Malware Infecting Seagate NAS Devices to Mine Monero Cryptocurrency
Attackers are using a nasty piece of malware to infect Seagate storage devices and then jump to the PCs connected to the NAS devices and use the machines to mine the Monero open source cryptocurrency. Researchers at Sophos, taking an in-depth look at the Miner-C malware, discovered that it is infecting large numbers of NAS devices […]
Wyden Calls on Senate to Prevent Expansion of Government Hacking
A proposed change to a little-known criminal procedure “would make us less safe, not more” by allowing law enforcement agencies to hack an unlimited number of computers with a single warrant, Sen. Ron Wyden said Thursday. Wyden (D-Ore.) spoke on the Senate floor about the proposed change to Rule 41 of the Federal Rules of […]
Exploit Kits Target Flash and Focus on Newer Vulnerabilities
The conventional wisdom on exploit kits is that they rely mainly on exploits for older vulnerabilities, bugs that were disclosed and patched years ago. But new research shows that most of the popular exploit kits are actually going after flaws from 2015 and later, and the most commonly exploited vulnerabilities are in Flash and Java. […]
Ripper ATM Malware Controlled by Custom EMV Card
A new family of powerful ATM malware is being used in heists around the world, using known techniques, but also employing a card with a malicious EMV chip that allows the thief to control the malware on the machine. The malware is known as Ripper and researchers have connected it to thefts at ATMs in […]
Russian Convicted in $169M PoS Malware Scheme
A Russian man, who is the son of a politician in Russia, has been convicted of more than three dozen counts stemming from a point-of-sale hacking scheme that allowed him to steal nearly two million credit card numbers from retailers and restaurants in the United States. Roman Valerevich Seleznev was convicted Thursday of the crimes, […]
Apple Fixes Three iOS Zero Days Used in Targeted Attack
Apple has patched three critical vulnerabilities in iOS that were identified when an attacker targeted a human rights activist in the UAE with an exploit chain that used the bugs to attempt to remotely jailbreak and infect his iPhone. The vulnerabilities include two kernel flaws and one in WebKit and Apple released iOS 9.3.5 to fix […]
Lieu Presses FCC to Speed Up Investigation Into SS7 Flaw
The FCC is four months into its investigation into security issues with the SS7 phone protocol, and a key member of Congress is pushing for the commission to speed up its work and also to brief lawmakers on what the probe has found so far. In letter sent to FCC Chairman Thomas Wheeler earlier this […]
Snowden’s Long Shadow Darkens NSA’s Reputation
The massive data dump by the Shadow Brokers has become a kind of fun house mirror for the security industry. People come at it with all of their suppositions, biases, and baggage, and walk away with a distorted view of what’s actually there and what it means. There are nearly as many opinions on what […]
Juniper Investigating NetScreen Exploit
Following Cisco’s lead, Juniper is now investigating the effects of the Shadow Brokers release on its products, specifically an exploit that affects the company’s NetScreen firewalls. The dump of tools, exploits, and data stolen from a hacking team called the Equation Group–which is believed to be affiliated with the NSA–included a number of exploits for […]