Items tagged with Hackers
Security researchers at Kaspersky have identified a new strain of malware affecting Chrome and Firefox browsers. The researchers say the malware's authors "put a lot of effort" into how it manipulates digital certificates and mucks with outbound TLS traffic, which ultimate compromises encrypted communications. "Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have," Kaspersky says. The malware allows an attacker to wreak havoc on a victim's PC remotely....
Read more...
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims. MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place. Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see...
Read more...
This mobile app is definitely something to scream about in more ways than one. The Android game “Scary Granny ZOMBYE Mod: The Horror Game 2019” s stealing users’ Google and Facebook data. The malicious app attempts to siphon both data and money from its users to attackers. “Scary Granny ZOMBYE Mod: The Horror Game 2019” was a horror game that mimicked another popular Android game “Granny”. Users were tasked with running away from zombies while uncovering extra lives and various weapons. The game was installed over 50,000 times and boasted a 4-star review in the Google Play store before it was removed on June 27th. Image credit: Wandera Security...
Read more...
Authorities in the U.S. have announced that they have been successful in breaking a ring of hackers who had been running a scam to hijack SIM cards and steal cryptocurrency from the victims of the crime. Court documents in the case allege that the group, known as "The Community," had stolen about $2.4 million in cryptocurrency. Six people from the hacking ring were named in court documents in the case. The indictment came from the U.S. Attorney's Office for the Eastern District of Michigan, and it alleges that six people living around the U.S. and Ireland were part of The Community. The SIM hijacking scheme that the group pulled off involved them using bribery or trickery to convince mobile phone...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
No information is safe in the Internet age. Citycomp, an Germany-based IT services company, reported that they had been hacked and blackmailed. Some of their clients include Oracle, Airbus, Toshiba, Volkswagen, Leica, and Porsche. Citycomp is an IT services company that provides items such as servers, storage, and other computer equipment to other major companies. It appears that the hackers targeted the German branches of these international companies. The list of victims includes both corporations with an international reach and strictly German companies. The hackers, who go by the alias "Boris-Bullet Dodger", have distributed some of the stolen files on a website. Some of the affected firms...
Read more...
CT scans are essential tools that help medical practitioners detect various medical conditions. Healthcare providers rely on the accuracy of these technologies, because a misdiagnosis could prove fatal. Unfortunately, this vital technology is vulnerable to hackers. Researchers recently designed malware that can add or take away fake cancerous nodules from CT and MRI scans. Researchers at the University Cyber Security Research Center in Israel developed malware that can modify CT and MRI scans. During their research, they showed radiologists real lung CT scans, 70 of which had been altered. At least three radiologists were fooled nearly every time. A CT Scan of a brain trauma. Image from Rehman...
Read more...
For organizations that are reliant on Cisco RV320 and RV325 WAN VPN routers, we implore you to -- if you haven't already -- apply two patches that were issued late last week. The patches address the following vulnerabilities: CVE-2019-1652: A vulnerability in the web-based management interface that could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. CVE-2019-1653: A vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to retrieve sensitive information. According to BleepingComputer, both vulnerabilities were discovered by German firm RedTeam Pentesting and...
Read more...
As Epic Games’ Fortnite has increased in popularity, so have the number of related scams and criminal activity. It was recently discovered that criminals are laundering Fortnite V-Bucks. Some believe that Epic Games has not taken enough precautionary measures to prevent such a crime. Fortnite is a free-to-play game, but features an in-game currency that can be used to purchase skins, emotes, and Battles Passes. V-Bucks or “Vindertech Bucks” can be earned by completing daily quests and missions or purchased through online vendors like Microsoft Store Online or the Official Playstation Store. 1,000 V-Bucks will run customers $9.99 USD. The Independent and cyber security firm Sixgill...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card. The vulnerability was discovered by Israeli cyber security company Check Point this past November. Epic Games quickly and quietly fixed the issue. They recently remarked, “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account...
Read more...
The USB Implementers Forum (USB-IF) has announced a new authentication standard that can be implemented for USB-C devices and complimenting chargers. USB-C Authentication, as it’s called, uses 128-bit “cryptographic-based authentication” to help mitigate potential security intrusions from USB thumb drives and chargers that could be used to deliver malicious payloads/firmware. The USB-IF says that with its new authentication protocol, the host device would be able to in effect enter in a secure “handshake” with another USB-C device, confirming its identify. At the moment the connection is made, the host would be able to determine “product aspects as the capabilities...
Read more...
We have all seen it on Facebook -- one of your friends “shares” a link to a new shake that will help you lose ten pounds in two days or a code to get suspiciously discounted Ray-Bans. Thankfully, most of these posts are obviously spam. Unfortunately, hackers are finding more ways to post annoying and potentially dangerous content. One researcher recently discovered a proof-of-concept Facebook worm that posts unwanted spam links. A Polish security researcher, who goes by the pseudonym “Lasq”, was the first to find the issue. He noted that a number of his Facebook friends appeared to be posting a link to French comic site hosted on a Amazon Web Services (AWS) bucket. Users...
Read more...
Two-factor authentication (2FA) is usually touted as an effective layer of security for online account. Many people have recently learned the hard way that this method may not be as helpful as it seems. Hackers have targeted nearly 1,000 Google and Yahoo accounts by bypassing two-factor authentication. Amnesty International, a non-profit group, recently published a report that documented the phishing attacks. The attacks have specifically targeted journalists and activists in the Middle East and North Africa in 2017 and 2018. Amnesty International believes that the hackers are based in Persian Gulf countries. How does the attack work? First, the attackers sent out convincing “security alerts”...
Read more...
A group of hackers claims to have a service that will allow anyone willing to spend $250 to send out a "marketing" campaign that can reach "every single printer in the world." The people are offering to sell advertisers a spot in "the most viral ad campaign in history" according to the advertisement for the service. Security experts the world over have had concerns about the security of Internet of Things (IoT) devices and the security of web-connected printers specifically. HP has in the past offered $10,000 in bug bounty money to get white hat hackers to find bugs in its printers. We also talked in depth about some of the security hazards that the IoT posed last year. Hackers have taken advantage...
Read more...
