Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.
Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017. The company looked at tens of thousands of email subject lines used in simulated phishing tests to uncover just what makes a user want to click.Read more
Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.
Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack.
Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug.Read more
United States officials are charging an Iranian hacker in the theft of 1.5 terabytes of data from HBO in May, an attack that tormented network executives and included the release of several unaired programs and scripts.
Behzad Mesri, who went by the pseudonym “Skote Vahshat,” was charged with computer fraud, wire fraud, extortion and identity theft, according to an indictment unsealed Tuesday in United States District Court in Manhattan. But he remains in Iran, and officials acknowledged that it would be difficult to detain him. “He will forever be looking over his shoulder, and if he isn’t, he should be,” Joon H. Kim said at a news conference.Read more
This is bad. Google actively receives location data from Android users even when location services have been switched off. Starting from early 2017, Android phones have been gathering addresses of nearby cellular towers and sending this data back to Google. The most troubling part is that this has been going on even when users have disabled location services.
According to the publication, Android handsets collected location data pretty much all the time and subsequently relayed all stored information back to Google once connected to the internet. Quarts claims that all modern Android phones are affected by this vulnerability.Read more
Uber disclosed Tuesday that hackers had stolen 57 million driver and rider accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom.
The deal was arranged by the company’s chief security officer and under the watch of the former chief executive, Travis Kalanick, according to several current and former employees who spoke on the condition of anonymity because the details were private. The security officer, Joe Sullivan, has been fired. Mr. Kalanick was forced out in June, although he remains on Uber’s board. The two hackers stole data about the company’s riders and drivers.Read more
Bitcoin cruised past $8,000 for the first time this week, but it hasn’t been smooth sailing for all after Tether — a company that helps exchanges convert fiat currency to token — said today that a hacker snatched nearly $31 million.
Tether operates USDT, a cryptocurrency asset that it backs via the U.S. dollar. The company said that $30,950,010-worth of USDT was taken from its core treasury wallet “through malicious action by an external attacker.” In response Tether said it has flagged the tokens — meaning that it will track them and prevent the holder from exchanging them through its service — and that it is working to recover them.Read more
There's no way around it – we are addicted to our smartphones. Smartphone addiction even has a name now; nomophobia, short for no-mobile-phone phobia.
We've all probably experienced the symptoms at one point: panicking when separated from our smartphone, not being able to focus at work or during conversations, and constantly checking phones for new notifications. The idea of being addicted to a screen is not a nice one, and according to a Deloitte survey, smartphone users have started to realize they might have a problem. Smartphone usage has been trending upwards since 2015, but for the first time Deloitte found that smartphone usage declined or plateaued in 2017.Read more
A German regulator has banned the sale of smartwatches aimed at children, describing them as spying devices. It had previously banned an internet-connected doll called, My Friend Cayla, for similar reasons.
Telecoms regulator the Federal Network Agency urged parents who had such watches to destroy them. One expert said the decision could be a "game-changer" for internet-connected devices. "Poorly secured smart devices often allow for privacy invasion. That is really concerning when it comes to kids' GPS tracking watches - the very watches that are supposed to help keep them safe," said Ken Munro, a security expert at Pen Test Partners.Read more
The Google Play Store is seeing a wave of malware-infested apps like never before. Four separate security companies have reported — or are preparing to release reports — on malware campaigns currently underway via Android apps available on the Play Store.
Reports published today by Dr.Web, Malwarebytes, and McAfee reveal the presence of three new Android malware families hidden in games and apps uploaded on the Play Store. An ESET spokesperson told Bleeping Computer the company also found a new multi-stage malware strain they're going to detail in a report later today.Read more