Equifax Loses Bid to Drop Data Breach Claims Under New York Law – Bloomberg Law
Equifax Loses Bid to Drop Data Breach Claims Under New York Law Bloomberg Law
“data breach” – read more
Tag Archive for: Under
That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says
Enlarge (credit: Titanas)
Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones.
San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least two years. In the now-disputed report, ZecOps had said the critical flaw was located in the Mail app and could be triggered be sending specially manipulated emails that required no interaction on the part of users.
Apple declined to comment on the report at the time. Late on Thursday night, however, Apple pushed back on ZecOps’ findings that (a) the bug posed a threat to iPhone and iPad users and (b) there had been any active exploit at all. In a statement, officials wrote:
Read 10 remaining paragraphs | Comments
Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit
Enlarge (credit: Frank Lindecke / Flickr)
Criminals are exploiting critical flaws to corral Internet-of-things devices from two different manufacturers into botnets that wage distributed denial-of-service attacks, researchers said this week. Both DVRs from Lilin and storage devices from Zyxel are affected, and users should install updates as soon as possible.
Multiple attack groups are exploiting the Lilin DVR vulnerability to conscript them into DDoS botnets known as FBot, Chalubo, and Moobot, researchers from security firm Qihoo 360 said on Friday. The latter two botnets are spinoffs of Mirai, the botnet that used hundreds of thousand of IoT devices to bombard sites with record-setting amounts of junk traffic.
The DVR vulnerability stems from three flaws that allow attackers to remotely inject malicious commands into the device. The bugs are: (1) hard-coded login credentials present in the device, (2) command-injection flaws, and (3) arbitrary file reading weaknesses. The injected parameters affect the device capabilities for file transfer protocol, network time protocol, and the update mechanism for network time protocol.
Read 4 remaining paragraphs | Comments
Google patches Chrome zero-day under active attacks – ZDNet
Google patches Chrome zero-day under active attacks ZDNet
“zero day exploit” – read more