Data from employment firm Automation Personnel Services Leaked Automation Personnel Services, a provider of temporary employment services, found 440 gigabytes of their data leaked on the dark web. The poster says that it includes payroll, accounting and legal documents. The data was leaked because the company refused to pay the ransom. When asked if the […]
Continue reading → [DISPLAY_ACURAX_ICONS]Well, maybe better is not the right word. Quick catch up for those of you who are not following this. The Russians hacked the software update process for the high end network management software called Orion from Solar Winds. This software is typically used by large enterprises and government agencies. This hack gave them access […]
Continue reading → [DISPLAY_ACURAX_ICONS]As millions upon millions of IoT and Industrial IoT devices get deployed every month, we seem to have forgotten what we learned the hard way about our computers: if we don’t patch them, the hackers will invade. #1: A set of bugs called Urgent/11 affected a network module that has been around since the 90s […]
Continue reading → [DISPLAY_ACURAX_ICONS]Solar Winds Software Compromised – Potentially 18,000 Enterprises Affected Last week FireEye filed a report with the SEC saying that they had been hacked – by Russia and not China – and that the hackers got away with FireEye’s entire suite of offensive hacking tools. This is not exactly what you would want your adversary […]
Continue reading → [DISPLAY_ACURAX_ICONS]Researchers Hack Apple Successfully Between July and October, good-guy hackers worked on a side project to hack Apple. The results were impressive – if you are not Apple. 55 vulnerabilities found, 11 critical and 29 high. Apple paid the team a bug bounty of $288,000. The compromise would have exposed a lot of Apple’s internal […]
Continue reading → [DISPLAY_ACURAX_ICONS]I have been ranting about Software Bills of Material or SBoM for a while. This week I have two examples of why this is important – even critical. The first story is about a TCP/IP network stack and the vulnerability is called Amnesia:33. It impacts four open source libraries – uIP, FNET, picoTCP and Nut/Net. […]
Continue reading → [DISPLAY_ACURAX_ICONS]