PINDROP BLOG

Category: Hacking

October 18, 2017
Call Center Criminals Unmasked | Real-Life Fraudsters & Audio Recordings
Call center criminals are becoming increasingly sophisticated in order to maneuver around authentication and security measures, granting them access to sensitive information. It is evident the evolution of fraudsters’ techniques is jump-starting other criminal behavior including account takeover and identity theft – causing the global increase in call center fraud to jump to 113% since…
Read More →
September 12, 2017
BlueBorne Attack Threatens IoT Devices
Researchers have developed a new attack against Bluetooth-enabled devices that takes advantage of the fact that these devices are always listening for connections and can be used by attackers to connect to nearby devices and then exploit one of several new vulnerabilities in the protocol to compromise the devices. The attack is known as BlueBorne…
Read More →
September 12, 2017 | Dennis Fisher
We’ve Reached Peak Data Breach
It would seem that data breaches have now reached their logically absurd peak. The compromise of Equifax, revealed last Thursday evening, is the kind of incident you get when attackers get bored of stealing cases of bottled water and decide to steal the entire mountain spring instead. As reported by Bloomberg, the breach affects the…
Read More →
September 11, 2017 | Dennis Fisher
Overlay Attack Threatens Many Android Users
A vulnerability in nearly all of the current versions of Android can be used by attackers to execute an overlay attack to trick users into installing malware, ransomware, or other malicious apps. The flaw affects most of the Android devices in use right now, except for those that have been updated to Oreo, the newest…
Read More →
September 7, 2017 | Dennis Fisher
Using Inaudible Voice Commands to Control Siri and Alexa
Researchers have developed a method for sending human-inaudible ultrasonic voice commands to voice-enabled assistants such as Alexa, Siri, and Google Assistant that could be used to force the assistants to visit attacker-controlled websites or take control of other connected smart devices. The technique is known as DolphinAttack and was developed by academic researchers at Zhejiang…
Read More →
September 6, 2017 | Dennis Fisher
Apache Fixes Critical Remote Flaw in Struts Framework
A severe remote code execution vulnerability has been sitting unnoticed in the Apache Struts web-app development framework for nine years, a flaw that researchers say threatens critical systems in banks, airlines, and many other organizations. The vulnerability lies in the way that the Struts framework handles untrusted data and researchers at lgtm, the company that…
Read More →
September 5, 2017 | Dennis Fisher
Facebook Adware Seen Stealing Users’ Access Tokens
The adware attack campaign that was spreading through Facebook Messenger late last month was enabled by the use of fake Chrome extensions and also stole victims’ Facebook access tokens. The campaign began spreading in the last couple of weeks of August through the use of Messenger messages that included the recipient’s name and a shortened…
Read More →
August 10, 2017 | Dennis Fisher
Ukrainian Police Arrest Suspect in Petya Ransomware Campaign
Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer. In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine…
Read More →
August 9, 2017 | Dennis Fisher
Mamba Ransomware Pokes Its Head Back Up
The ransomware that wreaked havoc on San Francisco’s Muni mass transit system last Thanksgiving has resurfaced and is infecting enterprises in several countries around the world. The Mamba ransomware used in these attacks isn’t one of the big-name variants like Cryptolocker or Petya, but it has the potential to cause serious problems. Last November the malware infected…
Read More →
August 1, 2017 | Dennis Fisher
Rooting an Amazon Echo
Researchers have developed a method for getting a root shell on the Amazon Echo and then install a small piece of malware that can transmit live audio from the device to a remote computer or steal user authentication tokens. The attack relies on having physical access to the Echo and it requires quite a bit of…
Read More →