“Last Friday, Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our Chief Executive Officer and asked for employee payroll information,” Snapchat explained in a blog post. “Unfortunately, the phishing email wasn’t recognized for what it was — a scam — and payroll information about some current and former employees was disclosed externally.”
Researchers have uncovered what appears to be newly developed Mac malware from HackingTeam, a discovery that's prompting speculation that the disgraced malware-as-a-service provider has reemerged since last July's hack that spilled gigabytes worth of the group's private e-mail and source code.
A recent cyber-attack on Ukraine's electricity network could be replicated in the UK, according to a member of a US investigation into the resulting blackout.
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed “proxy-changing”, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and capturing traffic between a client and a server, acting as Man-In-The-Middle.
Last week security blogger Brian Krebs revealed that a popular internet-enabled security camera “secretly and constantly connects into a vast peer-to-peer network run by the Chinese manufacturer of the hardware.”
While the NSA was monitoring our perceived Middle Eastern enemies, the Chinese and Russians, and god knows who else, were making off with every important secret in the US, courtesy of the NSA’s back door. The NSA failed to notice that 50% of Jupiter Network users were American, and the majority of those were within the US Government.
When used in China, Apple’s maps are subject to “a varying offset [of] 100-600m which makes annotations display incorrectly on the map.” In other words, everything there—roads, nightclubs, clothing stores—appears to be 100-600 meters away from its actual, terrestrial position. The effect of this is that, if you check the GPS coordinates of your friends, as blogger Jon Pasden writes, “you’ll likely see they’re standing in a river or some place 500 meters away even if they’re standing right next t
Mozilla has decided to grant an exemption to its SHA-1 certificate ban and allow Symantec to issue nine new certificates for one of its clients Worldpay PLC.
Investigators found that "390,000 additional taxpayer accounts" were affected. Fraudsters tried to target an additional 295,000 taxpayer transcripts than previously thought, but "access was not successful," the IRS said.
Software updates are just another term for cryptographic single-points-of-failure.
The device login page in Cisco FirePOWER Management Center 5.3 through 22.214.171.124 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
Information security firm High-Tech Bridge has conducted a study of SSL VPNs (Virtual Private Networks) and discovered that nine out of ten such servers don't provide the security they should be offering, mainly because they are using insecure or outdated encryption.
Since the iPhone was officially introduced in China seven years ago, Apple has overcome a national security backlash there and has censored apps that wouldn't pass muster with Chinese authorities. It has moved local user data onto servers operated by the state-owned China Telecom and submits to security audits by Chinese authorities.
Karl Sigler, a Trustwave SpiderLabs researcher, told Threatpost his lab found the Anger Exploit Kit on a popular website for the second time in a week, exposing just under million visitors monthly to possible TeslaCrypt ransomware infections. Sigler said Trustwave researchers spotted the exploit on Extendoffice[.]com, a site that sells software for customizing Microsoft Office software applications.
The issue, raised by a Tor Project member, revolves around a series of measures that CloudFlare implemented to fight malicious traffic coming from the Tor network. These measures are also affecting legitimate Tor users.
Cybercriminals and hackers are becoming more disruptive, increasing engaging in cyberattacks with aims ranging from destroying businesses, to stealing data to taunting executives while holding them to ransom.
Google has made a call for technology manufacturers to consider developing new hard drives, intended primarily for data centre use, which abandon the traditional 3.5” dimension format in favour of taller designs.
The December 2015 incident is thought to be the first known successful hack aimed at utilities. The report, written by the Department of Homeland Security, is based on interviews with staff at Ukrainian organisations that dealt with the aftermath of the attack. The DHS report did not name the suspected perpetrators.
By examining public records, Motherboard has found one of the pieces of software that the Federal Bureau of Investigation (FBI) has purchased for gleaning information from sites such as Facebook, Twitter, YouTube and Google+. Motherboard also found public LinkedIn profiles for intelligence analysts which seem to reaffirm the agency's use of the tool.
FighterPOS, a point-of-sale (PoS) malware that was used in a one-man cybercriminal operation to steal over 22,000 unique credit card numbers and affected more than 100 PoS terminals in Brazil and other countries.
ESET researchers have found 343 malicious porn clicker trojans, which ESET detects as Android/Clicker, on Google Play over the last seven months – and their numbers keep rising. In one of the largest malware campaigns on the Google Play Store yet, criminals continue to upload further variants of these malicious apps to the official app store for the Android mobile platform.
It’s not clear yet whether the hackers who hit the credit union’s site did anything other than install the backdoor, but Kuenzler wrote that in his case the intruders indeed used their access to relay spam. The attackers could just have easily booby-trapped the credit union’s site to foist malicious software disguised as a security update when customers tried to log in at the site.
What was the best way to steal cash from an ATM in 2015? Skimming still remains king, but a survey of 87 members of the ATM Industry Association (ATMIA) says that card trapping and transaction reversal fraud are on the rise around the world.
KeyBase is a spyware family that can capture keystrokes, steal data from the user's clipboard, and take screenshots of the victim's desktop at regular intervals.
The malware was created in February 2015 but was seen for the first time in June when the same Palo Alto researchers stumbled upon an unprotected server (control panel) where KeyBase was sending its screenshots.
