A criminal gang recently found an effective way to spread malware that drains online bank accounts. According to a blog post published Monday, they bundled the malicious executable inside a file that installed a legitimate administrative tool available for download.
Malware hyped as aimed at the heart of power plants is nothing of the sort according to security outfit Damballa, which has put its name to analysis claiming the "SFG" malware is run-of-the-mill code without sufficient smarts to target SCADA systems.
The so-called SFG malware is the spawn of Furtim, and hit headlines as targeting industrial control systems when all it does is creates backdoors for regular data exfiltration and payload dropping.
True mobile security is hard to come by these days, as a new study on fitness trackers and smartwatches makes clear. AV-Test Institute put seven Android wearables and the Apple Watch to the test and concluded that "some manufacturers are continuing to make disappointing errors."
The long-awaited response from internet engineers to Edward Snowden's revelations of mass surveillance by the US government has been launched in Berlin.
The CrypTech project launched an alpha prototype of its open-source crypto-vault at the 96th meeting of the Internet Engineering Task Force (IETF), and held a two-day workshop prior to the meeting to walk a closed group of net nerds through it.
The latest branded vulnerability, "httpoxy," comes complete with a website and Twitter feed -- but this time, experts say, researchers performed the disclosure responsibly.
The researchers discovered that the httpoxy vulnerabilities have been described many times since as early as 2001 and found in apps written with PHP, Python and Go, and could potentially be common in other programming languages. The httpoxy vulnerabilities don't allow remote code execution, but they do enable man-in-the-middle (MiTM) attacks against vulnerable web services.
Saturday, at around 2 PM, Pokemon GO servers experienced a prolonged downtime that affected all game infrastructure, thanks to a DDoS attack carried out by the relatively new PoodleCorp hacking crew.
As most DDoS attacks against gaming targets, the hackers weren't really focused on crashing the servers or extorting the company, but more about getting a reaction from the annoyed gamers, which didn't fail to arrive, on Reddit and Twitter, and with a lot of vitriol.
Hackers claiming to be Chinese, have defaced official government portals for two local government units (LGUs) from the Philippines.
Authorities noticed the incidents on Saturday, July 16. The two affected LGUs are for the cities of Loon and Panglao, in the Philippines' Bohol region, on the Island of Bohol. At the time of writing, the Panglao website has been taken down for maintenance, while the Loon portal still shows the defacement message, which reads:
Belgian security researcher Arne Swinnen found an inventive way to steal money from companies like Facebook (through the Instagram service), Google, and Microsoft, using their 2FA voice-based token distribution systems.
Most companies that deploy 2FA (Two-Factor Authentication) send short codes via SMS to their users. Optionally, if the user chooses to, he can also receive a voice call from the company as well, during which a robot operator speaks the code out loud.
L33tdawg: If you're interested in ATM security, you'll want to keep an eye on this talk at #HITBGSEC next month
Badware purveyors trying to capitalize on the ongoing Pokémon Go frenzy have achieved an important milestone by sneaking their fake wares into the official Google Play marketplace, security researchers said Friday.
