Month: August 2017

August 30th, 2017  By Ankit Gupta     What if I tell you that there are big companies out there in the market whose names you are yet to hear, but they know you very well, in fact, more than what you can think of.   They are termed as Data Brokers, and their job… Continue reading Why do companies collect, sell, buy or store personal data

August 30th, 2017  By Chris Bing   A series of covert backdoor implants were secretly installed over the last year on dozens of computers used by embassies and foreign ministries across Southeast Europe and former Soviet states, according to new research published by cybersecurity firm ESET.   The malicious software was sent to victims through… Continue reading Researchers uncover maze of hidden backdoors in European embassy and ministry systems

August 30th, 2017  By Chris Brook     Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware.   The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability (CVE-2017-12734) that could let an attacker hijack… Continue reading Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

August 30th, 2017  By Tom Spring     A second wave of the Locky ransomware variant called IKARUSdilapidated has been identified by security experts. The source of the ransomware is a botnet of zombie computers coordinated to launch phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction… Continue reading New Locky Variant ‘IKARUSdilapidated’ Strikes Again

August 30th, 2017  By Kelly Sheridan     A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.   Cybercriminals go where the users are. Office 365, which has more than 100 million active monthly subscribers, has become a hotspot for compelling and personalized cyberattacks. Users trust emails… Continue reading Office 365: A Vehicle for Internal Phishing Attack

The spambot has collected millions of email credentials and server login information in order to send spam through “legitimate” servers, defeating many spam filters.   August 29th, 2017  By Zack Whittaker   (Image: file photo)   A huge spambot ensnaring 711 million email accounts has been uncovered.   A Paris-based security researcher, who goes by… Continue reading 711 million email addresses ensnared in “largest” spambot

by Chris Brook     The lack of security in commercial drones has been well documented, but one Chinese manufacturer is working to fix that by incentivizing researchers who can poke holes in the software its drones run on. One of the largest unmanned aerial vehicle manufacturers, Dà-Jiāng Innovations Science and Technology (DJI), announced Monday… Continue reading DJI Launches Drone Bug Bounty Program

by Michael Mimoso   Shortly after the Mirai attacks, Johannes Ullrich of the SANS Internet Storm Center (ISC) decided to try a little experiment. He put a security camera DVR online—a poorly secured one with default credentials—and observed how long it would take to become infected, and how often. He wasn’t disappointed. Ullrich said last… Continue reading Telnet Credential Leak Reinforces Bleak State of IoT Security

August 29th, 2017  By Filip TRUTA     Advertising on the web has taken many forms over the years, with one recent type of ad proving extremely profitable for ad networks and publishers, as well as fraudsters: app install advertising.   App install advertising offers developers and publishers an efficient, albeit costly, way to promote… Continue reading App install fraud a $300 million business – analysis

See Also – Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet   August 29th, 2017  By Warwick Ashford   Google has axed around 300 Play Store apps after security researchers revealed the apps were hijacking Android devices to carry out DDoS attacks   Security researchers have discovered that hundreds of seemingly benign… Continue reading Google removes Play Store apps used in WireX DDoS botnet