Hackers have launched a new phishing campaign against LinkedIn members that uses compromised LinkedIn accounts to send messages with malicious links and downloads to potential victims in an attempt to steal credentials and personal information.
The campaign, first spotted by security researchers at cybersecurity firm Malwarebtyes, makes use of real LinkedIn accounts that have been compromised in order to make the phishing messages sent via LinkedIn’s messaging system appear legitimate. According to Malwarebytes researchers, the attackers have managed to hijack a number of LinkedIn member accounts.Read more
The nation’s top law enforcement leader and top spy on Monday urged Senate and House leadership to permanently renew a widely used but controversial U.S. surveillance law scheduled to sunset at the end of the year.
“Reauthorizing this critical authority is the top legislative priority of the Department of Justice and the Intelligence Community,” Attorney General Jeff Sessions and National Intelligence Director Dan Coats wrote in a Sept. 7 letter to both Republican and Democratic leaders. The law — known as Section 702 of a 2008 package of amendments to the Foreign Intelligence Surveillance Act — is aimed at collecting data on foreign spies, terrorists and other targets.Read more
A wireless router made by D-Link has nearly one dozen critical vulnerabilities, according to researcher Pierre Kim. The bugs found are in D-Link’s model DIR 850L wireless AC1200 dual-band gigabit cloud routers and could allow a hacker to ultimately hijack the routers and take control of them.
The vulnerabilities range from a command injection bug, a flaw that allows backdoor access to the router, to the fact hardcoded encryption keys are stored on the device. “The Dlink 850L is a router overall badly designed with a lot of vulnerabilities. Basically, everything was pwned, from the LAN to the WAN. Even the custom MyDlink cloud protocol was abused,” Kim wrote.Read more
This morning, Armis security published details of a new Bluetooth vulnerability that could potentially expose millions of devices to remote attack. Dubbed Blueborne, the attack works by masquerading as a Bluetooth device and exploiting weaknesses in the protocol to deploy malicious code, similar to the Broadcom Wi-Fi attack disclosed earlier this year.
Because Bluetooth devices have high privileges in most operating systems, the attack can be executed without any input from the user. Blueborne doesn’t require devices to be paired with the malicious device, or even be set in discoverable mode.Read more
China plans to ban trading of bitcoin and other virtual currencies on domestic exchanges, dealing another blow to the $150 billion cryptocurrency market after the country outlawed initial coin offerings last week.
The ban will only apply to trading of cryptocurrencies on exchanges, according to people familiar with the matter, who asked not to be named because the information is private. Authorities don’t have plans to stop over-the-counter transactions, the people said. China’s central bank said it couldn’t immediately comment. Bitcoin slumped on Friday after Caixin magazine reported China’s plans, capping the virtual currency’s biggest weekly retreat in nearly two months.Read more
Facebook has been fined 1.2 million euros ($1.4 million) for allegedly collecting personal information from users in Spain that could then be used for advertising, the national data protection watchdog said.
The fine stemmed from an investigation into the social network company conducted alongside similar probes in Belgium, France, Germany and the Netherlands. The 1.2 million euro fine is a fraction of Facebook’s quarterly revenue of about $8 billion and stock market capitalization of around $435 billion. AEPD said it found three cases in which Facebook had collected details of its millions of Spanish users without informing them how such information would be used.Read more
The CIA is making use of several artificial intelligence programs that access, gather, and retrieve social media intelligence for the agency.
In a statement reported by Futurism, Dawn Meyerriecks, the deputy director for technology development with the CIA said at the Intelligence and National Security Summit that the agency had over 137 AI projects as part of "In-Q-Tel" where a large portion of it is created through collaborations with Silicon Valley firms. With greater ability and power to analyse data, AI programs thus created have reportedly taken to social media platforms and "comb through" all public records –all the stuff that is posted by people using social media.Read more
Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices to the Internet.
But does everything need to be connected? Of course, not — especially when it comes to medical devices. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration recalled 465,000 pacemakers after they were found vulnerable to hackers.Read more
The Emotet trojan is back, this time spreading via Spam bots. Trend Micro researchers first spotted the banking malware using network sniffing to steal data back in 2014 and recently spotted an increase in activity in August 2017 coming from new variants that all had the potential to unleash different types of payloads.
The latest versions were spotted and each had the potential to drop different malicious payloads. Researchers attributed the malware's resurfacing to two main possible reasons first, the authors behind the attacks may be targeting new regions and because and second, because the new variants are using multiple ways to spread.Read more
A researcher is warning that a programming error in the Microsoft Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files. However, Microsoft does not view the issue as a security threat.
According to Omri Misgav, security researcher at enSilo, the bug affects all Windows operating systems from Windows 2000 to Windows 10. Specifically, the flaw pertains to a security mechanism called PsSetLoadImageNotifyRoutine, which provides notifications when PE image files are loaded in runtime to virtual memory space.Read more