News – November 2017


  • New IcedID Trojan Targets US Banks

    November 13, 2017

    Researchers are warning users about a wave of recent attacks targeting U.S. financial institutions that leverage a new banking Trojan dubbed IcedID. The IcedID Trojan was spotted in September by researchers at IBM’s X-Force Research team. They said the Trojan has several standout techniques and procedures, such as the ability to spread over a network and ...

  • Apple iPhone X’s Face ID Hacked (Unlocked) Using 3D-Printed Mask

    November 13, 2017

    Just a week after Apple released its brand new iPhone X on November 3, a team of hackers has claimed to successfully hack Apple’s Face ID facial recognition technology with a mask that costs less than $150. Yes, Apple’s “ultra-secure” Face ID security for the iPhone X is not as secure as the company claimed during ...

  • Experts working with Homeland Security hacked into Boeing 757

    November 10, 2017

    There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...

  • Equifax spends $87.5 million on data breach, more expenses on deck

    November 9, 2017

    Equifax spent $87.5 million in the third quarter on its recent data breach. The disclosure came amid an earnings report that showed revenue growth of 4 percent to $834.8 million and net income of $96.3 million. In other words, the data breach affecting 145 million Equifax customers dented the cash cow, but it certainly didn’t kill it. Read more… Source: ZDNet  

  • Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB

    November 9, 2017

    Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...

  • Evil pixels: researcher demos data-theft over screen-share protocols

    November 9, 2017

    It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get data over a connection like RDP (remote desktop protocol) when the target had blocked file transfer ...

  • Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

    November 8, 2017

    Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device ...

  • IoT devices are an enterprise security time bomb

    November 8, 2017

    The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research. On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise. The survey, conducted by Forrester Consulting, suggests that ...

  • The top 5 malware threats targeting Macs

    November 8, 2017

    While Macs offer strong security protections, they are far from immune to malware, according to new data from security firm Avast. Since January 2017, Avast has blocked more than 250 million malware threats aimed at their Mac customers. “Macs are not impervious to malware,” wrote Lukáš Hasik, senior product manager at Avast. “As secure as Macs generally ...

  • Fast-growing cyber crime threatens financial sector: Europol

    November 8, 2017

    The “remorseless” growth of cyber crime is leading to 4,000 ransom attacks a day and gangs’ technological capability now threatens critical parts of the financial sector, the head of Europol said on Wednesday. Online criminals have become so sophisticated that gangs have created “conglomerations” with company structures that specialize in different criminal activities to carry out ...

  • Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

    November 8, 2017

    Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who ...

  • Sowbug: Cyber espionage group targets South American and Southeast Asian governments

    November 7, 2017

    Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. Symantec saw ...

  • US-CERT Warns of Crypto Bugs in IEEE Standard

    November 6, 2017

    Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security. DHS’ US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of access rights for such IP is flawed. “In the most egregious cases, enable attack vectors that allow ...

  • Critical Tor flaw leaks users’ real IP address—update now

    November 5, 2017

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users’ IP addresses when they visit certain types of addresses. TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common ...

  • Stuxnet-style code signing is more widespread than anyone thought

    November 3, 2017

    One of the breakthroughs of the Stuxnet worm that targeted Iran’s nuclear program was its use of legitimate digital certificates, which cryptographically vouched for the trustworthiness of the software’s publisher. Following its discovery in 2010, researchers went on to find the technique was used in a handful of other malware samples both with ties to ...

  • For 11 minutes, Donald Trump’s Twitter ceased to exist

    November 3, 2017

    Donald Trump’s Twitter account was deactivated by a company employee and was down for 11 minutes before it was restored, Twitter said. Twitter blamed a customer-support employee “who did this on the employee’s last day”. The internet was seized by a brief spell of panic just before 11pm on Thursday, when the US President’s account disappeared suddenly ...

  • US Identifies 6 Russian Government Officials Involved In DNC Hack

    November 2, 2017

    The United States Department of Justice has reportedly gathered enough evidence to charge at least six Russian government officials for allegedly playing a role in hacking DNC systems and leaking information during the 2016 presidential race. Earlier this year, US intelligence agencies concluded that the Russian government was behind the hack and expose of the Democratic National Committee (DNC) emails ...

  • Millions of Malaysian phone users’ data stolen: Report

    November 1, 2017

    The personal details of some 46.2 million mobile phone subscribers in Malaysia have been stolen, in what is believed to be the largest data breach in the country, local media reported yesterday. Online technology site lowyat.net said the hackers have the home addresses, identity card numbers, SIM card information and private details of almost the entire ...

  • America’s 2020 Census systems are a $15bn cyber-security tire fire

    November 1, 2017

    Analysis In 2020, America will run its once-a-decade national census, but the results may not reflect reality if hackers manage to have their way. On Tuesday, the US Senate Homeland Security and Governmental Affairs Committee heard that the 2020 census will be the first to make extensive use of electronic equipment. For example, census workers will be given tablets ...