Feed aggregator

CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware

ZDNet Zero Day - Mon, 07/27/2020 - 11:13
QSnatch malware, first spotted in late 2019, has grown from 7,000 bots to more than 62,000, according to a joint US CISA and UK NCSC security alert.
Categories: Security News

Images in Eye Reflections

Schneier on Security - Mon, 07/27/2020 - 09:46
In Japan, a cyberstalker located his victim by enhancing the reflections in her eye, and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it.... Bruce Schneier
Categories: Security News

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev

ZDNet Zero Day - Mon, 07/27/2020 - 09:10
OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.
Categories: Security News

Cerberus banking Trojan team breaks up, source code goes to auction

ZDNet Zero Day - Mon, 07/27/2020 - 08:27
The Android malware’s operator is hoping the code and client list will net them up to $100,000.
Categories: Security News

FBI warns of new DDoS attack vectors: CoAP, WS-DD, ARMS, and Jenkins

ZDNet Zero Day - Sun, 07/26/2020 - 23:45
FBI believes device vendors won't disable these protocols and warns companies to take preventive and protective measures.
Categories: Security News

Apple sued for not taking action against iTunes gift card scams

ZDNet Zero Day - Sun, 07/26/2020 - 12:28
Plaintiffs in new class-action lawsuit claim Apple is directly benefiting and enabling iTunes gift card scams.
Categories: Security News

Tech unicorn Dave admits to security breach impacting 7.5 million users

ZDNet Zero Day - Sat, 07/25/2020 - 20:46
Dave user data is now available for download on a public hacking forum.
Categories: Security News

Academics smuggle 234 policy-violating skills on the Alexa Skills Store

ZDNet Zero Day - Fri, 07/24/2020 - 16:14
Academics said they also identified 52 problematic skills already available on the Alexa store, all targeted at children.
Categories: Security News

Friday Squid Blogging: Introducing the Seattle Kraken

Schneier on Security - Fri, 07/24/2020 - 16:07
The Kraken is the name of Seattle's new NFL franchise. I have always really liked collective nouns as sports team names (like the Utah Jazz or the Minnesota Wild), mostly because it's hard to describe individual players. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read... Bruce Schneier
Categories: Security News

A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs

ZDNet Zero Day - Fri, 07/24/2020 - 11:41
Emotet botnet activity goes down as Emotet admins are wrestling with a vigilante for control over parts of their infrastructure.
Categories: Security News

Update on NIST's Post-Quantum Cryptography Program

Schneier on Security - Fri, 07/24/2020 - 06:36
NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of 15. NIST has now begun... Bruce Schneier
Categories: Security News

FBI warns US companies about backdoors in Chinese tax software

ZDNet Zero Day - Fri, 07/24/2020 - 06:15
Following the GoldenHelper and GoldenSpy malware reports, the FBI is now warning US companies operating in China.
Categories: Security News

Garmin services and production go down after ransomware attack

ZDNet Zero Day - Thu, 07/23/2020 - 12:34
Smartwatch and wearable maker Garmin planning multi-day maintenance window to deal with ransomware incident.
Categories: Security News

Fawkes protects your identity from facial recognition systems, pixel by pixel

ZDNet Zero Day - Thu, 07/23/2020 - 06:26
Changes made to photos undetectable to the naked eye could still prevent matches in deep learning systems.
Categories: Security News

CouchSurfing investigates data breach after 17m user records appear on hacking forum

ZDNet Zero Day - Thu, 07/23/2020 - 06:09
EXCLUSIVE: CouchSurfing working with law enforcement and security firm to investigate incident.
Categories: Security News

Adversarial Machine Learning and the CFAA

Schneier on Security - Thu, 07/23/2020 - 06:03
I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla, Microsoft, IBM, Google to demonstrate vulnerabilities. In this paper, we ask, "What are the... Bruce Schneier
Categories: Security News

New 'Shadow Attack' can replace content in digitally signed PDF files

ZDNet Zero Day - Thu, 07/23/2020 - 04:08
15 out of the 28 biggest desktop PDF viewers are vulnerable, German academics say.
Categories: Security News

Chinese hackers blamed for the spread of MgBot Trojan across India, Hong Kong

ZDNet Zero Day - Thu, 07/23/2020 - 03:59
The APT is focused on breaking into both Windows PCs and Android mobile devices.
Categories: Security News

IBM Verify Gateway vulnerability allowed remote attackers to brute-force their way in

ZDNet Zero Day - Thu, 07/23/2020 - 02:20
The severe bug could be harnessed for brute-force attacks.
Categories: Security News

Slack credentials abundant on cybercrime markets, but little interest from hackers

ZDNet Zero Day - Wed, 07/22/2020 - 19:48
Security researchers find more than 17,000 Slack credentials for roughly 12,000 Slack workspaces being sold online.
Categories: Security News