Microsoft, Google, and User Safety
There was a time in the not-so-distant past when nasty public fights between Microsoft and various researchers over when and how to disclose vulnerabilities were just about a weekly occurrence. That time thankfully has passed, but, as the current disagreement between Google and Microsoft over Google’s disclosure of a Windows zero day makes clear, everyone […]
Microsoft Says Russian Group Exploiting Windows Zero Day
Microsoft’s security team says the zero-day vulnerability in Windows discovered by Google researchers recently is being exploited by an attack group that has been linked to the hacks of the Democratic National Committee and other political targets in the United States. The group, which Microsoft calls Strontium, has been linked to Russia and Microsoft officials said […]
IoTSeeker Scanner Finds Smart Devices With Dumb Credentials
With the Mirai botnet still wreaking havoc, and other IoT botnets appearing, security researchers are looking for ways to discover the insecure devices that are being targeted by attackers before they can be compromised. One such effort is a new scanner that will check networks for devices that are using default credentials, which often are exploited […]
Pair of Bugs Can Disconnect Schneider HMI Gear From SCADA Networks
Researchers have discovered a pair of serious vulnerabilities in several ICS products made by Schneider Electric that can allow an attacker to freeze the control panel of vulnerable devices and force them to disconnect from a SCADA network. The vulnerabilities affect seven different Magelis products from Schneider, which are used for remote management and monitoring […]