News


  • Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

    November 15, 2017

    Remember BlueBorne? A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo. As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less frequently than smartphones and ...

  • Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices

    November 15, 2017

    Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable global market for stolen mobile phones—and by extension, ...

  • DHS, FBI describe North Korea’s use of FALLCHILL malware

    November 14, 2017

    The North Korean government has likely been using the malware since 2016 to target the aerospace, telecommunications, and finance industries, the US government says. The federal government on Tuesday issued an alert detailing the North Korean government’s use of malware known as FALLCHILL, warning that North Korea has likely been using the malware since 2016 to target the ...

  • 17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction

    November 14, 2017

    You should be extra careful when opening files in MS Office. When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all ...

  • Google security report finds phishing to be biggest threat

    November 14, 2017

    In an effort to better understand how users accounts get ‘hijacked,’ Google collaborated with the University of California at Berkeley to investigate how the black markets responsible for obtaining and selling user credentials operate. The study took place from March 2016 to March 2017 and the research focused primarily on tracking several large black markets trading ...

  • New IcedID Trojan Targets US Banks

    November 13, 2017

    Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID. The IcedID Trojan was spotted in September by researchers at IBM’s X-Force Research team. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and ...

  • Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask

    November 13, 2017

    Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...

  • Experts working with Homeland Security hacked into Boeing 757

    November 10, 2017

    There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...

  • Equifax spends $87.5 million on data breach, more expenses on deck

    November 9, 2017

    Equifax spent $87.5 million in the third quarter on its recent data breach. The disclosure came amid an earnings report that showed revenue growth of 4 percent to $834.8 million and net income of $96.3 million. In other words, the data breach affecting 145 million Equifax customers dented the cash cow, but it certainly didn’t kill it. Read more… Source: ZDNet  

  • Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB

    November 9, 2017

    Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...

  • Evil pixels: researcher demos data-theft over screen-share protocols

    November 9, 2017

    It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get data over a connection like RDP (remote desktop protocol) when the target had blocked file transfer ...

  • Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

    November 8, 2017

    Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device ...

  • IoT devices are an enterprise security time bomb

    November 8, 2017

    The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research. On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise. The survey, conducted by Forrester Consulting, suggests that ...

  • The top 5 malware threats targeting Macs

    November 8, 2017

    While Macs offer strong security protections, they are far from immune to malware, according to new data from security firm Avast. Since January 2017, Avast has blocked more than 250 million malware threats aimed at their Mac customers. “Macs are not impervious to malware,” wrote Lukáš Hasik, senior product manager at Avast. “As secure as Macs generally ...

  • Fast-growing cyber crime threatens financial sector: Europol

    November 8, 2017

    The “remorseless” growth of cyber crime is leading to 4,000 ransom attacks a day and gangs’ technological capability now threatens critical parts of the financial sector, the head of Europol said on Wednesday. Online criminals have become so sophisticated that gangs have created “conglomerations” with company structures that specialize in different criminal activities to carry out ...

  • Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

    November 8, 2017

    Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who ...

  • Sowbug: Cyber espionage group targets South American and Southeast Asian governments

    November 7, 2017

    Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. Symantec saw ...

  • US-CERT Warns of Crypto Bugs in IEEE Standard

    November 6, 2017

    Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security. DHS’ US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of access rights for such IP is flawed. “In the most egregious cases, enable attack vectors that allow ...

  • Critical Tor flaw leaks users’ real IP address—update now

    November 5, 2017

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users’ IP addresses when they visit certain types of addresses. TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common ...

  • Stuxnet-style code signing is more widespread than anyone thought

    November 3, 2017

    One of the breakthroughs of the Stuxnet worm that targeted Iran’s nuclear program was its use of legitimate digital certificates, which cryptographically vouched for the trustworthiness of the software’s publisher. Following its discovery in 2010, researchers went on to find the technique was used in a handful of other malware samples both with ties to ...