News


  • Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images

    August 27, 2018

    A stealthy side-channel tactic for digital surveillance has been uncovered, which allows an attacker to “hear” on-screen images. According to a team of academic researchers from Columbia University, the University of Michigan, University of Pennsylvania and Tel Aviv University, inaudible acoustic noises emanating from within computer screens can be used to detect the content displayed on ...

  • Smartphones From 11 OEMs Vulnerable to Attacks via Hidden AT Commands

    August 25, 2018

    Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered. AT (ATtention) commands, or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT ...

  • Spyware firm SpyFone leaves customer data, recordings exposed online

    August 24, 2018

    Spyware is morally dubious software, and yet, business is booming. This particular form of malware comes in various forms including keyloggers, modular software capable of taking screenshots, malicious code able to view and steal content such as photos and videos, as well as recorders of text messages, phone calls, and browser histories. It is not just government entities or ...

  • macOS users targeted by new Lazarus attack

    August 23, 2018

    If you’re into cryptocurrency trading, you might want to pay attention, because a new malware is making rounds that’s stealing people’s money from crypto exchanges. And no, macOS is not safe either, there’s a version for Apple’s operating system, as well. Kaspersky Lab’s researchers from the Global Research and Analysis Team (GReAT) announced they discovered malware dubbed AppleJeus. In ...

  • Apple Forces Facebook VPN App Out of iOS Store for Stealing Users’ Data

    August 23, 2018

    Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker’s App Store guidelines on data collection. For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their ...

  • AdvisorsBot Downloader Emerges in Raft of Malware Campaigns

    August 23, 2018

    A tricky downloader has hit the scene in a series of campaigns targeting restaurants, hotels and telecommunications companies. A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot (due to early command-and-control domains, ...

  • T-Mobile Hacked — 2 Million Customers’ Personal Data Stolen

    August 23, 2018

    T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of “some” personal information of up to 2 million T-Mobile customers. The leaked information includes customers’ name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the ...

  • DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

    August 23, 2018

    An unnamed Democratic source told CNN Wednesday that the DNC was alerted to the presence of a spoofed log-in page designed to mimic VoteBuilder – a platform used by Democratic Party officials and campaigns across the country to manage the Democratic registered voter database. The alarm was raised by security researchers at Lookout and a cloud provider, the source ...

  • Superdrug hack: Data thieves claim to have information on 20,000 customers

    August 22, 2018

    Superdrug has been targeted by hackers claiming they had access to tens of thousands of customers’ personal details including dates of birth and phone numbers. The high street chain it had been contacted by someone who claimed that they had obtained the details of approximately 20,000 customers. The company confirmed that 386 of the accounts had been compromised and said ...

  • Legacy System Exposes Contact Info of BlackHat 2018 Attendees

    August 22, 2018

    Full contact information of everyone attending the BlackHat security conference this year has been exposed in clear text, a researcher has found. The data trove includes name, email, company, and phone number. The BlackHat 2018 conference badge came embedded with a near-field communication (NFC) tag that stored the contact details of the participant, for identification or for ...

  • New Attack Recovers RSA Encryption Keys from EM Waves Within Seconds

    August 22, 2018

    A research paper presented at the Usenix security conference last week detailed a new technique for retrieving encryption keys from electronic devices, a method that is much faster than all previously known techniques. The approach relies on recording electromagnetic (EM) emanations coming off a device as it performs an encryption or decryption operation. Read more… Source: Bleeping Computer  

  • New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers

    August 22, 2018

    Semmle security researcher Man Yue Mo has disclosed a critical remote code execution vulnerability in the popular Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, ...

  • Dark Tequila Banking Malware Uncovered After 5 Years of Activity

    August 21, 2018

    Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila, the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark ...

  • DHS awards Booz Allen $1 billion cybersecurity contract

    August 21, 2018

    The Department of Homeland Security announced Tuesday it is awarding a $1.03 billion contract to Booz Allen Hamilton to boost cybersecurity vulnerability detection and mitigation in six federal agencies. Why it matters: Almost 75% of agencies are vulnerable to cyberattacks because they don’t understand their risk, the Office of Management and Budget found earlier this year. This is not Booz Allen’s first ...

  • Retro tech leaves NHS open to cyber-attacks, say researchers

    August 20, 2018

    Hackers could gain access to NHS networks by exploiting vulnerabilities in fax machines, security researchers have suggested. Staff at Check Point Software discovered exploits in widely-used fax machines that enable hackers to spread malware through a malicious image file. Malware can be coded into the image file which, when decoded by the fax machine and uploaded to its ...

  • EU considers 60-minute deadline for social networks to remove terrorist content

    August 20, 2018

    No longer the carrot, now the stick: the European Commission is considering imposing an hour-long deadline for social networks to remove terrorist and extremist content after voluntary measures appear to have failed. As reported by the Financial Times on Sunday, Facebook, Twitter, and YouTube, as well as smaller businesses, are all within the EU’s sights. This is the first ...

  • Army cyber protection teams upgrade training with a ‘real’ city

    August 20, 2018

    The Army’s cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port. “There’s a dearth of realistic training venues,” John Nix, director of federal for SANS Institute, told FCW. “There are lots of cyber ranges, but they don’t have those rich training scenarios where you have an adversary ...

  • Australia only has 7 percent of the cybersecurity expertise that it needs

    August 20, 2018

    The introduction of the notifiable data breaches (NDB) scheme and EU general data protection regulation (GDPR) more than tripled demand for cybersecurity specialists between February and June this year, according to a review of job openings that suggests Australia only has 7 percent of the cybersecurity skills it needs. Job-ad site Indeed reviewed job postings requiring ...

  • Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’

    August 17, 2018

    Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...

  • Philips Vulnerability Exposes Sensitive Cardiac Patient Information

    August 17, 2018

    The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose. A vulnerability in the Philips IntelliSpace Cardiovascular (ISCV) line of medical data management products would allow privilege escalation and arbitrary code execution – opening the door for an attacker to siphon ...