Developers at Drupal addressed 10 vulnerabilities in the content management system this week, including a critical access bypass issue that could have let users access certain elements thought to be blocked, and another issue that could lead to remote code execution.
Repressive nations are pursuing increasingly diverse strategies for curbing VPN use.
The critical code-execution vulnerability, which Microsoft patched last month, was actively exploited for two years in attack code owned by Italy-based exploit broker Hacking Team. As Ars reported last July, the Silverlight exploit came to light following a hack on Hacking Team's network that exposed gigabytes worth of private e-mails and other data. Researchers with Russian antivirus provider Kaspersky Lab later discovered the vulnerability being exploited in the wild and privately reported it
Current security practices mean data breaches can take six months to detect, warns a new survey.
"The insidious nature of this threat is such that of the 56 percent who say they are not victims, many have likely been compromised without knowing it. A concerning trend we have observed is that of hackers managing to remain on organisations' networks for extended periods of time without being detected," says the report, which comes following another study suggesting that businesses are often unaware that they've been breached.
A study from the French Institute for Research in Computer Science and Automation found the majority of mobile phone users can be re-identified in a dataset by as few as four of the apps they had installed on their smartphones, raising privacy concerns as platforms increasingly share app data with advertisers.
G DATA security experts identified 758,133 new Android malware files in the fourth quarter of 2015.
After months of relative dormancy, ransomware CTB-Locker or Critroni is back and this time finding new life targeting websites. Researchers are calling this variant “CTB-Locker for Websites” because it targets websites, encrypts their content, and demands a 0.4 bitcoin ($425) ransom for access to the decryption key.
Windows 10's new Spotlight feature usually shows you neat photographs and fun facts when you first start your computer. Now, it’s started showing ads. Here’s how to turn it off.
Project Shield is now out of its invite-only beta period to offer free DDoS protection to news publications that apply for it. In particular, it is aimed at smaller news sites who do not have the resources to pay for costly protection against cyber attacks. However, it will also be open to any independent site that appears in Google News, including larger corporate publications.
A federal judge in Washington has now confirmed what has been strongly suspected: that Carnegie Mellon University (CMU) researchers at its Software Engineering Institute were hired by the federal government to do research into breaking Tor in 2014. The judge also made a notable statement in his court order that "Tor users clearly lack a reasonable expectation of privacy in their IP addresses while using the Tor network."
TOKYO -- Japanese financial regulators have proposed handling virtual currencies as methods of payment equivalent to conventional currencies, a step that would strengthen consumer protection and spur growth in the virtual economy.
Apple's Siri personal assistant will finally be coming to OS X 10.12 when the OS is released later this year, according to a report from 9to5Mac.
About 1.3 million IP addresses—including those used by Google, Yahoo, Craigslist, and Yelp—are turning users of the Tor anonymity network into second-class Web citizens by blocking them outright or degrading the services offered to them, according to a recently published research paper.
Hackers can easily disable the Microsoft Enhanced Mitigation Experience Toolkit (EMET), a free tool used by companies to strengthen their Windows computers and applications against publicly known and unknown software exploits.
The US Federal Trade Commission has come down hard on ASUS for putting consumers at risk from router and cloud security failings.
Kaspersky Lab has joined industry alliance driven by Novetta to announce Operation Blockbuster. Just like the previous Operation SMN, this alliance brings together key players in the IT security industry, working together in an effort to disrupt and neutralize multiple cyberespionage campaigns that have been active for several years. Some of the targets of these campaigns included financial institutions, media houses and manufacturing companies, among others.
Messaging service now delivering 15 billion messages every day, adding 350,000 users a day.
Citizen Lab has released a security report that found a large amount of personal data is being transmitted in the open, or with bad encryption, by Baidu browser on Android and Windows.
A comprehensive list of most popular operating systems among hackers all around the world.
A team of computer scientists and electrical engineers from the University of Washington has developed an extremely power-efficient version of Wi-Fi wireless networking technology that consumes 10,000 times less power than the current Wi-Fi components, allowing Wi-Fi networking to be built into a much wider range of devices.
A CloudFlare engineer has discovered that 1000 of the top one million websites, including bitcoin holding sites and trading sites, are running a default setting that enables the biggest security menace on the internet – cross-site scripting.
Researchers at Bastille Networks today said that non-Bluetooth devices from seven manufacturers including Logitech, Dell and Lenovo are vulnerable to so-called Mousejack attacks that would allow a hacker within 100 meters to abuse this attack vector and install malware or use that machine as pivot point onto the network.
The U.S. Department of Justice is pursuing additional court orders that would force Apple to help federal investigators extract data from twelve other encrypted iPhones that may contain crime-related evidence, according to The Wall Street Journal.
The research arm of security company Cylance, SPEAR, has released a report entitled Operation Dust Storm that details cyber-attacks, starting in 2010 and spanning multiple years and vectors, against major industries spread across Japan, South Korea, the United States, Europe and several other Southeast Asian countries.
