In This Section

PINDROP BLOG

Category: Hacking

March 14, 2017
Researchers Find 36 Android Devices Pre-Owned With Malware
About 10 years ago, security researchers began warning users and technology manufacturers about the problem of hardware devices coming out of the box pre-loaded with malware. It began with digital picture frames and USB drives, and it has moved to mobile phones, with the latest example coming in the form of 36 Android phones that shipped with…
Read More →
March 9, 2017
Hackers Targeting Critical Apache Struts Flaw
Attackers are targeting a critical vulnerability in the Apache Struts framework, using exploits that have been published online to go after thousands of vulnerable sites. On Monday, the Apache Software Foundation published an advisory about the vulnerability, saying that the bug enabled remote code execution in certain situations. Almost immediately afterward, attackers began going after vulnerable…
Read More →
March 8, 2017
Researchers Find Multiple Bugs in Confide Messaging App
Researchers at IOActive have uncovered a number of serious security flaws in the Confide secure messaging app, some of which could allow an attacker to hijack a user’s session or impersonate a target user. Confide is one of the group of encrypted chat apps that have emerged in the last few years and promises end-to-end…
Read More →
March 8, 2017
Questions Arise Over CIA Handling of Vulnerabilities
The release of a large trove of documents and tools that are linked to CIA’s cyber espionage activities has raised a lot of questions, especially about the way that the agency and other government groups handle information on undisclosed vulnerabilities. Some of the documents, released by Wikileaks Tuesday, show that CIA has had access to…
Read More →
March 3, 2017
Bill Would Legalize Active Defense Against Hacks
A new bill intended to update the Computer Fraud and Abuse Act would allow victims of computer attacks to engage in active defense measures to identify the attacker and disrupt the attack. Proposed by Rep. Tom Graves (R-Ga.), the bill would grant victims of computer intrusions unprecedented rights. Known as the Active Cyber Defense Certainty…
Read More →
March 3, 2017
Multistage Malware Uses DNS System for Communications
Security researchers have identified a multi-stage piece of malware that uses a number of innovative tricks to stay persistent on infected machines and employs the DNS infrastructure as a command-and-control mechanism. The malware, analyzed by researchers at Cisco Talos, comes in the form of a rigged Word document contained in a phishing email. The document…
Read More →
March 2, 2017
Yahoo: 32 Million User Cookies Were Stolen
Yahoo executives didn’t understand the severity and scope of the 2014 attack that led to the theft of user data and, as a result, failed to investigate the incident as well as they should have, the company said in a regulatory filing. Attackers, who the company has said were state sponsored, compromised Yahoo’s network in…
Read More →
March 1, 2017
Cloudflare Says No Evidence Cloudbleed Bug Was Exploited
After further analysis of the memory leak bug disclosed last week, Cloudflare officials say they haven’t found any instances of customer passwords, credit card data, or health records leaking while the vulnerability was exposed. The vulnerability, now known as Cloudbleed, has joined the pantheon of Internet-scale bugs to emerge in the last few years, even though…
Read More →
March 1, 2017
Critical SQL Injection Bug in Plugin Exposes WordPress Sites
Researchers have found a critical SQL injection vulnerability in a popular WordPress plugin used to create photo galleries. The bug in NextGEN Gallery exposes more than a million sites. The vulnerability can be exploited in a couple of different ways, and researchers at Sucuri, who discovered the weakness, say that an attacker could use it…
Read More →
February 28, 2017
Email Scam Losses Pass $3 Billion, FBI Says
The amount of money that enterprises in the United States are losing to business email compromise scams is growing at an alarming rate, and is now well into the billions of dollars, according to the FBI. BEC scams, also known as CEO or executive impersonation schemes, are the evolution of phishing attacks and rely on the criminals’…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.