Security

THE INSECURITY foghorn at security firm ESET has alerted people who bank online that they might be tricked by hackers using Flash shenanigans to trojan their way into finances.

Banking, malware and Flash are three security buzzwords, and a coming together of them is like a plague of locusts. Fortunately the attacks are rather limited in their geographies, according to ESET, and mostly bother customers of large banks in Australia, New Zealand and Turkey.

Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that's being maliciously exploited in the wild.

"These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," Adobe officials wrote in an advisory published Thursday. "Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks." The notice advises Flash users to install the update as soon as possible.

Encrypting digital data shouldn’t be considered a moral issue of good and evil. Rather, it’s a nuanced legal issue that may not be covered under existing law.

That’s one of the takeaways from a discussion about cybersecurity and data with Steve Grobman, the chief technology officer for Intel’s security group. Grobman explained during the Structure Data conference in San Francisco on Thursday that encryption is really just complex mathematics, which makes it a difficult thing to legislate.

The Dridex botnet operators have recently changed the delivery mechanism in their spam campaigns, as well as the payload, to deliver the Locky ransomware, researchers at Trustwave warn.

The security firm has observed a massive spam campaign of over 4 million malware spams, with malware accounting for 18 percent of the total spam detected. A recent blog post from TrustWave's Rodel Mendrez also reveals that the campaign was not continuous, but done it concentrated bursts, with peaks of 200K emails hitting servers in a single hour.

As Snowden taught the NSA, a single insider can obliterate the data security of even the most secretive organizations. Now ISIS may have sprung a Snowden-sized leak of its own, one that could give security agencies fighting the brutal terrorist group some highly useful intelligence.

A software component for encrypting instant messaging clients has a flaw that could let attackers take over users' machines, but there's now a patch for the vulnerability.

The vulnerability is contained in libotr, short for OTR Messaging Library and Toolkit. The up-to-date version is now 4.1.1.

OTR stands for Off-the-Record Messaging. It's a a cryptographic protocol that scrambles messages sent through clients including Pidgin, ChatSecure and Adium. The integer overflow flaw was found by Markus Vervier of the German company X41 D-Sec, which released an advisory.

Making a typo in a tweet that then gets retweeted is bad enough, but imagine how dumb these hackers feel. Reuters reports that hackers broke into Bangladesh's central bank in February and started transferring large sums to accounts in the Philippines and Sri Lanka from an account held at the Federal Reserve Bank of New York.

Boffins from Michigan State University have loaded up an inkjet printer with cartridges designed for printing electronic circuits, and used the output to fool smartphone fingerprint sensors.

All that's needed is a scan of the victim's fingerprint (reversed so it presents the right way when printed), and a suitable inkjet printer loaded up with ink and paper from printed electronics specialist AGIC.

It seems Tesla is set to bump the battery capacity of its Model S sedan up to a hefty 100kWh some time in the near future. We know this thanks to the work of a white-hat hacker and Tesla P85D owner named Jason Hughes. Hughes—who previously turned the battery pack from a wrecked Tesla into a storage array for his solar panels—was poking around in the latest firmware of his Model S (version 2.13.77) and discovered an image of the new car's badge, the P100D.

An Indian white hat hacker from Bengaluru was awarded Rs 1 million (approximately $15,000) after he found a bug in Facebook's login system. Anand Prakash found a security issue that enabled hackers to access a user's photos, message and debit and credit card details.

A security engineer with Indian e-commerce giant Flipkart, Prakash discovered that he could reset any Facebook account's password by brute on beta.facebook.com and mbasic.beta.facebook.com. He also demonstrated the flaw in a video.