Top 10 Stories

British spies and soldiers have hacked into computers in Syria to shut down an Islamic State online terror manual that gloated about the Manchester bombing. Cyber experts in the UK managed to erase the pages as they were being created 3,000 miles away. The mission came amid fears the Rumiyah publication was being used to inspire terrorists to carry out attacks here. Last night Foreign Office officials said the flagship monthly publication had not been released since September 2017. View...

Two phishing campaigns have been targeting consumers of both the FIFA World Cup and one of its longtime partners, Adidas. One campaign attempts to lure victims into clicking on a malicious link under the guise of downloading a World Cup schedule of fixtures and a result tracker, while the second promises a “free” $50-per-month subscription for Adidas shoes. Today Check Point announced that it has discovered a new phishing campaign linked to the start of the World Cup...

The Australian Attorney-General's Department (AGD) has confirmed that some of its staff may have had their information compromised at the hands of HR software provider PageUp, after the company earlier this week admitted some data held on its clients may be at risk. As first reported by SBS News, AGD's recruitment team sent an email to job applicants informing them it was "possible that some of your personal details which were held in PageUp's systems may have...

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG's signature verification routine, meaning an attacker can spoof file signatures on configuration files and extension scripts (Brinkmann has dubbed the bug “SigSpoof 3” as the third signature spoofing bug he's found). View full...

Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech Reguła and Patrick Wardle, two macOS security experts. The problem is that these cached thumbnails are stored on non-encrypted hard drives, in a known location and can be easily retrieved by malware or forensics tools, revealing some of the content stored on encrypted containers. View full story ORIGINAL SOURCE: Bleeping...

Researchers have detailed a string of vulnerabilities that, when exploited in combination, would allow for hundreds of models of internet-linked surveillance cameras to be remotely hijacked. Security biz VDOO said today it privately alerted cam-maker Axis Communications to the seven bugs it found in its gizmos, leading to the manufacturer issuing firmware updates for roughly 400 models of connected surveillance cameras that would be vulnerable to attack. Owners of at-risk gear are urged advised to update their...

A newly uncovered form of stealthy and persistent malware is distributing adware to victims across the world while also allowing attackers to take screenshots of infected machines' desktops. Discovered by researchers at Bitdefender, the malware has been named Zacinlo after the name of the final payload that's delivered by the campaign which first appeared in 2012. The vast majority of Zacinlo victims are in the US, with 90 percent of those infected running Microsoft Windows 10. View...

Three-quarters of malware samples uploaded to "no-distribute scanners" are never shared on "multiscanners" like VirusTotal, and hence, they remain unknown to security firms and researchers for longer periods of time. Although some antivirus products will eventually detect this malware at runtime or at one point or another later in time, this leaves a gap in terms of operational insight for security firms hunting down up-and-coming malware campaigns. View full story ORIGINAL SOURCE: Bleeping Computer

A woman has fessed up to using people's personal information, leaked online from the US government's Office of Personnel Management mega-hack, to take out loans and open bank accounts. Karvia Cross, 39, of Bowie, Maryland, USA, pleaded guilty on Monday in the eastern district of Virginia to one count of identity theft and conspiracy to commit bank fraud. The US loans market is slowly becoming less regulated and various companies are starting to take market share including...

A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history.Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 charges of allegedly stealing and transmitting thousands of classified CIA documents, software projects, and hacking utilities. View full story ORIGINAL SOURCE: The Hacker...