Symantec has seen several variants of a known ransomware family (Android.Lockdroid.E) that were developed on Android devices using the Android integrated development environment (AIDE). The surge in adoption of these new development techniques has been limited to a small subset of Android ransomware groups. However, the ability to create malware on mobile devices may open up new avenues in the future creation of malware.
The German Interior Ministry has approved for investigative use a spying Trojan developed by the German Federal Criminal Police (a so-called “federal Trojan”). In fact, it could end up being used as early as this week.
Exploits for a vulnerability in Microsoft Silverlight have found their way into the dangerous Angler Exploit Kit a little more than a month after it was patched.
A 400 percent surge in tax-related phishing and malware incidents is making this tax season the most treacherous yet for taxpayers. According to an Internal Revenue Service bulletin, this year’s attacks include the tried-and-true email phishing, but also newer forms of attacks that include bogus text messages and attempts to trick people into handing over credentials to third-party tax preparation service accounts.
Google and a group of the world's largest telecoms providers are teaming up on an Android initiative to accelerate Rich Communications Services (RCS) adoption.
On Monday, it was disclosed that the child monitoring service had a misconfigured MongoDB installation, which left sensitive details about the children who were enrolled exposed for months. The database exposing the children's records was discovered by researcher Chris Vickery
A Chinese iOS application recently found on Apple's official store contained hidden features that allow users to install pirated apps on non-jailbroken devices. Its creators took advantage of a relatively new feature that lets iOS developers obtain free code-signing certificates for limited app deployment and testing.
In just four hours, researchers were surprised that more than 2,000 users connected to these hotspots based solely on their name (SSID), throwing all security practices to the side just for the sake of free Internet access.
Jose Carlos Norte, developer for the eyeOS virtual desktop project, has discovered an obscure setting in the HTTP GZIP compression format that may help authorities identify the timezone and general location of a Tor-based server.
The Linux Kernel has a bug that causes containers that use veth devices for network routing (such as Docker on IPv6, Kubernetes, Google Container Engine, and Mesos) to not check TCP checksums.
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices.
The modifications of Acecard were written by the same cybercriminals who earlier created Backdoor.AndroidOS.Torec.a, the first TOR Trojan for Android, as well as Trojan-Ransom.AndroidOS.Pletor.a, the first encryptor for mobile devices. All three Trojans run on Android.
Employees at six Russian banks were sent spoofed emails delivering Trojan.Ratopak in a narrow, targeted attack.
Credit card firm Mastercard has confirmed it will accept selfie photos and fingerprints as an alternative to passwords when verifying IDs for online payments.
The W3C, which creates standards that guide the future of the Web, has formed a new group with one goal: remove the need for passwords entirely by creating a better way to log in.
Yesterday a blog post on “The Linux Mint Blog” caught our attention. Apparently criminals managed to compromise a vulnerable instance of WordPress which the project used to run their website. The attackers modified download links pointing to backdoored ISO files of Linux Mint 17.3 Cinnamon edition. This “should only impact people who downloaded this edition on February 20th”, the author of the blog stated.
It seems that Google is rolling out a change to Google AdWords that sees 4 ads at the top of the search results, none on the sidebar at all, and an additional 3 ads at the bottom of the search results. This replaces the usual mix of top, bottom and sidebar-heavy AdWords ads, depending on the specific search result.
The OCF will create a set of open specifications and protocols to enable devices from a variety of manufactures to securely and seamlessly interact with one another. Regardless of the manufacturer, operating system, chipset or transport – devices that adhere to the OCF specifications will simply work together.
“The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting to see the same traffic characteristics in infections that are associated with Joomla sites – as we did with the WordPress campaign,” Duncan said.
Prof Woodward noted there had not been a similar increase in .onion sites in the history of the Tor network.
"Something unprecedented is happening, but at the moment that is all we know," he told the BBC.
Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Security also drags along with it a VNC server that is enabled by default.
A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan. 29.
Threatpost editor Mike Mimoso talks with Christopher Ahlberg, CEO, Recorded Future about tracking cybercriminals through patterns on hacker forums.
HSBC is taking a big step toward biometric banking by launching voice recognition and touch security in the UK. Ben Thompson has been finding out how the service will work.
By the end of 2015, the Backblaze datacenter had 56,224 spinning hard drives containing customer data. These hard drives reside in 1,249 Backblaze Storage Pods. By comparison 2015 began with 39,690 drives running in 882 Storage Pods. We added 65 Petabytes of storage in 2015 give or take a Petabyte or two. Not only was 2015 a year of growth, it was also a year of drive upgrades and replacements. Let’s start with the current state of the hard drives in our datacenter as of the end of 2015 and then
In an op-ed for Business Insider titled "I'll decrypt the San Bernardino phone free of charge so Apple doesn't need to place a back door on its product," libertarian presidential candidate and former antivirus developer John McAfee waded into the ongoing battle of words between Apple and the FBI with some choice words of his own.
More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm.
IOActive published a proof of concept report on Wednesday that outlines how it disarmed SimpliSafe’s wireless home security systems. The hack, according IOActive researcher Andrew Zonenberg, is able to eavesdrop on wireless transmission between SimpliSafe components and capture PIN e
ccording to Hewlett Packard Enterprise, application vulnerabilities, patching, and malware monetisation are the three key risks a business needs to pay close attention to as 2016 brings more cunning threat actors to the landscape.
