News

Cyber-criminal groups are using Google Translate to hide the real domain of their phishing sites, security researchers have discovered. Phishing emails that use this technique have already been spotted in the wild. The trick isn't complex at all. The idea is that phishing groups send their normal phishing emails, but instead of linking directly to their phishing page's domain, they pass the phishing page URL through Google Translate and use the newly generated Google Translate...

Google has uncovered a new method to hack Android smartphones using malicious PNG files. The problem was disclosed this week in Google's Android security bulletin. A serious flaw in the operating system's framework can let a remote attacker execute computer code on an Android device by using a "specially crafted PNG file," the notice said. Source: PC Mag UK

The latest quarterly report on Australia's Notifiable Data Breaches (NDB) scheme has revealed around 269,621 separate cases of individuals having their personal information impacted as a result of a human error. The report says that during the period covering October 1, through to December 31, 2018, 262 notifications of data breaches were received by the Office of the Australian Information Commissioner (OAIC), with 85 being put down to human error. Source: ZDNet

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission. You can assume that most apps are collecting data on you. Some even https://techcrunch.com/2018/09/07/a-dozen-popular-iphone-apps-caught-quietly-sending-user-locations-to-monetization-firms/ without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make...

Hackers have compromised the GitHub account of the Denarius cryptocurrency project lead and have backdoored the Windows client with the AZORult infostealer malware. The compromised Denarius cryptocurrency client --which node operators run on their servers to support the Denarius blockchain-- was spotted earlier today by a security researcher named Misterch0c. Source: ZDNet

A proposed $3.1 million settlement has been reached in a data breach class action lawsuit against Community Health Systems stemming from a 2014 cyberattack that affected 4.5 million individuals. The settlement awaits final approval by a federal court in Alabama, which will hold a hearing on the matter in August, according to a statement on the settlement's claims administrator website. Source: Bank Info Security

Google has rolled out two new tools to help the password-challenged beef up their security game. The first is a Chrome extension called Password Checkup that can identify if you’re using a password that’s been exposed in a third-party data breach. The second is a feature called Cross Account Protection, which helps protect apps you’ve signed into with your Google account. Source: Gizmodo

More and more mobiles are coming pre-installed with malware from the factory. Forty-two low-cost smartphone models had the Triada Banking Trojan. Meanwhile, millions of devices from a variety of manufacturers like Huawei, Xiaomi, Vivo, and Samsung had RottenSys, mobile adware disguised as a secure Wi-Fi service, already on their devices. Source: Brian Madden

The GandCrab ransomware TOR site allows shady data recovery companies to hide the actual ransom cost from victims and it is currently being disseminated through a large assortment of distribution channels according to a Codeware report. Partnering with recovery firms who frequently access GandCrab's TOR site is an https://www.coveware.com/blog/2018/10/10/gandcrab-ransomware-decryption-payment, with "discount" codes being provided to the most active ones, usable when processing future settlements. Source: Bleeping Computer

Two hacker groups are behind 60% of all publicly reported cryptocurrency exchange hacks and are believed to have stolen around $1 billion worth of cryptocurrency, according to a report published last week by blockchain analysis firm Chainalysis. "On average, the hacks we traced from the two prominent hacking groups stole $90 million per hack," said Chainalysis. Source: ZDNet