News


  • France Wins Cyber Defence Exercise Locked Shields 2019

    April 12, 2019

    The team from France wins the largest and most complex international live-fire cyber defence exercise Locked Shields 2019. Czech and Swedish team take second and third place respectively. “The winning team excelled in availability, usability and providing services for the customer,” said Lauri Luht, Head of Cyber Exercises at NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). “Every ...

  • Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password

    April 10, 2019

    Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network. WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced ...

  • UK Government Publishes Social Media Regulation Plans

    April 8, 2019

    White paper calls for an independent regulator that would write a code of conduct covering illegal or dangerous content – and would have the power to impose huge fines The government has published plans for an independent regulator that would be capable of imposing huge fines on internet firms that propagate dangerous or illegal content. The Online Harms White Paper, ...

  • Dropbox uncovers 264 vulnerabilities in HackerOne Singapore bug hunt

    April 6, 2019

    Dropbox has uncovered 264 vulnerabilities, paying out $319,300 in bounties, after a one-day bug hunt in Singapore that brought together hackers from 10 nations around the world. Hosted by bug bounty platform HackerOne, the live event saw 45 of its members from countries such as Japan, India, Australia, Hong Kong, and Sweden, and some as ...

  • Exodus Spyware Found Targeting Apple iOS Users

    April 5, 2019

    The surveillance tool was signed with legitimate Apple developer certificates. The spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem. The surveillance package – dubbed Exodus – can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier ...

  • Backdoor code found in popular Bootstrap-Sass Ruby library

    April 5, 2019

    Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update. The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today. The backdoor’s ...

  • FBI criticized for delaying breach notifications, including insufficient details

    April 5, 2019

    The Federal Bureau of Investigations does a poor job at notifying victims of a cyber-attack, a US government report released earlier this week concluded. FBI notifications arrive either too late or contain insufficient information for victims to take action, a report from the Department of Justice’s Office of the Inspector General (DOJ-OIG) has concluded. The report analyzed Cyber Guardian, ...

  • A dozen US web servers are spreading 10 malware families, Necurs link suspected

    April 4, 2019

    Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs botnet. On Thursday, researchers from Bromium said they have monitored scams connected to this infrastructure during the May 2018 to March 2019 time period. Five families of banking ...

  • Pharma Giant Bayer ‘Contains’ Cyber Attack

    April 4, 2019

    German firm detected hacker code and covertly monitored it for over a year, before clearing it from network Security officials at the German multinational pharmaceutical and life sciences giant Bayer AG seem to be on the ball after they detected and then contained a cyber attack. It is reported that the Winnti hacking group had gained access ...

  • This new malware is scanning the internet for systems info on valuable targets

    April 3, 2019

    A new form of malware is scanning the internet for exposed web services and default passwords in what’s thought to be a reconnaissance operation – one which might signal a larger cyberattack is to come. Researchers at AT&T Alien Labs first spotted the malware in March and have named it Xwo after its primary module name. It’s thought that Xwo ...

  • 540 Million Facebook User Records Found On Unprotected Amazon Servers

    April 3, 2019

    It’s been a bad week for Facebook users. First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now… …the bad week gets worse with a new privacy breach. More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud ...

  • Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data

    April 2, 2019

    On March 30th, security researcher James Lee disclosed information on two zero-day vulnerabilities present in current versions of Microsoft Edge and Internet Explorer. These vulnerabilities make it possible for confidential information to be shared between websites. A flaw in the same-origin policy for these web browsers, called an Origin Validation Error (CWE-346), allows JavaScript embedded in a malicious ...

  • Hackers reveal how to trick a Tesla into steering towards oncoming traffic

    April 2, 2019

    A team of hackers has managed to trick the Tesla Autopilot feature into dive-bombing into the wrong lane remotely through root control and a few stickers. Researchers from Tencent Keen Security Lab published a report this week (.PDF) on their findings, which shows how the Tesla Autopilot system engine control unit (ECU) can be abused through root security ...

  • Mobile-First Phishing Kit Targets Verizon Customers

    April 2, 2019

    As people increasingly go mobile-first in their work and personal lives, cybercrime is keeping up: The latest is a phishing kit that specifically targets Verizon Wireless customers in the U.S. According to Jeremy Richards, a researcher at Lookout Security, the kit pushes phishing links to users via email, masquerading as messages from Verizon Customer Support. These ...

  • Mystery of the Chinese woman who allegedly tried to sneak into Trump’s Mar-a-Lago with a USB stick of malware

    April 2, 2019

    A Chinese woman was caught sneaking into President Trump’s Mar-a-Lago country club with a thumb drive of malware, it was claimed yesterday. Yujing Zhang, 32, was collared after possibly trying to slip into a bash at the swanky resort promoted by Li “Cindy” Yang, the former massage parlor boss who denies allegations she sold access to the president and his ...

  • Google Warns of Growing Android Attack Vector: Backdoored SDKs and Pre-Installed Apps

    April 1, 2019

    Google is reporting an uptick in efforts by bad actors to plant potentially harmful applications (PHAs) on Android devices via pre-installed apps and by bundling them with system updates delivered over the air. The technique is especially troubling, Google said, because PHAs are often malicious and users have no control over what comes pre-installed on their ...

  • AI infosec biz Darktrace boasts near-doubled revenues as firm alumni battle HPE in civil case

    April 1, 2019

    Darktrace, the security startup backed in part by Mike Lynch, the exec currently involved in a big civil fraud case being heard at the UK’s High Court, has nearly doubled turnover and reported deeper losses. The firm, started by Cambridge Uni maths boffins and folk with infosec experience gained at intelligence agencies, said in its latest results (PDF)that revenue ...

  • U.S. hackers helped UAE spy on Al Jazeera chairman, BBC host

    April 1, 2019

    A group of American hackers who once worked for U.S. intelligence agencies helped the United Arab Emirates spy on a BBC host, the chairman of Al Jazeera and other prominent Arab media figures during a tense 2017 confrontation pitting the UAE and its allies against the Gulf state of Qatar. The American operatives worked for Project ...

  • Jeff Bezos: Saudi Arabia accused of gaining access to Amazon chief’s phone

    March 31, 2019

    Saudi Arabia has accessed the phone of Amazon boss Jeff Bezos and obtained private data from it, his security officer has said. Gavin De Becker launched an investigation after the National Enquirer published intimate texts that Mr Bezos had sent to his mistress, television anchor Lauren Sanchez. Shortly before their publication, Mr Bezos had become the subject ...

  • Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

    March 29, 2019

    A critical Rockwell Automation flaw could be exploited to manipulate an industrial drive’s physical process and or even stop it. A critical denial-of-service (DoS) vulnerability has been found in a Rockwell Automation industrial drive, which is a logic-controlled mechanical component used in industrial systems to manage industrial motors. The vulnerability was identified in Rockwell Automation’s PowerFlex 525 ...