PINDROP BLOG

Category: Device Security

June 7, 2016
Angler Exploit Kit EMET Bypass Leads to TeslaCrypt Ransomware
Microsoft has built a number of technical defenses against browser-based exploits in the last decade or so, including a specialized toolkit called EMET that’s designed to defeat advanced exploits. Attackers have now created a version of the notorious Angler exploit kit that can bypass EMET entirely and then install the nasty TeslaCrypt ransomware. This advance…
Read More →
June 6, 2016
Ransomware is Dope
Credit where credit is due: Ransomware is kind of brilliant. From a defender’s perspective, it is perhaps the most difficult threat to deal with in the last five or 10 years. It locks up your data, makes it inaccessible and unrecoverable (without backups), and presents you with, at most, two options: Don’t pay the ransom and…
Read More →
June 3, 2016
FTC Warns of Security and Privacy Risks in IoT Devices
The Federal Trade Commission has sent comments to the Department of Commerce, outlining a list of concerns about the security and privacy of connected and embedded devices, saying that while many IoT devices have tangible benefits for consumers, “these devices also create new opportunities for unauthorized persons to exploit vulnerabilities”. In a long response to a…
Read More →
June 3, 2016
Life in the Ransomware Underweb
The business of ransomware is booming, and some of the criminals running these operations have so much work and money on their hands that they’re building out affiliate networks to help them handle it all. In their efforts to extort as many victims as possible with their malware, ransomware authors have been spreading their creations in…
Read More →
June 2, 2016
On the Wire Podcast: Ransomware
Ransomware is one of the nastier and more insidious threats to emerge in the last decade, and the attackers using it have targeted consumers and businesses alike. Threats such as CryptoLocker, Locky, Cryptowall, and many others have been locking up users’ files and demanding hundreds or thousands of dollars in order to decrypt them. Security…
Read More →
May 27, 2016
New Version of RansomWhere? OS X Detection Tool Released
The author of a generic detection tool for Mac OS X ransomware has updated the application, adding a number of new capabilities, including support for full file-system monitoring and support for older versions of the OS. RansomWhere? is a tool written by security researcher Patrick Wardle for the purpose of detecting and stopping ransomware behavior…
Read More →
May 20, 2016
Huge Number of Android Phones Vulnerable to Critical TrustZone Bug
A serious vulnerability in many versions of Android that allows an attacker to gain complete control of the target phone by exploiting an app in the secure portion of the operating system still affects about 60 percent of enterprise Android devices, even though a patch was released in January. The vulnerability is in some software…
Read More →
May 19, 2016
Bill Would Prevent Expansion of Government Hacking Powers
Sen. Ron Wyden, who has been a constant critic of the expansion of government surveillance and systematic weakening of encryption, has co-sponsored a bill that would prevent recently proposed changes to federal judicial rules that would give the federal government’s ability to hack the computers of Americans. The bill is called the Stopping Mass Hacking Act…
Read More →
May 19, 2016
Google Allo Brings Encryption, Auto-Deleted Messages
Google’s new Allo messaging app is less than a day old, but it already has attracted a lot of attention from the security and privacy communities, thanks to its inclusion of end-to-end encryption and disappearing messages. Not all of the attention has been positive, however. Allo is a combination app that includes typical chat capabilities…
Read More →
May 18, 2016
Clickjacking Bug Affects 95 Percent of Android Devices
Researchers have found that a vulnerability in Android that allows attackers to trick users into granting apps elevated privileges affects more devices than had originally been thought–nearly 96 percent of all Android devices. The vulnerability is not a typical bug. It relies on some user interaction and lies in the way that Android allows apps…
Read More →