A massive cryptocurrency mining botnet has taken over half a million machines and may have made its cybercriminal controllers millions of dollars - and the whole operation is powered by EternalBlue, the leaked NSA exploit which made the WannaCry ransomware outbreak so destructive.
The Smominru miner botnet turns infected machines into miners of the Monero cryptocurrency and is believed to have made its owners around $3.6 million since it started operating in May 2017 - about a month after EternalBlue leaked and around the same time as the WannaCry attack.Read more
Hacking isn’t always hard. Some lower-tier hackers use programs to automatically churn through breached login details to break into other accounts, and some penetration testing tools are designed to streamline processes so hackers can get to the more interesting stuff as quickly as possible.
Enter AutoSploit, a program which takes that idea of efficient hacking, but severely ramps up the potential for damage by automating pretty much everything, including the process of finding a vulnerable target to attack. “As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts,” the tool’s Github page reads.Read more
Secretary of Defense James Mattis is actively considering banning US military and civilian personnel from bringing their personal cell phones into the Pentagon, the world's largest office building, according to three US defense officials familiar with an ongoing review of the issue.
The officials told that while the issue is under review and a final decision has not been made, the recent revelations that a fitness tracking app that maps people's exercise habits could pose security risks for US troops has only underscored the need for the review. The officials added that the review was ordered after Mattis expressed his intent to ban personal cell phones in the Pentagon.Read more
A computer security exploit developed by the US National Security Agency and leaked by hackers last year is now being used to mine cryptocurrency, and according to cybersecurity experts the number of infections is rising.
Last April, a hacking group called the Shadow Brokers leaked EternalBlue, a Windows exploit that was developed by the NSA. Less than a month later, EternalBlue was used to unleash a devastating global ransomware attack called WannaCry that infected more than 230,000 computers in 150 countries. A month later, in June, the EternalBlue exploit was again used to cripple networks across the world in an even more sophisticated attack.Read more
Hackers have stolen roughly $532.6 million from Tokyo-based cryptocurrency exchange Coincheck, raising questions about security and regulatory protection in the emerging market of digital assets.
The following are some questions and answers about one of the largest heists of cryptocurrencies in the history: NEM is a cryptocurrency launched in March 2015 by a team of five developers identifying themselves as Pat, Makoto, Gimre, BloodyRookie and Jaguar. Its acronym stands for New Economy Movement and, like other cryptocurrencies, markets itself as a digital coin outside the control of governments and central banks, which can be used for fast, global transactions.Read more
Earning a high severity level from Lenovo’s own security advisory, anyone currently using a select number of the company’s Thinkpad, ThinkStation, and Thinkcentre systems should know that there’s an important vulnerability that needs to be fixed.
That’s because hidden within Lenovo’s Fingerprint Manager Pro software, there’s a flaw on machines running Windows 7, 8, and 8.1 that could potentially let a hacker log in to your computer using a hardcoded password, bypassing the fingerprint scanner, and even decrypt your current Windows credentials. According to Lenovo “A vulnerability has been identified in Lenovo Fingerprint Manager Pro.Read more
YouTube is turning passive viewers into cryptocurrency miners, and Google isn't happy. The issue became apparent earlier in the week as complaints surfaced on social media claiming that YouTube ads were raising red flags in anti-virus software.
A service called Coinhive was hijacking a viewer's CPU and using its power to mine crypto. A Friday blog post from Trend Micro, an international cybersecurity company, confirmed the sharp uptick in Coinhive use earlier in the week, pinning it to a "malvertising campaign" that subverted a Google ad service used on YouTube.Read more
Donald Trump’s national security team is looking at options to counter the threat of China spying on US phone calls that include the government building a super-fast 5G wireless network. The official said the option was being debated at a low level in the administration and was six to eight months away from being considered by the president himself.
The 5G network concept is aimed at addressing what officials see as China’s threat to US cyber security and economic security. The Trump administration has taken a harder line on policies initiated by predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire US strategic industries.Read more
Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.
The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major citie.Read more
Similar to Uber’s “God View” scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers.
One source that formerly worked with Lyft tells that widespread access to the company’s backend let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.” When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.”Read more