Cybersecurity

New WikiLeaks Release Details Russian Surveillance Apparatus

New WikiLeaks Release Details Russian Surveillance Apparatus

In a move which many say is a deflection of pro-Russia accusations against its founder, a recent release of documents from WikiLeaks claims to detail the surveillance apparatus that the Russian government uses to snoop on mobile and Internet users. Julian Assange is currently facing charges which allege that his organization is a front for Kremlin. The suspicions were reinforced when WikiLeaks released a trove of hacked DNC emails last year. The said documents, mostly in Russian, mentions a company called Peter-Service which has become a major software supplier to the telecoms industry. The company is said to be working […]

Compromised Version of CCleaner Distributes Malware

Compromised Version of CCleaner Distributes Malware

A version of the CCleaner app was found to have been modified to include a malware. According to Cisco Talos and MorphiSec, version 5.33 that was available for download sometime between August 15 to September 12 was infected by the Floxif malware. Floxif malware downloads and harvests information from the infected computers and systems which it then sends the data back to the C&C server. It is also believed to be capable of downloading and executing other binaries, but has not yet been observed to do so. Security researchers identified that Floxif only executed in 32-bit systems and would quit […]

Equifax Blames Hack to Web Server Vulnerabilities

Equifax Blames Hack to Web Server Vulnerabilities

Equifax Inc, a US credit reporting company, points that recent data breach where 143 million U.S consumers’ personal information got leaked, was due to a web server vulnerability from Apache Struts, an open-source software the company used. The breach is considered as one of the largest, and is particularly concerning as the information leaked included names, Social Security, addresses, birthdays, and even driver’s license numbers. Almost 40 states joined an inquiry on how the company is taking care of the breach. Richard Smith, the Chief Executive of Equifax is to testify on October 3 in front of a U.S House […]

Another Researcher Reveals Unpatched Flaws of DLink Routers

Another Researcher Reveals Unpatched Flaws of DLink Routers

Just a few days after a South Korean security researcher revealed 10 unpatched vulnerabilities with D-Link routers, security company Embedi published another two. Embedi said that it has decided to publish its findings after the router manufacturer had failed to address two out of three flaws that they had reported around three months ago. D-Link router models DIR890L, DIR885L, and DIR895L were found to have the flaw which Embedi stresses, are extremely dangerous as it allows the routers to be contaminated with the Mirai malware. Embedi also complained that their interaction with D-Link had brought no results. Similarly, the South […]

Microsoft Patches Office Flaw Used to Spread FinSpy Malware

Microsoft Patches Office Flaw Used to Spread FinSpy Malware

Microsoft has recently patched a vulnerability in Office that according to FireEye researchers, has been used to deploy a surveillance malware called FinSpy. The security experts revealed in a blogpost that the malware is delivered using a Rich Text document file which when opened, executes a malicious code to launch FinSpy. The malware is said to be the work of the Gamma Group which is known for conducting legal surveillance and espionage. The Germany-based firm is also said to have an ongoing campaign to find vulnerabilities in the security of products from major companies such as Microsoft The researchers surmise […]

Security Report Says CEOs are Most Vulnerable to Business Email Compromise

Security Report Says CEOs are Most Vulnerable to Business Email Compromise

A recent report by Trend Micro revealed that cyber attackers are able to fool CEOs the most via email schemes. The security company’s 2017 “Midyear Security Roundup: The Cost of Compromise” report stated that while finance directors or CFOs are still the top targets, followed by other positions that handle sensitive financial information, directors and managing directors get fooled just as frequently as CEOs.   US is still the prime target of business email compromise (BEC) attacks at 30.96%, followed by Australia and the UK. Statistics from the FBI show that BEC attacks have already caused losses estimated at $5.3 […]

Billions of Bluetooth Implementations Affected by BlueBorne Flaws

Billions of Bluetooth Implementations Affected by BlueBorne Flaws

Researchers from IoT security company Armis have recently discovered eight security vulnerabilities that affect an estimated 5.3 billion Bluetooth implementations. They also discovered that the collection of vulnerabilities, codenamed “BlueBorne” cannot be addressed by traditional security solutions. There is also no need for an attacker to pair with the device or interact with the user to exploit the BlueBorne flaws. Using BlueBorne, an attacker can run malicious code or Man-In-The-Middle attacks, and take control of Bluetooth-enabled devices running Android, iOS, Microsoft, and even Linux.   Source: Bleeping Computer

Google to Distrust Symantec Security Certificates Upon Chrome 66 Release

Google to Distrust Symantec Security Certificates Upon Chrome 66 Release

Earlier this week, Google revealed in a blogpost that it will no longer be accepting Symantec security certificates issued before June 2016 as valid and trusted once Chrome 66 is released in 2018. Symantec will be switching certificate issuance to DigiCert infrastructure by December 1. Google says anything based on the prior infrastructure after the same date will not be trusted by Chrome as well. The plan was initially floated last July, with Google saying that it gave Symantec ample time to revamp its infrastructure to comply with industry standards. The recent announcement serves as an official notice to webmasters […]

Zero-Day Flaws in D-Link Router Revealed by Researcher

Zero-Day Flaws in D-Link Router Revealed by Researcher

Last week, a security researcher revealed to the public the vulnerabilities he found on D-Link 850L routers after experiencing difficulties working with the manufacturer when he shared his previous findings with them. In his blog post, Pierre Kim described the product as “badly designed” and prone to many vulnerabilities. He shared that he was able to compromise the custom MyDlink cloud protocol to LAN and WAN. Kim advised users to disconnect the flawed routers from the internet. The product in question is the AC1200 dual-band gigabit router, DLink 850L that allows users to remotely access their home networks via MyDlink […]

Google Chrome Soon to Feature MitM Attack Detection

Google Chrome Soon to Feature MitM Attack Detection

Google Chrome 63 will soon have a new security feature that will be able to detect when a third-party software executes a Man-in-the-Middle (MitM) attack that takes over the user’s internet connection. MitM attacks works by infiltrating a user’s computer or local network after the installation of an infected application where it then intercepts web traffic from the user. Chrome 63 will be able to detect SSL errors that happens when MitM toolkits incorrectly rewrites encrypted connections, from encrypted HTTPS traffic. The Chromium Development Calendar anticipates that if no delay or problems are encountered, Google will launch Chrome 63 by […]