Cyber Security Alerts

Apple iMessage Flaw Allows Remote Attackers to Read iPhone Messages

Remote exploitation can be achieved with no user interaction. Five bugs in Apple’s iMessage service for the iPhone have been uncovered that require no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. First discovered by Google Project Zero security researcher Natalie Silvanovich, Apple has fully […]

Unique Monokle Android Spyware Self-Signs Certificates

Researchers have linked the surveillance tool to a Russian tech firm that has been sanctioned for interfering with the 2016 U.S. presidential election. A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan (RAT) for Android called Monokle, has been spotted using novel techniques to exfiltrate data. According to the Lookout researchers who discovered […]

Protecting Against Ransomware Attacks: A Checklist

In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves. Sometimes all it takes is a malicious email to infect an entire municipality with ransomware, freezing important city systems from water utilities or websites. That was the case with the […]

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal. A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University […]

Large-Scale Government Hacks Hit Russia, Bulgaria

The Bulgarian attack impacted almost all tax information for the entire country. A pair of notable hacks on government targets have come to light: One, an attack affecting nearly the entire country of Bulgaria; and two, a hack of Russia’s main security agency (FSB) that represents the largest data heist ever experienced there. In Bulgaria, […]

Amazon Alexa, Google Home On Collision Course With Regulation

Threatpost talks to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants? Voice assistants are growing rapidly in popularity — but at the same time, the privacy concerns and security issues with popular home assistant devices like Amazon Echo […]

Tap ‘n Ghost Attack Creatively Targets Android Devices

Researchers use malicious NFC tags and booby-trapped physical surfaces to connect Android devices to malicious wireless networks. Researchers have created a novel proof-of-concept (PoC) attack named Tap ‘n Ghost, which targets Near Field Communication (NFC)-enabled Android smartphones. This allows an attacker to take control of a target phone simply by tricking the victim into placing […]

Hacked Hair Straighteners Can Threaten Homes

A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation. Researchers have found a way to successfully hack connected hair straighteners to turn them on and increase the heating element up to its maximum temperature—causing a serious fire hazard for unsuspecting owners. Pen Test Partners decided […]

1,300 Popular Android Apps Access Data Without Proper Permissions

Study finds Android apps circumvented privacy opt-in rules and collected sensitive user information against user permission. Over 1,300 popular Android apps defy user permissions and gather sensitive data with no consent, according to a study by a coalition of academics from the International Computer Science Institute. The report examined popular mobile apps available through the […]

Why Cities Are a Low-Hanging Fruit For Ransomware

In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack. Ransomware attacks against local governments and cities are repeatedly making headlines, with crippling results on city operations and budgets. Last month, the Florida city of […]