Month: August 2017

On the Wire Podcast: Mike Mimoso
Podcast

On the Wire Podcast: Mike Mimoso

Dennis Fisher speaks with Mike Mimoso of Threatpost about the arrest of security researcher Marcus Hutchins in connection with the Kronos banking trojan, the effect that the incident could have on the cooperation between researchers and law enforcement, and what else may come out of the AlphaBay dark wen market […]

Petition Asks Supreme Court to Review Section 702 Surveillance
Privacy

Petition Asks Supreme Court to Review Section 702 Surveillance

Privacy advocates are asking the United States Supreme Court to review the section of the Foreign Intelligence Surveillance Act that allows the NSA to collect massive amounts of electronic communications, including some belonging to Americans. In a petition filed this week, the EFF urged the country’s highest court to look […]

Mamba Ransomware Pokes Its Head Back Up
Device Security, Hacking

Mamba Ransomware Pokes Its Head Back Up

The ransomware that wreaked havoc on San Francisco’s Muni mass transit system last Thanksgiving has resurfaced and is infecting enterprises in several countries around the world. The Mamba ransomware used in these attacks isn’t one of the big-name variants like Cryptolocker or Petya, but it has the potential to cause […]

Microsoft Will Drop Trust For WoSign Certificates
Authentication

Microsoft Will Drop Trust For WoSign Certificates

Microsoft is following the lead of Google, albeit quite slowly, and removing trust for certificates issued by Chinese CAs WoSign and StartCom in its products. The decision is a result of the companies issuing some certificates in 2015 and 2016 that violated rules established by the CA/Browser forum. Specifically, researchers […]

10 Critical Remotely Exploitable Bugs Patched in Android
Device Security

10 Critical Remotely Exploitable Bugs Patched in Android

Google has released fixes for a long list of vulnerabilities in Android, including 10 critical flaws that could lead to remote code execution. All of the critical vulnerabilities fixed in Android’s August security update are in the operating system’s media framework. Google doesn’t provide many details about the vulnerabilities fixed […]

Digital StillCamera
Phone Fraud, Social Engineering, Vishing

Tech Support Scammers Turn to Spam

Criminals who run fake tech support scams are expanding their range of tactics, and now are using spam messages to push victims to their scam sites. Historically, these schemes have been run through two main channels: phone calls or malicious online ads. Victims who visit sketchy sites containing malicious ads […]