Top 10 Stories

Security researchers have discovered nasty new Android malware that's purpose-built for blackmail. It's called RedDrop, and it's a bit nastier than run-of-the-mill ransomware. RedDrop wants your files, but not the way that most of today's malware does. It's not out to encrypt your files and force you to fork over a payment in order to unlock them. Instead, RedDrop wants to steal all the information it can from your phone... just in case, there's something...

The UK’s emergency services are at risk of a major cyber-attack. This is the finding of a new landscape analysis, issued by intelligence provider Anomali. The UK Threat Landscape report, which explores the UK’s Critical National Infrastructure (CNI) against threats and possible vulnerabilities, points to a number of weak spots in the UK which could attract an attack. One of the most notable, in addition to the emergency services, is the Defence Equipment and Supply...

U.S. intelligence had evidence that voter registration systems or websites in seven states — Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin — were compromised by Russian-backed operatives before the 2016 election but never told the states, NBC News reported on Tuesday. The Department of Homeland Security denied the report, a spokesman calling it "factually inaccurate and misleading" in a statement. NBC, citing unnamed U.S. officials, said that top-secret intelligence requested by President Barack Obama...

U.S. Senate Democrats launched efforts on Tuesday to win a vote to reinstate Obama-era rules guaranteeing an open internet, suggesting it would be a major issue in the 2018 mid-term elections. Democrats remain one Republican senator shy of winning a majority in the Senate to reverse the Federal Communications Commission’s order to undo the 2015 open internet rules. View full story ORIGINAL SOURCE: Reuters

Various single-sign-on systems can be hoodwinked to allow miscreants to log in as strangers without their password, all thanks to bungled programming. Specifically, the vulnerable authentication suites mishandle information submitted in the XML-like Security Assertion Markup Language (SAML). These weaknesses can be potentially exploited by hackers to log into systems, masquerade as other users, and access their accounts. View full story ORIGINAL SOURCE: The Register

Microsoft co-founder Bill Gates, whose recent takes have included that Apple should just build a backdoor into the iPhone because the government might demand it anyway, is now warning that cryptocurrency is killing people. As noted by CNBC, during a Reddit “Ask Me Anything” session on Tuesday, Gates explained that he thinks cryptocurrency is really bad because it aids and abets people who want to keep their financial transactions hidden from the government. View full...

Microsoft co-founder Bill Gates, whose recent takes have included that Apple should just build a backdoor into the iPhone because the government might demand it anyway, is now warning that cryptocurrency is killing people. As noted by CNBC, during a Reddit “Ask Me Anything” session on Tuesday, Gates explained that he thinks cryptocurrency is really bad because it aids and abets people who want to keep their financial transactions hidden from the government. View full...

Attackers have discovered a new amplified denial-of-service attack vector, and have launched attacks reaching hundreds of gigabits per second in Asia, North America and Europe. Former Internet Systems Consortium CEO and now Akamai principal architect Barry Raveendran Greene has detailed the reflected DOS attack on his blog and explained it can make it look like the incoming traffic comes from a service provider's router. View full story ORIGINAL SOURCE: The Register

Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth. A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his or her password. Duo Security's Duo Labs discovered the flaw and coordinated with the CERT/CC on disclosures from the affected vendors, which include Duo Security. The CERT/CC published an advisory on the flaw...

Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth. A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his or her password. Duo Security's Duo Labs discovered the flaw and coordinated with the CERT/CC on disclosures from the affected vendors, which include Duo Security. The CERT/CC published an advisory on the flaw...