0 Comments
Microsoft released fixes for over 60 CVEs yesterday as part of its monthly update round, three of which have been publicly disclosed and one which was being actively exploited in the wild. CVE-2018-8440 is an Elevation of Privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) which was disclosed by researcher and Twitter user @SandboxEscaper
0 Comments
by John E Dunn Is the Keybase secure messaging browser extension safe to use or not? Respected researcher Wladimir Palant (of AdBlock Plus fame) is so convinced that it isn’t that he has recommended users “uninstall the Keybase browser extension ASAP,” after he discovered what looks like a gap in its claim to offer end-to-end
0 Comments
Keeping pace with online threats can often feel like you’re plugging holes in a dam with your fingers, as soon as you’ve got one challenge under control, another issue pops up somewhere else. As employers create more flexible work conditions (BYOD, remote workforce, etc. and as mobility increases, organizations are faced with an increasingly complex
0 Comments
Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript
0 Comments
The perennial optimists at the Search for Extraterrestrial Intelligence, or SETI, have joined the rest of the world in deploying AI to help manage huge datasets — and their efforts almost instantly bore fruit. 72 new “fast radio bursts” from a mysteriously noisy galaxy 3 billion miles away were discovered in previously-analyzed data by using
0 Comments
British police have arrested a 19-year-old teen who is an alleged member of Apophis Squad cybercriminal group responsible for making hoax bomb threats to thousands of schools and airlines; and DDoSing ProtonMail and Tutanota secure email services. George Duke-Cohan was arrested in his bedroom at his family home in Watford by British National Crime Agency
0 Comments
Reports of Jack Ma’s impending retirement are greatly exaggerated, it seems. Ma, the co-founder and executive chairman of Alibaba, has pushed back on claims that he is on the cusp of leaving the $420 billion Chinese e-commerce firm. The New York Times first reported that the entrepreneur plans to announce that he will leave the firm to pursue
0 Comments
Mobile spyware company mSpy has once again leaked millions of customer records to the public internet. The company develops mobile spyware that customers use to monitor the mobile device activity of their children, partners and others. Security researcher Nitish Shah discovered the mSpy leak via a public-facing database and reached out to cybersecurity journalist Brian
0 Comments
Germany-based researchers found a way to spoof certificates, even those protected with PKI-based domain validation, according to the Register. With nothing more than a laptop, the group was able to steal credentials and eavesdrop on certificate authorities. “We evaluated the attack against a number of CAs and we set up a live (automated) demo against one
0 Comments
British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. So who exactly are victims? In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com)
0 Comments
An analysis of ICS (industrial control systems) computers revealed a consistent increase in the percentage of attacks, according to a new ICS CERT report from Kaspersky Lab.   The Kaspersky Lab report, Threat Landscape for Industrial Automation Systems in H1 2018, indicated that 41.2% of ICS computers protected by Kaspersky Lab solutions were attacked by
0 Comments
by Lisa Vaas It’s one thing to slip spyware onto somebody’s phone so you can surreptitiously intercept text messages, call logs, emails, location tracking, calendar information and record conversations – that kind of privacy-spurning stuff. It’s another thing entirely to be the company that makes and markets the software… and – the coup de GAH!
0 Comments
Since January 1st of 2018, a barrage of cyber attacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices ­–from wearables and
0 Comments
Far-fetched though it may sound, the answer is yes, according to researchers, who show that electrical grids and smart home appliances could make for a dangerous mix Cybercriminals could rope internet-connected household appliances into a botnet in order to manipulate the demand side of the power grid and, ultimately, cause anything from local outages to
0 Comments
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. Source: Twitter It seems obvious that this was not part of a coordinated vulnerability disclosure