Latest News

2020/07/01

EvilQuest Mac Ransomware Has Keylogger, Crypto Wallet-Stealing Abilities

A rare new ransomware strain targeting macOS users has been discovered, called EvilQuest. Researchers say the ransomware is being distributed via various versions of pirated software.

EvilQuest, first discovered by security researcher Dinesh Devadoss, goes beyond the normal encryption capabilities for run-of-the-mill ransomware, including the ability to deploy a keylogger (for monitoring what’s typed into devices) and the capability to steal cryptocurrency wallets on the victims’ systems.
2020/06/29

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites.
"We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week.
"This scheme would not be complete without yet another interesting variation to exfiltrate stolen credit card data. Once again, criminals used the disguise of an image file to collect their loot."
2020/06/24

Hackers Leaked 269 GB of U.S. Police and Fusion Centers Data Online

A group of hacktivists and transparency advocates has published a massive 269 GB of data allegedly stolen from more than 200 police departments, fusion centers, and other law enforcement agencies across the United States.
Dubbed BlueLeaks, the exposed data leaked by the DDoSecrets group contains hundreds of thousands of sensitive documents from the past ten years with official and personal information.
DDoSecrets, or Distributed Denial of Secrets, is a transparency collective similar to WikiLeaks, which publicly publishes data and classified information submitted by leakers and hackers while claiming the organization itself never gets involved in the exfiltration of data.
2020/06/22

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

Researchers have discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said.

The flaw, a memory-safety issue present in the firmware’s httpd web server, allows attackers to bypass authentication on affected installations of Netgear routers, according to two separate reports: One on the Zero Day Initiative (ZDI) by a researcher called “d4rkn3ss” from the Vietnam Posts and Telecommunications Group; and a separate blog post by Adam Nichols of cybersecurity firm Grimm.
2020/06/15

Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room

A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.
The findings were published in a new paper by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August.