Security News

Friday Squid Blogging: 80-Foot Steel Kraken Deliberately Sunk

Schneier on Security - Fri, 11/08/2019 - 16:20
The headline gives the story: "An 80-Foot Steel Kraken Will Create an Artificial Coral Reef Near the British Virgin Islands." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Apple Mail on macOS leaves parts of encrypted emails in plaintext

ZDNet Zero Day - Fri, 11/08/2019 - 15:37
Apple has known since July, but a fix is still not available.
Categories: Security News

Phones and PCs sold in Russia will have to come pre-installed with Russian apps

ZDNet Zero Day - Fri, 11/08/2019 - 12:29
Russian lawmakers say the bill will protect Russian software companies from abuses by foreign tech firms.
Categories: Security News

Platinum APT’s new Titanium backdoor mimics popular PC software to stay hidden

ZDNet Zero Day - Fri, 11/08/2019 - 09:56
The group uses encryption, fileless technologies, and mimicry to stay under the radar.
Categories: Security News

ConnectWise warns of ongoing ransomware attacks targeting its customers

ZDNet Zero Day - Fri, 11/08/2019 - 07:25
Hackers are trying to break into on-premise ConnectWise Automate systems and install ransomware on customer networks.
Categories: Security News

Nvidia patches severe GeForce, GPU vulnerabilities

ZDNet Zero Day - Fri, 11/08/2019 - 06:59
The worst bugs paved the way for code execution and information leaks.
Categories: Security News

xHelper Malware for Android

Schneier on Security - Fri, 11/08/2019 - 06:10
xHelper is not interesting because of its infection mechanism; the user has to side-load an app onto his phone. It's not interesting because of its payload; it seems to do nothing more than show unwanted ads. it's interesting because of its persistence: Furthermore, even if users spot the xHelper service in the Android operating system's Apps section, removing it doesn't... Bruce Schneier
Categories: Security News

Aventura charged for flogging Chinese spy equipment to US gov’t with security vulnerabilities

ZDNet Zero Day - Fri, 11/08/2019 - 05:28
The company also falsely claimed the equipment was made in the United States.
Categories: Security News

Microsoft warns users to stay alert for more BlueKeep attacks

ZDNet Zero Day - Thu, 11/07/2019 - 21:39
Microsoft: BlueKeep exploit will likely be used to deliver payloads more impactful and damaging than coin miners.
Categories: Security News

DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition

ZDNet Zero Day - Thu, 11/07/2019 - 18:09
DoH support is already present in all major browsers. Users just have to enable it and configure it.
Categories: Security News

Microsoft's Rust experiments are going well, but some features are missing

ZDNet Zero Day - Thu, 11/07/2019 - 12:04
Microsoft rewrote a low-level Windows component in Rust. Calls the experience "generally positive."
Categories: Security News

Law enforcement can plunder DNA profile database, judge rules

ZDNet Zero Day - Thu, 11/07/2019 - 07:52
DNA data is available even if users opt-out in a landmark ruling that could have serious privacy implications.
Categories: Security News

UK government funds 18 projects to develop anti-drone technologies

ZDNet Zero Day - Thu, 11/07/2019 - 07:30
Government has listened to ideas, is now funding the development of proof-of-concepts and prototypes.
Categories: Security News

Eavesdropping on SMS Messages inside Telco Networks

Schneier on Security - Thu, 11/07/2019 - 06:05
Fireeye reports on a Chinese-sponsored espionage effort to eavesdrop on text messages: FireEye Mandiant recently discovered a new malware family used by APT41 (a Chinese APT group) that is designed to monitor and save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft. Named MESSAGETAP, the tool was deployed by APT41 in a telecommunications network provider... Bruce Schneier
Categories: Security News

Law debated allowing confiscation of Bitcoin by the police

ZDNet Zero Day - Thu, 11/07/2019 - 05:58
Virtual assets, including cryptocurrency, are now on law enforcement’s radar.
Categories: Security News

Mysterious hacker dumps database of infamous IronMarch neo-nazi forum

ZDNet Zero Day - Wed, 11/06/2019 - 20:19
Now-defunct IronMarch forum spawned two of today's most extremist far-right neo-nazi groups -- the Atomwaffen Division and SIEGE Culture.
Categories: Security News

Between 200,000 and 240,000 Magento online stores will reach EOL next year

ZDNet Zero Day - Wed, 11/06/2019 - 16:53
Many online stores will need to upgrade their backends in the coming nine months if they want to avoid getting hacked.
Categories: Security News

Google asks three mobile security firms to help scan Play Store apps

ZDNet Zero Day - Wed, 11/06/2019 - 11:49
Google, ESET, Lookout, and Zimperium join to create App Defense Alliance.
Categories: Security News

Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked

ZDNet Zero Day - Wed, 11/06/2019 - 10:21
Amazon Echo, Samsung and Sony smart TVs fall on first day of Pwn2Own Tokyo 2019 hacking contest.
Categories: Security News

This is how Google Analytics is abused by phishing scammers

ZDNet Zero Day - Wed, 11/06/2019 - 08:00
Analytics markers can help fraudsters track victims and dupe them into visiting malicious domains - but can also light the way for defenders.
Categories: Security News