Author: riyadzj

Uber, Apple Maps and location tracking: what’s really going on?

by Bill Camarda When it comes to privacy, folks have learned to watch Uber like a hawk. This turns out to be useful even when Uber (apparently) turns out to be innocent. Case in point: the way Uber’s iOS app (3.222.4 and higher) now requests permission to track your location… “Always”. “Previously, Uber only collected location information while a user had the app ...
Read More

In deep: the internet’s underwater weak links

by Danny Bradbury While many of us are busy worrying about an internet apocalypse at the hands of IoT bots, there are many other ways the global network could be brought to its knees. A little over 350 of them, in fact, are lying at the bottom of the ocean. Submarine cables stretch across the world, managing almost all the internet’s traffic between them. That’s everything from financial s...
Read More

Did You Install Super Mario Run APK for Android? That’s Malware

After the success of Pokémon Go, Nintendo's "Super Mario Run" has become the hottest game to hit the market with enormous popularity and massive social impact. The game has taken the world by storm since its launch for iOS devices over a week ago. Can you believe — it was downloaded more than 40 million times worldwide in its first four days of release. But if you have downloaded a S...
Read More

Another Massive DDoS Closes Out 2016, But Mirai Not To Blame

  Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic. This past year has been one for the record books when it comes to distributed denial of service (DDoS) attacks, so it is only proper that 2016 closes out with news of another massive DDoS attack, reported by Imperva researchers. According to them, the Imperva Incapsula network was forced...
Read More

Nine Ways to Protect an IT System Against Ransomware

Unlike the stealthier advanced attacks that can stay undetected on corporate network for months, the impact of ransomware is immediate and intrusive. Ransomware infiltrations in enterprises increased by 35 percent in 2016, according to consensus of security industry analysts. But even more alarming is the recent rise in its sophistication and distribution.Ransomware is a type of malware that ...
Read More

Police Ask for Amazon Echo Data to Help Solve a Murder Case

  Hey, Alexa! Who did this murder? Arkansas police are seeking help from e-commerce giant Amazon for data that may have been recorded on its Echo device belonging to a suspect in a murder case, bringing the conflict into the realm of the Internet of Things. Amazon Echo is a voice-activated smart home speaker capable of controlling several smart devices by integrating it with ...
Read More
Posted in Uncategorized Tagged

“Switcher” Android Trojan Hacks Routers, Hijacks Traffic

  Researchers at Kaspersky Lab have come across a new Android Trojan that hacks routers and changes their DNS settings in an effort to redirect traffic to malicious websites. Dubbed “Switcher,” the malware has been disguised as an Android client for the Chinese search engine Baidu, and a Chinese app for sharing Wi-Fi network details. Once users install one of these apps, the malware att...
Read More

Fileless Malware Takes 2016 By Storm

  In-memory attacks are all the rage, creating a growing class of "non-malware." Malware creators have spent a lot of energy over the years obfuscating the malicious files they drop on infected systems to stay one step ahead of detection mechanisms. This year they're taking their efforts to a new level by dispensing with dropped files altogether. According to security researchers, 2016 sa...
Read More

How it takes just six seconds to hack a credit card

How it takes just six seconds to hack a credit card This video is related to the recent Credit Card hacking technique which is developed by researchers at Newcastle University. This is guessing attack, which means that the hacker will try to guess all details of the credit card. However, this is distributed attack among many , which make it feasible to identify all details of the card in matte...
Read More

PHPMailer Bug Leaves Millions of Websites Open to Attack

A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack. The flaw was disclosed by researcher Dawid Golunski of Legal Hackers, who said the vulnerability could be used by an unauthenticated remote attackers to achieve remote arbitrary code exec...
Read More

Brief comparison between tunnel and transport mode VPN encryption

  Virtual Private Network (VPN) is technology used to establish secure connection between two hosts or two networks, it extends the private network across a public network. One of the most implemented VPN protocols is IPSec, which is standard protocol defined by IETF in many RFCs. IPSec operates at the Network layer of the OSI model, it uses the following protocols to provide security servi...
Read More

Cisco Warns of Critical Flaw in CloudCenter Orchestrator Systems

Cisco Systems released a critical security bulletin for a vulnerability that could allow an attacker to gain root privileges on affected CloudCenter Orchestrator systems. The company released workaround instructions to mitigate the flaw along with making a software fix available for download. “The vulnerability is due to a misconfiguration that causes the Docker Engine management port to be rea...
Read More

Netgear plays down router security flaw

Firmware updates on the way Netgear has downplayed the significance of newly discovered flaws in its WNR2000 line of consumer routers. The vulnerabilities could hypothetically allow a remote attacker to execute code and take over the device without authentication, claims Pedro Ribeiro, the security researcher who discovered the bugs. “It is a LAN based attack, but it can also be used ov...
Read More

