PINDROP BLOG

Category: Device Security

October 17, 2016
Congress Wants Answers on Yahoo Email Scanning
Nearly 50 members of Congress are demanding information from the director of national intelligence about the email scanning order that the Department of Justice reportedly delivered to Yahoo last year. The order, which was revealed earlier this month in stories by Reuters, reportedly required the company to create a system that would inspect all incoming emails…
Read More →
October 17, 2016
DHS Warns Mirai Malware is Targeting Sierra Wireless Gateways
DHS is warning users that the Mirai malware is infecting wireless gateways sold by Sierra Wireless and using the compromised devices as part of a botnet for DDoS attacks. The Mirai malware has been targeting a variety of embedded devices, especially CCTV cameras, that have default telnet credentials enabled and compromising them. The attackers deploying…
Read More →
October 14, 2016
Pork Explosion Backdoor Found in Some Android Bootloaders
A security researcher has uncovered a debugging feature left in some Android firmware images on devices assembled by Foxconn that essentially serves as a fully functioning backdoor that can be exploited in as little as five seconds. Researcher Jon Sawyer found the backdoor in a bootloader that Foxconn provides on some of the Android phones it…
Read More →
October 12, 2016
Signal Adds Expiring Messages to Encrypted Chats
The steady march toward greater use of encryption and increased privacy in mobile communications has taken another step forward with Signal, the encrypted messaging app, introducing disappearing messages. The newest version of Signal for both iOS and Android, as well as the desktop app, include the feature, which enables users to set timers for when…
Read More →
October 7, 2016
Bugs in Chinese IoT Components Aid Mirai Botnet Spread
Researchers looking into the Mirai botnet that has been used in two massive DDoS attacks in the last couple of weeks have discovered that many of the compromised IoT devices in the botnet include components from one Chinese manufacturer and have hardcoded credentials that can’t be changed. The Mirai botnet is made up of a…
Read More →
October 6, 2016
New Attack Invisibly Monitors Mac Video Calls
There have been a number of pieces of malware to emerge in the last few years that have the ability to hook into the microphone and camera of infected machines, allowing attackers to record private conversations of targeted users. Now a researcher is releasing a new tool that can detect and alert Mac users to hidden…
Read More →
October 3, 2016
Your Body is a Wonderland–For Transmitting Passwords
Credential theft is one of the more persistent and troubling threats in security, and researchers have been trying to come up with answers to it for decades. A team at the University of Washington has developed a system that can prevent attackers from intercepting passwords and keys sent over the air by sending them through users’ bodies…
Read More →
September 30, 2016
Hack iOS 10 and Get $1.5 Million
The stakes in the vulnerability acquisition and bug bounty game have just gone up several notches, with a well-known security startup now offering $1.5 million for a remote jailbreak in iOS 10. The payout was put on the table Thursday by Zerodium, a company that buys vulnerabilities and exploits for high-value target platforms and applications. The company…
Read More →
September 29, 2016
Europol Warns That Ransomware is Biggest Online Threat
Ransomware has become the largest threat to consumers and businesses in the EU, according to a new threat report from Europol. The Internet Organized Crime Threat Assessment points to variants such as Cryptowall, Cryptolocker, Teslacrypt, and CTB-Locker as representing the biggest security problem for European users. Ransomware is not a new threat, but it’s evolved and…
Read More →
September 27, 2016
‘Putting in a Back Door Isn’t the Solution’ to Encryption Debate
Rep. Michael McCaul, the chairman of the House Committee on Homeland Security, said forcing vendors to install backdoors or intentionally weakened encryption in their products is not the solution to the disagreement over law enforcement access to encrypted devices and said there needs to be international standards for how the problem is handled. McCaul (R-Texas), speaking…
Read More →