Hackers targeting Torrent sites

There has been a surge of hacks targeting torrent users by posting fake ads on popular peer-to-peer file sharing sites that direct victims to websites infected with exploit kits able to install information-stealing malware and ransomware on their computers.

Torrents are a common source of malware and viruses since the very nature of peer to peer file sharing means that the files you are downloading can come from anyone and anywhere. As a general rule you should not install torrent clients, and only download files from known, reputable sources.

If you insist on using torrents, you should assume that the computer you are using will be hacked and don’t use it for activities like banking or accessing your email. If possible keep it on a separate network by setting up a guest WiFi network that doesn’t have access to the rest of your network.

 

What you should do

Take the following measures to protect your systems from this attack:

  1. Inform your staff that hackers are targeting Torrent users and that accessing file sharing sites is prohibited
  2. Prohibit the use of peer-to-peer file sharing clients like uTorrent on computers connected to your network
  3. Ensure that all computers have the latest operating system and browser patches installed
  4. Consider using a reputable ad-blocker

To receive important cybersecurity updates on the latest threats with tips on how to stay safe click on this button to follow us on LinkedIn or join our critical updates mailing list at My Security Console.

The implications of PIPEDA for small business

By Dom Chorafakis, CISSP

November 27, 2018

DISCLAIMER

Information contained in this post is intended as general information only. It is not, nor should be construed as legal advice and should not be relied upon as such. If you need legal advice, please contact an attorney directly.

Personal Information Protection and Electronic Documents Act (PIPEDA)

It has been almost a month since the new PIPEDA rules regarding mandatory breach reporting in Canada came into effect and many clients still have questions around what it means for their business. In this post we’ll explore some of the key highlights of the legislation and provide links back to the relevant sections of the Office of the Privacy Commissioner of Canada (OPC) website you can use to get more information.

Perhaps the most common question that comes up is whether the rules apply to a small business that only has one or two employees. The short answer is yes, they do. The rules do not provide for any exemptions based on number of employees or revenue. There are however certain types of organizations to which the rules may not apply as per the PIPEDA brief available at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/ [1]:

Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:

  • not-for-profit and charity groups
  • political parties and associations” [1]

So if you own a business that is not a charity, political party or association, then the rules definitely apply to you. Note however that even those organizations may need to comply with the rules if “they are engaging in commercial activities that are not central to their mandate” [1]. For example, if an association sells its member list data for marketing purposes, PIPEDA would apply.

As mentioned in the brief, “PIPEDA applies to the collection, use or disclosure of personal information in the course of a commercial activity. A commercial activity is defined as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fund-raising lists.” [1]

The personal information that is protected under PIPEDA includes anything that is recorded about an identifiable individual. According the brief, “This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).” [1]

The Act defines 10 fair information principles that businesses must follow with regards to personal information:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

There are a number of clauses in the Act (which is available online at http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html [2]) that are relevant from a cybersecurity perspective. For example, the Act states that “Organizations shall implement policies and practices to give effect to the principles, including

(a) implementing procedures to protect personal information;

(b) establishing procedures to receive and respond to complaints and inquiries;

(c) training staff and communicating to staff information about the organization’s policies and practices; and

(d) developing information to explain the organization’s policies and procedures.” [2]

Furthermore, the Act states that “The methods of protection should include

(a) physical measures, for example, locked filing cabinets and restricted access to offices;

(b) organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and

(c) technological measures, for example, the use of passwords and encryption.

Not only does the act require businesses to use appropriate administrative and technological safeguards to protect personal information, it also stipulates that any breaches of these safeguards that expose this personal information must be reported to the OPC. Organizations who fail to report such a breach may be liable for a fine of up to $100,000. According to the Act, “An organization shall report to the Commissioner any breach of security safeguards involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.

[…] significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.” [2].

The OPC provides a privacy toolkit for business at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/ to help comply with the Act and its principles.

Cybersecurity Essentials

By Dom Chorafakis, CISSP

June 21, 2017

The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.

Cryptojacking

With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.

Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.

Malvertising

In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.

People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.

Email compromise

While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector.  From account compromise and phishing attacks to malicious attachments,  email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.

The long game

Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.

1. Identify your assets

It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.

2. Identify threats and risks

Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.

3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.

4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.

5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.

Where to go from here

There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.

 

 

 