Samsung and Oracle are working to give developers an updated Apache Cordova plug-in tool to make cloud-based enterprise solutions as they continue an enterprise alliance that parallels that of Apple and IBM's.
Japan is the latest country to be targeted with regionalized spam emails used to deliver malware. Symantec has observed several spam email campaigns in recent months targeting countries around the world, including Brazil and two campaigns in India. These campaigns usually feature emails that claim to be from a company or organization from within the targeted country.
A 15-year-old boy has been arrested in Glasgow over alleged computer hacking, with reports suggesting the target was the FBI network in the United States.
Twitter has applied a fix to what it described as a "password recovery bug" that has exposed nearly 10,000 accounts on the microblogging site.
It's also possible to retrieve admin password, wifi passphrase etc
Unauthorized users couldn’t actually reply to these messages; trying to do so would simply display their own accounts. But they could see what-you-probably-thought-was-private information – not least, who you were swapping messages with, their profile photo, and some of the message (but not the photo itself).
Instagram will soon let users hack-proof their accounts with two-factor authentication, following the footsteps of other big social networks like Facebook and Twitter.
A bizarre security flaw involving recycled phone numbers is allowing some users of the taxi-hailing app Lyft to access other riders’ accounts, exposing names, e-mail addresses, complete ride histories, and credit card information.
Several security researchers have discovered a new type of malware that jumps onto the ransomware bandwagon, encrypting victims' files and then demanding a payment of half a bitcoin for the key. Named "Locky," the malware depends on a rather low-tech installation method to take root in a user's system: it arrives courtesy of a malicious macro in a Word document.
The CEOs of Google and WhatsApp have thrown their support behind Apple's decision to fight against a US Federal Court order requiring the company to develop a special version of iOS to help the FBI access data on a terror suspect's iPhone.
The report, “WearFit: Security Design Analysis of a Wearable Fitness Tracker”, argues poorly designed wearables are a security threat. The IEEE report says the popularity of wearables coupled with the amount of sensitive personal data they collect and share with third-parties make them an attractive target. IEEE’s focus for this report is on fitness trackers worn on the wrist that track heart rate, physical activity, have sensors such as accelerometers and can use a third-party device’s connecti
In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare sector is a good 10 to 15 years behind the retail sector when it comes to security.
The team was very interested in peeling the layers in the financial transactions and seeing how far we could go with information available in the open. They wanted to find out if there were indeed many criminals behind the ruthless ransomware or just a handful of very organized gangs. Also, much of the data analyzed is from before the FBI, in October 2015, advised victims to pay up to recover the data.
Tim Cook: We oppose this order, which has implications far beyond the legal case at hand
A troubling vulnerability has been uncovered that may make you think twice about ever even temporarily allowing a friend, partner or acquaintance to use your new LG V10 Android smartphone.
Proactively upgrading legacy hashes is a security win over an opportunistic strategy (rehashing when the user logs in, but leave the insecure hashes in the database for inactive users): With a proactive strategy, if your server gets compromised before everyone logs in again, their passwords are already using an acceptable algorithm.
A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.
A court order demands Apple help circumvent security software on Farook's iPhone, which the FBI said contains crucial information.
it has been reported that the phone, internet, and email systems at Western Australia's Parliament House are down as the result of a cyber breach that occurred Tuesday night.
The Stuxnet computer worm that destroyed centrifuges inside Iran's Natanz uranium enrichment site was only one element of a much larger US-prepared cyberattack plan that targeted Iran's air defenses, communications systems, and key parts of its power grid, according to articles published Tuesday.
Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said today in its advisory.
Symantec analysis of recent Dridex spam campaigns found that they are operating on a vast scale, with millions of new emails being sent out on a daily basis. The attackers behind Dridex are disciplined and professional. They operate on a standard working week, continually refine the malware, and put significant effort into disguising their spam campaigns as legitimate emails.
European cybersecurity agency ENISA has come down firmly against backdoors and encryption restrictions, arguing they only help criminals and terrorists while harming industry and society.
That's the stark warning following a survey by security company Palo Alto Networks which directly asked C-Level executives about their knowledge surrounding security issues and 13% said they only "kind of" understand what defines an online security risk to a businesses. Worryingly, many in leadership roles also said they still have to use Google to help explain cyber security risk.
Discovered by a Swiss researcher at abuse.ch, PadCrypt is the first ransomware family to include the capability for real-time interaction with the attackers. The malware’s known command-and-control servers, annaflowersweb[.]com, subzone3[.]2fh[.]co, and cloudnet[.]online are down, and for now PadCrypt is not a major threat.
The method is a so-called side-channel attack: an attack that doesn't tackle an encryption implementation head on, such as through brute force or by exploiting a weakness in the underlying algorithm, but through some other means. In this case, the attack relies on the electromagnetic outputs of the laptop that are emitted during the decryption process, which can then be used to work out the target's key.
An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service; A specially crafted font can cause a buffer overflow resulting in potential code execution; An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a cras
Ransomware is a growing menace for computer users - but when a hospital is targeted, it makes the disruption far more serious. Computer systems at Hollywood Presbyterian Medical Center have been offline for more than a week following a ransomware attack. According to local news sources, hackers were said to have demanded $3.4m to provide the codes to unlock the stolen data.
