All about Security, News, Events and Incidents

SECURITY
Secret backdoor discovered in Zyxel firewall and AP controllers bleepingcomputer.com |
JANUARY 02, 2021

Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware....

 

Zyxel backdoor (CVE-2020-29583) is actively exploited
Posted on 2021-01-07 bnorncity.de

​

In late December 2020, I had blogged about an undocumented user in Zyxel products (CVE-2020-29583), see my the blog post Undocumented User in Zyxel Products (CVE-2020-29583). The vendor has provided an update to remove this undocumented user that’s a backdoor. Now I read that cyber criminals are actively scanning the Internet for vulnerable Zyxel products to exploit the backdoor....

 

NVIDIA Patches Several High Risk Security Flaws In Windows And Linux GeForce Drivers, Update Now hothardware.com | Sunday, January 10, 2021

For as long as developers have been writing software code, they've been inadvertently creating bugs. It's when those bugs can compromise the security of a PC that a bug goes from an annoyance to a potential real danger. Security issues with apps can be worked around in the interim, even if it means uninstalling it, but what about when the security vulnerability is in the driver for some critical piece of hardware; say a video adapter? When that happens, developers have to isolate the cause and act quickly to plug the holes, or else risk any PC with that hardware being open to attack. Such was the case for NVIDIA this week.

The GeForce, Quadro, and AI accelerator maker has issued a series of driver updates this week to prevent ten years of graphics hardware from being susceptible to attacks. This is a big deal is because like video drivers from all major vendors, NVIDIA's drivers run in kernel mode with additional unrestricted access in the name of better performance. That's true of the oldest hardware on the market up to and including the latest Ampere GPUs from the GeForce RTX 30 Series....

 

Signal Vs Telegram, WhatsApp, Facebook Messenger: What Data Dose Each App Collect from your phone?

 

Ransomware Malware on the rise be careful what you do on Internet

 

Makers of Cyberpunk 2077 game hit by ransomware hack

 

SMH!

 

Bloomberg Doubles Down on Supermicro Hack

 

Allegation: Microsoft made a mistake in the security of the SolarWinds hack borncity.de February 26, 2021
[German] Security experts and the US Senator Ron Wyden raise serious allegations and accuse industry top dog Microsoft of failures. Microsoft failed to fix known problems with its cloud software and to warn users. That was only made possible by the massive SolarWinds hack, which compromised at least nine federal agencies. An attack vector known as "golden SAML" plays a role here. Time to shed some light on the whole thing....

 

"The use of browser extensions to target the private Gmail accounts of users combined with the delivery of Scanbox malware demonstrates the malleability of TA413 when targeting dissident communities,"

https://www.bleepingcomputer.com/ne...ion-allowed-hackers-to-hijack-gmail-accounts/