Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets
Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions.
The developers behind the malicious browser have so far stolen at least $40,000 in...
UC Browser potentially endangers 500 million users
The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk.
UC Browser, which
is available from the Google Play store, was found by Zscaler ThreatLabZ...
Phishing scam targets users of Stripe payment processing service
Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data.
The attackers employ two...
2.8 million CyberLink customer records exposed by unprotected database
A third-party
MongoDB database containing 2.8 million CyberLink customer records and information
was left unprotected exposing the data of several hundred thousand of the tech
company’s customers.
The database
was found by the security firm Comparitech working with security researcher Bob
Diachenko. The initial finding...
CBP mulls facial recognition tech for body cams
The U.S. Customs and Border Patrol (CBP) is considering using facial recognition in body cameras that agents will wear in the future, sending out a request for information (RFI) on biometric options that can be used to verify identity.
This...
Unpatched Amazon Echo and Kindle devices prone to KRACK attacks
Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic.
The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks),...
APT 29/The Dukes back in business
The threat group APT 29 has apparently
returned to action with ESET uncovering three new malware families it is
attributing to the cybergang.
Apt 29/The Dukes is best
known as being the primary suspect behind the Democratic National Committee
breach during the runup to...
Cisco fixes critical Aironet Access Points flaw, addresses 29 more bugs
Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company’s Cisco Aironet Access Points (APs) software.
Officially designated CVE-2019-15260, the flaw potentially can be exploited to...
Hacker behind Montgomery County school data breach identified
A Montgomery County, Md., high school student earlier this month hacked into the Naviance college prep system and downloaded and shared the PII from about 1,400 fellow students.
The initial investigation using information provided by Naviance led the school district...
VMware patches critical bug in Harbor Container Registry for PCF
VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF).
According to the advisory, malicious actors with administrative access to a project could...
Open AWS buckets expose more than 200K CVs at two online recruitment firms
Unsecured AWS servers belonging to two online recruitment firms – U.S.-based Authentic Jobs and Sonic Jobs in the U.K. – have exposed more than 250,000 CVs of job candidates.
Authentic Jobs, used by the likes of the New York Times...
SHIELD Act passes committee
The Committee on
House Administration passed the Stopping Harmful Interference in Elections for a
Lasting Democracy (SHIELD) Act intended to close loopholes in foreign spending in
U.S. elections as well as improve disclosure and transparency rules.
“The SHIELD Act
closes gaps in the law...
Evolve security automation like the human brain: Part 2
What’s in a Brain?
In my previous blog , I explored how we should approach automation using the Triune Model of the human brain. I broke down how many view our metaphorical brain in three key functional parts: the lizard,...
TA505 debuts Get2 downloader and SDBbot RAT in new phishing campaigns
The cybercriminal group TA505 has developed a new downloader tool and remote access trojan (RAT), both of which were observed in a sequence of phishing campaigns that began this past September.
The downloader, named Get2, has been used in campaigns...
Baltimore belatedly buys cyberinsurance
In what could be the poster child case for closing the barn door
after the horse has left, the Baltimore City Council has approved the purchase
of cyber insurance, six months after the municipality suffered a damaging
ransomware attack.
The Baltimore Sun reported
the...
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app
Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets
Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions.
The developers behind the malicious browser have so far stolen at least $40,000 in...
UC Browser potentially endangers 500 million users
The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk.
UC Browser, which
is available from the Google Play store, was found by Zscaler ThreatLabZ...
US stopped using floppy disks to manage nuclear weapons arsenal
US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef
It's likely the diamondback squid. There's a video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
