Security

Apple's new iPhones launch this week, and unlike last year, every one of the new devices comes equipped with the TrueDepth sensor array originally found in the iPhone X. Most consumers who are interested in Apple's products know that piece of technology drives Face ID (an authentication method by which you log into your phone just by showing it your face) and Animojis, those 3D animated characters in Messages that follow your facial expressions.

A new botnet captured the attention of security researchers through its harmless behavior and the use of an original communication channel with its command and control server.

Fbot is a peculiar variant of Mirai that preserves the original DDoS module but does not appear to use it. This is not the oddest thing yet because its purpose at the moment is to search for devices infected with a cryptomining malware and clean them.

Tenable Research disclosed a pair of vulnerabilities in NUUO's Video Recorder Software which allow attackers to execute code remotely in NUUO-based IoT video surveillance systems, giving access to video feeds and recordings.

The remote code execution vulnerability has been named Peekaboo, hinting at some of the possible uses hackers could give it after compromising NUUO video surveillance IoT networks.

The modern world is so hooked up to online services that when guests come around, “How ya doing?” will probably be followed by “What’s your Wi-Fi password?” But the hospitable host probably doesn’t realize that revealing this information could pose a network security risk.

For example, guests might accidentally download a malicious program or connect an already infected phone or laptop to the network. Many pieces of malware are able to spread themselves over a local network, and if an infected device is connected to your Wi-Fi, it will try to contaminate everything in its range.

"The chilling reality of cold boot attacks" is the title of a video posted by F-Secure on Thursday. The chilling reality is that savvy security mischief-makers can still perform the attacks, as two researchers learned recently.

Here is a show of industry effort in the past, though. Computer firmware has carried measures to guard against cold boot attacks that essentially are seeking to grab sensitive data from high value computers.

Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure. First documented in 2008, cold boot attacks depend on the ability of RAM to remember values even across system reboots. In response, systems were modified to wipe their memory early during the boot process—but F-Secure found that, in many PCs, tampering with the firmware settings can force the memory wipe to be skipped, once again making the cold boot attacks possible.

We’ve seen quite a few articles out there telling you to Beware! if you use the Safari browser, because Attackers Can Spoof URLs!

This sounds like a serious issue, worthy of the boldfaced exclamation points we’ve used above, and here’s why.

We’re pleased to announce the first ever HackInTheBox Armory! The HITB Armory is where you can showcase your security tools to the world. You will get 30 minutes to present your tools onstage, and an exhibit area to conduct demonstrations for up 3 hours per day! The event is organized by HITB in collaboration with ToolsWatch and Opposing Force.

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools.

On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

Security researchers have independently found apps "exfiltrating" data to servers without the user's knowledge, all of which were available to download from Apple's Mac App Store. Each of the apps managed to get past Apple's submission process for the store and were available to download alongside other legitimate apps.