Week in review: Dell computers shipped with root CA cert and private key, analytics services tracking users via Chrome extensions
Here’s an overview of some of last week’s most interesting news and articles:Four ways an attacker can infiltrate an organization by diverting security …
More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a …
Linux crypto ransomware continues to wreak havoc, but there’s some good news
Trojan Encoder crypto ransomware family, whose main target are web servers running on Linux, is obviously making quite a splash. Dr. Web, the security company that first …
GPS faker software broadcasts spam across thousands of fake profiles
Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your …
IBM cloud tool enables privacy-preserving user authentication
Identity Mixer, a new tool to protect a consumer’s personally identifiable information, is now generally available on IBM Cloud. The tool is built on years of cryptography …
MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection
Hacker and security researcher Samy Kamkar, who’s noted for being the author of the first Web 2.0 worm, creating zombie cookies, and USBdriveby, has now come out with a …
Amazon resets customers’ potentially compromised passwords
Has Amazon suffered a breach? We won’t know for sure until the company offers more information.So far, we known only what users affected by the data theft/leak incident …
Another root CA cert with key found on Dell’s machines
The main piece of news on Monday was that Dell’s desktop PCs and laptops shipped since August 2015 contain a root CA certificate (eDellRoot) complete with the private …
IoT attacks and evasion techniques will characterize threats in 2016
As in years past, the Internet of Things and cloud play heavily in the predictions but new malicious tactics and strategies will create unique challenges for vendors and …
ModPOS: The most sophisticated POS malware to date
Elements of ModPOS date back as far as early 2012. It targeted US retailers in late 2013 and throughout 2014, and is expected to continue to do so in the future. According to …
Vonteera adware blocks AVs, can install uninstallable Chrome extensions
The Vonteera adware family has been around for quite some time, but it is now slowly starting to cross the line between unwanted, potentially malicious software to outright …
Five ransomware safety tips for online retailers
Cybercriminals have developed a destructive new form of ransomware that targets online retailers. They scan websites for common vulnerabilities and use them to install malware …
Featured news
Resources
Don't miss
- Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims
- A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn
- Why your security strategy is failing before it even starts
- Protecting mobile privacy in real time with predictive adversarial defense
- Los Alamos researchers warn AI may upend national security