Month: November 2018

0 Comments
How’s this for eyebrow-raising? In London, for the last year and a half, a team of lawyers, cryptographers, software engineers, and/or former military consultants have been brewing a bizarre and/or brilliant plan for a bridge between the blockchain and the real world — a system whose success is directly proportional to the extent to which
0 Comments
In light of Anthem Inc. recently agreeing to pay the largest HIPAA settlement on record for the Anthem data breach that affected nearly 79 million plan members, providers must get better at controlling who has access to patient data and internal systems. That advice comes from David Harlow, a Boston healthcare lawyer and consultant. “Anthem
0 Comments
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams. According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the
0 Comments
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by
0 Comments
Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine. In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it
0 Comments
Police in the Netherlands announced on Tuesday that they’ve broken the encryption used on an cryptophone app called IronChat. The Dutch police made the coup a while ago. They didn’t say when, exactly, but they did reveal that they’ve been quietly reading live communications between criminals for “some time.” At any rate, it was enough
0 Comments
The recent spike in Emotet activity shows that it remains an active threat A week after adding a new email content harvesting module, and following a period of low activity, the malicious actors behind Emotet have launched a new, large-scale spam campaign. What is Emotet? Emotet is a banking Trojan family notorious for its modular
0 Comments
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. “DerpTroll,” took down servers of several major gaming platforms including Electronic Arts’ Origin service,
0 Comments
A report by England’s children’s commissioner has raised concerns about how kids’ data is being collected and shared across the board, in both the private and public sectors. In the report, entitled Who knows what about me?, Anne Longfield urges society to “stop and think” about what big data means for children’s lives. Big data practices
0 Comments
Unclassified malware samples from U.S. Cyber Command will be shared with VirusTotal by the Cyber National Mission Force. VirusTotal aggregates malware and malicious URL data from antivirus products and allows anyone to submit samples for inclusion in the database. The CNMF — the action arm of Cyber Command responsible for planning and directing cyberoperations —
0 Comments
In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks’ networks. “The operation known as ‘FASTCash’ has enabled Lazarus,
0 Comments
by Paul Ducklin This week: hyperthreading considered harmful, how to avoid lock screen hacks, and what happens when cryptocurrency exchanges implode. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. LISTEN NOW (Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.) If you enjoy the podcast, please share it
0 Comments
Prevention is the best option but people continue to search for the easiest way out When you work in IT and you’re at a dinner party and somebody asks, ‘What do you do?’ you can usually see the blood run from their face as they’re like, “Oh my God, why me? My one night out this
0 Comments
The Muse, a New York-based, content-rich recruitment site that matches job seekers and all kinds of information about different career paths, as well as with companies that are hiring, has made it second acquisition, picking up TalentShare, a year-old, HR software-as-a service company. TalentShare has been focused on enabling companies to share high-quality candidates that they
0 Comments
A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November blog post, researchers said that if the vulnerability is exploited, it would give shop managers – employees of the store that can manage orders, products and