Once again, there is a battle between security and convenience. Unfortunately this time it affects anyone who enjoys the simplicity of buying a latté with their smartphone. Bob Sullivan, an investigative journalist, reported that Starbucks consumers are being victimized by criminals who transfer funds leveraging the auto-reload capability of the mobile app. The theft starts with a username and password change outside of business hours, followed by a series of increasing account fund reloads - all within a matter of minutes. Criminals can steal hundreds of dollars without the victim realizing that it's already too late. This was a relatively…
Read More
A new zero-day exploit has been discovered by Jason Geffner, a Senior Security Researcher at CrowdStrike, and its target is the virtual data center. VENOM (short for Virtualized Environment Neglected Operations Manipulation) allows a malicious user to send a command to their own virtual instance that will cause it to crash and open the door for exploitation of the entire hypervisor and connected network. This means that the attacker could gain full bare metal control of other companies' virtual machines, if they're hosted in the same virtual data center or cloud. The command targets a commonly ignored component of most virtual machines -the legacy floppy disk…
Read More