Blog: In The News
You are here: Home \ Blog
The default implementation for KeyStore, the system in Android designed to store user credentials and cryptographic keys, is broken, researchers say. In a an academic paper published this week, researchers argue that the particular encryption scheme that KeyStore uses fails to protect the integrity of keys and could be exploited to allow an attacker to modify...
An advanced persistent threat tied to Southeast Asia and the South China Sea is targeting governments and entities around the world including the U.S. The attacks are unique, according to security experts, because the perpetrators are relying nearly 100 percent on computer code copied-and-pasted from sources on the web. Cymmetria Research, which discovered the APT...
Researchers have linked a variant of the Pirrit adware for Mac OS X to an Israeli online marketing company called TargetingEdge that is still in stealth mode. Amit Serper, lead Linux and Mac OS X researcher at Cybereason, said that script he wrote to remove the original version of Pirrit from compromised machines had recently...
The frail world of the Android ecosystem has taken some hits in the past week with the disclosure of a full disk encryption bypass vulnerability and the arrival of the HummingBad malware. The FDE bypass highlighted the need to keep Android patch levels current, but as Duo Labs statistics point out, that remains a struggle...
Top router firm TP-Link has lost control of two key top level domains accessed by millions of consumers and small businesses each month. The domains, which are used to configure the company’s routers, have expired and been resold to domain name brokers who are actively seeking buyers. Security experts say the domains are at risk...
The remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies, researchers said. In emails purporting to be order requests coming from either spoofed or fake return addresses, attackers are spreading malicious .jar, or Java archive files. Assuming a user clicks through and opens the file, Adwind’s...
Think hackers use advanced malware and mysterious tools once they have infiltrated a network? According to security startup LightCyber, most attackers use the same mainstream security tools the good guys use, only for lateral movement, network mapping and remote control of endpoints. Of course, tactics for penetrating the network include tried-and-true techniques such as malware,...
A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with...
The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware. The campaign has been a bit of chameleon since it was disclosed in March 2015 by researchers at Sucuri. The latest bit of its shape shifting involves...
The same group of cybercriminals behind a strain of iOS malware uncovered last year have apparently diversified and now dabble in Android malware. The group, dubbed Yingmob, has been running a malware campaign named HummingBad that controls 10 million Android devices globally and rakes in $300,000 a month, researchers said on Friday. According to researchers...
... 184185186187188189190191192 ... 198 ... 207 ... 216 ... 225 ... 234 ... 243 ... 252 ... 261 ...