German intelligence unmasks alleged covert Chinese social media profiles

Germany’s intelligence service has published the details of social network profiles which it says are fronts faked by Chinese intelligence to gather personal information about German officials and politicians. The BfV domestic intelligence service took the unusual step of naming Read More …

‘Significant amount’ of sensitive security data stolen in Perth Airport hacking

A skilled hacker in Vietnam stole sensitive security details and building plans from Perth Airport after breaking into its computer systems. The West Australian can reveal Vietnamese man Le Duc Hoang Hai used the credentials of a third-party contractor to get Read More …

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

HP has an awful history of ‘accidentally’ leaving keyloggers onto its customers’ laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger Read More …

Banking Apps Found Vulnerable to MITM Attacks

Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic. According to researchers at the School of Read More …

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Read More …

International team takes down virus-spewing Andromeda botnet

Police and private companies have taken down a massive botnet used to move malware onto compromised PCs. The Andromeda botnet, also known as Gamarue, is thought to have spanned over two million PCs and distributed over 80 types of malware Read More …

RSA coughs to critical-rated bug in its authentication SDK

RSA developers and admins have been given two critical-level authentication bugs to patch. For the sysadmin, the issue struck RSA’s software providing Web-based authentication for Apache. CVE-2017-14377 is an authentication bypass that existed because of an “input validation flaw in RSA Authentication Read More …