Cryptocurrency mining tool Coinhive has decided to shut up shop, although not because of its rampant abuse by hackers over the past two years. The team behind the Monero miner revealed all in a brief post on Tuesday, claiming that the 18-month project had come to an end as it was no longer economically viable.
Founders. This is your shot. TechCrunch is officially in the hunt for the most disruptive startups for this year’s Startup Battlefield at TechCrunch Disrupt San Francisco 2019. Startups can apply here to compete on our world-famous stage for a $100,000 equity-free prize and the coveted Disrupt Cup. With more than 10,000 attendees, hundreds of press
by John E Dunn Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD. Nicknamed ‘Thunderclap’ in a presentation at last week’s Network and Distributed System Security Symposium (NDSS), the vulnerability has to do with Direct Memory Access (DMA), a standard technique
This time last year, we said that 2018 would be the year of mobile malware. Today at MWC, we’re calling 2019 the year of everywhere malware. In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was
Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution
The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited.
Go-Jek is extending its reach in Southeast Asia after its Thailand-based unit made its official launch, which included the addition of a new food delivery service. Get, which is the name for Go-Jek business in Thailand, started out last year offering motorbike taxi on-demand services to a limited part of Thai capital city Bangkok, now
Threat actors can use firmware attacks on bare-metal cloud servers to easily gain persistent access to the hardware, according to new research from hardware security startup Eclypsium. The research showed how vulnerabilities in baseboard management controllers (BMCs) and weaknesses in the reclamation process of bare-metal cloud servers can allow attackers to add other malicious implants
Attackers have been exploring new forms of phishing bait that will entice users to click and have reportedly had success exploiting Bangladesh’s Cairo embassy website, according to researchers at Trustwave. Research conducted at the end of October 2018 revealed that the Coinlmp web miner created a block for a government facility domain. Only two months later, the
Earlier this week, Microsoft used its MWC press conference to announce the next version of its HoloLens mixed reality visor. When it demoed the first version back in 2015, quite a few pundits assumed that the company had somehow faked the demos because this kind of real-time tracking and gesture recognition, combined with a relatively
by Paul Ducklin The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and finds out whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week’s stories: Millions of “private” medical helpline calls exposed on internet Virus
Summary Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed
The BRONZE UNION threat group focuses on espionage and targets a broad range of organizations and groups using a variety of tools and methods. Wednesday, February 27, 2019 By: Counter Threat Unit Research Team This blog and the accompanying threat analysis, entitled A Peek Into BRONZE UNION’S Toolbox, are based on nearly two years of
These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with
Following the revelation that a list containing millions of stolen usernames and passwords had appeared online, we tell you a few different ways to find out if your credentials were stolen in that—or any other—security breach In mid-January, researcher Troy Hunt revealed that a list was floating around in the storage space of the MEGA
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that
Horizon Robotics, a three-year-old Chinese startup backed by Intel Capital, just raised a mega-round of fundings from domestic and overseas backers as it competes for global supremacy in developing AI solutions and chips aimed at autonomous vehicles, smart retail stores, surveillance equipment and other devices for everyday scenarios. The Beijing-based company announced Wednesday in a
Social media platforms are a major conduit for malware and a highly effective marketplace for black hat resources, generating cybercrime worth over $3.2bn every year, according to Bromium. The security vendor’s latest report, Social Media Platforms and the Cybercrime Economy, is the result of a six-month study by Mike McGuire, senior lecturer in criminology at the
Sapling, a three-year-old, San Francisco-based company whose employee management and onboarding software is being adopted by a small but growing number of mid-size companies with far-flung workforces, is announcing today that it has raised $4 million in funding from Gradient Ventures, which is Google’s AI fund, and Tuesday Capital, formerly known as CrunchFund. It quietly
by Danny Bradbury Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats. The Mozilla Corporation, which is the arm of the Mozilla Foundation that develops and maintains its software, made the striking warnings in a letter to the country’s government last week. The letter, written to
These days, we seem to have a newfound reliance on all things ‘smart.’ We give these devices the keys to our digital lives, entrusting them with tons of personal information. In fact, we are so eager to adopt this technology that we connect 4,800 devices per minute to the internet with no sign of slowing down.
The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications The Internet Corporation for Assigned Names and Numbers (ICANN) – which supervises the Domain Name System (DNS) – is urging all DNS stakeholders to do their parts in order to enhance the security of one of the internet’s foundations.
Great news. If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. Are you thinking… what the heck that actually means? It means, instead of remembering complex passwords for your online accounts,
Los Angeles medical center Cedars-Sinai is currently piloting a program that places Amazon Echos in more than 100 patient rooms. The smart speakers use Aiva, a voice assistant platform for healthcare, and is intended to help patients communicate with their caregivers. Letting patients use Alexa to perform basic tasks like changing TV channels also frees
Criminals who launched phishing campaigns during the final quarter of 2018 employed social engineering tactics in nearly one in three targeted attacks, according to Positive Technologies. A new report entitled Cybersecurity Threatscape Q4 2018 found that in 48% of cyber-attacks the hacker’s goal was to steal data. Specifically, attackers were targeting usernames and passwords in 28% of
Anthem is the first attempt by Bioware (of Mass Effect and Dragon Age fame) to tap into the well of cash supposedly to be found in the “game as platform” trend that has grown over the last few years, with Destiny, Warframe and Fortnite as preeminent exemplars. After a botched demo weekend dampened fan expectations,
by Danny Bradbury Officials in Tampa, Florida, were scrabbling to regain control of the mayor’s Twitter account this week after a hacker hijacked it to post bomb threats and child sex abuse images. The attacker, who took over the account just two weeks before the city’s municipal elections, tried to implicate others in the hijacking.
IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began
Recent news articles show that MSPs are now being targeted by criminals, and for a variety of nefarious reasons. Why is this happening, and what should MSPs do about it? If you are an MSP, as in managed service provider, or your organization uses the services of an MSP, then you need to be aware
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving