The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report. Highly customized and sophisticated, Terdot is based on the source code of ZeuS, which leaked online in 2011.
The banking Trojan resurfaced in October last year and Bitdefender has been tracking its whereabouts ever since, the security company notes in a technical paper. Terdot was designed to operate as a proxy to perform man-in-the-middle attacks, as well as to steal browser information such as login credentials or the stored credit card data. Furthermore, the malware is capable of injecting HTML code into visited web pages.Read more
OnePlus, a major Chinese smartphone manufacturer, has gotten itself into a hell of a lot of security trouble lately, and now the situation is only getting worse.
Mobile security researcher Robert Baptiste, who goes by the pseudonym Elliot Alderson (a nod to the main character in the Mr. Robot series), discovered that OnePlus smartphones have been apparently shipping for years with a hidden backdoor. It makes it easy for a clever hacker with physical access to root a OnePlus phone with just a few lines of code. Alderson found an application on OnePlus devices intended for factory testing, and discovered it could be used to obtain “root access” to the phone.Read more
During a hacking operation in which U.S. authorities broke into thousands of computers around the world to investigate child pornography, the FBI hacked a number of targets in Russia, China, and Iran.
The news signals the bold future of policing on the so-called dark web, where investigators are increasingly deploying malware without first knowing which country their suspect is located in. Experts and commentators say the approach of blindly kicking down digital doors in countries not allied with the U.S. could lead to geopolitical fallout. The case centers around the FBI’s 2015 Operation Pacifier investigation, which delved into a child-pornography site.Read more
Gaining access to the global network used by spies to track phone calls and intercept communications is relatively cheap and easy for hackers, criminals, or even anyone, an investigation has found.
The network, known as SS7, has faced renewed attention in the past few years, especially after researchers exploited it to eavesdrop on a congressman’s calls in real-time from the other side of the world. But a major concern is that more sinister hackers could conduct this sort of surveillance. To test just how possible opening the door to SS7 really is, experts posed as a small potential customer to a telecom in Europe, and was offered SS7 access for just a few thousand dollars.Read more
Facebook could be listening in on people’s conversations all of the time, an expert has claimed. The app might be using people’s phones to gather data on what they are talking about, it has been claimed.
Facebook says that its app does listen to what’s happening around it, but only as a way of seeing what people are listening to or watching and suggesting that they post about it. The feature has been available for a couple of years, but recent warnings from Kelli Burns, mass communication professor at the University of South Florida, have drawn attention to it. Professor Burns has said that the tool appears to be using the audio it gathers not simply to help out users.Read more
Got a robot hoover buzzing around your home? It's time to take a look at its security, especially if its an LG device. Researchers from Israeli firm Check Point reported a hack of the LG SmartThinQ app that allowed them to remotely take control of the manufacturer's Hom-Bot hoover and use the video feed to spy on anything in the device's vicinity.
And, the researchers said, the attack could also compromise refrigerators, ovens, dishwashers, washing machines, dryers and air conditioners -- any connected thing controlled by the LG app. Users should update to the latest version of the app.Read more
Whenever you give iPhone apps permission to access your camera, the app can surreptitiously take pictures and videos of you as long as the app is in the foreground, a security researcher warned on Wednesday.
Felix Krause, who recently warned of the danger of malicious iPhone password popups, wrote a blog post as a sort of PSA for iPhone users. To be clear, this is not a bug, but likely intended behavior. What this means is that even if you don't see the camera "open" in the form of an on-screen viewfinder, an app can still take photos and videos. It is unknown how many apps currently do this, but Krause created a test app as a proof-of-concept.Read more
Moscow-based Kaspersky Lab said on Monday it will ask independent parties to review the security of its anti-virus software, which the U.S. government has said could jeopardize national security, citing concerns over Kremlin influence and hijacking by Russian spies.
Kaspersky, which research firm Gartner ranks as one of the world’s top cyber security vendors for consumers, said in a statement that it would submit the source code of its software and future product updates for review by a broad cross-section of computer security experts and government officials. It also vowed to have outside parties review other aspects of its business, including software development.Read more
Christopher Wray said encryption on devices was "a huge, huge problem" for FBI investigations. The agency had failed to access more than half of the devices it targeted in an 11-month period, he said. One cyber-security expert said such encryption was now a "fact of life".
Many smartphones encrypt their contents when locked, as standard - a security feature that often prevents even the phones' manufacturers from accessing data. Such encryption is different to end-to-end encryption, which prevents interception of communications on a large scale.Read more
When you consider the nagging privacy risks of online advertising, you may find comfort in the thought of a vast, abstract company like Pepsi or Nike viewing you as just one data point among millions. What, after all, do you have to hide from Pepsi?
And why should that corporate megalith care about your secrets out of countless potential Pepsi drinkers? But an upcoming study has dissipated that delusion. It shows that ad-targeting can not only track you at the personal, individual level but also that it doesn't take a corporation's resources to seize upon that surveillance tool—just time, determination, and about a thousand dollars.Read more