PINDROP BLOG

Category: Hacking

September 15, 2016
Researcher Bypasses iOS Passcode Limit With NAND Mirroring
Using easily available and inexpensive parts, a security researcher has been able to bypass the passcode retry restrictions on an iPhone 5C through hardware mirroring of the NAND memory. The researcher’s technique involved several steps and quite a bit of patience and work, but eventually Sergei Skorobogatov of the University of Cambridge in the UK was able…
Read More →
September 12, 2016
Malware Infecting Seagate NAS Devices to Mine Monero Cryptocurrency
Attackers are using a nasty piece of malware to infect Seagate storage devices and then jump to the PCs connected to the NAS devices and use the machines to mine the Monero open source cryptocurrency. Researchers at Sophos, taking an in-depth look at the Miner-C malware, discovered that it is infecting large numbers of NAS devices…
Read More →
September 9, 2016
Wyden Calls on Senate to Prevent Expansion of Government Hacking
A proposed change to a little-known criminal procedure “would make us less safe, not more” by allowing law enforcement agencies to hack an unlimited number of computers with a single warrant, Sen. Ron Wyden said Thursday. Wyden (D-Ore.) spoke on the Senate floor about the proposed change to Rule 41 of the Federal Rules of…
Read More →
September 7, 2016
Exploit Kits Target Flash and Focus on Newer Vulnerabilities
The conventional wisdom on exploit kits is that they rely mainly on exploits for older vulnerabilities, bugs that were disclosed and patched years ago. But new research shows that most of the popular exploit kits are actually going after flaws from 2015 and later, and the most commonly exploited vulnerabilities are in Flash and Java.…
Read More →
September 1, 2016
Employee Password Compromise Leads to Breach at OneLogin
A password compromise of an employee at OneLogin, the identity and access management company, has led to a breach at the company that affected stored customer data that was supposed to be encrypted but was actually available in plaintext. The attack happened earlier this summer, and OneLogin officials say the attacker may have been on their…
Read More →
August 31, 2016
68 Million Hashed Dropbox Passwords Dumped Online
The scope of a compromise of Dropbox four years ago that the company initially said only involved customer email addresses being stolen has now expanded, with more than 68 million user passwords dumped online. The cache comprises passwords that are hashed with either SHA-1 or bcrypt and none of them are in plaintext. When Dropbox…
Read More →
August 30, 2016
Ripper ATM Malware Controlled by Custom EMV Card
A new family of powerful ATM malware is being used in heists around the world, using known techniques, but also employing a card with a malicious EMV chip that allows the thief to control the malware on the machine. The malware is known as Ripper and researchers have connected it to thefts at ATMs in…
Read More →
August 29, 2016
Russian Convicted in $169M PoS Malware Scheme
A Russian man, who is the son of a politician in Russia, has been convicted of more than three dozen counts stemming from a point-of-sale hacking scheme that allowed him to steal nearly two million credit card numbers from retailers and restaurants in the United States. Roman Valerevich Seleznev was convicted Thursday of the crimes,…
Read More →
August 25, 2016
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix…
Read More →
August 25, 2016
Lieu Presses FCC to Speed Up Investigation Into SS7 Flaw
The FCC is four months into its investigation into security issues with the SS7 phone protocol, and a key member of Congress is pushing for the commission to speed up its work and also to brief lawmakers on what the probe has found so far. In letter sent to FCC Chairman Thomas Wheeler earlier this…
Read More →