Researchers discover advanced cyber-espionage malware

It eluded detection for at least five years.

Both Kaspersky and Symantec have unearthed a new type of malware so advanced, they believe it could have links to a country’s intelligence agency. They’re calling it “Remsec,” “Strider” (Aragorn’s nickname in LOTR) and “ProjectSauron,” because it has several references to the Necromancer in Tolkien’s series. According to Symantec, it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world since 2011. Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium. Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.

Continue reading “Researchers discover advanced cyber-espionage malware”

Oracle data breach opened credit card payment systems to attack

Intruders might have had a gateway to stealing your payment details.

Data thieves don’t always have to go straight to the source to swipe payment details… sometimes, they can take a roundabout route. Oracle has confirmed to security guru Brian Krebs that hackers breached a support portal for Micros, the point-of-sale credit card payment system it acquired in 2014. It’s not certain just how many systems were breached (Krebs’ sources say over 700), but the intruders had slipped malware on to the portal that would let them grab logins for the companies using Micros. They wouldn’t have had direct access to payment data, but there’s a chance those account details could be used to slip malware into the credit card systems and then grab sensitive info.

Continue reading “Oracle data breach opened credit card payment systems to attack”

Nigerian email scammer stung by his own malware

The rise in ‘wire-wire’ scams has led the FBI to issue a warning.

With more and more internet users now wise to email scams, scammers are utilizing increasingly advanced techniques to stay one step ahead of their targets. A pair of researchers recently stumbled on a new a “wire-wire” technique that earned a 30-strong group of Nigerian scammers as much as $3 million a year, at least until one prominent member accidentally infected himself with his own malware.

Continue reading “Nigerian email scammer stung by his own malware”

Where the would-be vice presidents stand on cybersecurity

The cyber-battle between Mike Pence and Tim Kaine is pretty lopsided.

Aside from sound bites on Russia and hacking, where Clinton and Trump stand on cybersecurity issues is generally unclear. In fact, they’ve devoted little time to this crucial and urgent subject. Which is weird in light of the epic amount of hacking shenanigans this presidential race has compelled us to endure.

Continue reading “Where the would-be vice presidents stand on cybersecurity”

LMAO, People Thought Snowden Was Dead Because of a Tweet

After NSA whistleblower and millennial sex symbol Edward Snowden tweeted a mysterious string of characters on Friday afternoon, conspiracy theorists and concerned fans feared he might be dead when Sputnik, a Russian news site, reported the now-deleted code might be a “dead man’s switch,” which is apparently something Snowden could have set up “if he did not check in to the computer at a certain time,” according to Inquisitr.

Continue reading “LMAO, People Thought Snowden Was Dead Because of a Tweet”

Microsoft won’t fix Windows flaw that lets hackers steal your username and password

The flaw, which allows a malicious website to extract user passwords, is made worse if a user is logged in with a Microsoft account.

windows-jpeg.jpg

Continue reading “Microsoft won’t fix Windows flaw that lets hackers steal your username and password”

SMS two-factor authentication isn’t being banned

Another week gone by, and the place is in cybersecurity shambles again. A years’ old hacking issue, unencrypted wireless keyboards, being featured in an upcoming Defcon talk mystifyingly became a hot new Internet of Things threat. Obama gave us a colorful “threat level” cyber-thermometer that no one’s really sure what to do with. Ransomware is hitting hospitals like there’s a fire sale on money. And the DNC-Wikileaks email debacle exploded, splattering blame all over Russia.

Just when I thought I’d picked the wrong week to stop sniffing glue, a U.S. National Institute for Standards and Technology (NIST) report came out that included recommendations about the inherent risks in two-factor authentication, upon which the tech press basically lost their minds and told everyone to assume crash positions because the password sky was falling. Again.

Continue reading “SMS two-factor authentication isn’t being banned”

Democrats wants to balance liberty and security in encryption debate

In 2012, the Democratic party platform document (released every four years at the Democratic National Convention) made barely a mention of internet privacy and how it affects US citizens. But that was before Edward Snowden’s revelations. This year, as the DNC kicks off in Philadelphia, the new Democratic Party platform addresses the privacy concerns brought to light in 2013. It also gets into the recent battle over encryption that was highlighted by the FBI trying to force Apple to decrypt an iPhone connected to a murder suspect.

Continue reading “Democrats wants to balance liberty and security in encryption debate”