In This Section

PINDROP BLOG

Category: Hacking

August 10, 2017 | Dennis Fisher
Ukrainian Police Arrest Suspect in Petya Ransomware Campaign
Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer. In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine…
Read More →
August 9, 2017 | Dennis Fisher
Mamba Ransomware Pokes Its Head Back Up
The ransomware that wreaked havoc on San Francisco’s Muni mass transit system last Thanksgiving has resurfaced and is infecting enterprises in several countries around the world. The Mamba ransomware used in these attacks isn’t one of the big-name variants like Cryptolocker or Petya, but it has the potential to cause serious problems. Last November the malware infected…
Read More →
August 1, 2017 | Dennis Fisher
Rooting an Amazon Echo
Researchers have developed a method for getting a root shell on the Amazon Echo and then install a small piece of malware that can transmit live audio from the device to a remote computer or steal user authentication tokens. The attack relies on having physical access to the Echo and it requires quite a bit of…
Read More →
July 31, 2017 | Dennis Fisher
Trickbot Adds New Worm Capability
Malware authors and cybercrime gangs, like professionals in legitimate fields, watch their competition closely and take what works and add it to their own arsenals. The latest evidence of this comes in the form of a new function added to the Trickbot banking trojan that allows it to spread in worm-like fashion using SMB. That…
Read More →
July 28, 2017
New Report Shows Depth of Data Breaches Is Worse Than Before
More than six billion consumer records have been compromised in data breaches in just the first six months of this year. That number is higher than the mark for all of 2016, more evidence that attackers are continuing to ramp up their efforts to steal sensitive data. A new report out this week from Risk…
Read More →
July 27, 2017 | Dennis Fisher
To Disclose or Not to Disclose
LAS VEGAS–The people in the security community are good at many things, but reaching consensus is not one of them. That is never more clear than when the topic is vulnerabilities and how to handle them. The last year has seen the publication of a couple of studies on vulnerability discovery and disclosure and how…
Read More →
July 27, 2017 | Dennis Fisher
Broadpwn Bug Allows Phone Takeover With One WiFi Probe Request
LAS VEGAS–The vulnerability in Broadcom WiFi chips running in many iPhones and Android devices that both Apple and Google patched recently could be triggered with a simple probe request from a mobile access point, giving the attacker full control of the victim’s device. The bug, known as Broadpwn, is about as powerful as they come for…
Read More →
July 26, 2017 | Dennis Fisher
Attackers Can Take Over Your Local Car Wash From the Internet
LAS VEGAS–Researchers are continuing to find new and interesting ways to demonstrate the fragility and poor security of IoT devices, and the latest test bed is your local car wash. A weakness in the design of the software that runs a large number of automated car washes in the U.S can allow a remote attacker…
Read More →
July 26, 2017 | Dennis Fisher
Facebook CSO: It’s Time to Focus on Real Problems
LAS VEGAS–The security community needs to get back to solving real problems facing real users in the real world, Facebook’s CSO said, and the company is putting up a million dollars to help do that. Alex Stamos, the top security official at Facebook, said security professionals are spending too much time focusing on elaborate hacks…
Read More →
July 21, 2017
Google to Drop Trust For WoSign in September
Google has finalized its plan to remove trust in Chrome for all certificates issued by Chines CA WoSign, a result of the certificate authority run afoul of the intricate rules that govern CAs. As far back as 2015, officials began noticing certificates issued by WoSign that had one or more problems and violated rules established…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.