Attackers recently started abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks, NETSCOUT warns. CoAP is a simple UDP protocol designed for low-power computers on unreliable networks that appears similar to HTTP, but which operates over UDP (User Datagram Protocol) port 5683. The protocol is mainly used by […]
A vulnerability in Skype for Android allows an unauthenticated attacker to view photos and contacts, and even open links in the browser, a security researcher has discovered. Found by Florian Kunushevci, a 19-year-old researcher from Kosovo, the vulnerability requires for the attacker to have physical access to the target device. Next, they would need to […]
Dataresolution.net, a cloud hosting provider headquartered in San Juan Capistrano, CA and with data centers in Los Angeles CA, Reston VA, London UK, Hamilton Bermuda, and Canada, was infected with ransomware on Christmas Eve, 2018. It appears that the firm declined to pay any ransom, and is reconstituting the files manually and from backups. According […]
A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric. The flaw exists in the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. The problematic driver is present in several Yokogawa products, including CENTUM CS 3000 and CENTUM VP distributed control […]
A series of iOS applications posing as fitness-tracking tools have been stealing users’ money by abusing the Touch ID feature, ESET has discovered. The trick used by the fake fitness apps is fairly simple: they ask the user to scan their fingerprint, supposedly for fitness-tracking purposes, but instead use this to activate a dodgy payment […]
A recently discovered malware dropper has the ability to use nearly a dozen decoy document file formats to drop various payloads, Palo Alto Networks security researchers warn. Dubbed CARROTBAT, the customized dropper is being used to deliver lures primarily pertaining to the Korean region, revolving around subjects such as crypto-currencies, crypto-currency exchanges, and political events. […]
Symantec on Wednesday unveiled a new product designed to protect critical infrastructure organizations, including industrial and Internet of Things (IoT) environments, against USB-borne threats. Industrial Control System Protection (ICSP) Neural is a network-integrated USB scanning station that should make it easier for organizations to ensure that the USB drives used to transfer data between devices […]
An IRC bot built using Pearl is targeting Internet of Things (IoT) devices and Linux servers, but can also affect Windows systems and Android devices, Trend Micro warns. Dubbed Shellbot, the malware is being distributed by a threat group called Outlaw, which recently compromised FTP servers of a Japanese art institution and a Bangladeshi government […]
Symantec on Monday announced the acquisition of mobile application security firm Appthority and Active Directory protection company Javelin Networks. With the acquisition of Appthority, Symantec wants to provide customers the technology needed to analyze mobile applications for malicious capabilities and unwanted behavior, including vulnerabilities, exposure of sensitive data, and privacy risks. According to Symantec, the […]
A newly revealed side-channel attack can leak encrypted data from Intel microprocessors that use a Simultaneous Multithreading (SMT) architecture. Dubbed PortSmash and tracked as CVE-2018-5407, the vulnerability affects all CPUs that rely on SMT, including Intel’s Hyper-Threading architectures. By exploiting the vulnerability, an attacker could extract sensitive data such as encryption keys from a computer’s […]
