Connected car hacking: Who’s to blame?
2017-01-09
I’ve just about recovered from the sensory overload that is CES to gather my thoughts from what was another fascinating event. This blog, on connected car hacking, is the firstRead More →
Google plugs severe Android vulnerability that exposed devices to spying
2017-01-09
Bootmode exploit gave attackers ability to hack modem, eavesdrop on calls. Google has shut down a “high-severity” exploit in its Nexus 6 and 6P phones which gave attackers with USBRead More →
WordPress, Joomla, and Magento Continue to Be the Most Hacked CMSs
2017-01-09
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarterRead More →
Crooks Cold-Calling UK Schools and Tricking Staff Into Installing Ransomware
2017-01-09
The “ActionFraud” UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers intoRead More →
Iranian Group OilRig is back and delivers digitally signed malware
2017-01-09
ClearSky Security discovered a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The OilRig hacker group is an Iran-linked APT that has been aroundRead More →
Verizon Again Having Second Thoughts on Yahoo Deal After 1 Billion Account Hack
2017-01-07
Executives still looking into the deal, it seems. Verizon is once again unsure whether to complete the takeover of Yahoo or not, after the company recently acknowledged a 2013 hackRead More →
China-Linked DragonOK APT Group continues updating tools and tactics
2017-01-07
The China-linked DragonOK continues updating tools and tactics and targeted entities in various countries, including Russia and Tibet. It was September 2014, when security researchers at FireEye spotted for the firstRead More →
A fake Super Mario Run for Android is serving the Marcher Banking Trojan
2017-01-07
Zscaler experts have found in the wild a fake version of the Super Mario Run Android App that could install the Android Marcher banking trojan. Bad news for mobile gamers,Read More →
Analyzing a variant of the GM Bot Android malware
2017-01-07
My friends at CyberBlog decided to analyze the GM Bot Android Malware as exercise aiming to receive feedback sand suggestions from the security community. The sample explored is confirmed as a variantRead More →
Browser Autofill Profiles Can Be Abused for Phishing Attacks
2017-01-07
Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden fields, which the browser automatically fills with preset personal information and whichRead More →
Stolen Passwords Fuel Cardless ATM Fraud
2017-01-06
Some financial institutions are now offering so-called “cardless ATM” transactions that allow customers to withdraw cash using nothing more than their mobile phones. But as the following story illustrates, this new technologyRead More →
This new Mac malware freezes your computer with email drafts
2017-01-06
A new form of malware is targeting Macs and launching denial-of-service attacks on users by creating multiple email drafts that crash the computer. The method is simple but devious. AccordingRead More →
FTC files lawsuit against D-Link for router and camera security flaws
2017-01-06
The FTC has filed a lawsuit against D-Link for failing to protect its customers against ‘well known and easily preventable software security flaws’ in its routers and IoT cameras. TheRead More →
Number of Hijacked MongoDB Databases Is Going Up as More Hackers Are Flocking In
2017-01-06
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone fromRead More →
KillDisk Ransomware Now Targets Linux, Prevents Boot-Up, Has Faulty Encryption
2017-01-06
Researchers have discovered a Linux variant of the KillDisk ransomware, which itself is a new addition to the KillDisk disk wiper malware family, previously used only to sabotage companies byRead More →
MM CORE IN-MEMORY BACKDOOR RETURNS AS “BIGBOSS” AND “SILLYGOOSE”
2017-01-05
we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to haveRead More →
Researchers work to save trusted computing apps from keyloggers
2017-01-05
SGX needs I/O protection, Austrian boffins reckon. Intel’s Software Guard Extensions started rolling in Skylake processors in October 2015, but it’s got an Achilles heel: insecure I/O like keyboards orRead More →
New California Law Makes Ransomware a Standalone Crime
2017-01-05
The Koolova ransomware will decrypt the encrypted files for free it the victim read two blog posts about how to avoid ransomware infection. Ransomware authors are very creative, in theRead More →
FBI website hacked by CyberZeist and data leaked online
2017-01-05
The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into the FBI website FBI.gov and leaked data on Pastebin. The notorious black hat hacker CyberZeist (@cyberzeist2) has broken into theRead More →
FireCrypt Ransomware Comes With a DDoS Component
2017-01-05
A ransomware family named FireCrypt will encrypt the user’s files, but also attempt to launch a very feeble DDoS attack on a URL hardcoded in its source code. This threatRead More →