The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on the server; versions 5.5, 5.1 and 5.0 are affected, VMware said. VCenter Server is used by organizations to manage their virtual server environments. Friday’s advisory from VMware said that the original patch for CVE-2015-2342 was incomplete, and an additional patch is require
Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years' worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required
The Latest Intelligence for January 2016 shows an increase in fake offer social media scams and a decrease in spear-phishing activity.
Kaspersky Lab security researchers Santiago Pontirol and Roberto Martinez explain how ATM malware works in Latin America and why it’s difficult to discover ‘jackpotting’ malware. Kaspersky Security Analyst Summit 2016 on Tenerife, Spain.
The problem affects voice-over-internet-protocol (Voip) phones, commonly used by businesses. Just by running a couple of lines of code on a website visited by the phone user, the researchers demonstrated how premium-rate calls could be made. A security expert said such bugs could make "millions" for the perpetrators.
Researchers at Heimdal Security said on Friday the bot is being sent to Android users via SMS and MMS messages and if the victim executes the APK, the bot roots the phone and gives the attacker extensive capabilities on the compromised device.
A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to execute arbitrary code and obtain full control of the
Attackers can take advantage of February’s increased download rates for apps related to Valentine's Day and dating to spread malware.
The deletions happen whenever Mac users log in to the Adobe service after the update has been installed, according to officials from Backblaze, a data backup service whose users are being disproportionately inconvenienced by the bug. Upon sign in, a script activated by Creative Cloud deletes the contents in the alphabetically first folder in a Mac's root directory. Backblaze users are being especially hit by the bug because the backup service relies on data stored in a hidden root folder called
Take a 64-bit iOS device—iPhone 5S or newer, iPad Air or newer, iPad Mini 2 or newer, sixth generation iPod touch or newer—laboriously set its date to January 1, 1970, and reboot. Congratulations: you now have a shiny piece of high-tech hardware that's stuck at the boot screen, showing nothing more than the Apple logo... forever.
Broadband industry lobby groups urged the Federal Communications Commission on Thursday not to impose privacy rules that dictate "specific methods" of protecting customer data, since that would prevent "rapid innovation."
GCHQ (UK Government Communications Headquarters) is operating within the law when it hacks into computers and smart phones, a security tribunal has ruled.
Big data is an asset which can create tens of thousands of jobs and generate hundreds of billions for the economy, but the opportunity can't be taken until concerns about privacy and security have been overcome.
The US researchers analysed nearly 1.4 million users of the open source program-sharing service Github. They found that pull requests - or suggested code changes - made on the service by women were more likely to be accepted than those by men.
The boom in Internet of Things (IoT) devices -- especially those ones with poor security -- is going to be good news for spies, according the director of US intelligence.
New intelligence on BlackEnergy expands previous findings on the first wide-scale coordinated attack against industrial networks. Based on our research that we will further outline below, attackers behind the outages in two power facilities in Ukraine in December likely attempted similar attacks against a mining company and a large railway operator in Ukraine.
In 1999, a group of researchers from George Washington University attempted to survey the worldwide market for encryption products [HB+99]. The impetus for their survey was the ongoing debate about US encryption export controls. By collecting information about 805 hardware and software encryption products from 35 countries outside the US, the researchers showed that restricting the export of encryption products did nothing to reduce their availability around the world, while at the same time put
Scam artists have been using hacked accounts from retailer Kohl’s.com to order high-priced, bulky merchandise that is then shipped to the victim’s home. While the crooks don’t get the stolen merchandise, the unauthorized purchases rack up valuable credits called “Kohl’s cash” that the thieves quickly redeem at Kohl’s locations for items that can be resold for cash or returned for gift cards.
Netflix has been moving huge portions of its streaming operation to Amazon Web Services (AWS) for years now, and it says it has finally completed its giant shift to the cloud. “We are happy to report that in early January of 2016, after seven years of diligent effort, we have finally completed our cloud migration and shut down the last remaining data center bits used by our streaming service,” Netflix said in a blog post that it plans to publish at noon Eastern today.
Google's next version of Chrome will allow developers to send notifications and URLs from Bluetooth beacon-equipped objects. The new feature supports the Physical Web, a project that envisages every object, from movie posters to parking meters, being capable of broadcasting a URL that direct smartphones to a relevant web page or app.
The UK's data watchdog has said that VTech's new terms and conditions would not absolve it of liability in the case of future hack attacks. It emerged earlier this week that the toy company had changed its terms to say that families using its software did so at their "own risk".
New Snapdragon X16 modem, which together with the WTR5975 transceiver boasts Category 16 LTE download speeds of up to 1Gbps.
Netflix’s popularity has sharply grown since its creation in 1997. The company recently launched its streaming service globally. It is now available in more than 190 regions around the world. This success has attracted the attention of attackers. We have observed malware and phishing campaigns targeting Netflix users’ information. The details are then added to a growing black market that claims to provide cheaper access to the service.
