A remote access trojan (RAT) is using Dropbox for command and control in a targeted attack against the Taiwanese Government, malware analyst Maersk Menrige says.
The upgraded PlugX RAT is the first targeted attack to use Dropbox to update command and control settings, Menrige said, as distinct from other malware and ransomware which used the popular cloud storage platform to fling malicious files at victims.
Based on some recent experience, I'm of the opinion that smartphones are about as private as a gas station bathroom. They're full of leaks, prone to surveillance, and what security they do have comes from using really awkward keys. While there are tools available to help improve the security and privacy of smartphones, they're generally intended for enterprise customers. No one has had a real one-stop solution: a smartphone pre-configured for privacy that anyone can use without being a cypherpunk.
Several key technology vendors are yet to fully patch against the OpenSSL cryptographic library used to secure networked communications, a leading Australian security researcher has warned.
The Heartbleed vulnerability in OpenSSL, first revealed to the public in April this year, makes it possible for attackers to tap into what was thought to be secure, encrypted communications unnoticed.
There is concern over the pond that former top spook General Keith Alexander might be making a fortune selling state secrets to private companies.
If the allegations are true, then it throws into question why it is appropriate for an American to sell state secrets to private enterprise, but lock up those who reveal them as a whistleblower.
Alexander was the number one enemy of Edward Snowden who blew the whistle on his organisations spying efforts. After he quit as the head of the NSA and U.S. Cyber Command, Alexander has launched the consulting firm IronNet Cybersecurity.
Microsoft will suspend a 12 year-old email mailing list that offers news of security updates, in a decision possibly tied to tougher Canadian anti-spam laws.
As of July 1st 2014, sysadmins and infosec bods will get their news from a Redmond RSS feed to receive update of new Microsoft security alerts.
"As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce [security bulletins and notifications]," the email read.
Researchers have warned of a vulnerability present on an estimated 86 percent of Android phones that may allow attackers to obtain highly sensitive credentials, including cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices.
Newly released research has uncovered several hundred command-and-control servers across more than 40 countries powering controversial spyware sold to governments and law enforcement.
In addition, researchers found that the legal malware of Italian company HackingTeam is capable of spying on, and stealing data from, users of Android and Apple iOS devices. While suspected, such capabilities had not been proven previously.
The rise of the internet has given rise to a new battlefield. Whether across the country or across the world, hackers work to penetrate the digital defenses of nations, corporations, organizations and individuals.
With hackers attacking almost every government body, institution and business, organisations have to do more than hide behind technology -- they have to invest in people too, from the server room to the boardroom. That's the message from cybX, a new cybersecurity training scheme in North Yorkshire.
Cybx is a simulator for an organisation's technical staff to run through mock cyber attacks -- a sort of boot camp for those in the front line of cybersecurity. cybX begins its first mini training exercise next week, and full courses start at the beginning of August.
It’s important to secure your wireless network with WPA2 encryption and a strong passphrase. But what sorts of attacks are you actually securing it against? Here’s how attackers crack encrypted wireless networks.
This isn’t a “how to crack a wireless network” guide. We’re not here to walk you through the process of compromising a network — we want you to understand how someone might compromise your network.
