Lifeboat Foundation

AMERICAN telecom customers experienced widespread cellphone outages during what was believed to be the largest cyberattack in US history.

Thousands of T-Mobile, Metro by T-Mobile, AT&T, Verizon, and Sprint customers all reported outages in areas including Florida, Georgia, New York, and California on Monday afternoon.

The disruptions were part of a large-scale distributed denial-of-service, or DDoS, attack meant to overwhelm an online service with multiple traffic sources to render it unusable, according to Pop Culture.

Deepfakes⁠ have struck a nerve with the public and researchers alike. There is something uniquely disturbing about these AI-generated images of people appearing to say or do something they didn’t.

With tools for making deepfakes now widely available and relatively easy to use, many also worry that they will be used to spread dangerous misinformation. Politicians can have other people’s words put into their mouths or made to participate in situations they did not take part in, for example.

That’s the fear, at least. To a human eye, the truth is that deepfakes are still relatively easy to spot. And according to a report from cybersecurity firm DeepTrace Labs in October 2019, still the most comprehensive to date, they have not been used in any disinformation campaign. Yet the same report also found that the number of deepfakes posted online was growing quickly, with around 15,000 appearing in the previous seven months. That number will be far larger now.

A bug in a protocol used by virtually all Internet of Things devices exposes millions of users to potential attack, a researcher reported Monday. The fault centers on the Universal Plug and Play protocol, a 12-year-old implementation that simplifies connections among network devices such as computers, printers, mobile devices and Wi-Fi access points.

Billions of devices are theoretically vulnerable, the report stated, but only those with UPnP activated currently face risk of attack.

Turkish security engineer Yunus Çadirci uncovered the UPnP bug, named CallStranger, that could be exploited to gain access to any smart device such as security cameras, printers and routers that are connected to the Internet. Once access is gained, malicious code can be sent through network firewalls and other security defenses and reach internal data banks.

Stop us if you’ve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.

Named CallStranger by discoverer Yunus Çadırcı, the potential for trouble with this flaw looks significant for a whole menu of reasons, starting with the gotcha that it’s UPnP.

UPnP was invented back in the mists of time to graft the idea of plug-and-play onto the knotty world of home networking.

Florence to pay cyber-criminals a $291,000 ransom after suffering ransomware attack.

The Homeland Security’s cybersecurity advisory division is cautioning Windows 10 users of the possibility of a wave of cyberattacks due to the recent publication of an exploit code.

“Malicious cyber actors are targeting unpatched systems with the new [threat],” the agency noted on the Homeland Security web site. The agency said it “strongly recommends using a firewall to block server message block ports from the internet and to apply patches to critical- and high-severity vulnerabilities as soon as possible.”

The agency also referred concerned parties to Microsoft’s security guidance posts and notes published by the U.S. Computer Emergency Readiness Team at us-cert.gov.

Honda’s global systems were hit with a ransomware attack on Monday. The attack gripped enough of the Japanese automaker’s systems that it had to temporarily stop production at some factories. Customer service operations are still down as of Tuesday evening, though Honda says there’s no evidence that customer information leaked.

O,.o!

Attackers exploited XSS vulnerabilities in WordPress themes and plugins to steal database credentials.

For more than two years, the Pentagon’s research arm has been working with engineers to beef up the security of computer chips before they get deployed in weapons systems or other critical technologies.

Now, the research arm — the Defense Advanced Research Projects Agency (DARPA) — is turning the hardware over to elite white-hat hackers who can earn up to $25,000 for bugs they find. The goal is to throw an array of attacks at the hardware so its foundations are more secure before production.

“We need the researchers to really roll their sleeves up and dig into what we’re doing and try to break it,” said Keith Rebello, a DARPA program manager. Hardware hacks often involve identifying vulnerabilities in how a computer chip handles information, like the flaw uncovered in Intel microprocessors in March that could have allowed attackers to run malicious code early in the boot process.