Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : Safari 11.0.3 watchOS 4.2.2 iOS 11.2.5 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan tvOS 11.2.5 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory...
Read More
Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement—the act of compromising and vandalizing a website. Typically, these attackers—known as web defacers—replace the original page with their own content, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. We’ve analyzed data that goes back almost two decades, and...
Read More
Last year, multiple industry verticals saw the extreme effects of ransomware, with WannaCry and Petya leading the pack in terms of damage. To make matters worse, according to a report by Kaspersky, the number of ransomware threats is expected to increase in 2018. The evolution of ransomware, resulting in more diverse and innovative attacks, is going to heavily hit enterprises in 2018. In my previous articles, I explained how ransomware has evolved...
Read More
The SamSam ransomware group seems to have gotten to a “great” start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm. Reported attacks include the one against the Hancock Health Hospital in of Greenfield, Indiana; Adams Memorial Hospital in Decatur, Indiana; the municipality of Farmington, New Mexico; cloud-based EHR (electronic health records) provider Allscripts; and an unnamed ICS (Industrial Control Systems) company in the...
Read More
Security experts are warning of a new Mirai variant targeting ARC processors, which could have an even bigger impact than the notorious malware on which it is based. RISC-based ARC processors are widely used in IoT and embedded systems and said to beshipped in over 1.5 billion products each year. The new threat — named Okiru, which is Japanese for “wake up” — was first spotted...
Read More
Still using BitTorrent to exclusively download legally acquired content like operating system images or files you want to share privately with friends? If so, you might want to double-check your security settings to protect yourself from what researchers at Google’s Project Zero are calling a “low complexity hack” affecting Transmission and other popular BitTorrent clients. The flaw could leave your computer vulnerable to control by malicious hackers, but you can...
Read More
A group of Princeton and Purdue researchers has shown that it’s possible to mount a denial-of-service (DoS) attack against hard disk drives via acoustic signals. Threat severity Hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their increased reliability, fault tolerance, storage capacity, and so on. “These technological advances in HDDs, along with the ever-increasing need for storing the...
Read More
OnePlus has confirmed that its systems have been breached, following reports of credit card fraud from customers who bought a phone from the company. The phone maker sent an email to customers Friday, saying customers’ credit card numbers, expiry dates, and security codes “may have been compromised.” The email, posted by Peter Smallbone on Twitter, said: “As soon as we were made aware of the attack, we...
Read More
The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid switches and public water systems; monitor road traffic in real-time to optimize city...
Read More
We uncovered a total of 53 apps on Google Play that can steal Facebook accounts and surreptitiously push ads. Many of these apps, which were published as early as April 2017, seemed to have been put out on Google Play in a wave. Detected by Trend Micro as ANDROIDOS_GHOSTTEAM, many of the samples we analyzed are in Vietnamese, including their descriptions on Google Play. Their...
Read More
