Black markets for hackers are maturing
Black and gray markets for computer hacking tools, services and byproducts such as stolen credit card numbers continue to expand, creating an increasing threat to businesses, …
Gameover ZeuS now targets users of employment websites
Some newer variants of the Gameover Zeus Trojan, which is exceptionally good at using complex web injections to perform Man-in-the-Browser (MITB) attacks and gain additional …
ATMs running Windows XP targeted with cash-dispensing malware
Microsoft has been aggressively campaigning to get users to stop using Windows XP, and has gone so far as to offer $100 off the purchase of a new PC via the Microsoft Store in …
Android bug can push devices into an endless reboot loop
A Proof-of-Concept app exploiting a recently discovered Android vulnerability that triggers the continuous rebooting of an affected device was apparently also behind the …
Five tips to reduce identity theft
Some Americans submitting their taxes this year will make the unpleasant discovery that someone else has already filed and stolen their refunds. Tax fraud claimed 1.2 million …
Tumblr now offers two-factor authentication
In a playful post on its official feed, Tumblr has announced that it’s now offering two-factor authentication to its users. “You know how you need two keys to …
Sogeti social engineering challenge at HITB Haxpo
For the third year in a row Sogeti organizes the social engineering challenge during Hack In The Box Amsterdam. In 2012 and 2013 they asked contestants to show weaknesses in …
0-day Microsoft Word flaw exploited in targeted attacks
Microsoft has issued a security advisory warning of a remote code execution vulnerability that is being exploited in “limited, targeted attacks directed at Microsoft …
Flaws in Android update mechanism could turn apps into malware
A group of researchers from Indiana University and Microsoft Research have unearthed six Android vulnerabilities that can be exploited to turn apparently harmless apps into …
10,000 GitHub users inadvertently reveal their AWS secret access keys
GitHub developers who are also Amazon Web Services users are advised to check the code they made public on their project pages and to delete secret access keys for their AWS …
Basecamp gets DDoSed and blackmailed
Basecamp, formerly known as 37signals, has managed to largely mitigate a DDoS attack that started today (March 24) at 8:46 central time and which made its services unavailable …
NSA compromised Huawei’s servers, spied on its executives
For years, the US government has been very vocal about its distrust of Chinese telecommunication giant Huawei, pointedly blocking acquisitions and takeovers that would allow …