Do you play Blizzard online computer games such as World of Warcraft, Diablo III, Hearthstone, Starcraft II, or Overwatch? If so, there's a potential problem you need to be aware of. Tavis Ormandy, a researcher on Google's Project Zero team, recently discovered that the Blizzard Update Agent is vulnerable to hacking, via a technique known as "DNS Rebinding." The update agent is designed to accept commands to install, uninstall, change settings, update and perform other maintenance … Read more
2 Million Credit Cards Stolen From Popular Sandwich Shop
By now, we've seen enough large-scale Point of Sale (POS) credit card thefts that patterns are beginning to emerge. Some companies follow the general arc of the narrative better than others and deserve credit for doing so, but in the end, the story is about the same. That's certainly the case with Jason's Deli. Recently, they discovered RAM-scraping malware on a number of their POS terminals. This has happened at a total of 164 of their locations, scattered across 14 states. During the … Read more
Mac Computers Battling New Malware For Hijacking DNS
It's official, the first macOS malware of 2018 is here. Discovered by an independent security researcher and dubbed "OSX/MaMi," the code is functionally similar to DNSChanger malware. The researcher posted his findings on the Malwarebytes forum and none other than Patrick Wardle (an ex-NSA hacker) analyzed it, having this to say: "OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking … Read more
Do Not Use These Chrome Extensions
Do you use any of the following Chrome browser extensions? Change HTTP Request Header Nyoogle - (a custom logo for Google) Stickies - (a Post-It note for Chrome) Lite Bookmarks If so, you're not alone. These four extensions have a combined user base of more than half a million. Recently, security researchers from ICEBRG (a US cyber-security company) have discovered malicious codes embedded in copies of these on the official Chrome Web Store. The code allows hackers to … Read more
Backdoor In Certain Lenovo Switches Discovered
Does your company utilize either RackSwitch or BladeCenter networking switches? Are those switches running ENOS (the Enterprise Network Operating System)? If so, there's a backdoor in your network you weren't aware of. Even worse, it's been there since 2004. Engineers at Lenovo recently discovered the backdoor in the firmware when they conducted an internal security audit. These products were added to the company's portfolio via acquisition from Nortel, and Lenovo only just became aware … Read more
New Wifi Standard WPA3 May Be Coming
Remember the KRACK WiFi (WPA2) vulnerability, discovered by Mathy Vanhoef? It turns out that his discovery was a catalyst for action. Recently, the WiFi Alliance, which is the industry's standards organization, released details about its new WPA3 protocol. Here's a quick rundown of the changes you can expect to see in the months ahead: Enhancements in encryption capabilities - The new protocol will enable encrypted connections between connected devices and the router/access point, and … Read more
Sound Waves May Be Used In Future Hard Drive Attacks
Another week, another attack vector, and this one deserves extra points for creativity. New research has proved the viability of using something as simple and innocuous as sound waves to disrupt the normal functioning of HDDs, which can be used to sabotage a wide range of equipment from Pcs, to CCTV systems, ATMs and more. Researchers have toyed with, and been aware of the possibility of using sound waves to disrupt the normal functioning of an HDD for more than a decade, but the most … Read more
Virus Spread Through Facebook Messenger Mines For Cryptocurrency
Facebook scams are fairly common occurrences, owing to the sheer size of the platform's user base. It's no surprise that there's a new one making the rounds that you should be aware of. This latest threat was discovered by researchers at Trend Micro, and makes use of Facebook Messenger. If you get a message containing an embedded video file saved as a zip (the file name usually appears as "video_xxxx.zip"), don't click on it, even if it's from someone you know. This file is a modified … Read more
Corporate Attacks On The Rise Through Vulnerable Printers
Few things are more ubiquitous in an office environment than printers. Of course, these days, most printers are much more than simply that. They can also scan, copy and even send emails. As such, they've become an increasingly attractive option to hack, according to the latest data released by Barracuda Networks. The reason is simple. Most printers aren't as well protected as PCs and other devices on your network. They're the weak point in your company's defensive armor. The upsurge in … Read more
Researchers Find Malware Targeting Industrial Systems
In the malware ecosystem, few strains are more terrifying than those that target industrial control systems. Think Stuxnet, Industroyer and IronGate. Recently, security researchers from FireEye have identified a new threat in this class of malware. Alternately called "Triton" or "TRISIS," this new code targets Triconex Safety Instrumented Systems (SIS) controllers, which are manufactured by Schneider Electric. These control systems are found in a wide range of industrial equipment. They are, in … Read more
