PINDROP BLOG

Month: August 2016

August 31, 2016
Fake Ransomware Targets Redis Instances
UPDATE–Researchers have found that more than 18,000 instances of the Redis data store service are exposed to the Internet and open to complete compromise by remote attackers using simple commands. Duo Labs researchers set up a Redis honeypot and ran it for a month, looking for attack patterns and quickly found that attackers are actively…
Read More →
August 31, 2016
68 Million Hashed Dropbox Passwords Dumped Online
The scope of a compromise of Dropbox four years ago that the company initially said only involved customer email addresses being stolen has now expanded, with more than 68 million user passwords dumped online. The cache comprises passwords that are hashed with either SHA-1 or bcrypt and none of them are in plaintext. When Dropbox…
Read More →
August 30, 2016
L0phtCrack 7 Shows Windows Passwords Easier to Crack Now Than 20 Years Ago
Time waits for no man, and neither does L0phtCrack. Nearly 20 years after the first version of the password auditing and cracking tool was released, L0phtCrack 7, released Tuesday, shows that Windows passwords are even easier to crack now than they were in 1997. L0phtCrack was the first password auditing tool released for Windows and its…
Read More →
August 30, 2016
Ripper ATM Malware Controlled by Custom EMV Card
A new family of powerful ATM malware is being used in heists around the world, using known techniques, but also employing a card with a malicious EMV chip that allows the thief to control the malware on the machine. The malware is known as Ripper and researchers have connected it to thefts at ATMs in…
Read More →
August 30, 2016
Google Login Issue Allows Credential Theft
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials. or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process. A researcher in the UK identified the vulnerability recently and notified Google of it,…
Read More →
August 29, 2016
Russian Convicted in $169M PoS Malware Scheme
A Russian man, who is the son of a politician in Russia, has been convicted of more than three dozen counts stemming from a point-of-sale hacking scheme that allowed him to steal nearly two million credit card numbers from retailers and restaurants in the United States. Roman Valerevich Seleznev was convicted Thursday of the crimes,…
Read More →
August 29, 2016
Opera Warns of Compromise of Password Sync Service
The makers of the Opera browser said attackers have compromised the servers that are used to house the data from users of Opera’s sync system, which synchronizes data between mobile and desktop installations. The attack was discovered last week, and officials at Opera Software said that they have sent an email to all of the sync…
Read More →
August 26, 2016
Phone Scammers Target Immigrants in New Campaigns
Phone scams come in all shapes and sizes, and there are several new schemes that are targeting immigrants with demands for payments to maintain or update their immigration status. The scams closely resemble the IRS phone fraud scams that prey on victims’ fear of being penalized or arrested for unpaid back taxes. In this case,…
Read More →
August 26, 2016
Mozilla Releases Observatory Site-Security Scanner
Mozilla has released a new tool called Observatory that site owners can use to scan their sites and assess their implementation of various security technologies, from HTTPS to public key pinning to cross-site scripting protections. Mozilla built Observatory as an internal tool to help improve the security of the company’s own sites, which number in the…
Read More →
August 25, 2016
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix…
Read More →
Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS