Researchers Find Private Slack Tokens Posted on GitHub
Developers building bots for Slack are including their personal access tokens in code posted on GitHub, researchers have found, a problem that could give anyone who finds the tokens access to internal Slack conversations and files. Slack is a team communications app used in many organizations to share information, files, and other data. Developers can […]
Android Overlay Malware Targeting Banking Apps
There is a growing crop of mobile malware that is designed to overlay a user’s phone screen and harvest banking and other credentials, and the attackers behind these tools have thoughtfully created a range of options, from low-end to premium priced. Researchers at IBM’s X-Force team have been tracking a variety of mobile malware samples […]
On the Wire Podcast: Patrick Wardle
Patrick Wardle is well-known in the security community for his research on Mac OS X security features and malware. He’s demonstrated practical methods for bypassing Gatekeeper and the other security mechanisms in OS X, and he recently released a free tool called RansomWhere? that’s designed to generically detect OS X ransomware, such as KeRanger. Dennis […]
Office 365 Bug Could’ve Allowed Attackers to Login to Virtually Any Account
Security researchers in January discovered a critical vulnerability in the SAML implementation in Microsoft’s Office 365 service that could allow an attacker to log in to a victim’s account and gain full access to email, contacts, and other sensitive data. The vulnerability was present in Office 365 for an unknown amount of time, and there […]
Hear a Real Bank Phone Fraud Call From a Fake Cop
The ongoing problem of fraudsters targeting senior citizens with sophisticated phone scams has taken a new turn, as the criminals have begun using a technique that involves them showing up at victims’ homes to collect their debit cards. The scam is an extension of a common phone fraud technique in which criminals call victims–typically senior […]
Verizon DBIR Shows Focus on Credential Theft in Breaches
Attackers are continuing to refine their tactics and develop new tools, but in a lot of cases they still rely on tried-and-true methods such as phishing, social engineering, malware, keyloggers, and credential theft to achieve their goals. The 2016 Verizon Data Breach Incident Report shows that these tactics and tools are still among the most-used by […]
Cyber.Police Android Malware Infects Without User Interaction
There is a new piece of ransomware that is using an exploit for an Android vulnerability to infect devices without any user interaction whatsoever. The Cyber.Police ransomware uses JavaScript to exploit the bug and one of the exploits it employs is a known one that’s been public for more than a year. Researchers at Zimperium […]
Massive Bank of Bangladesh Attack Hit SWIFT Payment System
Attackers who pulled off the massive bank fraud at the Bangladesh Bank in February did so by using custom malware and attack tools that were able to monitor the internal messages that conduct financial transactions, delete certain messages, and then insert others to send money to accounts they control, researchers say. The tools targeted the SWIFT […]
Dutch Police Shut Down Encrypted Mobile Phone Network
Dutch police have seized servers and other equipment operated by Ennetcom, a communications provider in the Netherlands that operates an encrypted mobile phone service. The Dutch National Police Corps allege that the company was providing encrypted communications for criminal groups. The police said they have copied the contents of several servers belonging to the company, both in the […]