Cybersecurity

Safari Full of Security Bugs, According to Google Test

Safari Full of Security Bugs, According to Google Test

Google’s Project Zero team recently used a new security testing toolkit on 5 browsers and found Safari had the most number of flaws. Using Domato, a “fuzzer” that inputs random data into a software application to test for abnormalities, Google engineer Ivan Fratric found that Safari had the worst results out of the 5 browsers that included Chrome, Firefox, Internet Explorer, and Edge. Safari was found to have a total of 17 security bugs after being subjected to 100 million fuzz tests. The team then contacted each browser vendor and gave them a bug report and a copy of the […]

New Android App Can Detect Credit Card Skimmers

New Android App Can Detect Credit Card Skimmers

A new app that can detect credit card skimmers on ATM machines can now be downloaded from the Google Play Store. The Skimmer Scanner, created by Nick Poole, had already been installed 13,500 since Thursday. The app works by detecting Bluetooth modules used in most modern skimmers, which are often set to broadcast its ID. Nathan Seidle of SparkFun said that nowadays, criminals with little knowledge can easily build such cheap skimming devices. The low prices of these devices often make them unsecure, and Seidle adds that setting the ID to constantly broadcast was an obvious design flaw. Poole says […]

Breach Victims Directed to Fake Site by Equifax

Breach Victims Directed to Fake Site by Equifax

After the recent Equifax breach, staff from the credit reporting company had reportedly been advising victims on social media platform, Twitter, to an incorrect web address; securityequifax2017.com, instead of equifaxsecurity2017.com. The website was created by Equifax to support victims of the security breach that compromised the data of around 143 users in the US alone. There is an estimated 100,000 affected citizens in Canada and about 400,000 in the United Kingdom. securityequifax2017.com is a bogus support site created by security researcher Nick Sweeting to demonstrate how easy it is for hackers to pose as legit domains. Sweeting believes that the […]

Large Tech Companies Targeted in CCleaner Malware Attack

Large Tech Companies Targeted in CCleaner Malware Attack

The recent attack on CCleaner is suspected to have been the work of a cyber-espionage group based in China that focuses on a list of large tech companies from the west. Evidence pointed to hacker group Axiom, who has also been called DeputyDog, Hidden Lynx, Tailgater Team, APT17, AuroraPanda, Group 72, or Voho – depending on the security firm. Kaspersky Lab’s Director of the Global Research and Analysis Team, Costin Raiu first identified the relationship between the injected malware in the infected CCleaner app and Axiom. Floxif, the malware embedded in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud […]

Hackers May Use Stolen SEC Data for Inside Trading

Hackers May Use Stolen SEC Data for Inside Trading

The government body regulating the financial sector for the United States, Securities and Exchange Commission (SEC), revealed its systems have been attacked last May. Jay Clayton, SEC Chairman, reported that hackers had breached the agency’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR), which is a database that holds past financial data, future announcements, and company filings. Clayton mentioned that the hackers took advantage of a vulnerability in a test filing component of EDGAR. This enabled the attackers to access to private filings and yet-to-be released news that may affect the market. CEO of web security company High-Tech Bridge, Ilia Kolochenko, […]

Low Cost Tools Lowers Hurdle for Budding Cybercriminals

Low Cost Tools Lowers Hurdle for Budding Cybercriminals

Cybersecurity firm SecureWorks recently reported that the declining cost of cybercrime tools is encouraging a greater number of inexperienced hackers to conduct malicious online activities. In the 2017 State of Cybercrime: Exposing the threats techniques and markets that fuel the economy of cybercriminals, the firm’s Counter Threat Unit reveals that low-level hackers now have easier access to tools such as malware as a service and cheap spam botnets. The report cited a large botnet named Kelihos as an example, which only charged $200 per 1 million emails. SecureWorks also confirmed that personal information is still a popular commodity in the […]

Air-gapped Networks Can Now be Compromised by CCTV Cameras

Air-gapped Networks Can Now be Compromised by CCTV Cameras

Research from an Israeli cybersecurity team has shown that it is possible to infiltrate networks isolated from the Internet and other networks using infrared light from CCTV cameras. Led by Dr. Mordechai Guri, researchers from Ben-Gurion University of the Negev demonstrated an attack called aIR-Jumper where malicious code can be used to establish a bi-directional covert communication that uses IR illumination to transmit data. Attackers can use IR LEDs to send binary data like command and control or beacon messages on top of IR signals to surveillance cameras. The team has previously published their studies on similar attacks such as […]

Swiss Watchdog Cracks Down on Fake Cryptocurrency

Swiss Watchdog Cracks Down on Fake Cryptocurrency

Zurich, Switzerland – Switzerland’s FINMA has recently shut down a provider of fake cryptocurrency called Quid Pro Quo Association which has been able to raise as much as $4.2 million from around a hundred investors. The financial watchdog revealed that the fake “E-coin” the group was offering were stored locally on their servers, unlike real cryptocurrencies such as Bitcoin which uses distributed networks on blockchain technology. FINMA is also investigating around a dozen more fraud cases related to virtual money, and had revealed that it is closely watching three more companies on its list. Source: Reuters

New York Gov Says Credit-Reporting Companies Need to Follow Cyber Rules

New York Gov Says Credit-Reporting Companies Need to Follow Cyber Rules

New York, USA – In a comment made in relation to the Equifax hacking incident last Monday, New York Governor Andrew Cuomo said that credit-reporting firms should be made to comply with state cyber-security regulations. According to Cuomo, he is planning to require the firms to register with the state, otherwise they will be barred from doing business with New York state-regulated companies. He also said that the Equifax incident should serve as a wake-up call, and that the state is raising its standards for consumer protection and will bar credit reporting agencies found to be engaging in unfair, deceptive, […]

New WikiLeaks Release Details Russian Surveillance Apparatus

New WikiLeaks Release Details Russian Surveillance Apparatus

In a move which many say is a deflection of pro-Russia accusations against its founder, a recent release of documents from WikiLeaks claims to detail the surveillance apparatus that the Russian government uses to snoop on mobile and Internet users. Julian Assange is currently facing charges which allege that his organization is a front for Kremlin. The suspicions were reinforced when WikiLeaks released a trove of hacked DNC emails last year. The said documents, mostly in Russian, mentions a company called Peter-Service which has become a major software supplier to the telecoms industry. The company is said to be working […]