By Jai Vijayan Contributing Writer on Dec 02, 2019 07:10 pm
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
By Robert Lemos Contributing Writer on Dec 02, 2019 05:15 pm
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
By Shannon Vavra on Dec 02, 2019 05:14 pm
The post FBI assesses Russian apps may be counterintelligence threat appeared first on CyberScoop.
By Kelly Sheridan Staff Editor, Dark Reading on Dec 02, 2019 04:45 pm
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
By Sean Lyngaas on Dec 02, 2019 04:26 pm
Australian and European law enforcement officials say they have taken down a remote-access hacking tool that had been sold to 14,500 buyers in 124 countries. The demise of the so-called Imminent Monitor Remote Access Trojan’s (IM-RAT), which officials said had been used to steal personal data from tens of thousands of victims, is a major victory for law enforcement officials in Australia and Europol, the European Union’s law enforcement agency. The invasive RAT gave anyone willing to pay $25 full access to a victim’s machine to steal photographs, passwords, and video footage. Months of investigative work culminated last month in the dismantling of IM-RAT’s infrastructure, and the arrest of 13 of its most prolific users. Where exactly the suspects were arrested was not immediately clear. None were arrested in Australia. “The offenses enabled by IM-RAT are often a precursor to more insidious forms of data theft and victim manipulation, which […]
The post Australian and European police shut down access to popular criminal hacking tool appeared first on CyberScoop.
By Lindsey O'Donnell on Dec 02, 2019 04:00 pm
The Microsoft applications are vulnerable to an authentication issue that could enable Azure account takeover.
By Edge Editors Dark Reading on Dec 02, 2019 04:00 pm
What if you could protect only one category of your organization's data?
By Dark Reading Staff on Dec 02, 2019 03:30 pm
Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.
By Tara Seals on Dec 02, 2019 02:13 pm
The infrastructure behind a remote access tool (RAT) allowing full remote takeover of a victim machine has been dismantled.
By Sean Lyngaas on Dec 02, 2019 01:14 pm
Cybercriminals have gone on a spree in Brazil’s hospitality industry, infecting the networks of hotels and tourism companies with malware that steals credit card data, according to researchers at Kaspersky. All told, the hackers have struck hospitality organizations in eight states across Brazil, and 20 hotels in that country and others around the world, Kaspersky said last week. Active since 2015, the hackers have stepped up their activity this year. They are brazenly selling access to hotel networks they’ve breached to whoever is buying. Some Brazilian criminals tout the extracted credit card data “as high quality and reliable” because it came from a hotel administration system, the researchers wrote in a blog post. The breaches often begin with spearphishing emails in fluent Portuguese to hotel employees. Once clicked, the emails open up malware capable of capturing data that flows downstream during the reservation process from popular sites like Booking.com. The findings underscore Brazil’s longstanding struggles […]
The post For criminal hackers, Brazilian hotel networks appear to be easy targets appeared first on CyberScoop.
By Ericka Chickowski Contributing Writer on Dec 02, 2019 01:00 pm
Make your favorite security experts laugh with these affordable holiday gifts.
By Edge Editors Dark Reading on Dec 02, 2019 12:45 pm
Do you do any cybersecurity-related volunteer work?
By Sean Lyngaas on Dec 02, 2019 12:43 pm
An American man has been arrested for allegedly trying to help the North Korean government evade U.S. economic sanctions by using blockchain technology. Virgil Griffith, 36, is accused of traveling to North Korea against the advice of U.S. officials to deliver a presentation on blockchain and cryptocurrency at the DPRK Cryptocurrency Conference in April. There, U.S. officials allege, Griffith interacted with attendees who apparently worked for the North Korean government. The North Koreans allegedly quizzed Griffith about the technical aspects of blockchain, the distributed ledger technology that creates a secure record of transactions and is the backbone of cryptocurrencies such as bitcoin. The American also allegedly discussed how cryptocurrencies could be used to launder money, a keen interest of the North Korean government. Griffith is accused of violating the International Emergency Economic Powers Act (IEEPA), which bars U.S. citizens from exporting goods, services, or technology to North Korea without a license from […]
The post Preaching blockchain in North Korea gets an American in trouble at home appeared first on CyberScoop.
By Dark Reading Staff on Dec 02, 2019 12:40 pm
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
By Shannon Vavra on Dec 02, 2019 12:36 pm
A new kind of mobile malware that can steal victim’s personal information, including files and victims’ location data is hidden under the guise of a chat app, according to new research from Trend Micro. Since May, the new mobile malware, which Trend Micro dubs CallerSpy, has appeared on multiple occasions on a phishing site http://gooogle[.]press imitating apps such as Chatrious and Apex App. All users have to do to get infected is click the download button on the site, and then the spyware monitors for commands from the attackers’ command and control server. It appears to only target Android users for now, according to Trend Micro. The company has not discovered any victims, according to its research. CallerSpy, which Trend Micro assesses is a targeted espionage campaign, can collect call logs, text messages, contacts, and files from victims. It can also take screenshots and send them back to the command […]
The post Trend Micro finds new mobile malware masquerading as a chat app appeared first on CyberScoop.
By Lindsey O'Donnell on Dec 02, 2019 11:46 am
A newly proposed CISA directive would require all U.S. agencies to develop and implement vulnerability disclosure processes for their internet connected systems.
By Tara Seals on Dec 02, 2019 10:33 am
TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.
By Akamai Staff on Dec 02, 2019 10:30 am
Attackers see credential abuse as a low-risk venture with potential for a high payout, at least for now.
By Anton Chuvakin Head of Security Solution Strategy, Chronicle on Dec 02, 2019 10:00 am
More intelligence does not lead to more security. Here's why.
By Elizabeth Montalbano on Dec 02, 2019 08:33 am
Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.
By John E Dunn on Dec 02, 2019 06:23 am
The Russian ‘Sandworm’ hacking group has been caught repeatedly uploading fake and modified Android apps to Google’s Play Store.
By Danny Bradbury on Dec 02, 2019 06:05 am
All you bug hunters out there are about to get a nice Christmas gift - the US federal government finally wants to hear from you.
By Danny Bradbury on Dec 02, 2019 05:42 am
Google must remove details of a convicted murderer from its search results in Europe following a German court ruling, it emerged last week.
By John E Dunn on Dec 02, 2019 05:30 am
Chinese-owned video-sharing app TikTok might be under fire from US politicians but it’s not going to go down without a fight.
By Naked Security writer on Dec 02, 2019 04:47 am
From a warning from Hewlett Packard Enterprise to Russia's foreign tech anxieties. Get up to date with the top infosec stories of last week.