In This Section

PINDROP BLOG

Category: Hacking

April 19, 2017
Android Sensor Attack Can Guess PINs with 94% Accuracy
With each new generation of smartphone, manufacturers are adding more and more sensors to enhance the user’s experience, but this also means that more and more apps are asking for blanket permission to use those sensors. This proliferation of sensors and permissions is creating serious privacy and security issues, as researchers at Newcastle University established with a new…
Read More →
April 19, 2017
Hajime Malware Joins Mirai in Targeting IoT Devices
Mirai is no longer the only game in town when it comes to IoT malware. A new piece of malware known as Hajime is infecting some of the same kinds of embedded devices that Mirai has been targeting for several months. The malware has infected thousands of IoT devices in recent weeks and researchers say…
Read More →
April 18, 2017
Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure
The latest release of exploits and vulnerabilities from the Shadow Brokers came as a surprise to many observers, but not to the security team at Microsoft. It turns out that the company already has patched most of the flaws in its products that were exposed in last week’s exploit dump. The Shadow Brokers have published…
Read More →
April 17, 2017
Unicode Domain Phishing Attack Resurfaces
Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies on the fact that the…
Read More →
April 14, 2017
CSRF Bug Haunts Magento E-Commerce Platform
There is a serious vulnerability in a version of the Magento e-commerce platform that could allow a remote attacker to access a target site’s database. The bug can be used for remote code execution, and the researchers who discovered it say they notified Magento of the vulnerability in November, but the company hasn’t released a fix…
Read More →
April 13, 2017
Government, Cybercrime Attackers Target Word Flaw
At least two separate groups of attackers, with disparate motives, have been exploiting the Microsoft Word vulnerability disclosed several days ago. Researchers say that both government-backed attackers and cybercrime groups are targeting the flaw, installing high-level professional malware as well as banking malware. Microsoft on Tuesday released a patch for the vulnerability, but attackers have…
Read More →
April 11, 2017
Microsoft Word Flaw Used in Dridex Malware Campaign
UPDATE–The zero-day vulnerability in Microsoft Word disclosed in the last few days is now being used as a vector for attackers to install the nasty Dridex banking Trojan. Researchers from a number of security companies have warned about the vulnerability, which Microsoft has yet to acknowledge publicly. The flaw allows attackers to bypass the exploit…
Read More →
April 11, 2017
FBI Disrupts Notorious Kelihos Botnet
The Justice Department has disrupted the Kelihos botnet, one of the more prolific and long-running spam and malware networks, by sinkholing the botnet’s command-and-control servers after the arrest of a Russian man officials allege is Kelihos’s operator. The botnet has been operating since at least 2010 and has infected hundreds of thousands of computers around…
Read More →
April 10, 2017
Attackers Targeting Microsoft Word Zero Day
Attackers are targeting a newly disclosed, unpatched vulnerability in Microsoft Word that can be used to install malware silently on victims’ computers. The attacks are using rigged Word documents attached to phishing emails, and when a victim opens one of the malicious documents, the embedded exploit code will immediately connect to a server controlled by…
Read More →
April 5, 2017
On the Wire Podcast: Katie Moussouris
Katie Moussouris has pretty much seen it all in her nearly two decades in the security industry as a pen tester, consultant, Microsoft employee, and many other roles. Now she’s putting that experience and knowledge to work helping governments and enterprises work out the problem of vulnerability disclosure and response with her company Luta Security.…
Read More →
Introducing Pindrop® Express – Authenticate without compromise.