Recent Posts

Ex-NSA Reveals New Mac OS Zero-day Bug Just Before Launch

Ex-NSA Reveals New Mac OS Zero-day Bug Just Before Launch

An ex-NSA security researcher posted a zero-day hack just hours before Apple’s roll out of the macOS High Sierra.   Last Monday, Patrick Wardle of security company Synack tweeted a video showing how to perform a password exfiltration exploit on High Sierra. Using the vulnerability, attackers will be able to get the user’s passwords in plain text using an unsigned app. Wardle also created a “keychainStealer” app which can be used to reveal a user’s various passwords. The keychainStealer can be made to look like a legitimate app, or be delivered via email. Apple has yet to issue a response […]

Showtime Websites Runs Coinhive, Mines for Monero

Showtime Websites Runs Coinhive, Mines for Monero

Two websites of cable network Showtime have been found to be running Coinhive to mine the Monero cryptocurrency using its visitor’s CPU’s. Twitter user SkensNet found out that Showtime domains “showtime.com” and “showtimeanytime.com” had been running the said Javascript library, but it couldn’t be confirmed whether the site had been hacked, or it was being done intentionally. However, tech observers suspect that it may have been done with the company’s knowledge, since the setThrottle value was set to remain dormant 97% of the time. Coinhive was also used by PirateBay in a similar manner a few weeks ago as a […]

Report Say 7% of Amazon S3 Servers Open to Public, 35% Unencrypted

Report Say 7% of Amazon S3 Servers Open to Public, 35% Unencrypted

Statistics from SkyHigh Networks recently revealed that around 7% of all S3 servers are exposed to the public, while 35% don’t use encryption, which may explain the rise in data leak incidents. Most of the breaches can be attributed to lapses in security practices. It has been found that most companies believe that it is enough to keep their database URL’s private, which is not true since attackers can still discover them by a number of means, such as MitM attacks or brute-forcing domains. Experts suggest that companies should review Amazon’s documentation pages, and make sure that server permission levels […]

Deloitte Accounting Firm Reveals Data Breach

Deloitte Accounting Firm Reveals Data Breach

Deloitte, a multinational accounting company, revealed last Monday that it had been hit by a cyber attack, but said that the data of only a small number of clients had been affected. Part of the “Big Four” firms that also provide auditing and consulting services, Deloitte also runs a cybersecurity business. The company stated that there were no disruptions to their client’s businesses, and that they had already implemented a “comprehensive security protocol”, but former federal cybercrimes prosecutor Mark Rasch says it is still early to tell how big the attack was since very little information has surfaced regarding the […]

Safari Full of Security Bugs, According to Google Test

Safari Full of Security Bugs, According to Google Test

Google’s Project Zero team recently used a new security testing toolkit on 5 browsers and found Safari had the most number of flaws. Using Domato, a “fuzzer” that inputs random data into a software application to test for abnormalities, Google engineer Ivan Fratric found that Safari had the worst results out of the 5 browsers that included Chrome, Firefox, Internet Explorer, and Edge. Safari was found to have a total of 17 security bugs after being subjected to 100 million fuzz tests. The team then contacted each browser vendor and gave them a bug report and a copy of the […]

DICT secretary Rodolfo Salalima Submits Resignation

DICT secretary Rodolfo Salalima Submits Resignation

Malacanang has confirmed earlier this week that the Philippines’ Department of Information and Communications Technology (DICT) Rodolfo Salalima has already submitted his resignation to President Rodrigo Duterte. Salalima said that he is stepping down due to “personal and work-related reasons”, but the Office of the Executive Secretary has not yet issued a statement as to whether the President has already accepted the resignation. However, the President himself had already revealed in a press conference in Marawi City that he is in the process of looking for a replacement for the Secretary. Salima was appointed in 2016 and oversaw a number […]

Uber Licensed to Operate in London Only Until Next Week

Uber Licensed to Operate in London Only Until Next Week

London’s transport regulator had removed Uber’s license to operate, saying that the company was unfit to hold a private vehicle hire license because of its conduct that can potentially impact public safety and security. The ride-sharing giant, which has around 40,000 drivers in England’s capital, will not be able to renew its license that expires on September 30, but Regulator Transport for London (TfL) will permit it to operate until the appeals process is done. TfL specifically pointed out Uber’s software called Greyball, which is used for doing driver background checks and reporting of criminal offences, can be used for […]

ISPs May be Involved in Latest FinFisher Malware Campaign

ISPs May be Involved in Latest FinFisher Malware Campaign

Cybersecurity company ESET recently revealed that a new campaign spreading the malware FinFisher has hit up to seven countries, and ISPs in two of them may have had involvement, along with their governments. Also known as FinSpy, the malware is often used by attackers to eavesdrop on communications and access files without being detected. ESET analyst Filip Kafka says that ISPs may have acted as a man-in-the-middle by redirecting users to legitimate apps trojanized with FinFisher. ESET adds that the geographical dispersion of the latest malware variants show that the attacks are happening at a level that suggest ISP involvement. […]

New Android App Can Detect Credit Card Skimmers

New Android App Can Detect Credit Card Skimmers

A new app that can detect credit card skimmers on ATM machines can now be downloaded from the Google Play Store. The Skimmer Scanner, created by Nick Poole, had already been installed 13,500 since Thursday. The app works by detecting Bluetooth modules used in most modern skimmers, which are often set to broadcast its ID. Nathan Seidle of SparkFun said that nowadays, criminals with little knowledge can easily build such cheap skimming devices. The low prices of these devices often make them unsecure, and Seidle adds that setting the ID to constantly broadcast was an obvious design flaw. Poole says […]

China Introduces Blockchain Research Lab in the Wake of ICO Ban

China Introduces Blockchain Research Lab in the Wake of ICO Ban

The Ministry of Industry and Information Technology of China has introduced the Trusted Blockchain Open Lab intended to nurture advancements in the blockchain field. The initiative comes after a recent ban on fundraisings based on Initial Coin Offerings (ICOs) by the People’s Bank of China (PBoC) and announcements from the government ceasing domestic cryptocurrency trade. A research institution from inside the ministry, China Academy of Information and Communications Technology (CAICT), operates the lab. The China Economic Review cited that the CAICT is working on a platform where blockchain companies and industry experts can collaborate in exploring various ways to use […]