The report, prepared by security researchers Bruce Schneier, Kathleen Seidel, and Saranya Vijayakumar, identified 865 hardware or software products from 55 countries that incorporate encryption. Of them, 546 originated from outside the US. The most common non-US country was Germany, a country that has publicly disavowed the kinds of backdoors advocated by FBI Director James Comey and other US officials. Although the Obama administration is no longer asking Congress for legislation requiring them
Under the "right to be forgotten" ruling, EU citizens may ask search engines to remove information about them. Now, removed results will not appear on any version of Google when viewed from Europe. EU privacy regulators previously asked the firm to do this. Until now, search results removed under the "right to be forgotten" were only omitted from European versions of Google - such as google.co.uk or google.fr.
Cisco researchers found that the ComfortLink devices allow attackers to gain remote access and also use these devices as a jumping off point to access the rest of a user’s network. Trane has not yet responded to requests for comment.
Win32/Remtasu.Y variants are the most common in Latin America, mainly in Colombia but also in Turkey, Thailand, and other countries. One of the latest campaigns has been associated with a malicious tool supposedly aimed at obtaining Facebook account passwords.
Malicious apps were recently seen making the rounds in some third-party app stores. They spoof popular apps, increasing the chances of getting selected and downloaded. These include popular mobile games, mobile security apps, camera apps, music streaming apps, and so on. They even share the exact same package and certification with their Google Play counterpart.
The ThreatMetrix Cybercrime Report for Q4 2015 found there has been a 40 per cent increase in cybercriminal activity against banks over the past 12 months, which includes more than 100 million attempts at fraud during this period: 21 million of these attempts came in just 90 days between October and December.
James Clapper, the US director of national intelligence, told lawmakers Tuesday that governments across the globe are likely to employ the Internet of Things as a spy tool, which will add to global instability already being caused by infectious disease, hunger, climate change, and artificial intelligence.
The US government's tax collection agency has said attackers fooled its computers into generating more than 100,000 tax return Pin codes. The codes could have been used to seek payouts had the scam not been detected. The Internal Revenue Service (IRS) said no personal taxpayer data had been compromised or disclosed by its systems.
Google is testing out a feature that allows changes in cloud services to automatically trigger other events, making it easier for developers to build richer services.
The alterations are fairly subtle: when you receive a message from, or are on the brink of sending a message to, someone using a service that doesn’t support encryption, you’ll see a broken lock in the top-right of the screen. Clicking on the icon will bring up a pop-up alert with an explanation and a warning to perhaps consider removing the offending recipient.
Under section 57.10 of the AWS service terms, it notes that Lumberyard is not intended for use with life-critical or safety-critical systems, "however, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is li
Scanner for Simple Indicators of Compromise. Detection is based on four detection methods: File Name IOC, Yara Rule Check, Hash check, C2 Back Connect Check.
Hearthstone, a free-to-play card game based on World of Warcraft, has been indirectly targeted by malware authors. These attackers have created third-party programs that supposedly benefit Hearthstone players, but in reality can compromise their computers with malicious software.
Poseidon’s practice of being a ‘custom-tailored malware implants boutique’ kept security researchers from connecting different campaigns under the umbrella of a single threat actor. This approach entails crafting campaigns components on-demand and sometimes fabricating entirely unique malicious artifacts.
This month the vendor is releasing 13 bulletins, six of which are rated Critical.
A series of three new satellites will provide faster internet speeds across the globe, delivering a more than twice the total combined network capacity of the 400 commercial communications satellites in space today.
Cloud accounting firm Xero has teamed up with Microsoft to provide an avenue for its customers to collect and collate its own big data across Xero's software and other integrated business applications, via Microsoft Power BI.
In 2014, Symantec observed a 70 percent increase in scams distributed via social media, which often spreads rapidly because people are more likely to click something posted by a friend. Criminals hijacked the power of “social proof” – the idea that we attribute more value to something if it’s shared or approved by others.
Until now, it has been hard to know exactly what each update and upgrade contains. While security fixes were enumerated—as they have been for Patch Tuesday for many years—information about the non-security portion of the updates was scant. Microsoft's public release notes for each update package were virtually non-existent—and this in spite of the company producing internal documentation to tell its OEM partners what was changing. After pushback from IT departments and end users alike, the compa
tarting on June 30, 2016, Google will no longer accept new Flash display ads from advertisers. On January 2, 2017, even old Flash ads will be blocked from appearing, making Google's ad network mostly Flash-free. The one exception seems to be video ads, as Google notes that "video ads built in Flash will not be impacted at this time."
NCR has received reliable reports of NCR and Diebold ATMs being attacked through the use of external skimming devices. These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN. A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.
Experts with Kaspersky Lab’s Global Research and Analysis Team, who today at the Kaspersky Lab Security Analyst Summit disclosed research on the group and the malware it spreads, say there’s enough evidence surrounding the attacks to suggest it’s the first ever Portuguese-speaking attack group.
A quick and easy security checkup for 2GBs of free cloud storage.
A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service.
A hacker, or hacking group, published via Twitter what they said were records of 9,000 DHS employees. According to technology news site Motherboard, the hacker has said he will soon share the personal information of 20,000 DoJ employees, including staff at the FBI.
