A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn. Exploiting the flaws could enable attackers to gain full, remote access to targeted networks.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.
Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.
Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.
An unprotected database belonging to Chinese e-commerce site Gearbest exposed 1.5 million customer records, including payment information, email addresses and other personal data for customers worldwide, white hat hackers discovered.
Today's workforce is increasingly working remotely and relying on a variety of devices and cloud services to accomplish their jobs. Organizations must support but also secure this push, or they risk driving employees to adopt shadow IT, warns Jon Oberheide of Duo Security.
Apple has revoked Facebook's enterprise certificate, leaving the social network's employees unable to access internal iOS apps, after Facebook used it to distribute an app that monitored smartphone activity, sometimes from minors, in exchange for monthly payments. Facebook says it did nothing wrong.
An Australian man who as a teenager managed to infiltrate Apple's networks and do it again after the company expelled him - aided by a folder on his laptop storing his "Hacky Hack Hack Methods" - has been sentenced to serve eight months of probation, according to news reports.
A swift FBI sinkhole blunted an apparently imminent attack against Ukraine via "VPN Filter" malware, which has infected more than 500,000 routers. But mass router compromises will continue so long as manufacturers fail to build in easy or automated patching and updating, security experts warn.