Top 10 Stories

Security researchers exploited a threat actor's poor choice for encryption and discovered a new piece of malware along with network infrastructure that links to various targeted attacks.The new piece of malware, which received the name Chainshot, is used in the early stages of an attack to activate a downloader for the final payload in a malicious chain reaction. View Full Story ORIGINAL SOURCE: Bleeping Computer

Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. EST), when MEGA’s Chrome extension was updated to version 3.39.4 on the Google Chrome Web Store. The update was not pushed by MEGA itself, but by hackers, and the new version contained code designed to steal...

The chief executive of British Airways has apologised for what he has called a very sophisticated breach of the firm's security systems. Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.The airline said personal and financial details of customers making bookings had been compromised. About 380,000 transactions were affected, but the stolen data did not include travel or passport details. BA said the breach took place between...

Malware developers have started to use the zero-day exploit for Task Scheduler component in Windows, two days after proof-of-concept code for the vulnerability appeared online. A security researcher who uses the online name SandboxEscaper on August 27 released the source code for exploiting a security bug in the Advanced Local Procedure Call (ALPC) interface used by Windows Task Scheduler. View Full Story ORIGINAL SOURCE: Bleeping Computer

A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and using them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234". According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards...

The operator of a new cryptomining campaign takes aggressive actions against its competition and halts other cryptojacking activity on the machines it claims. Cybercriminals are quick to take advantage of any proof-of-concept (PoC) exploit code that falls into their hands. For the recently disclosed Apache Struts vulnerability (CVE-2018-11776) there are multiple PoCs available, so news of the bug exploited in the wild came as no surprise. View Full Story ORIGINAL SOURCE: Bleeping Computer

At least one member of a newly uncovered cybercrime hacking group appears to be a former or current employee of a cyber-security company, according to a new report released today. The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence. According to Group-IB, the group has spent the last three years mounting silent cyber-attacks on financial institutions in Russia and Eastern Europe. View Full Story ORIGINAL...

An Australian software engineer has spent years hacking a 1980’s knitting machine to create a spectacular work of art and simultaneously both advance knitting and science education. Sarah Spencer has toyed around with hacking and programming a 1980’s knitting machine for a while before seriously turning her attention to a mammoth task: creating gigantic equatorial star map in tapestry form. “As a woman in tech, I wanted to create something which would engage young minds in an...

Millions of home Wi-Fi networks are currently at risk of being hacked, a British security company claimed on Wednesday. But not everyone is convinced it’s an issue. Weaknesses exist in how saved passwords in the browsers Google Chrome and Opera interact with Wi-Fi over unencrypted connections. That's according to SureCloud researcher Elliott Thompson, who discovered the alleged vulnerabilities and reported them earlier this year. Thompson claimed that hackers could exploit the weaknesses to hijack a home’s...

Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs. Only three alerts refer to security problems with critical impact; among them is the recently disclosed remote code execution vulnerability in Apache Struts, for which several proof-of-concept exploits exist. Cisco notes that not all of its products that include an affected Struts library are vulnerable because of the way they use the library. Only one Cisco product affected...