Security researchers at MalwareMustDie have discovered a brand new malware strain designed to turn poorly encrypted, Linux-based Internet of Things (IoT) devices into a botnet to deploy DDoS attacks.
In an effort to increase certificate transparency, Google announced in a blog post yesterday that they will distrust certificates issued by Chinese certificate authorities WoSign and StartCom once Chrome 56 becomes available in January 2017.
Another massive voter database leak was discovered last week by the Austin-based security company MacKeeper. According to their blog, the 350,000-file public database contained information about voters from California, Montana, New Jersey, and Virginia, including voters’ names, addresses, phone numbers, gender, birth date, marital status, voter ID number, date of registration, political affiliation, and elections they have voted in.
Cylance researchers have discovered a malvertising campaign on Google AdWords, where unsuspecting Apple Mac users were being tricked into downloading a malicious installer.
911 services in three states were recently threatened by an attack believed be instigated by eighteen-year-old Meetkumar Desai. According to a release published last week, the alleged emergency services hacker has been taken into custody and charged with a Class 2 Felony on three counts of computer tampering.
The hacker group dubbed ‘The Shadow Brokers’, who have previously released NSA hacking tools for anyone to download, published more files on Monday on the blogging site Medium. NSA
The EU data protection watchdog group is urging WhatsApp to clarify that user information shared between the company and Facebook is compliant with data protection laws in Europe. EU Data
Yahoo has released its semi-annual transparency report, the first issued by the company since Reuters revealed earlier this month that Yahoo scanned its users’ email accounts at the behest of U.S. government agencies.
With the proliferation of Internet of Things (IoT) devices, cybersecurity experts has repeatedly warned that any of them could be subject to an unprecedented wave of major DDoS attacks. Already seen with KrebsonSecurity, the 1 Tbps DDoS attack on French-based OVH hosting company, and the Dyn server attacks, the availability of the malware source codes made millions of devices vulnerable to attackers.
Invincea researcher Scott Tenaglia discovered three vulnerabilities in Mirai Botnet, one of which is the most critical to the success of disarming one of the botnet’s main capabilities: HTTP floods.
Security researcher and owner of haveibeenpwned.com Troy Hunt has unveiled that the Australian Red Cross Service data log of blood donors’ personal information has been exposed in what appears to be the largest leak ever exposed in Australia to date. The data comprises of a 1.74GB MySQL database backup containing 1.3 million rows and 647 different tables (or 413k unique email addresses and 550k blood donors) has been compromised due to a poor security encryption by a third-party provider.
Researchers at Vectra Networks has been monitoring a threat group in Palestine believed to have been targeting entities in Palestine and across the Middle Eastern region. Dubbed ‘Moonlight’ malware, chosen based by the name the attackers chose for one of their command-and-control (C&C) domains, the researchers have analyzed 200 samples of malware used by the threat group over the last two years.
Trend Micro TrendLabs Security researchers have identified a threat group called BLACKGEAR behind a cyber espionage campaign that has been known to target users in Taiwan and are now setting sights to adding Japan to their list.
enSilo researchers have discovered a code injection to the underlying Windows operating system in order to inject malicious code and infect user PCs. Dubbed ‘AtomBombing’, the security firm that found the vulnerability and posted technical details of the exploit in their blog post. The code injection has the ability to bypass every Window versions’ current security solutions that could protect the system from potential malware attacks.
A team of Rapid7 researchers have disclosed that there are numerous mobile vulnerabilities discovered in Bluetooth tracking technologies, leading to possible security breaches as IoT device use continues to rise.
Dyn has confirmed that the Mirai botnet was the main culprit behind the major DDoS attacks that occurred last Friday which knocked out their managed DNS infrastructure and subsequently, web service across the East Coast.
Cisco’s Talos Security Intelligence and Research Group published an observation of three separate malware campaigns related to the Locky ransomware.
Netskope Threat Research Labs today published a report that the CloudFanta malware campaign began operations since July 2016 and is suspected to have stolen more than 26,000 email credentials and also monitoring online banking activities. Cloudfanta leverages the effective use of cloud services for hosting malware by malicious threat adversaries by uses a popular online storage app to complete the infection cycle.
Leading security company Forescout today released their annual “IoT Enterprise Risk Report,” led by ethical hacker Samy Kamkar. The research findings offer new insight into how common enterprise IoT devices pose an inherent risk to the overall security of organizations and vendors.
Flashpoint recently published an assessment of the aftermath of the DNS service provider Dyn DDoS attacks and indicated that script kiddies are the likely culprit behind it and not politically-motivated hacking groups.
Chinese tech manufacturer Hangzhou Xiongmai Technology issued a recall for millions of webcams after it has been identified as one of the main causes for the massive DDoS attacks against cloud-based DNS provider Dyn’s servers on Friday. Chinese Webcam Company Pulls Devices Used in Dyn Attack
A few months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the agency in the largest ever breach of intelligence classification. And now a court document filed Thursday has revealed that the FBI has seized at least 50 terabytes (TB) of data that Martin has been secretly collecting for the past 20 years. The latest filing indicated that Martin was hoarding stolen information that included 500 million pages of government records involving top-secret information about “national defense” and six bank boxes of documents marked “Secret” or “Secret”. Ex-NSA Contractor Stole 50 TB of Classified Data and Hacking Tools
Researchers at the VUSec Lab at Vrije Universiteit Amsterdam have published details of a new method for exploiting a problem with Android devices, exploiting a relatively new type of bug that allows adversaries to manipulate data within DRAM memory modules. The vulnerability, dubbed Drammer, employs an existing PC-based hack known as Rowhammer, a technique where the vulnerability gains unfettered “root” access in a matter of seconds to a large variety of Android phones including Nexus, Samsung, LG and Motorola.
The researchers describe the attack as a Flip Feng Shui exploitation technique which carefully selects the sizes of the portion of memory where dynamically allocated memory resides (heap). After detecting the hardware vulnerability location, Rowhammer targets rows of cells of memory in DRAM devices to induce cells to flip from one state to another, making the settings perfect for memory manipulation. Those bit flips could include simply changing a 0-to-1 or 1-to-0.