RSS Cisco Talos Blog

  • Beers with Talos Ep. #45: SoHo attacks, IoT devices, and the cesspool setting January 22, 2019
    Beers with Talos (BWT) Podcast Ep. #45 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Ep. #45 show notes: Recorded Jan. 18, 2019We have an extended roundtable today (even more than usual) because we accidentally discussed some relevant security topics in the meantime. Eventually, we […]
  • Beers with Talos EP44: Fun with 2018’s Worst and Talks We Want to Hear January 22, 2019
    Beers with Talos (BWT) Podcast Ep. #44 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Ep. #44 show notes: Recorded Jan. 7, 2019Most of the episode (after an extended roundtable — we all had a lot to get out after time off), we look back […]
  • Threat Roundup for Jan. 11 to Jan. 18 January 18, 2019
    Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 11 and Jan. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
  • Cisco Talos' new reputation dispute system January 18, 2019
    We know users have been waiting for this feature for a while, and we are here to say: It’s ready.  Cisco Talos’ new reputation system rolled out Jan. 14 on TalosIntelligence.com. We have been working on this change since the rollout was initially announced this past summer.Starting today, all users who wish to file a […]
  • Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities January 18, 2019
    Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos.IntroductionTP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure that a patch was available. Now that a fix is out there, we want to take […]
  • What we learned by unpacking a recent wave of Imminent RAT infections using AMP January 17, 2019
    This blog post was authored by Chris MarczewskiCisco Talos has been tracking a series of Imminent RAT infections for the past two months following reported data from Cisco Advanced Malware Protection's (AMP) Exploit Prevention engine. AMP successfully stopped the malware before it was able to infect the host, but an initial analysis showed a strong […]
  • Beers with Talos EP 43: Espionage, Encryption, and CISO Square One January 17, 2019
    Beers with Talos (BWT) Podcast Ep. #43 is now available. Download this episode and subscribe to Beers with Talos:If iTunes and Google Play aren't your thing, click here.Ep. #43 show notes: Recorded Dec. 7, 2018.Several of us are under the weather, but the show must go on. We did our best, as always. After running through some […]
  • Dynamic Data Resolver (DDR) - IDA Plugin January 16, 2019
    This blog post was authored by Holger UnterbrinkExecutive SummaryStatic reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect […]
  • Emotet re-emerges after the holidays January 15, 2019
    While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have been observed following a period of […]
  • Pylocky Unlocked: Cisco Talos releases PyLocky ransomware decryptor January 10, 2019
    This tool was developed by Mike Bautista.PyLocky is a family of ransomware written in Python that attempts to masquerade as a Locky variant. This ransomware will encrypt all files on a victim machine before demanding that the user pay a ransom to gain access to their decrypted files. To combat this ransomware, Cisco Talos is […]

RSS Dark Reading

  • Google Creates Online Phishing Quiz January 23, 2019
    Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
    Dark Reading Staff
  • Cybercriminals Home in on Ultra-High Net Worth Individuals January 23, 2019
    Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
    Steve Zurier Freelance Writer
  • Think Twice Before Paying a Ransom January 23, 2019
    Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
    Jadee Hanson CISO and VP of Information Systems at Code42
  • Enterprise Malware Detections Up 79% as Attackers Refocus January 23, 2019
    A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
    Kelly Sheridan Staff Editor, Dark Reading
  • Stealthy New DDoS Attacks Target Internet Service Providers January 22, 2019
    Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
    Jai Vijayan Freelance writer
  • Hack of Plug-in Website Ruffles WordPress Community January 22, 2019
    An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.
    Curtis Franklin Jr. Senior Editor at Dark Reading
  • The Fact and Fiction of Homomorphic Encryption January 22, 2019
    The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
    Ameesh Divatia Co-Founder & CEO of Baffle
  • Real-World Threats That Trump Spectre & Meltdown January 22, 2019
    New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
    Curtis Franklin Jr. Senior Editor at Dark Reading
  • How Cybercriminals Clean Their Dirty Money January 22, 2019
    By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
    Alexon Bell Global Head of AML & Compliance, Quantexa
  • Google Hit With $57 Million GDPR Fine in France January 21, 2019
    The fine represents the first major penalty for a US technology company under the new European regulations.
    Dark Reading Staff

