Category: Device Security

The deployment of default strong encryption on mobile devices and U.S. companies storing user data in foreign countries is hampering the ability of law enforcement to protect Americans from cyber crime and other threats, a top U.S. prosecutor said. In a speech Wednesday, Assistant Attorney General Leslie Caldwell said prosecutors and law enforcement agencies across the country are…

Malware gangs, like sad wedding bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is…

A new variant of the Mirai malware that has been wreaking havoc on IoT devices is now being used to infect home routers installed by TalkTalk in the U.K. The malware is exploiting a vulnerability to install itself on the router and then attackers are using the infected devices in DDoS attacks. Researchers at Imperva…

Vulnerabilities in Flash and Internet Explorer dominated the exploit kit landscape in the last year, with a high-profile bug in Flash being found in seven separate kits, new research shows. Exploit kits have long been a key tool in the arsenal of many attackers, from low-level gangs to highly organized cybercrime crews. Their attraction stems from…

Google has released a fix for the so-called Dirty Cow vulnerability for Android, a Linux kernel bug disclosed in October. The patch comes in the December Android security update, which also includes fixes for more than two dozen other vulnerabilities. The Dirty Cow bug is a privilege escalation vulnerability in the Linux kernel that has…

A long list of IP-enabled security cameras made by Sony contain backdoors in their firmware that can allow an attacker to run arbitrary code remotely on the devices and potentially opening them up for use in a botnet. The cameras affected by the vulnerabilities are surveillance cameras, mainly used in enterprises and retail settings and…

AirDroid, a popular Android app used for remote management, has a number of security vulnerabilities that could allow an attacker to intercept and decrypt secure traffic and even inject a malicious app update to gain remote code execution on a target device. The main issue with the app is the use of a hard-coded encryption…

In the wake of the attack on San Francisco’s Muni transportation over the Thanksgiving weekend, a legislator from California is asking Congress to hold hearings on the ransomware problem and determine whether there are ways that the government can help address the issue in both government agencies and private businesses. Rep. Ted Lieu (D-Calif.) sent a…

A new version of an existing piece of malware has emerged in some third-party Android app stores and researchers say it has infected more than a million devices around the world, giving the attackers full access to victims’ Google accounts in the process. The malware campaign is known as Gooligan, and it’s a variant of…

Ransomware authors have adopted a number of new tactics recently to help avoid detection and stop takedown attempts, and the latest move by the gang behind the Cerber malware is the use of both Google redirection and the Tor network as evasion and obfuscation mechanisms. Researchers from Cisco’s Talos group have come across a new version…