Malware

bitdefender.com

Russian creator of NeverQuest banking trojan pleads guilty in American court

Arrested as he returned his rental car at Barcelona’s airport, a 33-year-old Russian faces up to five years in jail after admitting to being the mastermind behind the sophisticated NeverQuest banking trojan.

Read more in my article on the Hot for Security blog.


0 sec read

tripwire.com

Toyota Australia driven offline by cyber attack, as heart hospital hit by ransomware

Car maker Toyota admitted earlier today that it had suffered what appears to have been a malware attack at its facilities in Melbourne, Australia, which knocked out its website and other communications.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

139 US bars, restaurants and coffeeshops infected by credit-card stealing malware

North Country Business Products (NCBP), a provider of point-of-sales systems, has revealed that 139 of its clients have been hit by a malware infection that stole the payment card details of consumers.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.


1 min read

Join me to learn more about Magecart attacks – and how to defend against them

Attacks that can silently skim payment data as it is entered on websites have become a huge problem.

Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.


1 min read

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.


1 min read

Patch your Android now against critical .PNG image bug

Android users are being reminded to be careful about the files they open on their smartphones, after the discovery that harmless-looking image files could be harbouring malicious code.


41 sec read

Poisoned PEAR. PHP extension repository download infected for up to six months

The administrators of the PEAR package manager website have taken the site offline, having discovered that hackers breached the site, and planted a backdoor into the software.


1 min read

Ingenious! The Android malware which only triggers if you’re moving

Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim’s device or being analysed by a security team.


1 min read

tripwire.com

Magecart hits hundreds of websites via ad supply chain hijack

A criminal Magecart gang successfully compromised hundreds of ecommerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #111: When rivals hack, and ‘extreme’ baby monitors

Why a business spat resulted in Liberia falling off the internet, how the US Government shutdown is impacting website security, and the perplexing world of extreme IoT devices.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Zoë Rose.


2 min read

Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?

The sad truth is that we may never know for sure… but intelligence agencies might.


2 min read

Supermicro says independent investigation found no spy chips on its motherboards

An independent audit has found no evidence that malicious chips were planted on Supermicro’s motherboards, debunking Bloomberg claims that servers at Amazon and Apple were being spied upon by China.


1 min read

GlobeImposter ransomware victims find themselves abandoned by their extortionists

It’s a bad day when your computers get hit by ransomware.

But it only gets worse when you realise that you not only don’t have backups, but also have no way of contacting the criminals who encrypted your data.


1 min read

tripwire.com

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #107: Sextorting the US army, and a Touch ID scam

Fitness apps exploit TouchID through a sneaky user interface trick, tech giants claim to have a plan to banish passwords, and you won’t believe who was behind a sextortion scam that targeted over 400 members of the US military.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by ferret-loving ethical hacker Zoë Rose.


1 min read