Thousands of vulnerable TP-Link routers at risk of remote hijack

Thousands of TP-Link routers are vulnerable to a bug that can be used to remotely take control the device, but it took over a year for the company to publish the patches on its website. The vulnerability allows any low-skilled attacker to remotely gain full access to an affected router. The exploit relies on the […]

Continue Reading →

Google recalls its Bluetooth Titan Security Keys because of a security bug

Google today disclosed a security bug in its Bluetooth Titan Security Key that could allow an attacker in close physical proximity to circumvent the security the key is supposed to provide. The company says that the bug is due to a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” and that even the faulty […]

Continue Reading →

Justice Department charges Chinese hacker for 2015 Anthem breach

U.S prosecutors have brought charges against a Chinese national for his alleged involvement of the 2015 data breach at health insurance giant Anthem, which resulted in the theft of 78.8 million medical records. China resident Fujie Wang, 32, and other unnamed members of a China-based hacking group, are charged with four counts of conspiracy to […]

Continue Reading →

Cybersecurity insurance startup Coalition raises $40M in Series B funding

Coalition, a cybersecurity insurance company, has raised $40 million in its latest round of funding. Fintech investment giant Ribbit Capital led the investment with participation from Greenoaks Capital and Hillhouse Capital. Coalition’s insurance covers expenses incurred from liabilities related to third-parties, such as fines and penalties — as well as fraud, breach response, extortion and […]

Continue Reading →

Hundreds of Orpak gas station systems can be easily hacked, thanks to hardcoded passwords

Homeland Security’s cybersecurity agency says a popular gas station software contains several security vulnerabilities that require “low skill” to exploit. The advisory, posted by the Cybersecurity and Infrastructure Security Agency (CISA), gave the Orpak SiteOmat software a rare vulnerability severity rating of 9.8 out of 10. Orpak’s SiteOmat systems monitor the amount of fuel stored […]

Continue Reading →

DDoS attack disrupted US energy company operations, government confirms

A distributed denial-of-service attack launched against an energy company providing power in several western U.S. states was enough to report “interruptions of electrical system operations” to the government’s energy authority. The “cyber event” lasted almost ten hours on March 5, according to an electric emergency and disturbance report filed with the Department of Energy by the […]

Continue Reading →

Shellbot malware evolves to spread and shuts down other cryptominers

When hackers want to make a quick buck, mining cryptocurrency seems to be the way to go. New research out Wednesday by Boston-based security firm Threat Stack shared exclusively with TechCrunch reveals a new variant of the Shellbot malware is taking a leaf out of the other cryptocurrency mining by breaking into computers and using […]

Continue Reading →

Nearly all 2020 presidential candidates aren’t using a basic email security feature

Three years after Russian hackers targeted and breached the email accounts of Hillary Clinton’s presidential campaign, nearly all of the upcoming 2020 presidential candidates are still lagging in email security. New data out by Agari confirms just one presidential hopeful — Democratic candidate Elizabeth Warren — uses domain-based message authentication, reporting, and conformance policy — […]

Continue Reading →

A new cryptocurrency mining malware uses leaked NSA exploits to spread across enterprise networks

Two years after highly classified exploits built by the National Security Agency were stolen and published, hackers are still using the tools for nefarious reasons. Security researchers at Symantec say they’ve seen a recent spike in a new malware, dubbed Beapy, which uses the leaked hacking tools to spread like wildfire across corporate networks to […]

Continue Reading →