The outage has hampered communication concerning a critical vulnerability that gives root. Servers operated by Ubuntu and its parent company Canonical were knocked offline on Thursday morning and have remained down ever since, a situation that’s preventing the OS provider from communicating normally following the botched disclosure of a…
CopyFail threatens multi-tenant servers, CI/CD work flows, Kubernetes containers, and more. Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal…
Security firms find themselves especially exposed. It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions. Now it has been hit by a…
If you’re one of millions using element-data, it’s time to check for compromise. Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys and other sensitive information. On…
Hundreds of subdomains from dozens of universities have been hijacked by scammers. Websites for some of the world’s most prestigious universities are serving explicit porn and malicious content after scammers exploited the shoddy record-keeping of the site administrators, a researcher found recently. The sites included berkeley.edu, columbia.edu, and washu.edu,…
Technically speaking, there’s no practical benefit to use PQC. So why is it being used? A relatively new ransomware family is using a novel approach to hype the strength of the encryption used to scramble files—making, or at least claiming, that it is protected against attacks by quantum computers.…
When authentication fails, things can go very, very wrong. Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps. The software maker said…
A stubborn misconception is hampering the already hard work of quantum readiness. With growing focus on the existential threat quantum computing poses to some of the most crucial and widely used forms of encryption, cryptography engineer Filippo Valsorda wants to make one thing absolutely clear: Contrary to popular mythology…
Grinex says needed hacking resources “available exclusively to … unfriendly states.” Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it’s halting operations after experiencing a $13 million heist carried out by “western special services” hackers. Researchers from TRM, which has confirmed the theft, put the value of stolen…
Here’s which players are winning the race to transition to post-quantum crypto. Sometime around 2010, sophisticated malware known as Flame hijacked the mechanism that Microsoft used to distribute updates to millions of Windows computers around the world. The malware—reportedly jointly developed by the US and Israel—pushed a malicious update…
