Month: November 2018

0 Comments
How’s this for eyebrow-raising? In London, for the last year and a half, a team of lawyers, cryptographers, software engineers, and/or former military consultants have been brewing a bizarre and/or brilliant plan for a bridge between the blockchain and the real world — a system whose success is directly proportional to the extent to which
0 Comments
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams. According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the
0 Comments
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by
0 Comments
Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine. In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it
0 Comments
The recent spike in Emotet activity shows that it remains an active threat A week after adding a new email content harvesting module, and following a period of low activity, the malicious actors behind Emotet have launched a new, large-scale spam campaign. What is Emotet? Emotet is a banking Trojan family notorious for its modular
0 Comments
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. “DerpTroll,” took down servers of several major gaming platforms including Electronic Arts’ Origin service,
0 Comments
A report by England’s children’s commissioner has raised concerns about how kids’ data is being collected and shared across the board, in both the private and public sectors. In the report, entitled Who knows what about me?, Anne Longfield urges society to “stop and think” about what big data means for children’s lives. Big data practices
0 Comments
In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks’ networks. “The operation known as ‘FASTCash’ has enabled Lazarus,
0 Comments
by Paul Ducklin This week: hyperthreading considered harmful, how to avoid lock screen hacks, and what happens when cryptocurrency exchanges implode. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. LISTEN NOW (Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.) If you enjoy the podcast, please share it
0 Comments
Prevention is the best option but people continue to search for the easiest way out When you work in IT and you’re at a dinner party and somebody asks, ‘What do you do?’ you can usually see the blood run from their face as they’re like, “Oh my God, why me? My one night out this
0 Comments
The Muse, a New York-based, content-rich recruitment site that matches job seekers and all kinds of information about different career paths, as well as with companies that are hiring, has made it second acquisition, picking up TalentShare, a year-old, HR software-as-a service company. TalentShare has been focused on enabling companies to share high-quality candidates that they
0 Comments
A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November blog post, researchers said that if the vulnerability is exploited, it would give shop managers – employees of the store that can manage orders, products and