ASN.1 Flaw Threatens Mobile Networks
UPDATED–Researchers have identified a serious flaw that could allow an attacker to compromise a number of different devices and networks, including telecommunications networks and mobile phones, as well as a number of other embedded devices. The vulnerability is in a specific compiler that’s used for software in several programming languages in a number of industries, including aviation, […]
Banking Trojan Lurks in Legitimate Software
Cybercriminals have been relying on the watering hole attack for many years as a consistent method for getting their malware onto victims’ machines. Recently, security researchers discovered that one group of attackers had compromised the site of a legitimate software company and found a way to insert their banking Trojan’s code into the company’s own downloader. The […]
Making Money by Abusing Phone-Based Two-Step Verification
A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies’s services […]
Expansion of FBI Surveillance Powers Still on the Horizon
The effort by the FBI and some legislators to give the bureau more power to access citizens’ web and email records is continuing apace, even though a measure that would grant those powers recently was voted down in Congress. There are actually two amendments along these lines that are under consideration in Congress at this […]
On the Wire Podcast: Robert Hansen
Security people spend a lot of time setting up defenses and thinking about how to secure their organization’s assets, so they don’t always have the time to think about how their adversaries might come at them and how those adversaries are thinking. Robert Hansen, a longtime security researcher, has spent a lot of time considering […]
Q&A: Donato Ferrante on the Ransomware Simulator
There are few threats that are as commanding as much attention right now as ransomware is. It infects thousands of PCs every day, generates millions of dollars for the attackers behind the campaigns, and there’s not clear solution to the problem on the horizon. To help enterprises understand the threat, researchers at NCC Group built […]
On the Wire Podcast: Rick Holland on Ransomware
Let’s be honest: The ransomware crews are kind of winning right now. They have a simple, clean business model, a huge victim base, and not much on the horizon to slow them down. In this episode, Dennis Fisher talks with Rick Holland of Digital Shadows about a new research paper the firm did on ransomware […]
Apple Needs a Patch Schedule for iOS
Android users don’t have many things they can point to when it comes to security advantages over iPhone users. The iOS platform is considered significantly safer and more resistant to attack than Android, as are the devices. But when it comes to the patching schedule, if not the process, Google has it all over Apple. In […]
Facebook Messenger Gets End-to-End Encryption
Facebook is planning to begin a test of end-to-end encryption for its Messenger service, which could eventually bring encrypted conversations to the company’s more than 1.5 billion users. The test is due to begin today, according to reports, and will involve a small fraction of the Facebook user base at the beginning. Facebook Messenger is the […]