A recent report shows that Android has a cryptocurrency scam problem. These apps claim to help you mine Bitcoin “in the cloud.”
The apps work by offering a virtual dashboard that lets you monitor the cryptocurrency mining rate. The same dashboard shows you how much virtual coin has been generated. However, Lookout examined the computer code in the apps along with the network traffic, and found the coin balance displayed was actually fictitious.
Kaspersky Password Manager was caught creating weak passwords that were easy to brute force attack.
We will first see an example of a good password generation method, to explain after why the method used by Kaspersky was flawed, and how we exploited it. As we will see, passwords generated by this tool can be bruteforced in seconds.
After a bit less than two years, this vulnerability has been patched on all versions of KPM. Vulnerability has been assigned CVE-2020-27020.
The REvil hacking team is back with new malware. Brand new, still developing, but their ransomware called “Tsunami” is wreaking havoc.
The software in question, Kaseya VSA, is popular among so-called managed service providers, which provide IT infrastructure for companies that would rather outsource that sort of thing than run it themselves. Which means that if you successfully hack an MSP, you suddenly have access to its customers. It’s the difference between cracking safety deposit boxes one at a time and stealing the bank manager’s skeleton key.
Margrethe Vestager, the European Commission’s VP for technology, says that Apple shouldn’t use privacy and security to limit competitors.
On Thursday, U.S. and British authorities said that Russia’s military spy agency is using VPNs and Tor to attack governments and private sector targets.
The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations.
The Russian Embassy in Washington did not immediately return a message seeking comment. Russian officials routinely reject allegations that they employ hackers to spy on rival nations.
Twitter announced on Wednesday that it will let people use a security key as their only form of two-factor authentication.
Today, we’re adding the option to use security keys as your sole 2FA method — meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method. We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us.
File encryption app Cryptomator is readying a major 2.0 upgrade and interested users can test the beta within Apple’s TestFlight app on iOS.
Hackers are selling the personal information of over 700 million LinkedIn users. Here are the data types that were leaked:
Email Addresses; Full names; Phone numbers; Physical addresses; Geolocation records; LinkedIn username and profile URL; Personal and professional experience/background; Genders; Other social media accounts and usernames
On June 22nd, a user of a popular hacker forum advertised data from 700 Million LinkedIn users for sale. The user of the forum posted a sample of the data that includes 1 million LinkedIn users.
Andrew Orr joins host Kelly Guimont for Security Friday news and updates, including a massive data breach, and how to import/export passwords.
A database owned by Dreamhost was found unsecured and publicly accessible online. It contained 814 million entries of exposed usernames, display names, and emails for WordPress accounts.
The exposed log files contained what appears to be 3 years of records that range from 3/24/2018 to 4/16/2021 and each contained information about WordPress accounts hosted or installed on DreamHost’s server and their users. On May 4th a DreamHost representative acknowledged the discovery and informed us that the finding was being passed on to their legal team.
Update: DreamHost reached out to say that none of those records contain data that would have allowed access to DreamHost accounts. They consist entirely of entries that include object update records, error reports, and log entries. Data from just 21 individual websites were involved. More information can be found on its website.
Instructions for iPhone cracking tool GrayKey have surfaced online and it appears they were written by the San Diego Police Department.
Cryptee announced version 3.1 to the document editor for its encrypted cloud platform. The UI has been redesigned for mobile users.
Tutanota is an end-to-end encrypted email service and its desktop clients exit beta after two-and-a-half years.
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, including a way to obliterate that iPhone data once and for all.
Andrew Brandt reports on a new malware campaign that isn’t like your typical malware. This one blocks people from accessing many popular pirating websites.
We weren’t able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload.
Looks like this is aimed more towards Windows users. The malware takes the form of .EXE executables, and may display a message saying the victim is missing an important .DLL file.
In the third episode of Kernel Panic, Mashable tells the story of one of the first virtual assistants known as BonziBuddy.
Behind the facade of that friendly gorilla, Bonzi Software, the company responsible for BonziBuddy, was collecting private information and contacts from the unsuspecting internet users who downloaded it — and bombarding them with ads and pop-ups that Bonzi would profit from.
Harry Potter and the Curse of Bonzi. If you ever downloaded this purple ape and noticed strange things start to happen, let us know in the comments. Maybe your browser was full of ads, or maybe he whispered into your ear at night, encouraging you to commit securities fraud.
CVS Health recently leaked approximately one billion user records that include email addresses, user IDs, and metadata. The information was discovered in a non-password protected database.
CVS Health acted fast and professionally to secure the data and a member of their Information Security Team contacted me the following day and confirmed my findings and that the data was indeed theirs. I was informed that this was a contractor or vendor who managed this dataset on behalf of CVS Health, but it was confidential as to who the vendor was.
Over the weekend, Nikita Mazurov for The Intercept reminds us that a good way to wipe our iDevices is to drill a hole through it.
If you can’t access your device, the most careful approach to wiping it is to destroy the flash memory chip that houses your data. This way you don’t have to lose sleep if you didn’t use a strong passcode, or worry about a forensics vendor being able to recover any of your personal information.
The team behind the SolarMarker malware have been loading it into PDFs and using web search to trick people into downloading them.
Electronic Arts is the latest company to have information stolen in a data breach. It includes the source code for FIFA 21, the Frostbite engine, and proprietary frameworks and SDKs.
We are investigating a recent incident of intrusion into our network where a limited amount of game source code and related tools were stolen. No player data was accessed, and we have no reason to believe there is any risk to player privacy.
Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business. We are actively working with law enforcement officials and other experts as part of this ongoing criminal investigation.
On Friday, McDonald’s revealed it was the victim of a recent data breach, in which some customer information was stolen.
On Thursday, meat supplier JBS said it paid US$11 million after ransomware attack stopped its operations.
In consultation with internal IT professionals and third-party cybersecurity experts, the company made the decision to mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.
I wonder if the FBI will recover this ransom as well, like the Colonial Pipeline money.
In one of Apple’s videos dedicated to developers, the company revealed a new feature that wasn’t mentioned in the WWDC 2021 keynote.
Fujifilm was hit by a ransomware attack last week but refuses to pay the ransom. Instead, it’s working to restore its servers with backups.
On 4 June it confirmed a ransomware attack was affecting a “specific network” in Japan and that it shut down “all networks and server systems” while it investigated the “extent and scale” of the attack.
Fujifilm said it would not comment on the amount demanded by the ransomware gang. The company has started bringing its network, servers, and computers in Japan “back into operation” and is aiming to be fully up and running “this week”. It has also restarted some product deliveries, which were particularly hard hit by the cyberattack.