RSS CISO Online

  • Hijacked Nest camera blares warning about North Korean missiles headed to U.S. January 23, 2019
    Imagine watching a football game on TV when your Sunday afternoon is ruined by a detailed warning being blasted out about “three North Korean intercontinental ballistic missiles headed to Los Angeles, Chicago and Ohio.” Except the emergency warning did not affect the TV – the football game kept going, CNN and other news station didn’t […]
  • IDG Contributor Network: Conspiracy theories and cognitive dissonance…and how to combat them January 23, 2019
    Conspiracy theories have become incredibly popular with the ascendance of the  internet and social media. They attract the disenfranchised and those who can’t understand this rapidly changing world. They do so by providing communities to others that validate their feelings, and provide answers, no matter how untrue. This leads to cognitive dissonance, or the refusal […]
  • Why one of America’s top experts is hopeful for better election security January 23, 2019
    In the aftermath of the 2016 presidential election, election security quickly became one of the hottest political and cybersecurity research topics. The growing unease that foreign and other adversaries might meddle in our digital voting infrastructure gave way to a growing chorus among some experts to disband digital voting technology altogether and revert to paper […]
  • Center for Internet Security releases Microsoft 365 benchmarks January 23, 2019
    The Center for Internet Security (CIS) is a non-profit organization that puts forth security benchmarks and checklists. Recently as noted in the Microsoft Secure blog, CIS released its CIS Microsoft 365 Foundations Benchmark version 1.0.0. It includes two levels of instructions that allow you to choose if you want “light” security or “heavy” security.To read […]
  • IDG Contributor Network: China owns half of all VPN services January 22, 2019
    While browsing the internet, you'll come across advertisements for different companies offering a virtual private network (VPN) solution. VPNs are widely considered to be a smart tool to use online, especially in the age of rampant data breaches and threats to individual digital privacy.But how do you know what differentiates one VPN provider from another? […]
  • The clean desk test January 22, 2019
    Most workspaces hold sensitive documents and information that you don't want to get into the wrong hands. A little care and a few good habits can go a long way toward keeping everything secure.Here are 10 things to tidy up.Open computer When you leave your desk, do you lock your computer to ensure no one […]
  • 12 famous passwords used through the ages January 22, 2019
    Passwords — we all have a million of them in our lives. Like them or not, you can't escape having to use them for just about everything these days, from unlocking your mobile phone to accessing your bank account online to streaming a movie on Netflix. While the prevalence of passwords has greatly increased thanks […]
  • Data from smartwatch provided ‘key evidence’ against hitman January 22, 2019
    Police have turned to using stored data from devices to help solve crimes, such as when the cops used pacemaker data to catch a perp. This time, though, the cops relied on data from a device that a hitman could have removed: a smart watch.Mark Fellows, who was also an avid runner and cyclist, was […]
  • IDG Contributor Network: The politics of ‘Have I Been Pwned’ January 22, 2019
    Last week a new data leak dubbed “Collection 1” appeared online, exposing 773 million hacked email accounts and their credentials. The leak was reported by security researcher Troy Hunt and subsequently picked up by major news outlets across the globe.Understandably, a breach of this size is a cause for alarm. Digging deeper, however, one finds […]
  • Review: GreatHorn offers a better way to secure enterprise email January 22, 2019
    Email is probably the most ubiquitous technology of the modern office. Businesses and simply could not exist in their current form without it. And this is true regardless of the size of an organization or their specialization. If an enterprise network exists, then there will certainly be an email component.To read this article in full, […]

RSS Krebs On Security

  • Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com January 23, 2019
    Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the world's largest domain name […]
    BrianKrebs
  • 773M Password ‘Megabreach’ is Years Old January 17, 2019
    My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of […]
    BrianKrebs
  • “Stole $24 Million But Still Can’t Keep a Friend” January 16, 2019
    Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged victims, paints a chilling picture of a man addicted […]
    BrianKrebs
  • Courts Hand Down Hard Jail Time for DDoS January 14, 2019
    Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. […]
    BrianKrebs
  • Secret Service: Theft Rings Turn to Fuze Cards January 10, 2019
    Street thieves who specialize in cashing out stolen credit and debit cards increasingly are hedging their chances of getting caught carrying multiple counterfeit cards by relying on Fuze Cards, a smartcard technology that allows users to store dozens of cards on a single device, the U.S. Secret Service warns.
    BrianKrebs
  • Patch Tuesday, January 2019 Edition January 9, 2019
    Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in […]
    BrianKrebs
  • Dirt-Cheap, Legit, Windows Software: Pick Two January 8, 2019
    Buying heavily discounted, popular software from second-hand sources online has always been something of an iffy security proposition. But purchasing steeply discounted licenses for cloud-based subscription products like recent versions of Microsoft Office can be an extremely risky transaction, mainly because you may not have full control over who has access to your data.
    BrianKrebs
  • Apple Phone Phishing Scams Getting Better January 3, 2019
    A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display's Apple's logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests […]
    BrianKrebs
  • Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack January 2, 2019
    Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.
    BrianKrebs
  • Happy 9th Birthday, KrebsOnSecurity! December 29, 2018
    Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts, but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 […]
    BrianKrebs

RSS The Hacker News

  • Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X January 23, 2019
    Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims' iPhoneX running iOS 12.1.2 and before […]
  • Someone Hacked PHP PEAR Site and Replaced the Official Package Manager January 23, 2019
    Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package […]
  • Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems January 23, 2019
    Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get […]
  • DHS Orders U.S. Federal Agencies to Audit DNS Security for Their Domains January 23, 2019
    The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, […]
  • Google fined $57 million by France for lack of transparency and consent January 21, 2019
    The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding […]
  • New malware found using Google Drive as its command-and-control server January 21, 2019
    Since most security tools also keep an eye on the network traffic to detect malicious IP addresses, attackers are increasingly adopting infrastructure of legitimate services in their attacks to hide their malicious activities. Cybersecurity researchers have now spotted a new malware attack campaign linked to the notorious DarkHydrus APT group that uses Google Drive as […]
  • Alleged Russian Hacker Pleads Not Guilty After Extradition to United States January 21, 2019
    A Russian hacker indicted by a United States court for his involvement in online ad fraud schemes that defrauded multiple American companies out of tens of millions of dollars pleaded not guilty on Friday in a courtroom in Brooklyn, New York. Aleksandr Zhukov, 38, was arrested in November last year by Bulgarian authorities after the […]
  • New Android Malware Apps Use Motion Sensor to Evade Detection January 18, 2019
    Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware […]
  • A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years January 18, 2019
    Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook. When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your […]
  • Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks January 17, 2019
    Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 […]