The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three dripped last April by a hacking group known as The Shadow Brokers who said to have stolen the code from the NSA. Several exploits and hacking tools were written in the April 2017 Shadow Brokers dump, the most important being EternalBlue, the exploit used in […]
A security researcher has ported three leaked NSA exploits Read More »
The UK’s National Crime Agency says it’s disabled a widely-used remote-access trojan (RAT) that was used across 78 countries and sold to over 8,600 buyers. The RAT, dubbed LuminosityLink, surfaced in mid-2015 and was marketed as a legitimate tool for Windows administrators and business owners to “manage a large amount of computers concurrently”. Read more
LuminosityLink spyware gives attackers control of your PC Read More »
North Korea stole cryptocurrency worth “billions” of won from South Korea last year and continues to attack exchanges for more. As reported by Reuters, Kim Byung-kee, a member of South Korea’s parliamentary intelligence committee, claims the North has been able to steal cryptocurrency from the country by way of phishing campaigns. Read more
North Korea stole ‘billions of won’ in cryptocurrency last year Read More »
Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user’s account — including their private documents and data. Tavis Ormandy, a security researcher at Google’s Project Zero who found the “high severity” vulnerability, said the browser extension exposed authentication tokens to all websites. That means any website can
Grammarly’s flawed Chrome extension expose user documents Read More »
Peter Levashov, one of the world’s most well-known email spammers and operator of the Kelihos botnet, has been extradited to the US from Spain. He awaits federal charges in Connecticut, where prosecutors say he used the botnet to harvest personal data. Read more
Russian National Arrested for Kelihos Botnet Sent to US Read More »
First up, January’s Meltdown and Spectre processor security design flaws continue to haunt the IT world. Fortinet put out an advisory on Tuesday warning 119 variants of code that exploit the CPU security cockups were detected doing the rounds last month. Read more
Nork hackers upgrade, bad WD drives and more Read More »
Promo Sometimes it can seem like the IT security landscape is shifting so fast that you have to keep running on the spot just to stay upright. A new event coming to London this month aims to help exhausted security professionals breathe easy, confident they have the information they need to meet the risks ahead.
Venture into the security thickets at CyberThreat18 Read More »
What’s the first thing you do with a new credit card? Peel off the sticky label on the front and activate it? Rush to the store to try it out for the first time? Or, do you post a photo of it (both sides!) to social media for the world to see? One of those
PSA: Stop uploading your bitcoin wallet keys Read More »
Point-of-sale systems are rich targets for attackers, given their status as a gateway to credit card information, customer and back-office data and other goodies. A recently patched vulnerability in Oracle’s MICROS POS system software can lead to attackers gaining full access to the systems, say researchers. Read more
Oracle MICROS POS Vulnerability Puts 300,000 Systems at Risk Read More »
The bill moved by Congress and signed by the president, labeled S. 139, didn’t just stretch Section 702’s duration. It also may increase the NSA’s authority in subtle but nasty ways. The reauthorization marks the first time that Congress declared legislation that explicitly recognizes and codifies some of the most contentious aspects of the NSA’s
Bill S. 139 gives NSA Warrantless Surveillance Authority Read More »