Gold Galleon hackers target maritime shipping industry

Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis. On Wednesday, security experts from the Secureworks Counter Threat Unit (CTU) said that the previously unidentified “Gold Galleon” threat group specializes in business email compromise (BEC) and business email spoofing (BES) […]

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices

An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it. The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference […]

TaskRabbit Takes Down App and Website After Getting Hacked

TaskRabbit, a web-based service that connects freelance handymen with clients in various local US markets, has emailed customers admitting it suffered a security breach. The company has taken down its app and website while law enforcement and a private cyber-security firm are investigating the incident. Read about the hacking incident at IKEA’s TaskRabbit Bleeping Computer.

Cyber-Security Attacks Already Happening in Business Aviation

While the commercial aviation industry is struggling to even acknowledge threats to cybersecurity, the business aviation industry has already experienced attacks, according to Josh Wheeler, Satcom Direct director, entry into service. “The attacks are happening while the aircraft is airborne,” Wheeler explained. “The attacks, just like the ones that corporations like Walmart have experienced, are most likely coming […]

PowerHammer lets hackers steal data from air-gapped computers through power lines

Researchers at the Ben-Gurion University of the Negev (BGU) have identified a method to exfiltrate data from computers using a combination of malware and a hardware implant to monitor the signal being transmitted through the power lines. The method—which the authors dubbed PowerHammer in a report—is yet another attack against so-called air-gapped computers, which are physically and logically […]

Cisco security: Russia, Iran switches hit by attackers who leave US flag on screens

Hackers on Friday attacked vulnerable Cisco switches at data centers in Russia and Iran, leaving an image of the US flag and the message: “Don’t mess with our elections”. Cisco last month released a patch for a critical vulnerability affecting Smart Install software. However, the Friday attacks exploited a Smart Install “protocol misuse” issue that […]

Iran ‘the New China’ as a Pervasive Nation-State Hacking Threat

Of the four new advanced persistent threat (APT) groups christened by FireEye last year, three were out of Iran. Mandiant, the incident response services arm of FireEye, witnessed a major increase in nation-state hacking activity by Iranian attackers in 2017, especially on the cyber espionage side of things. Iranian groups now are maintaining and keeping […]

Under Armour says 150 million MyFitnessPal accounts hit by data breach

Under Armour has revealed that its MyFitnessPal app has been hacked. The fitness apparel company learned that data on 150 million accounts for the site and app were breached earlier this week, a statement said. “The investigation indicates that the affected information included usernames, email addresses, and hashed passwords — the majority with the hashing function […]

Total Meltdown: How Microsoft’s Meltdown patch created an even bigger flaw for hackers

A vulnerability introduced in Windows 7 by Microsoft as part of their attempts to patch the much-publicized Meltdown vulnerability was recently disclosed by Swedish security researcher Ulf Frisk in a blog post. In contrast to Meltdown, which was measured by the original researchers as being able to read kernel memory at around 120 KB/s, the newly-disclosed “Total Meltdown” vulnerability […]

Baltimore’s 911 dispatch hacked, CAD system down for 17 hours

Baltimore’s 911 dispatch system was hacked over the weekend. The Baltimore Sun reported that the attack affected the Computer Aided Dispatch (CAD) system, and 911 and 311 calls “were temporarily transitioned to manual mode.” What that means, according to Frank Johnson, CIO in the Mayor’s Office of Information Technology, is that “instead of details of incoming […]