PINDROP BLOG

Category: Hacking

April 3, 2017
Researchers Tie Bank Attacks to North Korea
ST. MAARTEN–New details discovered in the investigation into the string of attacks on banks around the world using the SWIFT network show have linked the intrusions to attackers based in North Korea. Separate research conducted by experts at SWIFT, Kaspersky Lab, and BAE Systems uncovered a trail of clues that, taken together, point to North…
Read More →
April 3, 2017
New Details Connect Moonlight Maze Attacks on US Government to Modern Campaigns
ST. MAARTEN–Researchers investigating modern cyber espionage operations have found a direct link between the Moonlight Maze attacks that hit a number of United States military and government agencies in the 1990s and operations that are still ongoing today. The connections, through code samples, logs, and other data, show that some of the same tools and…
Read More →
March 21, 2017
NSA: We Disclose 90% of the Flaws We Find
In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come by, the NSA, which does…
Read More →
March 21, 2017
Site Hacks Continue to Spike, Google Says
The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types of content that indicate they’ve…
Read More →
March 20, 2017
Critical Cisco Flaw Found Buried in Vault 7 Documents
Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7. The bug is a critical one and an attacker who is…
Read More →
March 15, 2017
Security Professionals Expect More Attacks On IIoT in 2017
As technology vendors race to create more and more devices connected to the Internet of Things (IoT) the opportunity for hackers to get into these devices grows larger and larger, as these IoT devices are usually made with little to no regard for security. The fears of a large-scale attack waiting to happen were solidified this week when security firm Tripwire released the…
Read More →
March 15, 2017
Struts Vulnerability Attracting Plenty of Attackers
Attackers are continuing to seek out and exploit vulnerable servers running vulnerable versions of the Apache Struts framework, with hundreds of separate sources trying to take advantage of the bug. The vulnerability lies in the way that some versions of the Struts framework handles some content-type values. An attacker who is able to exploit the…
Read More →
March 14, 2017
Researchers Find 36 Android Devices Pre-Owned With Malware
About 10 years ago, security researchers began warning users and technology manufacturers about the problem of hardware devices coming out of the box pre-loaded with malware. It began with digital picture frames and USB drives, and it has moved to mobile phones, with the latest example coming in the form of 36 Android phones that shipped with…
Read More →
March 9, 2017
Hackers Targeting Critical Apache Struts Flaw
Attackers are targeting a critical vulnerability in the Apache Struts framework, using exploits that have been published online to go after thousands of vulnerable sites. On Monday, the Apache Software Foundation published an advisory about the vulnerability, saying that the bug enabled remote code execution in certain situations. Almost immediately afterward, attackers began going after vulnerable…
Read More →
March 8, 2017
Researchers Find Multiple Bugs in Confide Messaging App
Researchers at IOActive have uncovered a number of serious security flaws in the Confide secure messaging app, some of which could allow an attacker to hijack a user’s session or impersonate a target user. Confide is one of the group of encrypted chat apps that have emerged in the last few years and promises end-to-end…
Read More →