There’s Another Hacking Team Going After SWIFT Banks
Security researchers have uncovered evidence that there is a second group of attackers who have been targeting banks in the SWIFT network, using a new Trojan that hides SWIFT message records and overwrites the master boot record of some hard drives. The newly discovered group is using a piece of malware known as Odinaff, which […]
Zombie IoT Devices Are Flooding the Internet With Garbage Traffic
The last couple of weeks have seen two of the larger DDoS attacks ever recorded, and researchers have attributed them in part to a large botnet called Mirai comprising mostly infected IoT devices. Looking closely at some other large-scale DDoS attacks with similar characteristics, researchers at Cloudflare discovered that the attackers are specifically using Layer 7 attacks […]
Phoneprinting at Lloyds Banking Group
Pindrop’s patented technology, Phoneprinting™, analyzes 147 different factors in the audio of a phone call in order to create a unique signature that allows contact centers to authenticate callers and detect fraud. To create a phoneprint, Pindrop examines the call audio and breaks it down by to it’s most subtle characteristics. This allows a fraud […]
StrongPity Attackers Use Malicious Crypto Apps to Target Users
Organized APT groups have been using watering-hole attacks for many years, targeting highly specific groups of victims by compromising legitimate sites or setting up their own malicious copycat sites. Researchers have now uncovered a group that is using this tactic to deliver compromised encryption apps to victims. The group, known as StrongPity, has been operating […]
Wyden, EFF Say Yahoo Mail Scanning Order Should be Released
The secret order the Department of Justice served on Yahoo last year to get the company to scan incoming emails for specific terms should be declassified and made public under the terms of the USA Freedom Act, experts say. Sometime in the early part of 2015, the Justice Department reportedly went to Yahoo officials with […]
IRS Phone Fraud Ring Disrupted in India
Authorities in the Indian city of Mumbai say that a large phone fraud ring was operating in the city for more than a year, running the IRS tax scam and stealing as much as $150,000 per day from victims, mainly in the United States. Police in Mumbai this week conducted raids on nine call centers […]
Bugs in Chinese IoT Components Aid Mirai Botnet Spread
Researchers looking into the Mirai botnet that has been used in two massive DDoS attacks in the last couple of weeks have discovered that many of the compromised IoT devices in the botnet include components from one Chinese manufacturer and have hardcoded credentials that can’t be changed. The Mirai botnet is made up of a […]
U.S. Charges Two in Lizard Squad DDoS, Phone Bombing Attacks
The Department of Justice has charged two teenagers in connection with a scheme that involved hacking-for-hire activities as well as a service that would make repeated harassing phone calls to victims for a price. The charges are related to an investigation into the Lizard Squad hacking group, which has been tied to a number of DDoS […]
On the Wire Podcast: Mike Mimoso
It’s been a weird and wild week in the security world, with the Yahoo mail-scanning scandal, the arrest of another NSA contractor for allegedly stealing classified documents, and the FBI asking for cyber help. So we called up Mike Mimoso of Threatpost to unpack all of it and see where things stand. Music by Chris […]