In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
Developers' enthusiasm for sharing code saves their colleagues' time, but also means they share security bugs they haven't noticed. And that means a smart attacker could follow who's shared what with whom to trawl the Web for vulnerabilities.
That sobering idea comes from a group of German researchers with help from Trend Micro. Their straightforward reasoning: if they were able to find recurrent Web application vulnerabilities in reused code snippets, it won't be difficult for black hats to do the same.
There's a new zeroday attack in the wild that's surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.
Late Friday night and early Saturday morning, hackers set off 156 emergency sirens in and around the city of Dallas, Texas. According to The Dallas Morning News, the sirens began blaring shortly before midnight on Friday and were shut off and reactivated "more than a dozen times" before emergency workers shut the system down entirely at around 1:20am on Saturday morning, after confirming that there was no actual emergency and that it wasn't the result of some benign malfunction.
When facial recognition was introduced to Android, it was quickly discovered that the feature was merely a novelty because it was easily bypassed using a photo of the person who owns the device. Fast forward to today, and we’re sure many are wondering if Samsung has somehow found a way to fix that with the Galaxy S8.