by CIRT Team
The State of IoT (In)Security [source: tripwire]
The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid switches and public water systems; monitor road traffic in real-time to optimize city...
Read More
by CIRT Team
GhostTeam Adware can Steal Facebook Credentials [source: trendmicro]
We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play. Their...
Read More
by CIRT Team
Largest Spam Botnet-Pumping & Dumping Obscure Cryptocurrency[bleepingcomputer]
Necurs, the world’s largest spam botnet, is currently sending millions of spam emails that push an obscure cryptocurrency named Swisscoin. Such spam emails are known as pump-and-dump, and the technique relies on sending large quantities of spam to drive interest up towards a particular penny stock. Spammers usually buy stock in advance at a low price and sell it at a higher value when the...
Read More
by CIRT Team
New Chrome and Firefox extensions block their removal to hijack browsers[malwarebytes]
What you don’t see won’t hurt you, must have been the reasoning of the threat actors who created the latest batch of extensions that make these browser hijackers even more difficult to remove. The extensions redirect users away from pages where they can disable or delete them in order to drive clicks up on YouTube videos or hijack searchers. The extensions, which have been found in both Chrome...
Read More
by CIRT Team
Are mobile devices insecure by nature? [source: welivesecurity]
It is no easy feat to recall going through life without the vast variety of mobile devices that are now part of our day-to-day. What is more, it is downright impossible to imagine a future without these devices. Recent times have been marked by a diversity of trends that revolve around flexibility and that have by now become well established: Bring Your Own Device (BYOD), Choose Your Own...
Read More
by CIRT Team
Infosec expert viewpoint: Google Play malware [source: helpnetsecurity]
Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Here’s what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps on the official Android app store. Google Play continues to...
Read More
by CIRT Team
Dark Caracal APT – Lebanese intelligence is spying on targets[source: securityaffairs]
A new long-running player emerged in the cyber arena, it is the Dark Caracal APT, a hacking crew associated with to the Lebanese General Directorate of General Security that already conducted many stealth hacking campaigns. Cyber spies belonging to Lebanese General Directorate of General Security are behind a number of stealth hacking campaigns that in the last six years, aimed to steal text messages, call...
Read More
by CIRT Team
Microsoft January Patch Fixes 56 Security Issues, Including a 0-Day [source: bleepingcomputer]
Earlier today, Microsoft published the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities and three special security advisories with fixes for Adobe Flash, the Meltdown & Spectre flaws, and a defense-in-depth update for Office applications. This month, things were a little messy. On January 3, Microsoft released an emergency out-of-band security update with fixes for the now infamous Meltdown and Spectre vulnerabilities. That emergency update...
Read More
by CIRT Team
WPA3 Set to Secure Public Wi-Fi Networks in 2018 [source: infosecurity-magazine]
Wi-Fi is about to get more secure this year with the launch of the new WPA3 protocol, the industry body behind it has announced. The Wi-Fi Alliance — which is comprised of tech stakeholders including Apple, Cisco, Intel, Microsoft and Qualcomm — made the announcement at CES on Monday. When it lands later this year, WPA3 will offer new features to simplify and enhance security for users...
Read More
by CIRT Team
Internet of Things In Healthcare – What to Expect in 2018? [source: tripwire]
We are heading into an era which embraces the Internet of Things (IoT), artificial Intelligence (AI), and machine learning (MI) that have immensely overturned the tech world. With particular reference to IoT, it has profoundly impacted global commerce and lifestyle. If this existing pace remains consistent, then it wouldn’t be onerous to predict the trends that we might witness in the upcoming year. According to the predictions by Forecast, IoT is just...
Read More
