News

A vulnerability in Cisco routers has massive global implications. To compromise the routers, researchers from the security firm Red Balloon exploited two vulnerabilities. The first is a bug in Cisco’s IOS operating system—not to be confused with Apple's iOS—which would allow a hacker to remotely obtain root access to the devices…The second vulnerability, though, is much more sinister. Once the researchers gain root access, they can bypass the router's most fundamental security protection. Known as...

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed. WhatsApp, which is owned by Facebook, said the attack targeted a "select number" of users, and was orchestrated by "an advanced cyber actor". A fix was rolled out on Friday. The attack was developed by Israeli security firm NSO Group, according to a report in the Financial Times. On Monday, WhatsApp urged...

Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on the infrastructure of these two companies to embed malicious code on over 4,600 websites, security researchers have told ZDNet. Source: ZDNet

A GPS tracker used by elderly people and young kids has a security hole that could allow others to track and secretly record their wearers. It has an in-built SIM card that it used to pinpoint the location of the user, as well as provide hands-free communications through a speaker and mic. As such it is most commonly used by elderly people in case of a fall and on children whose parents want to be...

The Chinese state could cut off cars and household appliances from Britain's 5G network if the country's telecoms giant is allowed to help build the system, according to a former government security adviser. Peter Varnish, who was a senior Ministry of Defence official, suggested a decision by Theresa May to allow Huawei to help build even limited parts of the network such as antennas and other “non-core” infrastructure, could allow Beijing to "shut down" signals...

The latest quarterly data breach report from the Office of the Australian Information Commissioner (OAIC) has revealed over 10 million individuals had their information compromised in one single incident. The current population of Australia is around 25.4 million. While the report did not detail the origin of the breach that affected over 10 million individuals, it did show that the most number of affected individuals from a single finance-related breach was less than 500,000 and...

As many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data. Data generated by Shodan, a search engine for exposed databases and devices, puts the figure at the million mark — with most of the vulnerable devices in the U.S. But that only accounts for devices directly connected to the internet and not the potentially millions more devices connected to those infected servers. The number of vulnerable devices...

The cybersecurity skills shortage has gotten worse for the third consecutive year, impacting 74% of organizations worldwide, according to a Thursday report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG). The report surveyed 267 cybersecurity professionals worldwide, and respondents reported that they believe the skills gap to be a primary cause for the rise in cybersecurity incidents. Nearly half (48%) of respondents said they experienced at least one security incident over the past...

A successful family of ransomware which has been terrorising organisations around the world has been updated with a new trick to lure victims into installing file-locking malware: posing as anti-virus software. Dharma first emerged in 2016 and the ransomware has been responsible for a number of high-profile cyber incidents, including the takedown of a hospital network in Texas late last year. Source: ZDNet

A site that pretends to promote the popular KeePass password management software is actually distributing malware on unsuspecting visitors. This site is part of a larger network of sites distributing adware bundles as free programs. Last year, we reported that fake sites were created to promote popular software, but when we analyzed the distributed files, we found that they were pushing adware bundles on unsuspecting visitors. Source: Bleeping Computer