Apr 30, 2024NewsroomDocker Hub / Supply Chain Attack Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositories in Docker Hub are … [Read more...] about Millions of Malicious ‘Imageless’ Containers Planted on Docker Hub Over 5 Years
Millions
Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds
Mar 29, 2024NewsroomReverse Engineering / RFID Security Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, … [Read more...] about Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds
Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
Sep 09, 2023THNMobile Security / Spyware Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices. According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone … [Read more...] about Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play
3CX Desktop App Supply Chain Attack Leaves Millions at Risk
Mar 30, 2023Ravie LakshmananSupply Chain / Software Security 3CX said it's working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that's using digitally signed and rigged installers of the popular voice and video conferencing software to target downstream customers. "The … [Read more...] about 3CX Desktop App Supply Chain Attack Leaves Millions at Risk
Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report … [Read more...] about Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system … [Read more...] about Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions
The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly … [Read more...] about U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used … [Read more...] about New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops
New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in HP's UEFI firmware. The variety of devices affected includes HP's laptops, … [Read more...] about New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices
North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide
Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking … [Read more...] about North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide