Hacking News

Today, August 24th 2017, WikiLeaks publishes secret documents from the ExpressLane project of the CIA. These documents show one of the cyber operations the CIA conducts against liaison services — which includes among many others the National Security Agency (NSA), the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). The OTS (Office of […]

A newly discovered form of ransomware is targeting organisations with tailored phishing emails, demanding a huge ransom from unfortunate victims. The ransomware has been dubbed ‘Defray’ by researchers at Proofpoint who uncovered it. The name is based on that of the command-and-control server host-name in the first observed attack — ‘defrayable-listings’. It’s an appropriate name for

AccuWeather is still sending precise geolocation data to a third-party advertiser, ZDNet can confirm, despite updating its app earlier this week to remove a feature that collected user’s location data without their permission. In case you missed it, AccuWeather was until this week sending the near-precise location of its iPhone app users to Reveal Mobile, a data monetization

      Check Point a security company recently conducted an investigation which reveals that a single hacker at Lagos, Nigeria has been trying hacking the systems of 4,000-and-more organizations worldwide employing obsolete tools and rudimentary techniques. Even though security professionals would find the mode-of-operation hilariously trivial, yet the attacker attained success within no less

Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard. In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet. Specified in RFC 7489 to combine Sender Policy Framework

A new study has lifted the lid on the booming ecosystems of fake websites that underpin phishing scams, revealing a wide variety of prices and products from cheap knock-ups to bespoke fraud services offering concierge-level customer support. Infosec firm Clearsky surfed popular Russian and English-speaking underground boards and forums, looking for fake webpage creation services. Researchers then

The number one issue facing cybersecurity firms is a “chronic shortage” of qualified staff. That’s according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. “The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It’s an absolute epidemic,” Morgan told supply-chain blog Channelnomics. Morgan’s company in 2016 gathered feedback from

One of four men accused of carrying out the megahack of 500 million Yahoo! email accounts has pleaded not guilty in a San Francisco district court. Karim Baratov, 22, was extradited from his Canadian home last weekend after waiving his right to fight going to America for the court case. He denied 47 separate charges of

Crooks slinging mobile trojans have reverted to old techniques by stealing users’ money through WAP-billing services. The “unusual” rise in mobile trojan clickers that steal money from Android users through Wireless Application Protocol (WAP) billing has been tracked by security researchers at Kaspersky Lab. The unexpected trend had been in evidence for a while, but

A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing on wire fraud and targeting CEOs. The criminals are using phishing emails with links redirecting victims to sites designed to harvest corporate email credentials. Researchers at Flashpoint said it’s likely