PINDROP BLOG

Category: Hacking

September 7, 2016
Exploit Kits Target Flash and Focus on Newer Vulnerabilities
The conventional wisdom on exploit kits is that they rely mainly on exploits for older vulnerabilities, bugs that were disclosed and patched years ago. But new research shows that most of the popular exploit kits are actually going after flaws from 2015 and later, and the most commonly exploited vulnerabilities are in Flash and Java.…
Read More →
September 1, 2016
Employee Password Compromise Leads to Breach at OneLogin
A password compromise of an employee at OneLogin, the identity and access management company, has led to a breach at the company that affected stored customer data that was supposed to be encrypted but was actually available in plaintext. The attack happened earlier this summer, and OneLogin officials say the attacker may have been on their…
Read More →
August 31, 2016
68 Million Hashed Dropbox Passwords Dumped Online
The scope of a compromise of Dropbox four years ago that the company initially said only involved customer email addresses being stolen has now expanded, with more than 68 million user passwords dumped online. The cache comprises passwords that are hashed with either SHA-1 or bcrypt and none of them are in plaintext. When Dropbox…
Read More →
August 30, 2016
Ripper ATM Malware Controlled by Custom EMV Card
A new family of powerful ATM malware is being used in heists around the world, using known techniques, but also employing a card with a malicious EMV chip that allows the thief to control the malware on the machine. The malware is known as Ripper and researchers have connected it to thefts at ATMs in…
Read More →
August 29, 2016
Russian Convicted in $169M PoS Malware Scheme
A Russian man, who is the son of a politician in Russia, has been convicted of more than three dozen counts stemming from a point-of-sale hacking scheme that allowed him to steal nearly two million credit card numbers from retailers and restaurants in the United States. Roman Valerevich Seleznev was convicted Thursday of the crimes,…
Read More →
August 25, 2016
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix…
Read More →
August 25, 2016
Lieu Presses FCC to Speed Up Investigation Into SS7 Flaw
The FCC is four months into its investigation into security issues with the SS7 phone protocol, and a key member of Congress is pushing for the commission to speed up its work and also to brief lawmakers on what the probe has found so far. In letter sent to FCC Chairman Thomas Wheeler earlier this…
Read More →
August 23, 2016
Snowden’s Long Shadow Darkens NSA’s Reputation
The massive data dump by the Shadow Brokers has become a kind of fun house mirror for the security industry. People come at it with all of their suppositions, biases, and baggage, and walk away with a distorted view of what’s actually there and what it means. There are nearly as many opinions on what…
Read More →
August 22, 2016
Juniper Investigating NetScreen Exploit
Following Cisco’s lead, Juniper is now investigating the effects of the Shadow Brokers release on its products, specifically an exploit that affects the company’s NetScreen firewalls. The dump of tools, exploits, and data stolen from a hacking team called the Equation Group–which is believed to be affiliated with the NSA–included a number of exploits for…
Read More →
August 19, 2016
Eddie Bauer Hit With Massive Payment System Compromise
Malware infected the point-of-sale systems in all of Eddie Bauer’s stores in the United States and Canada for more than six months this year, stealing payment card data at the company’s 350 stores. The attack affects an untold number of customers who shopped in the stores between January and mid-July of 2016, but the company said…
Read More →