Banking malware is using techniques once reserved for state-sponsored hacking gangs.
The cybercrime group controlling the Dyre financial fraud Trojan appears to have suffered a major blow following a Russian law enforcement operation in November. Symantec telemetry has confirmed a virtual cessation of the group’s activities. Dyre (detected by Symantec as Infostealer.Dyre) is spread through email spam campaigns and no Dyre-related spam campaigns have been observed since November 18. Detections of the Dyre Trojan and associated malware have also dropped dramatically since mid-Nove
Once T9000 has infected a system, its main goal is to collect information about the targeted victim which is does by compromising Skype video calling software. After the malware has hooked into Skype, it records video calls, audio calls, and chat messages then stores them in a directory specially created by the Trojan called "Intel", which the attackers can mine for data.
At the end of 2015 Kaspersky became aware of an unusual malware program, discovered in an attempted attack on a bank in Singapore. Analysis of the file attached to a spear-phishing email that had been sent to the bank revealed the name of the malware: JSocket. Later on we found that this malware has many names: Adwind RAT (Remote Access Tool), AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, jRat. The rich features of the malware, including its ability to run on Windows, Mac OS and Linux, a
Interpol said its agreement with Barclays will broaden joint efforts in cyber-security through intelligence sharing, training and awareness about cyber-threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.
The agreement would help to resolve the difficult situation for US Internet companies, which are increasingly under pressure from the UK government to provide intercepts or stored data for domestic investigations of terrorist and criminal activities, but forbidden from doing so by US laws.
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. - See more at: https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/11
The security loophole is named CVE-2016-0603 and the bug fix has been released to address a vulnerability which can be exploited when Java version 6, 7, or 8 is installed on a Windows platform. The weakness is remotely exploitable, allowing attackers to compromise a network without the need for usernames or passwords.
With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
Exploit kits often employ measures to keep security researchers and other unwanted visitors away from their servers, but most of the time these measures are handled on the HTTP level- with web servers redirecting you away or returning fake error codes; implementing this logic on a TCP level as Neutrino did is a fairly smart move on their part: generally speaking when a server doesn't respond to you at all you tend to assume that it's down.
Avira researchers still don't know how the mixup happened, but their chief theory is that a whitehat hacker compromised some of the Dridex distribution channels and replaced the normal malicious executables with a digitally signed Avira installer. As a result, when targets opened attachments contained in spam e-mails sent by Dridex servers, the would-be marks were instead prompted to run a program designed to protect computers from the very likes of the Dridex threat.
A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.
Its new Dell Data Protection Endpoint Security Suite Enterprise includes post-boot BIOS verification which it's claimed will enable customers to ensure that their PCs remain free from malware during the initial startup process.
PayPal has stopped accepting payments for Canadian outfit UnoTelly—a provider of VPN and SmartDNS services—because these might be used to facilitate copyright infringement.
UnoTelly said in an update on its website that Paypal had "severed payment processing agreement unilaterally and without prior warning." It added: "Paypal indicated that UnoTelly is not allowed to provide services that enable open and unrestricted Internet access."
According to Kaspersky Lab, in 2015:
* the proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014;
*79% of spam emails were no more than 2 KB in size;
*15.2% of spam was sent from the US;
*146,692,256 instances that triggered the ‘Antiphishing’ system were recorded;
*Russia suffered the highest number of phishing attacks, with 17.8% of the global total;
*Japan (21.68 %) took the lead in the ranking of unique users attacked by phishers;
Netgear’s ProSafe Network Management System suffers from two vulnerabilities, an arbitrary file upload and a path traversal, which could let a remote attacker execute code and download files.
A security researcher has published details of a newly-discovered flaw that can allow an attacker to quickly bypass iPhone and iPad lock screens. Disclosed on Thursday, the "high"-rated vulnerability is said to affect iPhones 5 and 6, and iPad 2 tablets running iOS 8.2 and later. It's not clear if other devices are affected.
The "Installer" for the fake Flash update will install various scare ware (I observed a couple different varieties when re-running the installer), and it actually installs an up to date genuine version of Flash as well.
Alex Farrant and Neil Biggs, both of the research team for Context Information Security in the U.K, analyzed Motorola’s Focus 73, an outdoor security camera. Images and video taken by the camera can be delivered to a mobile phone app.
It's still not clear how, but a disproportionately large number of websites that run on the WordPress content management system are being hacked to deliver crypto ransomware and other malicious software to unwitting end users.
Europe's highest court is considering whether every hyperlink in a Web page should be checked for potentially linking to material that infringes copyright, before it can be used. Such a legal requirement would place an unreasonable burden on anyone who uses hyperlinks, thereby destroying the Web
Inputting login details from a stolen database of 99 million, they found nearly 21 million of the usernames were also being used for Taobao accounts.
EBay says it has partially fixed a vulnerability on its online auction site that could have allowed hackers to trick users into downloading malware.
Ericsson has announced plans overnight to use new software to upgrade commercial 4G long-term evolution (LTE) networks worldwide to enable peak speeds of up to 1 gigabit per second.
