Security

The National Security Agency's bulk collection of phone metadata from telecom providers was illegal, a federal appeals court ruled yesterday. The court also found that the phone-metadata collection exposed by former NSA contractor Edward Snowden was not necessary for the arrests of terror suspects in a case that the US government cited in defending the necessity of the surveillance program.

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

When might an Apple malware protection pose more user risk than none at all? When it certifies a trojan as safe even though it sticks out like a sore thumb and represents one of the biggest threats on the macOS platform.

Hacked documents suggest that the FBI is concerned some people may be using Ring or other smart doorbells to watch the police.

The papers describe a 2017 incident where someone remotely watched live footage of police preparing to serve a search warrant. The information was found online by The Intercept among hacked documents.

Ransomware attacks often rely on trojans to infect computers and steal information. Such commodity trojans as Emotet and Trickbot are two of the top players in the game as cybercriminals try to exfiltrate sensitive data that can be held hostage. But as ransomware continues to dominate as a cyberthreat, criminals are increasingly carrying out attacks using Cobalt Strike, an otherwise ethical testing framework. A new report from threat intelligence group Cisco Talos Incident Response (CTIR) describes this trend.

Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.

Multiple vulnerabilities have been detected in the distance vector multicast routing protocol (DVMRP) feature of Cisco IOS XR Software, which runs routers and other network devices. If it exploited they “could allow an unauthenticated, remote attacker to exhaust process memory of an affected device,” the company said.

Lucifer, a botnet using infected Windows devices to mine cryptocurrency, is now affecting Linux-based systems as well.

That's according to the researchers from Netscout's ATLAS Security Engineering & Response Team (ASERT), who claim that the Linux version of Lucifer is as powerful as its Windows counterpart. The malware includes modules for cryptojacking as well as launching UCP, ICMP, TCP and HTTP-based distributed denial-of-service (DDoS) attacks against vulnerable systems.

A vulnerability in Apple’s Web Share API, used to share Safari links through third-party apps, has been publicly disclosed after Apple said it wouldn’t release a fix until Spring 2021.

The Web Share API allows users to share links to elements, such as photos, from the Safari browser through third-party applications, including any email client. A flaw found in this integration, however, could allow a hacker to configure a malicious site to attach system files to an email, in addition to the link being shared.

Hackers linked to North Korea have used LinkedIn as part of a major heist to steal cryptocurrency, new research has revealed.

The notorious Lazarus Group, which was behind the 2014 cyber attacks on Sony, carried out an attack against a cryptocurrency organisation using a tailored job advert posted to the professional social network.

In 2018, researchers from security firm Kaspersky Lab began tracking “DeathStalker,” their name for a hacker-for-hire group that was employing simple but effective malware to do espionage on law firms and companies in the financial industry. Now, the researchers have linked the group to two other pieces of malware including one that dates back to at least 2012.