The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid switches and public water systems; monitor road traffic in real-time to optimize city...
Read More
We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play. Their...
Read More
Necurs, the world’s largest spam botnet, is currently sending millions of spam emails that push an obscure cryptocurrency named Swisscoin. Such spam emails are known as pump-and-dump, and the technique relies on sending large quantities of spam to drive interest up towards a particular penny stock. Spammers usually buy stock in advance at a low price and sell it at a higher value when the...
Read More
What you don’t see won’t hurt you, must have been the reasoning of the threat actors who created the latest batch of extensions that make these browser hijackers even more difficult to remove. The extensions redirect users away from pages where they can disable or delete them in order to drive clicks up on YouTube videos or hijack searchers. The extensions, which have been found in both Chrome...
Read More
It is no easy feat to recall going through life without the vast variety of mobile devices that are now part of our day-to-day. What is more, it is downright impossible to imagine a future without these devices. Recent times have been marked by a diversity of trends that revolve around flexibility and that have by now become well established: Bring Your Own Device (BYOD), Choose Your Own...
Read More
Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Here’s what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps on the official Android app store. Google Play continues to...
Read More
A new long-running player emerged in the cyber arena, it is the Dark Caracal APT, a hacking crew associated with to the Lebanese General Directorate of General Security that already conducted many stealth hacking campaigns. Cyber spies belonging to Lebanese General Directorate of General Security are behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call...
Read More
Description: A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Impact: A remote attacker could exploit some of these vulnerabilities to obtain...
Read More
Earlier today, Microsoft published the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities and three special security advisories with fixes for Adobe Flash, the Meltdown & Spectre flaws, and a defense-in-depth update for Office applications. This month, things were a little messy. On January 3, Microsoft released an emergency out-of-band security update with fixes for the now infamous Meltdown and Spectre vulnerabilities. That emergency update...
Read More
Wi-Fi is about to get more secure this year with the launch of the new WPA3 protocol, the industry body behind it has announced. The Wi-Fi Alliance — which is comprised of tech stakeholders including Apple, Cisco, Intel, Microsoft and Qualcomm — made the announcement at CES on Monday. When it lands later this year, WPA3 will offer new features to simplify and enhance security for users...
Read More
