You Are Here: Home » Industry News

Facebook Adds “Onion” Address for Anonymous Browsing. But Does It?

Facebook implemented a new way for users to access its site via Tor “without losing the cryptographic protections provided by the Tor cloud” and disclosing their location, according to a Facebook announcement. Users who have the Tor-enabled browser enabled can access Facebook directly through the https://facebookcorewwwi.onion/ URL, said Alec Muffett, software engineer at Facebook. Through an “.onion” addre...

Drupal Core SQL Injection Vulnerability Leveraged in Drive-by Attacks

The Drupal Core SQL vulnerability disclosed two weeks ago has been recently leveraged in automated attacks aiming to compromise websites, according to an announcement by Drupal "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection," Drupal advised. "You should proceed under th...

Alleged Baidu Spyware Gathering User Data From Sony Xperia Smartphones; “Unexpected Behaviour” Sony Says

Sony Xperia Smartphones with Android 4.4.2 or 4.4.4 KitKat versions have been allegedly found to send user data back to China-based servers of Baidu, according to a post from XPERIA Blog. The alleged spyware was found after users reported a strange folder named "Baidu." The folder appeared automatically with no user permission and it automatically reappears even if it is deleted with admin rights or from Sa...

BlackEnergy Malware Compromises US SCADA Systems; US CERT Says

The BlackEnergy malware toolkit has been compromising US SCADA (Supervisory Control and Data Acquisition) systems in a sophisticated campaign, according to the US Computer Emergency Response Team's advisory. SCADA systems compromised with BlackEnergy included those of GE Cimplicity, Advantech/Broadwin WebAccess and Siemens WinCC, while there is still no evidence that the compromised systems were disrupted o...

Dyre Banking Trojan Still Phishing for Data, US-CERT Warns

A new phishing campaign employs the Dyre banking Trojan to steal account credentials from enterprises and financial institutions, according to an alert by the Department of Homeland Security. In the advisory, US-CERT said the phishing campaign uses various tactics, but mostly malicious PDF email attachments to download malware. “Phishing emails used in this campaign often contain a weaponized PDF attachment...

ASUS Wireless Routers RT Series Vulnerable to Man-in-the-Middle Attacks

The ASUS wireless routers from the RT-series have been found vulnerable to a Man-in-the-Middle attack, as they download updates via HTTP without an encryption protocol, in clear-text, according to a blog post by David Longenecker's. "The ASUS RT- series of routers rely on an easily manipulated process to determine if an update is needed, and to retrieve the necessary update file," Longenecker said. "Since t...

FBI infected 15-year-old bomb threat twit with malware, by impersonating newspaper

The Seattle Times is furious, after discovering that the FBI stole its identity.   Documents obtained by the Electronic Freedom Foundation (EFF) show that, while attempting to identify who had made a series of high school bomb threats, the FBI created a fake Seattle Times webpage containing a bogus Associated Press news story, with the intention of infecting a suspect's computer with malware. What was...

White House Systems Breached by Alleged Russian Hackers

White House unclassified computer systems have been breached by some alleged Russian hackers, according to The Washington Post. The hackers, believed to be working for the Russian government, temporary disrupted some services. “In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” a White House official said. “We took imm...

Tor Exit Node Patches Malware on Executable Downloads

Downloaded binaries through a Russia-based Tor exit node has been found to patch malware onto binaries, according to a blog post by Leviathan Security. The findings, by Josh Pitts, are based on his research on Man-in-the-Middle binary patching using the Backdoor Factory patching framework. Pitts also checked if Windows Update packages wrapped in Windows Portable Executable (PE) format are patched with the m...

Ouch! Security expert writes book about hackers, then his publisher is hacked

Award-winning investigative reporter Brian Krebs has a book coming out next month called "Spam Nation", exploring the underbelly of the cybercrime world. It's bound to be a brilliant book because, well.. frankly, everything Krebs does is brilliant.   But if you're one of the eager followers of Krebs' blog who has pre-ordered his book, or other products, from his publisher Sourcebooks then you may want...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top