corporate and home networks at risk. Ubiquiti originally reported that an attacker had accessed some of its IT systems, which were hosted by a third party cloud provider and that there was no evidence of unauthorised activity. The company...

American journalist and investigative reporter Brian Krebs reported this week that a whistleblower has alleged that Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras, has  massively downplayed a “catastrophic” incident to minimize the hit to its stock price.  and that the third-party cloud provider claim was a fabrication. Back in January, Ubiquity disclosed that a breach involving a third-party cloud provider had exposed...

A North Korean Hacking group, know to previously have targeted security researchers has recently created a fake offensive security firm. The threat actors were first documented in January 2021, per Google's Threat Analysis Group (TAG). The TAG specialists have said that the North Korean hackers had developed a web of fake profiles on various social media platforms. Among these are Twitter, Keybase and LinkedIn. The group would reach out to its victims asking for a...

Cloud computing and visualisation software and services provider VMware has patched a serious vulnerability that could have led an attacker to steal admin credentials in vRealize Operations. In an advisory published on Tuesday, the company stated that "multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware." In the same announcement, VMware said that patches and workarounds are now available to address these vulnerabilities in impacted products and warned customers that the issues were...

The Cyber Security Alliance-led Formation Project has created an umbrella body that will grow to champion cyber security education, training and skills. Today it was announced that the Formation Project to create the Council has completed, allowing the Government-mandated Council to officially become an independent entity, fully and only accountable to its Trustees. The Council will champion the cyber security profession across the UK, providing broad representation for the industry, accelerating awareness and promoting excellence...

Microsoft is offering up a $30,000 reward to security researchers who can find vulnerabilities within the Microsoft Teams application. Over the last year, the remote working and collaboration platform has seen a massive increase in users as a result of the coronavirus pandemic. This new bug bounty programme potentially highlights the importance of the application's role in Microsoft's future plans, as most companies only offer this type of programme for their most important services. The...

The email accounts belonging to the Trump administration's head of homeland security (DHS) along with those of members of cybersecurity staff have been hacked by suspected Russian hackers. The hackers specifically targeted the members of cybersecurity staff whose job it is to hunt threats from foreign countries. The accounts were breached in the SolarWinds intrusion, which caused dispute around how the US government can protect individuals, companies and institutions, if it is unable to protect...

The production systems at Nine Network, an Australian TV network went offline for 24 hours, as a result of a suspected state-backed attack. Following the system shut down early on Sunday morning, all the staff were ordered to work from home indefinitely while the teams deal with the repercussions. Vanessa Morley, Nine Entertainment's people and culture director sent out an email stating: “Our IT teams are working around the clock to fully restore our systems, which...

Positive Technologies employees Mark Ermolov and Dmitry Sklyarov, together with independent researcher Maxim Goryachi discovered two undocumented instructions in Intel processors. These can be used to change the microcode, allowing for attackers to take control of the processor and the entire system. According to the data that has been published, the vulnerabilities were left undocumented by the manufacturer. Receiving access to the two vulnerabilities opens up a special mode, which is normally only available to...

An analysis published on Friday reveals that at least three major companies have been recent victims of the Hades ransomware. The analysis was published by Accenture's Cyber Investigation & Forensic Response (CIFR) and Cyber Threat Intelligence (ACTI) teams. Accenture claims that the threat actors are targeting organisations that generate at least $1 billion in annual revenue. Reportedly Forward Air was one of the victims. The attackers have been taking a hands-on approach, using a mix...