ZipperDown Vulnerability Could Hit 10% of iOS Apps

A newly announced vulnerability in iOS (and, just maybe, Android) could be an avenue for exploitation through misbehaving apps. The vulnerability, named “ZipperDown” by Pangu Lab, is described as a “common programming error” by the researchers — so common, in fact, that the team estimates 15,978 out of 168,951 iOS apps (or nearly 10% of the […]

New BIND Vulnerabilities Threaten DNS Availability

One of the most common pieces of software for implementing a Domain Name System (DNS) server — BIND — has just become the subject of security advisories from the Internet Systems Consortium and a related notice from DHS. The advisories cite two new vulnerabilities in BIND. Both describe a scenario in which one of the […]

Spectre chip security vulnerability strikes again; patches incoming

After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake. Since the CPU vulnerabilities Spectre and Meltdown showed an entirely new way to attack systems, security experts knew it was only a matter of time until new assault methods would be found. They’ve been found. Jann Horn, a Google Project Zero security researcher, discovered […]

North Korean Defectors Targeted with Malicious Apps on Google Play

A new form of mobile malware in the Google Play app store was found targeting North Korean defectors and journalists. McAfee researchers believe the Sun Team hacking group is responsible for the attacks, which McAfee has dubbed RedDawn. This is the second attack McAfee has seen from Sun Team this year. Back in January, McAfee’s […]

The operations and economics of organized criminal email groups

Nine of the 10 captured organized criminal email groups operate out of Nigeria, they all leverage a multitude of attack methods, and business email compromise (BEC) is far more lucrative than any other attack, according to Agari. “While much of the high-profile attention paid to email security has focused on nation state actors, the reality is that American businesses […]

Malware campaign expands to add cryptocurrency mining and iOS phishing attacks

A rapidly evolving information-stealing malware campaign has added iOS device phishing and cryptocurrency mining to its arsenal, having previously just focused on Android targets. Dubbed Roaming Mantis, the initial attacks mostly targeted South East Asia, but now the malware has been updated with the capability to specifically target users across Europe and the Middle East. Those […]

Phone tracking service LocationSmart exposed API, allowing anyone to track you

An unsecured product demo on the web site of phone geolocation firm LocationSmart allowed any user to look up the location of any arbitrary mobile phone number without needing to supply a password or any other credentials, according a report by veteran security reporter Brian Krebs. Under intended operation, the LocationSmart product demo requires prospective customers to […]

Ex-Intel security expert: This new Spectre attack can even reveal firmware secrets

Yuriy Bulygin, the former head of Intel’s advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). Spectre and Meltdown vulnerabilities enable software attacks using CPU design flaws common to Intel, AMD, and Arm […]

The ethical and legal dilemmas of threat researchers

Threat intelligence is mainstreaming into a de-facto everyday tool of cyber-defense. But all that intelligence must be collected, analyzed, and prepared by someone. Enter threat researchers, the advanced scouts of cybersecurity. They are becoming more numerous and conspicuous as more intelligence on illicit hacker activity is demanded. Threat researchers trawl through the dark web, pick apart […]

Mirai botnet adds three new attacks to target IoT devices

A new variant of the Mirai botnet has added at least three exploits to its arsenal, which enable it to target additional IoT devices, including routers and DVRs. The new version of Mirai – a powerful cyberattack tool which took down large swathes of the internet across the US and Europe in late-2016 – has been uncovered by researchers […]