Categories
Anti-malware

Study: 90 percent of top cryptocurrency apps carry security and privacy risks

29th November 2017 By Bradley Barth     Out of 90 studied cryptocurrency mobile apps, 84.6 percent of the apps were determined to contain at least two high-risk vulnerabilities, while 84.3 percent were found with three medium-sized flaws. A study of 90 cryptocurrency mobile applications available on Google Play found that 90 percent of them […]

Categories
Anti-malware

New Custom RAT Hits Targets in East Asia

By Ionut Arghire on November 29, 2017   A newly discovered custom remote access Trojan (RAT) has been used in attacks on personnel or organizations related to South Korea and the video gaming industry, Palo Alto Networks reveal.   Called UBoatRAT, and distributed through Google Drive links, the RAT obtains its command and control (C&C) […]

Categories
Anti-malware

Radio Shack robbery to have huge consequences for location privacy

29th November 2017 By Lisa Vaas     The time has come, finally, after years of confusion, to iron out what kind of privacy – if any – Americans can expect with regards to their phones’ location data.   The Supreme Court today will take up a slew of questions that arise from the modern […]

Categories
Anti-malware

Bitcoin Gold (BTG) dev team warns its users about a security breach

November 29, 2017  By Pierluigi Paganini     The development team of the Bitcoin Gold (BTG) cryptocurrency is warning all users users about a security breach involving its Windows version of wallet app   The development team of the Bitcoin Gold (BTG) cryptocurrency is warning all users users about a security breach involving the official Windows wallet application offered […]

Categories
Anti-malware

Recently Patched Dnsmasq still affect Siemens Industrial devices

November 29, 2017  By Pierluigi Paganini   Siemens published a security advisory to confirm that four of the seven Dnsmasq vulnerabilities affect some of its SCALANCE products   In October, Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package.   From the authors’ website, “Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot.” In practice, the […]

Categories
Anti-malware

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

November 28, 2017 | by Abhay Vaish, Sandor Nemes   Introduction   TLS (Thread Local Storage) callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures.   As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and can allow […]

Categories
Anti-malware

Pro tip: You can log into macOS High Sierra as root with no password

    Apple, this is bad – like Windows 95 bad   28th November 2017 By Shaun Nichols     A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.   The security bug is triggered via the authentication dialog box […]

Categories
Anti-malware

Researcher: DJI RCE-holes offered me $500 after I found Heartbleed etc on its servers

Keep your money, says chap (tho Chinese drone firm did patch ’em right quick)   28th November 2017 By Gareth Corfield     Hello, this is 2014 calling, we’ve resurrected an OLD bug   Updated Chinese drone-maker DJI’s bug bounty programme has been struck with fresh controversy after a security researcher claimed he was offered […]

Categories
Anti-malware

ICOs: The Lawless Land of Cryptocurrency Fundraising

By AFP on November 28, 2017   From raising $30 million in 30 seconds to being endorsed by Paris Hilton or vanishing into thin air: anything is possible in the risky new world of cryptocurrency fundraising, but regulators are lurking.   Bypassing oversight of any kind, Initial Coin Offerings (ICOs) have sprung from nowhere to […]

Categories
Anti-malware

Please don’t buy this: identity theft protection services

28th November 2017 By William Tsing   With an ever-increasing tempo of third-party breaches spilling consumer data all across the dark web, a natural impulse for a security-savvy user is to do something proactive to protect their sensitive information. After Equifax, there was an explosion of interest in credit monitoring and identity theft protection services. […]