Russian-speaking cyberespionage group APT28, also known as Sofacy, is believed to be behind a series of attacks last month against travelers staying in hotels in Europe and the Middle East. APT28 notably used the NSA hacking tool EternalBlue as part of its scheme to steal credentials from business travelers, according to a report released Friday by security firm FireEye.
One of the goals of the attack is to trick guests to download a malicious document masquerading as a hotel reservation form that, if opened and macros are enabled, installs a dropper file that ultimately downloads malware called Gamefish.Read more
Android often makes the news for being the mobile platform that’s most susceptible to malware. But that doesn’t mean that iOS is completely safe. In fact, it turns out that hackers can take over your iPhone, iPad, or iPod touch and control it without your knowledge.
So you’d better update your device to the latest iOS version, which was just released. Even your brand new iPhone 7 is a potential target, so don’t think that just because it’s fresh hardware, it can’t be attacked by malicious individuals. Apple says on its support pages that iPhone 5 or later, iPad 4th generation or later and iPod touch 6th generation are all affected by this serious bug.Read more
Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models.
Dubbed BroadPwn, the remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices. "The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes.Read more
How many people specifically know where you are right now? Friends and family? Your coworkers? If you're using a Windows laptop or PC you could add another group to the list: the CIA.
New documents released as part of WikiLeaks' series of CIA hacking revelations detail a method the agency uses to geolocate computers. The agency infects target devices with malware that can then check which public Wi-Fi networks a given computer can connect to at a given moment, as well as the signal strengths of those networks. From there, the malware compares the list of available Wi-Fi options to databases of public Wi-Fi networks to figure out where the device is.Read more
Purported CIA documents published by WikiLeaks reveal the US Central Intelligence Agency has been hacking wireless routers for years as part of its surveillance efforts.
The trove of documents released by the anti-privacy publication on Thursday details the CIA’s CherryBlossom project, in which the intelligence agency has compromised Wi-Fi routers in private homes, public spaces, businesses and enterprise environments in order to gather information about specific targets. The project comes from the CIA's elite hacking unit, the Engineering Development Group. The leaked files include installation guides, manuals and other documents.Read more
Cybercriminals do stuff online, so punish them by taking away their internet access. It’s as simple as taking a crowbar from a burglar. Or is it? Some outside-the-box thinking by a top cop this week has triggered a debate among cybersecurity types about young offending and punishment.
Gavin Thomas, the president of the Police Superintendents’ Association of England and Wales, suggested that Wi-Fi jammers – devices worn on the ankle or wrist to block the internet – could serve as a smarter punishment for cybercrimes than prison. “We have got to stop using 19th-century punishments to deal with 21st-century crimes,” he said.Read more
One of the most important pieces of advice on cybersecurity is that you should never input logins, passwords, credit card information, and so forth, if you think the page URL looks weird. Weird links are sometimes a sign of danger. If you see, say, fasebook.com instead of facebook.com, that link is weird.
But what if the fake Web page is hosted on the legitimate page? It turns out this scenario is actually plausible — and the bad guys don’t even need to hack the server that hosts the target page. Let’s examine how it works. The trick here is in the way our normal-looking Web page addresses are an add-on to real the IP addresses the Internet works with.Read more
A flaw in an in-flight entertainment system used by major airlines including Emirates, Virgin and Qatar could let hackers access a planes' controls. The security hole in the Panasonic Avionics in-flight system is used in planes run by 13 major airlines and could put passengers' information and safety at risk, as well as disrupting their flight experience, according to researchers at IOActive.
Exploiting the problem, researcher Ruben Santamarta managed to "hijack" in-flight displays to change information such as altitude and location, control the cabin lighting and hack into the announcements system. Chained together this could be an unsettling experience for passengers.Read more
Hackers can steal your sensitive information, such as your Passwords, PINs and Keystrokes, from your phone by observing changes in the wireless signal as you enter them into your smartphones.
A group of researchers from the Shanghai Jaio Tong University have demonstrated a new technique that can reveal private information by analyzing the radio signal Interference, using just one rogue Wi-Fi hotspot. Dubbed WindTalker, the attack sniffs a user's fingers movement on the phone's touchscreen or a computer's keyboard by reading the radio signal patterns called Channel State Information.Read more
Sending data over wireless formats like Wi-Fi and Bluetooth is very convenient, but not necessarily secure. A Princeton report revealed that some smart home devices unwittingly broadcast location information while others didn't encrypt their data streams at all.
To get around the uncertainty of pushing information over the air, some scientists have posited using the body as a conduit. Instead of using its magnetic field, as previous researchers have, engineers from the University of Washington have pioneered a way to send wireless signals from a touchpad or screen held in one hand to a smart device in physical contact with the other.Read more