Top 10 Stories

The next time you post details about your workplace and job description on social media websites, be careful. You could be the potential target of hackers and cyber criminals. Cybercrime experts and forensic consultants say hackers scour through the social media database of employees of organisations they intend to attack and send them phishing mails. A recent report by EY on ‘Cybercrime Incidents in India’ highlights how social media is emerging as one of the...

A new privacy-busting technique that tracks consumers through the use of ultrasonic tones may have once sounded like the stuff of science fiction novels, but today it's reality. These near-silent tones can't be picked up by the human ear, but there are apps in your phone that are always listening for them. This technology is called ultrasonic cross-device tracking, and it works by emitting high-frequency tones in advertisements and billboards, web pages, and across brick-and-mortar...

Cybercriminals operating on the dark web have reportedly developed a fresh way of conducting gift card fraud by using automated bots to scour the web and locate legitimately-issued cards that remain unused, security researchers have found. The sale of gift cards has long existed on dark web marketplaces, often used to by hackers to "cash out" after stealing financial information. "Carded" gift cards – those purchased with stolen financial details – are typically sold for...

A banking trojan that was first reported in June 2014 targeting banks in Germany and Austria and later in Switzerland has made its way to these shores, according to a blog post from the Center for Internet Security (CIS). The trojan arrives in phishing emails embedded in a malicious PDF targeting federal, state, local, tribal and territorial (FSLTT) government employees. The emails appear to be documents and invoices from well-known organizations but are fake. Emotet...

A firm that supplies security software for cash machines has updated its technology after researchers uncovered a number of serious shortcomings. Flaws in GMV's Checker ATM Security technology created a means for hackers to remotely run malicious code on a targeted ATM. The CVE-2017-6968 vulnerability opened the door to all manner of mischief – including but not limited to the possibility of stealing money from a compromised device, according to researchers at Positive Technologies. Checker...

The popular messaging app, WhatsApp, went down late Wednesday as users tried in vain to send messages. Users on Twitter suspected that there could be a cyber attack targeting the service. Later on in the day, the service started working again. The app went down as of 00:20 GMT+3, which indicates that it has been down for nearly two hours. Users took to Twitter upon the service's failure to send messages and began questioning whether...

The National Security Agency (NSA) collected over 151 million phone records of Americans in 2016, despite a new system created by the US Congress to limit the spy agency's ability to gather bulk data, a report released by the Office of the Director of National Intelligence (DNI) revealed on 2 May. The government report detailed that the NSA amassed vast amounts of data under a new system, despite having been court ordered to only use...

Mozilla has weighed in to the ongoing Symantec-Google certificate spat, telling Symantec it should follow the Alphabet subsidiary's advice on how to restore trust in its certificates. Readers will recall that Symantec has repeatedly issued certs that didn't ring true with browser-makers and at the end of April 2017 Google started a countdown, the conclusion of which would see its Chrome browser warn users if it encountered Symantec certs. Symantec offered up a remediation plan,...

An app in the official Google Play store with the fun name of Super Free Music Player is striking a malware-laden note for those unwittingly downloading it—and so far, between 5,000 and 10,000 people have done just that. Perhaps better entitled Super Free Malware, the application was uploaded to Google Play on March 31. The malware is able to download additional payloads from remote websites and upload device information, including installed applications and the country,...

Apple has moved to thwart a malware attack that used a legitimate – probably hijacked – developer certificate, by revoking the cert. Check Point wrote up the malware last week, calling “OSX/Dok” “the first major scale malware to target OSX users via a coordinated email phishing campaign”. A hapless user who okayed all the stages of infection would end up having all their communications snooped - even HTTPS sessions encrypted with SSL. View full story...