Technology & Science

Hackers can mess with HTTPS connections by sending data to your email server

Enlarge (credit: Getty Images) When you visit an HTTPS-protected website, your browser doesn’t exchange data with the webserver until it has ensured that the site’s digital certificate is valid. That prevents hackers with the ability to monitor or modify data passing between you and the site from obtaining authentication cookies or executing malicious code on […]

Technology & Science

US seizes $2.3 million Colonial Pipeline paid to ransomware attackers

Enlarge (credit: Getty Images) The FBI said it has seized $2.3 million paid to the ransomware attackers who paralyzed the network of Colonial Pipeline and touched off gasoline and jet fuel supplies up and down the East Coast last month. In dollar amounts, the sum represents about half of the $4.4 million that Colonial Pipeline […]

Technology & Science

Hacker lexicon: What is a supply chain attack?

Enlarge (credit: Frank Lindecke / Flickr) Cybersecurity truisms have long been described in simple terms of trust: Beware email attachments from unfamiliar sources, and don’t hand over credentials to a fraudulent website. But increasingly, sophisticated hackers are undermining that basic sense of trust and raising a paranoia-inducing question: What if the legitimate hardware and software […]

Technology & Science

This is not a drill: VMware vuln with 9.8 severity rating is under attack

Enlarge A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software. The vulnerability, tracked as CVE-2021-21985, resides in the vCenter Server, a tool for […]

Technology & Science

Ransomware will now get priority treatment at the Justice Department

Enlarge (credit: Getty Images) The Justice Department has created a task force to centrally track and coordinate all federal cases involving ransomware or related types of cybercrime, such as botnets, money laundering, and bulletproof hosting. “To ensure we can make necessary connections across national and global cases and investigations … we must enhance and centralize […]

Technology & Science

Attack on meat supplier came from REvil, ransomware’s most cut-throat gang

Enlarge / Ransomware (credit: Getty Images) The cyberattack that halted some operations at the world’s biggest meat processor this week was the work of REvil, a ransomware franchise that’s known for its ever-escalating series of cut-throat tactics designed to extort the highest price. The FBI made the attribution on Wednesday, a day after word emerged […]

Technology & Science

Shortages loom as ransomware hamstrings the world’s biggest meat producer

Enlarge (credit: Matthew Stockman / Getty Images) A ransomware attack has struck the world’s biggest meat producer, causing it to halt some operations in the US, Canada, and Australia while threatening shortages throughout the world, including up to a fifth of the American supply. Brazil-based JBS SA said on Monday that it was the target […]

Technology & Science

Amazon devices will soon automatically share your Internet with neighbors

Enlarge (credit: Amazon) If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt out of an experiment that leaves your personal privacy and security hanging in the balance. On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new […]

Technology & Science

Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

Enlarge (credit: Apple) Apple’s new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found. The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The […]

Technology & Science

SolarWinds hackers are back with a new mass campaign, Microsoft says

Enlarge (credit: Getty Images) The Kremlin-backed hackers who targeted SolarWinds customers in a supply chain attack have been caught conducting a malicious email campaign that delivered malware-laced links to 150 government agencies, research institutions and other organizations in the US and 23 other countries, Microsoft said. The hackers, belonging to Russia’s Foreign Intelligence Service, first […]