Cyber criminals have stolen some £20 million from UK bank accounts using Dridex malware, according to the National Crime Agency. The agency is warning Internet users to protect themselves against the malware, also known as Bugat and Cridex, and say they are chasing down the "technically skilled" thieves.
One arrest has already been made. The "particularly virulent form of malware" has been developed by criminals in Eastern Europe, the NCA says, and it harvests online banking details to steal money from individuals and businesses globally. Computers become infected when users open documents from seemingly legitimate emails.
Read moreMonths before its technology became the centerpiece of Samsung’s new mobile payment system, LoopPay, a small Massachusetts subsidiary of the South Korean electronics giant, was the target of a sophisticated attack by a group of government-affiliated Chinese hackers.
As early as March, the hackers — alternatively known as the Codoso Group or Sunshock Group by those who track them — had breached the computer network of LoopPay, a start-up in Burlington, Mass., that was acquired by Samsung in February for more than $250 million, according to several people briefed on the still-unfolding investigation, as well as Samsung and LoopPay executives.
Read moreWe’re now over-familiar with the concept of the reality show “journey”, where someone insists that they’ve become a better person through singing, dancing or playing the didgeridoo.
In Channel 4’s ambitious new series Hunted, the journey is rather more extreme, involving panicked scrambles over country stiles and ducking down secluded backstreets. The 14 volunteer contestants are literally on the run, pursued by a dedicated team of professional trackers and hackers burrowing deep into their private lives. The six-part series is being edited right up until transmission, but early footage looks both intriguing and chaotic.
Read moreThe British spying agency, found to have been conducting wholesale surveillance on UK citizens, has recommended that the public make their passwords less complex.
The agency gives a range of hints to those working in IT as well as normal consumers. Those include warning people to change their default passwords, to make sure that accounts can be locked out if they’re under attack and avoid storing passwords as plain text files that can be read by anyone. The agency also warns against the problems of password overload. That is what happens when people create too many complex and unmemorable passwords.
Read moreSecurity researchers have discovered malicious adverts on the UK version of dating site Match.com. Malwarebytes, which found the cyber-threat, said that anyone caught by the ads could fall victim to ransomware.
Malicious ads were appearing on pages of the site via an ad network that passes content to Match.com and other places, redirecting those who click on the adverts through a series of links to a site embedded with code that checks if a visitor is running outdated versions of commonly-used software. Bugs in the versions of Flash, Java, Adobe Reader and Silverlight used in browsers were all being exploited by the malicious code.
Read moreCyber-attackers have taken down the website of the National Crime Agency in apparent revenge for arrests made last week. The NCA website was temporarily down, four days after six teenagers were released on bail on suspicion of using hacking group Lizard Squad’s cyberattack tool to target websites and services.
The six suspects are accused of usinga tool that bombards websites and services with bogus traffic to attack a national newspaper, a school, gaming companies and a number of online retailers. The NCA is the latest body to fall foul of what is called a Distributed Denial of Service attack, stopping real visitors from reaching the site.
Read moreSecurity researchers have discovered a potential way to steal users Gmail credentials from a Samsung smart fridge. Pen Test Partners discovered the MiTM vulnerability that facilitated the exploit during an IoT hacking challenge at the recent hacking conference.
The hack was pulled off against the smart fridge, part of Samsung’s line-up of Smart Home appliances which can be controlled via their Smart Home app. While the fridge implements SSL, it fails to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. The internet-connected device is designed to download Gmail Calendar information to an on-screen display.
Read moreGoogle’s Project Loon has brought the concept of beaming wireless Internet from the sky into industry discourse, and now Samsung considers using thousands of satellites to connect the two-thirds of humanity without access.
Samung’s president of research and development laid out the premise in a research paper. The low-Earth orbit satellites could provide mobile data capacity equivalent to 200 gigabytes per month for 5 billion users around the globe; each satellite would be capable of providing terabit per second data rates “with signal latencies better than or equal to ground based systems.” So where does all that capacity come from?
Read moreA critical flaw has been discovered in Apple's App Store and iTunes invoice system which could result in session hijacking and malicious invoice manipulation.
Revealed this week by security researcher Benjamin Kunz Mejri from Vulnerability Lab, the persistent injection flaw, deemed critical, is an application-side input validation web vulnerability. In an advisory, the researcher said the vulnerability allows remote attackers to inject malicious script codes into flawed content function and service modules. According to Mejri, an attacker can exploit the flaw by manipulating a name value within the invoice module through an exchange of malicious, scripted code.
Read moreThe finance chief at Fortelus Capital Management LLP got an alarming phone call just as he was getting ready to leave work on a Friday. The caller said he was from Coutts, the London-based hedge fund’s bank, and warned there may have been fraudulent activity on the account.
Fortelus Chief Financial Officer Thomas Meston was reluctant, but agreed to use the bank’s smart card security system to generate codes for the caller to cancel 15 suspicious payments. When Meston logged on to the firm’s online bank account the following Monday, he saw that $1.2 million was gone. The incident shows how even the most sophisticated online security systems can fail because of human error.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland