Cyber Bites

Group-IB researchers uncovered the malware that casts a wide net and is complete with fully automated features designed to steal both fiat and crypto currency from user accounts by leveraging a device’s Accessibility Service mode to bypass security bank features. Gustuff has the potential to target users of more than 100 banking apps and is equipped with phishing pages to designed to trick Android users surfing the apps of major banks, including Bank of America,...

Trend Micro researchers have been following a new type of a phishing campaign that utilizes the watering hole technique to acquire login credentials from victims. Given the name “Soula”, this new campaign was found to target popular South Korean websites that are among the top 300 most visited in the country, and thus are considered especially trustworthy by their visitors. The infection of the websites is done through the injection of a JavaScript code that...

Tweets have been circulating saying that you can trigger a cool new Twitter feature – colored tweets in a sort-of rainbow theme – simply by changing your birthday to 2007.Easter eggs have a bit of a cult following with programmers and technical users – Microsoft Excel famously included hidden games until the company’s Trustworthy Computing initiative rightfully banned the practice as being a likely source of risky bugs from improperly tested code.In this case, the...

The fear of being hacked was allegedly the hook used by Office Depot, its subsidiary OfficeMax and a California-based tech-support vendor to dupe customers into paying for computer repair and technical services they didn't need, according to the Federal Trade Commission.Although not admitting any wrongdoing, Office Depot and California-based Support.com have agreed to pay $35 million to settle the claim that they deceived customers into believing their computers were infected with malicious malware and vulnerable...

The government wants to probe into the sources of inciting and provocative messages and posts which have led to violence across the nation, incidents of lynching and various other controversial issues.In order to do so, it has proposed certain guidelines that would require Whatsapp to unveil information regarding the origins of messages.As doing so will contradict the end-to-end encryption WhatsApp provides, the company will oppose the proposed regulations. It will also be violating free speech...

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC).Its Status Report , released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto , which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned.One of the recommendations made by the committee...

U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.The Senate Cybersecurity Protection Act, S. 890, would allow the SAA — which is the one responsible for the Senate’s cybersecurity — to offer opt-in cybersecurity support which...

TP-Link's SR20 Smart Home Router is impacted by a zero-day arbitrary code execution (ACE) vulnerability which allows potential attackers on the same network to execute arbitrary commands as disclosed on Twitter by Google security developer Matthew Garrett.Garrett disclosed the ACE 0-day after TP-Link did not provide a response during the 90 days since his report and, as he explained in the Twitter thread, the zero-day stems from the fact that "TP-Link routers frequently run a...

Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities.Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of websites across the Internet with more than 250,000 merchants using the open source e-commerce platform. The flaw, which does not have a CVE ID but internally labeled "PRODSECBUG-2198," could allow remote hackers to steal sensitive information...

A former National Security Agency contractor—who stole an enormous amount of sensitive information from the agency and then stored it at his home and car for over two decades—today changed his plea to guilty.The theft was labeled as the largest heist of classified government material in America's history.Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, abused his top-secret security clearances to stole at least 50 terabytes of classified national defense data from...