Hacking News

A patch is available for a privilege-escalation flaw affecting the 40-year-old OpenVMS operating system on hardware powered by ancient VAX and Alpha processors from Digital Equipment Corporation. The OS, which has been supported by HP, is known for its reliability and has historically been used for core business systems that require high availability, including nuclear power plants and […]

A fresh threat to Android devices has managed to infect thousands of devices in days, researchers warn. In a blog post published Sunday, cybersecurity researcher Wang Hui from 360Netlab said a strain of cryptocurrency mining malware called ADB.Miner has begun spreading rapidly. Read more

Lauri Love has won a High Court appeal to prevent his extradition from the UK to the US on hacking charges. Love is wanted by US prosecutors to stand trial for allegedly hacking into the FBI, the US Central Bank, the US Army, and NASA, among others. Read more

The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three dripped last April by a hacking group known as The Shadow Brokers who said to have stolen the code from the NSA. Several exploits and hacking tools were written in the April 2017 Shadow Brokers dump, the most important being EternalBlue, the exploit used in

The UK’s National Crime Agency says it’s disabled a widely-used remote-access trojan (RAT) that was used across 78 countries and sold to over 8,600 buyers. The RAT, dubbed LuminosityLink, surfaced in mid-2015 and was marketed as a legitimate tool for Windows administrators and business owners to “manage a large amount of computers concurrently”. Read more

North Korea stole cryptocurrency worth “billions” of won from South Korea last year and continues to attack exchanges for more. As reported by Reuters, Kim Byung-kee, a member of South Korea’s parliamentary intelligence committee, claims the North has been able to steal cryptocurrency from the country by way of phishing campaigns. Read more

Grammarly has fixed a security bug in its Chrome extension that inadvertently allowed access to a user’s account — including their private documents and data. Tavis Ormandy, a security researcher at Google’s Project Zero who found the “high severity” vulnerability, said the browser extension exposed authentication tokens to all websites. That means any website can

Peter Levashov, one of the world’s most well-known email spammers and operator of the Kelihos botnet, has been extradited to the US from Spain. He awaits federal charges in Connecticut, where prosecutors say he used the botnet to harvest personal data. Read more

First up, January’s Meltdown and Spectre processor security design flaws continue to haunt the IT world. Fortinet put out an advisory on Tuesday warning 119 variants of code that exploit the CPU security cockups were detected doing the rounds last month. Read more

Promo Sometimes it can seem like the IT security landscape is shifting so fast that you have to keep running on the spot just to stay upright. A new event coming to London this month aims to help exhausted security professionals breathe easy, confident they have the information they need to meet the risks ahead.