Holiday-Themed Spam Campaigns Ramp Up

This time of the year, spam campaigns are increasingly adopting holiday themes to improve their malware distribution rate and steal users’ banking information or to trick victims into accessing fake online stores, security researchers warn. The growth is mainly fueled by an intensified online shopping activity, which clearly inspires cybercriminals to launch various social engineering attacks, in...
Read More

Group that attacked Tumblr threatens to DDoS Xbox for Christmas

A new hacking group is taking credit for a distributed denial-of-service (DDoS) attack that took down Tumblr this week. But so far, little is known about R.I.U. Star Patrol other than its motive of attacking for fun. Tumblr went down for more than two hours Wednesday afternoon and R.I.U. Star Patrol contacted Mashable to explain its reason for attacking: “There is no sinister motive,” the gr...
Read More

Encryption backdoors are ‘against the national interest’

The US House Judiciary Committee’s Encryption Working Group released its year-end report earlier this week, and it looks like a victory for many technology and privacy advocates. The report makes the following four points, which you can read in full in the PDF report here: Any measure that weakens encryption works against the national interest Encryption technology is a global technolog...
Read More

Apple Delays App Transport Security Deadline

Apple backtracked on its plan to enforce a year-end deadline that would of required developers to move apps to an HTTPS-only model in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. On Wednesday Apple said a requirement for developers to adopt App Transport Security would be extended. It did not set a new deadline. The introduction of App Transport Security (ATS) has ...
Read More

Phishers Adopt Malware Distribution-Like Tactics

A recently detected phishing campaign designed to steal credit card information employed a series of attack tactics previously associated with malware distribution, Proofpoint security researchers reveal. The technique involves the distribution of a malicious document inside a .zip archive that is password-protected. The archive is attached to an email and the password to open it is included in t...
Read More

“Signal” Uses Domain Fronting to Bypass Censorship

Open Whisper Systems informed users on Wednesday that the latest Android version of its secure messaging app Signal includes a feature designed to bypass censorship in some countries. The company learned recently that ISPs in Egypt and the United Arab Emirates had started blocking the Signal service and website, likely in an effort to prevent users from communicating over channels that authorit...
Read More

Major Cyberattacks On Healthcare Grew 63% In 2016

US hospitals lack new technologies and best practices to defend against threats, new report says. Some 93 major cyberattacks hit healthcare organizations this year, up from 36 in 2015, new research shows. TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior ...
Read More

NIST Calls for Submissions to Secure Data Against Quantum Computing

For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms. Working, practical quantum computers are likely 10 years away, maybe as many as 20 years from reality. But the advances they promis...
Read More

Weaknesses of Diffie-Hellman Key Exchange Protocol

Diffie-Hellman (DF) protocol is key agreement protocol which allows two entities to exchange a shared secret key over insecure channel without previously sharing any secret material or even have any previous infrastructure. What is needed just to agree on two global parameters, which is considered major benefits of using this protocol. Another benefit of DF protocol is that it enables entities cre...
Read More

L.A. County: Major Breach Stemmed from Phishing Attack

Data Breach , Fraud , PhishingArrest Warrant Issued for Nigerian Suspect in Breach of Financial, Health Data Marianne Kolbasuk McGee (HealthInfoSec) • December 19, 2016     The County of Los Angeles is notifying 756,000 individuals of a breach that occurred five months ago stemming from a phishing scheme that tricked more than 100 county employees. Bank account and payment card in...
Read More

Google Test Suite Checks Open Source Cryptographic Library Security

Google's new Project Wycheproof will let software engineers look for previously known flaws in their open source cryptographic libraries. Google has released a set of tests that developers can use to check some open source cryptographic libraries for known security vulnerabilities.The company has named the set of tests Project Wycheproof, after a mountain in Australia, which has the distincti...
Read More

ShadowBrokers Dump Came from Internal Code Repository, Insider

An analysis of the latest ShadowBrokers dump of alleged NSA spy tools points to an insider with access to a code repository belonging to the intelligence agency, experts said. Researchers at security company Flashpoint said today that its investigation of the leaked data points away from an attack against NSA infrastructure, or other theories that operators mistakenly left classified data on st...
Read More

Inside LeakedSource and Its Database of 3 Billion Hacked Accounts

By now it’s hard to keep track of which companies have been hacked and which haven’t. Remember the FourSquare hack? What about Adobe? Even breaches that were high-profile at the time are fading into obscurity as bigger and scarier ones crop up. (Ahem, Yahoo.) And if you can’t remember what’s been hacked, you’re probably struggling to keep track of which leaks have included your personal data. That...
Read More

DNSChanger Malware is Back! Hijacking Routers to Target Every Connected Device

Next time when you see an advertisement of your favorite pair of shoes on any website, even if it is legitimate, just DO NOT CLICK ON IT. …Because that advertising could infect you in such a way that not just your system, but every device connected to your network would get affected. A few days ago, we reported about a new exploit kit, dubbed Stegano, that hides malicious code in the...
Read More
Top