Top 10 Stories

Two US security researchers have found vulnerabilities in smart car wash solutions sold by PDQ, a US-based vendor of Internet-connected car wash equipment and software. According to the research team, the security flaws could be exploited to cause damages to cars or physical harm to passengers or car wash employees. The vulnerabilities were discovered back in January 2015, but PDQ ignored the research team for almost two years, even after the researchers published some of...

Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers. While an investigation is already under way, the airline did not provide any specifics about the hackers, saying instead that it’s working with law enforcement on determining how the breach took place. Read Full Story  ORIGINAL SOURCE: Softpedia

WikiLeaks has published three new alleged CIA hacking tools as part of its new Vault 7 dump. The alleged CIA project dubbed "Imperial" includes three hacking tools named Achilles, Aeris and SeaPea that target Mac and Linux operating systems (OS). While Achilles and SeaPea target Mac OS, Aeris targets Linux.According to WikiLeaks' documents, Achilles allows CIA's agents to "trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution". Read Full...

Android malware reaching the Google Play Store is not really something new, as infected apps are being detected on a regular basis, but search giant Google highlights one particular case that it managed to deal with thanks to the recently-released Google Play Protect security feature. Specifically, Google says it came across a new form of Android spyware called Lipizzan which the company says is somehow linked to an Israeli company working with governments and intelligence...

Dutch Police are aggressively going after Dark Web vendors using data they collected from the recently seized Hansa Market. Currently, the infosec community and former Hansa vendors themselves have spotted two ways in which Dutch authorities are going after former Hansa vendors. View Full Story  ORIGINAL SOURCE: Bleeping Computer

Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google. The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type. Most of the money was made in 2016 as gangs realised how lucrative it was, revealed a talk at Black Hat. Two types of ransomware made most of the money, it said, but other variants are starting to...

Facebook will reportedly help Harvard fight election hacking. The social media giant will reportedly spend $500,000 (£380,000) , as initial funding to a non-profit organisation that aims at protecting political parties and voting systems from hacking and propaganda attacks. The project, dubbed Defending Digital Democracy is also a bipartisan initiative and will reportedly be based at Harvard University's Kennedy School of Government. Speaking at the BlackHat event in Las Vegas on Wednesday, Facebook cybersecurity boss...

New vulnerabilities recently found in 3G and 4G networks can reportedly allow hackers to spy, monitor and track locations of phones. Security researchers also reportedly believe that the flaw could pave the way for next-gen low-cost stingray devices. According to security experts Ravishankar Borgaonkar and Lucca Hirschi, who discussed their research at the BlackHat event in Las Vegas, the flaw was reportedly found in the authentication and key agreement of high-speed networks – which allows...

A new day, a new celebrity becoming a victim of hackers. This time, Victoria Justice got her Twitter account compromised, with the hacker threatening to release nude photos and videos showing the 24-year-old actress performing oral sex. While it’s not known whether the hacker indeed holds such content that could be posted online, screenshots published by GossipCop show Victoria Justice’s official Twitter account posting a series of messages claiming that nude material would be leaked....

Security researchers have discovered a new backdoor trojan targeting Windows computers. Named CowelSnail, this malware appears to be the work of the same group who weaponized the SambaCry vulnerability to install cryptocurrency miners on Linux servers last month. Codewise, CowerSnail is an unusual strain, being coded in Qt, a coding framework for developing cross-OS applications. Qt malware isn't anything new or groundbreaking, but this type of malware is somewhat rare. According to Kaspersky researcher Sergey...