Cisco patches critical flaws in DNA Center and Prime Infrastructure
by Filip TRUTA, from HotForSecurity , on 05.10.2018
Networking giant Cisco has released patches for several of its products, warning that the updates are for critical bugs found during internal testing. Labeled CVE-2018-15379, a vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. An insecure default [and#8230;] read more
Tech companies unite against Australia’s encrypted data demands
by Luana PASCU, from HotForSecurity , on 04.10.2018
The US is not the only country asking tech giants to allow access to encrypted customer data for fear of terror attacks. In the following weeks, Australia’s parliament will cast votes on proposed data encryption legislation that requires companies give access to user data if under suspicion of terrorism or illegal activities. Should they refuse [and#8230;] read more
Canada advances cybersecurity strategy to fend off nation-state attacks
by Luana PASCU, from HotForSecurity , on 04.10.2018
Cybercrime is the biggest threat at this very moment, not just for businesses and consumers, but also for government networks. A number of countries are looking to enforcing stronger cybersecurity mechanisms while some have even looked at forcing tech companies to allow access to customer data. Canada is one of the countries that take cybersecurity [and#8230;] read more
Hacker Defacing 11,000 US Websites Faces 10 Years behind Bars
by Liviu ARSENE, from HotForSecurity , on 03.10.2018
Pleading guilty for two felony counts of computer fraud, Billy Ribeiro Anderson, also known as ’Anderson Albuquerque‘ and ’AlfabetoVirtual,’ now faces up to 10 years in prison, according to US prosecutors. Defacing more than 11,000 US websites, 41-year-old Anderson was accused of hacking into military, government and various business websites, and posting political messages pertaining [and#8230;] read more
Ransomware operators breach 40.000+ records from Fetal Diagnostic Institute of the Pacific
by Filip TRUTA, from HotForSecurity , on 03.10.2018
The successful SamSam ransomware campaign targeting hospitals and clinics across the United States in the last year is breathing new life into hungry ransomware operators. The Fetal Diagnostic Institute of the Pacific based in Honolulu, Hawaii is the latest victim in this ongoing play. On June 30, FDIP reportedly learned it had fallen victim to [and#8230;] read more
Even with the latest iOS 12 update, your iPhone’s lockscreen is unsafe
by Graham CLULEY, from HotForSecurity , on 02.10.2018
Once again, a way of bypassing the iPhoneand#8217;s passcode lock to expose usersand#8217; photos and contacts has been discovered. Jose Rodriguez, who has uncovered vulnerabilities in iOSand#8217;s lock screen security on a number of occasions in the past, has produced a video demonstrating an (admittedly convoluted) way of accessing information on locked iOS devices that [and#8230;] read more
Researchers use Android password managers to make phishing attacks more practical
by Filip TRUTA, from HotForSecurity , on 02.10.2018
Password managers promise not only to make life easy, but also to keep your login information safe from prying eyes. Yet one team of researchers has discovered that someone with bad intentions can take advantage of mobile password managers to gain unauthorized access to their accounts. Simone Aonzo, Alessio Merlo, and Giulio Tavella from the [and#8230;] read more
Fruitfly Mac malware creator used it to spy on minors; FBI discloses technique
by Luana PASCU, from HotForSecurity , on 02.10.2018
Mac fans have been overconfident for way too long in their device’s security, thinking no malicious software targets Apple products. They were proven wrong when Fruitfly Mac spyware was revealed in 2017. The FBI has finally shed some light on the famous Fruitfly Mac malware. It seems, 15 years ago, a 28-year-old from Ohio, who [and#8230;] read more
Scammers Target Google Chrome Extension Developers
by Liviu ARSENE, from HotForSecurity , on 01.10.2018
A recent phishing campaign targeting Chrome extension developers aims to trick them into giving away usernames and passwords that hackers can use to tamper with legitimate extensions. In an attempt to collect developers’ Google account passwords, hackers have been emailing Chrome extension developers using an alleged Google employee email address. Posing as Kevin Murphy (dev-support@webstoredevsupport[.]com), [and#8230;] read more
Telegram not really anonymous? Researcher reports bug that leaks IP addresses
by Luana PASCU, from HotForSecurity , on 01.10.2018
Encrypted messaging app Telegram is dealing with a major anonymity fail possibly affecting their brand reputation and customer trust. Last week, security researcher Dhiraj Mishra detected some vulnerabilities in the Telegram desktop application and Telegram for Windows that leaked both public and private IP addresses online during voice calls, revealing user location. Telegram normally asks [and#8230;] read more
