Hacking

Google to Drop Trust For WoSign in September
Hacking, Privacy

Google to Drop Trust For WoSign in September

Google has finalized its plan to remove trust in Chrome for all certificates issued by Chines CA WoSign, a result of the certificate authority run afoul of the intricate rules that govern CAs. As far back as 2015, officials began noticing certificates issued by WoSign that had one or more […]

U.S., European Law Enforcement Take Down AlphaBay Dark Web Market
Hacking

U.S., European Law Enforcement Take Down AlphaBay Dark Web Market

Authorities in the United States and Europe have shut down two huge criminal marketplace operating on the dark web, one of which officials say was responsible for more than $1 billion in illicit transactions in the last three years. The investigations into the AlphaBay and Hansa marketplaces have been going […]

GhostCtrl Android Malware Hijacks Audio, Roots Devices
Device Security, Hacking

GhostCtrl Android Malware Hijacks Audio, Roots Devices

A recently discovered piece of Android malware called GhostCtrl apparently evolved from the well-known OmniRAT tool for desktop platforms and has the ability to steal or delete a wide variety of user and device data. GhostCtrl has an interesting pedigree and history. The backdoor is connected to a data-stealing worm known […]

New Data Shows Attackers Focusing More Attention on iOS
Hacking

New Data Shows Attackers Focusing More Attention on iOS

A new report released this morning by Skycure shows that attackers are beginning to focus more and more of their attention on iOS, even as attacks on Android are leveling out . This would be the first time in iOS’s 10 year history that attacks on that platform have outpaced that of its main […]

Cisco Fixes Remote Code Execution Flaw in WebEx Extensions
Hacking

Cisco Fixes Remote Code Execution Flaw in WebEx Extensions

Cisco has patched a serious remote code execution flaw in its WebEx extensions for both Google Chrome and Mozilla Firefox, a bug that could be exploited quite easily. The vulnerability affects several different browser extensions produced by WebEx, including the Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, […]

Attackers Compromising Fresh WordPress Installs
Hacking

Attackers Compromising Fresh WordPress Installs

Attackers are scanning for new WordPress installations that haven’t been configured yet and compromising them and then using that access to take over entire sites. The attacks have been going on since May and researchers have seen many IP addresses that typically are engaged in other attack campaigns joining in this […]

Congressmen Seek to Outlaw Cyber Intel Sharing With Russia
Hacking

Congressmen Seek to Outlaw Cyber Intel Sharing With Russia

A group of House Democrats has introduced a bill that would formalize a policy of the United States not sharing cyber intelligence with Russia. The proposed law is a direct response to comments President Donald Trump made earlier this week after he met with Russian President Vladimir Putin. After the […]

Verizon Says Data Breach Exposure Limited
Hacking, Identity, Privacy

Verizon Says Data Breach Exposure Limited

Verizon has acknowledged that millions of customer records, including phone numbers and account PINs, were exposed in a misconfigured cloud database, but says no one aside from a security researcher accessed the data. The data was in an Amazon cloud bucket administered by a third-party vendor used by Verizon in […]

Tens of Thousands of Machines Still Open to EternalBlue Bug
Device Security, Hacking

Tens of Thousands of Machines Still Open to EternalBlue Bug

Weeks after the WannaCry and NotPetya ransomware campaigns emerged and months after Microsoft released a patch for the vulnerability the two pieces of malware used to spread, more than 60,000 machines are still vulnerable to the bug. The vulnerability, which lies in Microsoft’s implementation of the SMB protocol, has been […]

Android Ransomware Threatens to Leak Victim Data
Device Security, Hacking

Android Ransomware Threatens to Leak Victim Data

The attacker community is continuing to expand the variety of ransomware strains it creates, including a recent variant that doesn’t encrypt victims’ files but instead threatens to send personal data and photos to their contacts. Researchers at McAfee discovered this ransomware variant buried within a couple of apps in the […]