Category: Hacking

September 7, 2017 | Dennis Fisher
Using Inaudible Voice Commands to Control Siri and Alexa
Researchers have developed a method for sending human-inaudible ultrasonic voice commands to voice-enabled assistants such as Alexa, Siri, and Google Assistant that could be used to force the assistants to visit attacker-controlled websites or take control of other connected smart devices. The technique is known as DolphinAttack and was developed by academic researchers at Zhejiang…
Read More →
September 6, 2017 | Dennis Fisher
Apache Fixes Critical Remote Flaw in Struts Framework
A severe remote code execution vulnerability has been sitting unnoticed in the Apache Struts web-app development framework for nine years, a flaw that researchers say threatens critical systems in banks, airlines, and many other organizations. The vulnerability lies in the way that the Struts framework handles untrusted data and researchers at lgtm, the company that…
Read More →
September 5, 2017 | Dennis Fisher
Facebook Adware Seen Stealing Users’ Access Tokens
The adware attack campaign that was spreading through Facebook Messenger late last month was enabled by the use of fake Chrome extensions and also stole victims’ Facebook access tokens. The campaign began spreading in the last couple of weeks of August through the use of Messenger messages that included the recipient’s name and a shortened…
Read More →
August 10, 2017 | Dennis Fisher
Ukrainian Police Arrest Suspect in Petya Ransomware Campaign
Police in Ukraine have arrested a 51-year-old man in connection with spreading the notorious Petya ransomware earlier this summer. In their statement, the Ukraine Cyberpolice did not say that the man was accused of creating Petya, only that he allegedly helped spread it. The outbreak of a ransomware connected to Petya in June was centered in Ukraine…
Read More →
August 9, 2017 | Dennis Fisher
Mamba Ransomware Pokes Its Head Back Up
The ransomware that wreaked havoc on San Francisco’s Muni mass transit system last Thanksgiving has resurfaced and is infecting enterprises in several countries around the world. The Mamba ransomware used in these attacks isn’t one of the big-name variants like Cryptolocker or Petya, but it has the potential to cause serious problems. Last November the malware infected…
Read More →
August 1, 2017 | Dennis Fisher
Rooting an Amazon Echo
Researchers have developed a method for getting a root shell on the Amazon Echo and then install a small piece of malware that can transmit live audio from the device to a remote computer or steal user authentication tokens. The attack relies on having physical access to the Echo and it requires quite a bit of…
Read More →
July 31, 2017 | Dennis Fisher
Trickbot Adds New Worm Capability
Malware authors and cybercrime gangs, like professionals in legitimate fields, watch their competition closely and take what works and add it to their own arsenals. The latest evidence of this comes in the form of a new function added to the Trickbot banking trojan that allows it to spread in worm-like fashion using SMB. That…
Read More →
July 28, 2017
New Report Shows Depth of Data Breaches Is Worse Than Before
More than six billion consumer records have been compromised in data breaches in just the first six months of this year. That number is higher than the mark for all of 2016, more evidence that attackers are continuing to ramp up their efforts to steal sensitive data. A new report out this week from Risk…
Read More →
July 27, 2017 | Dennis Fisher
To Disclose or Not to Disclose
LAS VEGAS–The people in the security community are good at many things, but reaching consensus is not one of them. That is never more clear than when the topic is vulnerabilities and how to handle them. The last year has seen the publication of a couple of studies on vulnerability discovery and disclosure and how…
Read More →
July 27, 2017 | Dennis Fisher
Broadpwn Bug Allows Phone Takeover With One WiFi Probe Request
LAS VEGAS–The vulnerability in Broadcom WiFi chips running in many iPhones and Android devices that both Apple and Google patched recently could be triggered with a simple probe request from a mobile access point, giving the attacker full control of the victim’s device. The bug, known as Broadpwn, is about as powerful as they come for…
Read More →
In a race of information vs. misinformation, what will deep fakes and data breaches look like? Register for our webinar to learn how to defend against these types of threats