Security

Distributed denial of service attacks, in which hackers use a targeted hose of junk traffic to overwhelm a service or take a server offline, have been a digital menace for decades. But in just the last 18 months, the public picture of DDoS defense has evolved rapidly. In fall 2016, a rash of then-unprecedented attacks caused internet outages and other service disruptions at a series of internet infrastructure and telecom companies around the world. Those attacks walloped their victims with floods of malicious data measured up to 1.2 Tbps.

There's a flourishing trade in illicit code-signing certificates, and even extended validation certificates can be purchased for a few thousand dollars.

That's the conclusion of a study by American and Czech researchers, with input from Symantec Labs (the company's technical director Christopher Gates is a co-author).

Researchers have discovered malware so stealthy it remained hidden for six years despite infecting at least 100 computers worldwide.

L33tdawg: The Bicho will be on sale during #HITB2018AMS. Come by and pick yours up!

We’ve all known for a while now that the security of connected cars leaves a lot to be desired. The latest proof of that sad state of affairs comes from Argentinian security researchers and hackers Sheila Ayelen Berta and Claudio Caracciolo.

A team of researchers from Purdue University and the University of Iowa have discovered 10 new attacks against the 4G LTE protocol, which could allow adversaries snoop on messages, deny service, and even track the location of users.

In a whitepaper, the team provides information on LTEInspector, the adversarial model-based testing approach they decided to adopt in this quest, and on the 10 new vulnerabilities they discovered in the protocol, alongside 9 previously known attacks.

Attempts at digital espionage and online political manipulation in Europe are on the rise both in number and in complexity, the Netherlands’ main intelligence agency said Tuesday in its annual report.

Adding its voice to fears around the world of a rise in covert digital influence and espionage, the Dutch General Intelligence and Security Service said in its 2017 report a growing number of foreign powers are using cyber espionage “to acquire information that they use for (geo) political gain.”

A bug in an obscure but widely used email program may be putting as many as 400,000 servers around the world at risk of serious attack until they install an update.

L33tdawg: Want to hack Ethereum smart contracts? This #HITB2018AMS talk has the info you need.

A scan of nearly one million Ethereum smart contracts has identified 34,200 vulnerable contracts that can be exploited to steal Ether, and even freeze or delete assets in contracts the attackers don't own.

Developers of Ethereum, the world's No. 2 digital currency by market capitalization, have closed a serious security hole that allowed virtually anyone with an Internet connection to manipulate individual users' access to the publicly accessible ledger.

In what appears to be a major breakthrough for law enforcement, and a possible privacy problem for Apple customers, a major U.S. government contractor claims to have found a way to unlock pretty much every iPhone on the market.