July 20, 2021

A US federal judge sentenced Russian hacker Peter Levashov to 33 months, time served, and three years of supervised release for his role in operating the Kelihos botnet. The creator of the Kelihos Botnet, Peter Yuryevich Levashov (40), was sentenced to 33 months, time served, and three years of supervised release. Levashev used the pseudonym of […]

The post Kelihos botmaster Peter Levashov gets time served appeared first on Security Affairs.

Read More Kelihos botmaster Peter Levashov gets time served

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Imagine buying a new car and being told that there’s an additional subscription required to unlock the full car. Sounds like a nightmare, right? But that seems to be what’s in store for Tesla customers. Tech publication Mashable scraped the details from Tesla’s support page. Essentially, drivers will need to pay up to $199 a month […]

The post Tesla turns ‘full self-driving’ into a subscription first appeared on IT World Canada.

Read More Tesla turns ‘full self-driving’ into a subscription

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.

Read More Spam Kingpin Peter Levashov Gets Time Served

NSO Group, the Israeli cyberweapons arms manufacturer behind the Pegasus spyware — used by authoritarian regimes around the world to spy on dissidents, journalists, human rights workers, and others — was hacked. Or, at least, an enormous trove of documents was leaked to journalists.

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverage. More coverage.

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver …

Read More NSO Group Hacked

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox, and Samsung printers driver that can allow attackers to gain admin rights on systems running the flawed […]

The post A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide appeared first on Security Affairs.

Read More A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589, affecting FortiManager and FortiAnalyzer network management solutions. The CVE-2021-32589 vulnerability is a Use After Free issue that an attacker […]

The post A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root appeared first on Security Affairs.

Read More A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root

Coffee Briefings are timely deliveries of the latest ITWC headlines, interviews, and podcasts. These briefings drop on Tuesday mornings. Today’s Coffee Briefing is delivered by IT World Canada reporter Tom Li, with files from the rest of the editorial team! Missed last week’s Coffee Briefing? We got you covered. ITWC Podcasts Listen to the latest episode of […]

The post Coffee Briefing, July 20, 2021 – PrintNightmare continues; Driving as a service; and more first appeared on IT World Canada.

Read More Coffee Briefing, July 20, 2021 – PrintNightmare continues; Driving as a service; and more

Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft’s Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business email compromise (BEC) campaign aimed at its customers. The IT giant secured a court order that allowed it to take down “homoglyph” domains […]

The post Microsoft secured court order to take down domains used in BEC campaign appeared first on Security Affairs.

Read More Microsoft secured court order to take down domains used in BEC campaign