Iran is building up its cyber capabilities and the emergence of a group of hackers, dubbed APT33, has given rise to concerns the nation's cyberwarfare units are looking to launch destructive attacks on critical infrastructure, energy and military bodies.
The APT33 group has been operational since 2013 and focused on the aerospace industry, successfully hacking firms with aviation in the U.S. and Saudi Arabia in the last year, researchers at cybersecurity company FireEye warned Wednesday. Petrochemical firms in South Korea and Saudi Arabia were also targeted, according to the firm's report.Read more
Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be.
Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks.Read more
The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.
The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system. The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.Read more
WikiLeaks, a secret-sharing organization accused of playing a key role in Russian attempts to influence the 2016 U.S. presidential election, has released documents that it claims offer details of how Moscow uses state surveillance to spy on Internet and cellphone users.
The release, dubbed “Spy Files Russia,” appears to mark a shift for an organization that has long been accused of a reluctance to publish documents that could be embarrassing for the Russian state. As Edward Snowden, a former National Security Agency contractor who now lives in Russia, put it in a tweet: “Plot twist.” However, other experts are less impressed.Read more
Popular Fitbit devices are vulnerable to hackers, according to a new study that reveals how personal information can be stolen from the fitness bands.
Computer researchers at the University of Edinburgh intercepted messages from the Fitbit One and Fitbit Flex wristbands, which calculate activity including steps, distance travelled, calories burned and sleep duration. The team accessed personal information from the devices as it was sent to the company's cloud servers for analysis. The researchers said the problem could be used to falsify activity records or steal personal data. Fitbit secures its devices with end-to-end encryption.Read more
It doesn't always happen, but you'll definitely notice the sharp spike in CPU usage when it kicks in. The site tells TorrentFreak that it was testing the feature for about 24 hours as a new way of generating revenue, and that it could eventually be enough to replace ads. In short, don't be surprised if this becomes a mainstay of the site going forward.Read more
Switzerland’s defence ministry has foiled a cyber attack by malware similar to that used in other global hacking campaigns, the government said in a statement on Friday. The attack was detected in July by software that operated much like the Turla malware family, it said.
The government declined to give information about the origin of the attack or say if any damage including data theft had occurred. It cited security considerations. Government specialists took counter measures and an investigation is underway, while criminal charges have been lodged with federal prosecutors against persons unknown to them.Read more
Hackers can bypass a new security feature in MacOS High Sierra to load malicious kernel extensions. According to security researchers at Synack, the forthcoming update to MacOS features something called Secure Kernel Extension Loading” (SKEL).
Patrick Wardle, chief security researcher at Synack, said that while the feature was “wrapped in good intentions”, in its current implementation, SKEL “merely hampers the efforts of the ‘good guys'” (ie 3rd-party MacOS developers such as those that design security products). “Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected,” he said in a blog post.Read more
Another month, another bunch of Android malware that's found its way onto Google Play. That's according to researchers from Check Point, who claimed to have found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.
The malware's been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times.Read more
A cache of voter records on over a half-million Americans has been found online. The records, totaling 593,328 individual sets of records, appear to contain every registered voter in the state of Alaska, according to researchers at the Kromtech Security Research Center.
The records were stored in a misconfigured CouchDB database, which was accessible to anyone with a web browser -- no password needed -- until Monday when the data was secured and subsequently pulled offline. The exposed data is just a portion of a larger voter file compiled by TargetSmart, which said its national voter file is the "most comprehensive and up-to-date voter file ever assembled."Read more