minute read
Share this article:
The Japanese aerospace manufacturer said that starting in June, overseas unauthorized access to its servers may have compromised customer data.
Japanese aerospace company Kawasaki Heavy Industries on Monday warned of a security incident that may have led to unauthorized access of customer data.
According to the company’s data breach notification, it first discovered unauthorized parties accessing a server in Japan, from an overseas office in Thailand, on June 11, 2020. After terminating that access, the company throughout the following days in June discovered several other incidents of unauthorized access. Kawasaki said these stemmed from other overseas sites in Indonesia, the Philippines, and the United States.
minute read
Share this article:
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a “fix” from Microsoft failed to adequately patch it.
The local privilege-escalation bug in Windows 8.1 and Windows 10 (CVE-2020-0986) exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft’s advisory issued in June. An attacker would first have to log on to the system, but could then run a specially crafted application to take control of an affected system.
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day.
Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. It was last seen in volume in October, targeting volunteers for the Democratic National Committee (DNC); and before that, it became active in July after a five-month hiatus, dropping the Trickbot trojan. Before that, in February, it was seen in a campaign that sent SMS messages purporting to be from victims’ banks.
minute read
Share this article:
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
The potential for digital-home assistants like Amazon Alexa to infringe on user privacy by making and saving voice recordings of them is already widely known. Now researchers have discovered that the devices also may be able to “hear” and record what people are typing on nearby smartphones, even amid background noise.
The microphones on digital assistants are sensitive enough that they can record the taps people make on a mobile device when sitting up to a foot and a half away, according to a team of researchers from the University of Cambridge. The researchers constructed an attack in which they used this capability to identify PINs and text typed into a smartphone.
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
Puppy photos are undeniably irresistible but beware; researchers have uncovered a scheme selling fake German Shepherd puppies for Bitcoin, leaving buyers crushed and without a tiny fuzzy friend to cuddle on Christmas morning.
The scam was discovered by an intrepid researcher at Anomali, who got wind of the fake puppy offer and decided to investigate.
“When one of our researchers heard about this con, he dug deeper into it,” Gage Mele, researcher with Anomali, told Threatpost. “Because consumers are last-minute shopping ahead of the holidays and continuing to buy pets at a higher rate due to COVID-19 shelter-at-home restrictions, we issued a consumer alert.”