PINDROP BLOG

Category: Hacking

March 8, 2017
Questions Arise Over CIA Handling of Vulnerabilities
The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that CIA has had access to…
Read More →
March 3, 2017
Bill Would Legalize Active Defense Against Hacks
A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty…
Read More →
March 3, 2017
Multistage Malware Uses DNS System for Communications
Security researchers have identified a multi-stage piece of malware that uses a number of innovative tricks to stay persistent on infected machines and employs the DNS infrastructure as a command-and-control mechanism. The malware, analyzed by researchers at Cisco Talos, comes in the form of a rigged Word document contained in a phishing email. The document…
Read More →
March 2, 2017
Yahoo: 32 Million User Cookies Were Stolen
Yahoo executives didn’t understand the severity and scope of the 2014 attack that led to the theft of user data and, as a result, failed to investigate the incident as well as they should have, the company said in a regulatory filing. Attackers, who the company has said were state sponsored, compromised Yahoo’s network in…
Read More →
March 1, 2017
Cloudflare Says No Evidence Cloudbleed Bug Was Exploited
After further analysis of the memory leak bug disclosed last week, Cloudflare officials say they haven’t found any instances of customer passwords, credit card data, or health records leaking while the vulnerability was exposed. The vulnerability, now known as Cloudbleed, has joined the pantheon of Internet-scale bugs to emerge in the last few years, even though…
Read More →
March 1, 2017
Critical SQL Injection Bug in Plugin Exposes WordPress Sites
Researchers have found a critical SQL injection vulnerability in a popular WordPress plugin used to create photo galleries. The bug in NextGEN Gallery exposes more than a million sites. The vulnerability can be exploited in a couple of different ways, and researchers at Sucuri, who discovered the weakness, say that an attacker could use it…
Read More →
February 28, 2017
Email Scam Losses Pass $3 Billion, FBI Says
The amount of money that enterprises in the United States are losing to business email compromise scams is growing at an alarming rate, and is now well into the billions of dollars, according to the FBI. BEC scams, also known as CEO or executive impersonation schemes, are the evolution of phishing attacks and rely on the criminals’…
Read More →
February 24, 2017
Cloudflare Memory Leak Bug Exposed Private Customer Data
Cloudflare, one of the larger content-delivery networks and DNS providers on the Internet, had a critical bug in one of its services that resulted in sensitive customer data such as cookies, authentication tokens, and encryption keys being leaked and cached by servers around the world. The vulnerability was in an HTML parser that Cloudflare engineers…
Read More →
February 23, 2017
SHA-1 Collision Spells the End for Old Algorithm
Engineers at Google have created the first SHA-1 collision, an achievement that should lay to rest any remaining doubts about the practical security of the hash function. Cryptographers and security researchers have been warning about weaknesses in SHA-1 for several years, saying that modern computing power would soon put a collision within reach. A hash…
Read More →
February 23, 2017
Suspect Arrested in Mirai Attack on Deutsche Telekom Routers
Authorities in the U.K. have arrested a man suspected of being involved in the attack last year on routers belonging to Deutsche Telekom customers, an attack that was attributed to the Mirai botnet. On Wednesday, investigators from the British National Crime Agency arrested an unnamed 29-year-old man at an airport in London in connection with…
Read More →