cybersecurity

February 26, 2019

DEVCON has been following a group of malvertisers that are moving to more sophisticated attacks to hide their payloads. DEVCON’s research team has uncovered at least one group distributing malicious AD payloads via polyglot exploits. Polyglot exploits are unique in that the file can be an image AND JavaScript at the same time!

February 22, 2019

The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future. It is just over a year since the Meltdown and Spectre flaws were first disclosed. Spectre is a hardware vulnerability that affects microprocessors that can potentially be exploited by malware, which can infiltrate data being processed by the CPU.

February 21, 2019

Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China.

February 21, 2019

Cyber thieves are ramping up their use of malicious codes on e-commerce sites as a way to steal credit card information from consumers, according to a report released Wednesday. Symantec's annual Internet Security Threat Report said that in 2018 hackers turned to what's known as "formjacking" in order to "steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites." To achieve that, they used malicious JavaScript code, researchers found.

February 19, 2019

Nineteen minutes. That’s how long the average victim of a Russian state-sponsored hacking group has to react before the initial penetration of a network becomes wider access, theft, and destruction, according to data published today by computer security company CrowdStrike.

February 19, 2019

A massive database for 2,565,724 people -- with names, ID card number, expiration date, home address, date of birth, nationality, gender, photograph, employer and GPS coordinates of locations -- was left online without authentication, according to a report from ZDNet. Security researcher Victor Gevers, who found the database, told ZDNet that over a 24-hour period, a steady stream of nearly 6.7 million GPS coordinates was recorded, which means the database was actively tracking Uyghur Muslims as they moved around Xinjiang province in China.

February 13, 2019

It’s a foregone conclusion that app makers will get at least some data on how you use their product. How much data do you really expect, though? Maybe which buttons you tap or the length of sessions? According to TechCrunch and analytics company App Analyst, some popular iPhone apps are getting much more. They basically see everything you do in real time, even sensitive information like passwords and credit card numbers.

February 13, 2019

China and Russia are likely building high-powered lasers that can shoot down US satellites, according to a new Pentagon report. Both countries are developing an arsenal of anti-satellite weaponry including missiles, cyber attacks, and "directed energy weapons," according to the US Defense Intelligence Agency.

February 11, 2019

The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.

February 04, 2019

Senior U.S. officials and experts say the United States needs to rally allies to pressure China to prevent it from stealing advanced technology through cyber espionage. At the same time, key American lawmakers are questioning the readiness and capacity of the U.S. to counter such threats.

Pages