Malware

tripwire.com

CookieMiner malware targets Macs, steals passwords and SMS messages, mines for cryptocurrency

Security researchers have discovered a new Mac malware threat that appears to be a sophisticated attempt to raid cryptocurrency wallets.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

Hackers who hit Texas with ransomware attack demanded $2.5 million, got nothing

Although it may have cost Texas more to recover from the ransomware attack than paying the ransom, in the long term a refusal to pay extortionists will help to discourage future attacks.


1 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

tripwire.com

Block newly-registered domains to reduce security threats in your organisation

Security researchers propose that there might be an additional simple step your company might like to take to better defend your users against threats: aggressively block all domains less than one month old.

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #141: Black Hat and Bridezillas

Say cheese to ransomware on your camera! A sponsored speech at Black Hat causes uproar, and should you trust that Lightning cable you’re about to plug into your MacBook?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.


1 min read

bitdefender.com

Microsoft warns of wormable vulnerabilities in Windows

Microsoft’s security team warns that the remote code execution vulnerabilities could be abused by malware to spread from computer to computer without requiring any user interaction. Patch your systems now!

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

AT&T workers bribed to install malware on company network and unlock iPhones

34-year-old Muhammad Fahd has been charged for his part in a criminal scheme that is said to have cost AT&T millions of dollars.

Read more in my article on the Hot for Security blog.


0 sec read

SWAPGS attack: The Spectre-like flaw affecting Intel CPUs

Security researchers at Bitdefender have discovered a way of exploiting a flaw in Intel chips that could be used to steal passwords and encryption keys.


54 sec read

GermanWiper isn’t ransomware. It’s worse than that

The tech press is full of stories about “a new ransomware strain” called GermanWiper, that has hit German businesses hard in the last week.

But the reality is that GermanWiper is much worse than ransomware.


1 min read

Google found a way to remotely attack Apple iOS devices by sending a boobytrapped iMessage

Have you updated your iPhone and iPad to iOS 12.4 yet?

If you care about your security and privacy, then Google researchers have given you a very good incentive to do so as soon as possible.


1 min read

bitdefender.com

IoT botnet launched massive 13-day DDoS attack against streaming service

Can you put your hand on your heart and say the web application your company has built would be able to handle 292,000 requests per second, from 402,000 different IP addresses?

Read more in my article on the Bitdefender BOX blog.


0 sec read

Louisiana declares state of emergency after ransomware attacks

Don’t wait until ransomware strikes and then push the button marked “emergency response.” Make sure you take preventative measures in advance, such as making secure offsite backups of anything you cannot afford to lose.


1 min read

Smashing Security #136: Oops, we created Iran’s hacking exploit

Mac users of the Zoom video conferencing app are warned their webcams could be hijacked, security firms warn of how scammers are deepfaking audio to steal from businesses, and our guest owns up to the role he played in an Iranian cyberattack against US organisations.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Charl van der Walt.


1 min read

St John Ambulance service hit by ransomware attack

The UK’s St John Ambulance service says that it was hit by a ransomware attack earlier this week, but if the attackers hoped they might massively disrupt the volunteer first aid service then they’ll be massively disappointed.


1 min read