by CIRT Team
Someone Published a List of Telnet Credentials for IoT Devices [source : bleepingcomputer]
A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons. The list — spotted by Ankit Anubhav, a security researcher with New Sky Security — includes an IP address, device username, and a password, and is mainly made up of default device...
Read More
by CIRT Team
Hackable flaw in connected cars is ‘unpatchable’, warn researchers [source: nakedsecurity]
The news for the motoring public was bad enough a few weeks ago: a team of researchers had demonstrated yet another hackable flaw in connected vehicles – in the Controller Area Network (CAN) bus standard – that could enable a Denial of Service (DoS) attack on safety systems including brakes, airbags and power steering. Kind of a big deal, since the CAN is essentially the brain of...
Read More
by CIRT Team
NIST’s new password rules – what you need to know [source: nakedsecurity]
It’s no secret. We’re really bad at passwords. Nevertheless, they aren’t going away any time soon. With so many websites and online applications requiring us to create accounts and think up passwords in a hurry, it’s no wonder so many of us struggle to follow the advice of so-called password security experts. At the same time, the computing power available for password cracking just gets...
Read More
by CIRT Team
New EMPTY CryptoMix Ransomware Variant Released [source: bleepingcomputer]
MalwareHunterTeam has discovered a new variant of the CryptoMix ransomware that is appending the .EMPTY extension to encrypted file names. Considering that the previous variant used ERROR as the previous extension and now uses empty, it is clear that the developers are running out of ideas for extensions. This article will provide a brief summary of what has changed in this new variant. For more detail, click here.
by CIRT Team
Mobile malware factories: Android apps for creating ransomware [source: symantec]
Having little to no coding experience is no longer a problem for wannabe mobile malware authors, thanks to Trojan Development Kits (TDKs). Criminals can now install an app that will allow them to quickly and easily create Android ransomware with their own devices. It should be noted that the use of TDKs is different from malware being created using the Android integrated development environment (AIDE)....
Read More
by CIRT Team
Malicous Chrome Extensions Stealing Roblox In-Game Currency [source: trendmicro]
Recently, we discussed how cyber criminals are using the popular voice/chat client Discord to steal cookies from the running Roblox process on a Windows PC. Since then, we’ve noticed another attack going after the same information, only this time it is via Chrome extensions (CRX files). While currently it is targeting only Roblox users, the same technique can be used to steal cookies from any website. The...
Read More
by CIRT Team
Malware rains on Google’s Android Oreo parade [source: nakedsecurity]
Google has had an exciting summer, for good and bad reasons. The good news: Google just officially launched the eighth version of its operating system, Android Oreo, with enhancements for battery life and security. Last month, it also began rolling out a new feature called Google Play Protect, designed to scan apps that could cause harm to your Android device and data. The bad news: at least five different...
Read More
by CIRT Team
Google Play Store Security Scans Tricked [source: bleepingcomputer]
Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store. The apps are named “Earn Real Money Gift Cards” — an app for winning gift cards by installing other apps on your phone — and “Bubble Shooter Wild Life” — a mobile game. Both apps were developed and recently uploaded on...
Read More
by CIRT Team
What are the risks of allowing people to use their smartphone at the bank? [source : welivesecurity]
From time to time, our readers raise questions or issues related to topics that concern, or simply interest them. One such issue was brought up recently by a Twitter user, who asked us: “Do you have any posts discussing the risk to banks when people use their cell phone inside them, ignoring the security guards?” We think this is a very interesting question and one...
Read More
by CIRT Team
USB connections less secure than has been thought [homelandsecuritynewswire]
USB connections, the most common interface used globally to connect external devices to computers, are vulnerable to information “leakage,” making them even less secure than has been thought. Researchers tested more than 50 different computers and external USB hubs and found that over 90 percent of them leaked information to an external USB device.