Thursday , 21 June 2018
Home » NEWS (page 3)

NEWS

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG’s signature verification routine, meaning an attacker can spoof file signatures on configuration files and extension scripts (Brinkmann has ... Read More »

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives

Apple’s macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. The problem is that these cached thumbnails are stored on non-encrypted hard drives, in a known location and can be easily retrieved by malware or forensics tools, ... Read More »

Not so private eye: Got an Axis network cam? You’ll need to patch it, unless you like hackers

Researchers have detailed a string of vulnerabilities that, when exploited in combination, would allow for hundreds of models of internet-linked surveillance cameras to be remotely hijacked. Security biz VDOO said today it privately alerted cam-maker Axis Communications to the seven bugs it found in its gizmos, leading to the manufacturer issuing firmware updates for roughly 400 models of connected surveillance cameras that ... Read More »

This sneaky Windows malware delivers adware – and takes screenshots of your desktop

A newly uncovered form of stealthy and persistent malware is distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines’ desktops. Discovered by researchers at Bitdefender, the malware has been named Zacinlo after the name of the final payload that’s delivered by the campaign which first appeared in 2012. The vast majority of Zacinlo ... Read More »

75% of Malware Uploaded on “No-Distribute” Scanners Is Unknown to Researchers

Three-quarters of malware samples uploaded to “no-distribute scanners” are never shared on “multiscanners” like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for ... Read More »

Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans

A woman has fessed up to using people’s personal information, leaked online from the US government’s Office of Personnel Management mega-hack, to take out loans and open bank accounts. Karvia Cross, 39, of Bowie, Maryland, USA, pleaded guilty on Monday in the eastern district of Virginia to one count of identity theft and conspiracy to commit bank fraud. She faces anywhere from ... Read More »

Ex-CIA employee charged with leaking ‘Vault 7’ hacking tools to Wikileaks

A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency’s history.Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 charges of allegedly stealing and ... Read More »

Cyber Security: New scheme aims to bring more women into the industry

The chronic shortage of women in the cyber security is starting to being addressed with a new training scheme devised by Protection Group International (PGI), supported by Hawker Chase, a specialist cyber recruitment consultant. The cyber gap, the difference between the demand for cyber security professionals and their supply, is projected to reach 1.8million by 2022, with women currently only make ... Read More »

Apple fixed firmware vulnerability found by Positive Technologies

The vulnerability allowed exploiting a critical flaw in Intel Management Engine and still can be present in equipment of vendors that use Intel processors Apple released an update for macOS High Sierra 10.13.4, which fixes the firmware vulnerability CVE-2018-4251 found by Positive Technologies experts Maxim Goryachy and Mark Ermolov. For more details, see Apple Support. Maxim Goryachy notes: “The vulnerability ... Read More »

Only 26% of researched security vulnerabilities are resolved

New analysis from NCC Group has revealed that only 26% of vulnerabilities discovered over the last nine years by its research team are likely to have been fixed. For the first time, the global cyber security and risk mitigation expert analysed nine years of vulnerabilities discovered by its researchers. Of these, just 289 were classed as “closed”, meaning they were ... Read More »