29th November 2017 By Bradley Barth Out of 90 studied cryptocurrency mobile apps, 84.6 percent of the apps were determined to contain at least two high-risk vulnerabilities, while 84.3 percent were found with three medium-sized flaws. A study of 90 cryptocurrency mobile applications available on Google Play found that 90 percent of them… Continue reading Study: 90 percent of top cryptocurrency apps carry security and privacy risks
Month: November 2017
New Custom RAT Hits Targets in East Asia
By Ionut Arghire on November 29, 2017 A newly discovered custom remote access Trojan (RAT) has been used in attacks on personnel or organizations related to South Korea and the video gaming industry, Palo Alto Networks reveal. Called UBoatRAT, and distributed through Google Drive links, the RAT obtains its command and control (C&C)… Continue reading New Custom RAT Hits Targets in East Asia
Radio Shack robbery to have huge consequences for location privacy
29th November 2017 By Lisa Vaas The time has come, finally, after years of confusion, to iron out what kind of privacy – if any – Americans can expect with regards to their phones’ location data. The Supreme Court today will take up a slew of questions that arise from the modern… Continue reading Radio Shack robbery to have huge consequences for location privacy
Bitcoin Gold (BTG) dev team warns its users about a security breach
November 29, 2017 By Pierluigi Paganini The development team of the Bitcoin Gold (BTG) cryptocurrency is warning all users users about a security breach involving its Windows version of wallet app The development team of the Bitcoin Gold (BTG) cryptocurrency is warning all users users about a security breach involving the official Windows wallet application offered… Continue reading Bitcoin Gold (BTG) dev team warns its users about a security breach
Recently Patched Dnsmasq still affect Siemens Industrial devices
November 29, 2017 By Pierluigi Paganini Siemens published a security advisory to confirm that four of the seven Dnsmasq vulnerabilities affect some of its SCALANCE products In October, Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package. From the authors’ website, “Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot.” In practice, the… Continue reading Recently Patched Dnsmasq still affect Siemens Industrial devices
Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
November 28, 2017 | by Abhay Vaish, Sandor Nemes Introduction TLS (Thread Local Storage) callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and can allow… Continue reading Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection
Pro tip: You can log into macOS High Sierra as root with no password
Apple, this is bad – like Windows 95 bad 28th November 2017 By Shaun Nichols A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box… Continue reading Pro tip: You can log into macOS High Sierra as root with no password
Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers
Keep your money, says chap (tho Chinese drone firm did patch ’em right quick) 28th November 2017 By Gareth Corfield Hello, this is 2014 calling, we’ve resurrected an OLD bug Updated Chinese drone-maker DJI’s bug bounty programme has been struck with fresh controversy after a security researcher claimed he was offered… Continue reading Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers
ICOs: The Lawless Land of Cryptocurrency Fundraising
By AFP on November 28, 2017 From raising $30 million in 30 seconds to being endorsed by Paris Hilton or vanishing into thin air: anything is possible in the risky new world of cryptocurrency fundraising, but regulators are lurking. Bypassing oversight of any kind, Initial Coin Offerings (ICOs) have sprung from nowhere to… Continue reading ICOs: The Lawless Land of Cryptocurrency Fundraising
Please don’t buy this: identity theft protection services
28th November 2017 By William Tsing With an ever-increasing tempo of third-party breaches spilling consumer data all across the dark web, a natural impulse for a security-savvy user is to do something proactive to protect their sensitive information. After Equifax, there was an explosion of interest in credit monitoring and identity theft protection services.… Continue reading Please don’t buy this: identity theft protection services