Google is casting a wider net with its Safe Browsing technology to protect Chrome users, not just from deceptive websites but also from deceptive ads on legitimate sites. Using the new capabilities, Safe Browsing will target deceptive embedded content, such as ads that pose as a trusted entity and present messages such as a system warning, or bogus security alert for Chrome and third-party media players.
Several companies were hit by hours of system warnings after GPS satellites broadcast the wrong time, according to time-monitoring company Chronos. The company observed problems last week, after noticing some GPS time signals were 13 microseconds out. Such a discrepancy is considered severe and several Chronos telecoms clients faced "12 hours" of system errors.
A former Department of Energy employee has pleaded guilty to federal charges that he attempted to infect 80 current DOE employees with malware so foreign hackers could take control of computer systems that held sensitive information related to nuclear weapons, officials said Wednesday.
The Enhanced Mitigation Experience Toolkit (EMET) benefits enterprises and all computer users by helping to protect against security threats and breaches that can disrupt businesses and daily lives. It does this by anticipating, diverting, terminating, blocking, or otherwise invalidating the most common actions and techniques adversaries might use to compromise a computer.
Google researcher Tavis Ormandy has disclosed that the Chromodo browser installed with Comodo Internet Security disables the same-origin policy by default. The same-origin policy is a fundamental tenet of web security, ensuring that scripts access data from a second webpage only if the two pages have the same origin.
The update pushed out on Tuesday addresses two main issues. Until yesterday an attacker could have potentially carried out a server-side request forgery (SSRF) attack that could have made it appear that the server was sending certain requests, possibly bypassing access controls.
Oracle is set to expand its UK cloud offering with the introduction of new Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) software to be hosted in its Slough data center.
The report is the result of an analysis of cyber-threats that have been encountered in the last 12 months, that is, approximately between December 2014 and December 2015. ETL 2015 is the fourth in a series of reports issued yearly by ENISA. It provides an analysis of the state and the dynamics of the cyber-threat environment: the Cyber-Threat Landscape.
Malwarebytes says it could take three to four weeks to fix security flaws found by Google in its popular anti-malware product.
Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet.
The backdoor for Linux-based operating systems comes packed via UPX and is full of features to monitor the victim’s activities, including code to capture audio and take screenshots.
Network tool contained hard-coded prime number that wasn't prime after all. An open source network utility used by administrators and security professionals contains a cryptographic weakness so severe that it may have been intentionally created to give attackers a surreptitious way to eavesdrop on protected communications, its developer warned Monday.
After a good two to three years of relative silence, the gang behind the banking Trojan URLZone has become more active over the past few months and taken aim at banks across Europe and beginning last month, Japan.
A BBC spokesman confirmed that the decommissioning of a GPS satellite led to difficulties for listeners receiving digital radio signals.
Google Cloud Compute Engine customers running big databases can now attach up to 3TB of high IOPS local solid-state drive (SSD) to a single virtual machine. The new capacity, which Google has launched in beta, doubles the previous limit of four local SSD 375GB partitions attached to each machine to eight partitions, amounting to a total of 3TB compared with the previous 1.5TB limit.
IT systems at Lincolnshire County Council have returned to normal nearly a week after they were hit with ransomware. The local authority was infected after a user opened an email which caused malware to attack its computer systems. Systems have now been restored and Lincolnshire says no data was stolen in the attack.
Google has fixed a critical bug in Android that can be remotely exploited by an email, MMS, or link to a webpage that contains a specially-crafted media file.
The patch addresses multiple vulnerabilities in the Broadcom Wi-Fi driver that could be abused to allow for remote code execution. The patches were pushed out in builds LMY49G or later to Nexus devices and shared on Jan. 4 with carrier and manufacturer partners. The fixes are expected to be released to the Android Open Source Project in the next two days.
Microsoft has demonstrated an experimental prototype of a new approach: instead of pumping water around the data center, put the data center in the water. Project Natick is a research project to build and run a data center that's submerged in the ocean.
Nokia has partnered with Deutsche Telekom to demonstrate that its latest XG-Fast technology is capable of delivering 11Gbps over a 50-metre run on two bonded pairs of Category 6 cable under laboratory conditions. Using a standard drop cable, Nokia said XG-Fast is capable of aggregate rate in excess of 8Gbps on 50-metre runs.
Websites that rely on the Tor anonymity service to cloak their server address may be leaking their geographic location and other sensitive information thanks to a setting that's turned on by default in many releases of Apache, the world's most widely used Web server.
"The audio and video sensors on IoT devices will open up numerous avenues for government actors to demand access to real-time and recorded communications," according to a Berkman Center for Internet & Society report published Monday.
A single processor-based Windows Server license allows users to use Windows Server on up to 16 cores in Azure.
Network administrators have discovered a clever way that scanners are piercing the IPv6 cloak of obscurity. By setting up an IPv6-based network time protocol service most Internet-connected devices rely on to keep their internal clocks accurate, the operators can harvest huge numbers of IPv6 addresses that would otherwise remain unknown. The server operators can then scan hundreds or thousands of ports attached to each address to identify publicly available surveillance cameras, unpatched server
Efforts to secure a new data transfer pact between the US and the European Union failed to meet a January 31 deadline set by national privacy regulators in the 28-member-state bloc.