Still think your money is safe in a bank?... [...] Experts said that 85 percent of the ATMs they tested allowed an attacker access to the network. The research team did this by either unplugging and tapping into Ethernet cables, or by spoofing wireless connections or devices to which the ATM usually connected to. Researchers said that 27 percent of the tested ATMs were vulnerable to having their processing center communications spoofed, while 58 percent of tested ATMs had
At times, this reads like a script from 'The Apprentice' with all the talk of 'business opportunities...: [...] It's no secret that malware today is mostly machine-driven, requiring minimal human touch. Creating malware in modern times requires little more than simply expressing your malicious intent (say, cryptomining), and the machine does the rest. What is relatively new, however, is that malware makers are now expressing multiple intents, which has led to the emergence
I use Google Authenticator and Authy for two-factor authentication rather than SMS. This is why...: A massive database managing millions of text messages was reportedly discovered unsecured, exposing sensitive information such as password resets and two-factor security codes. Vovox, a San Diego-based communications company maintained the server, which was left unprotected by password, offering anyone knowing where to look a real-time glimpse at a steady stream of text mes
Many sysadmins have just got to grips with old-school virtualisation so expecting maturity in protecting containers is naive...: [...] Ultimately, Bouchard says, containers aren't necessarily any different than any other asset enterprises must protect. "We're not talking about reinventing security," he says, explaining that all the basic principles, such as the rule of least privilege, threat monitoring, and vulnerability scanning, all still apply. However, security profe
The simple rule is "If it looks to good to be true, it's almost always a scam"...: A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam. Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercrim...
Bruce Schneier expresses surprise that we haven't seen more attacks yet, but warns that they're coming...: Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers have been building insecure hardware for 20 years. What's surprising is that it took 20 years t
Events like this make us more secure...: Three major mobile phone models – the Samsung Galaxy S9, iPhone X and the Xiaomi Mi6 – failed to survive the hacker onslaught at this year’s Pwn2Own Tokyo 2018. In all, 18 exploits, with some attacks chaining together as many as five exploits, were used to own the three phones and earn hacker teams a collective $325,000 in prize money. On day one of the two-day hacking contest, team Fluoroacetate (Amat Cama and Richard Zhu) used
Criminality is now embedded in digital life. Being aware of the range of crime is a vital first step in protecting your business...: [...] At the high end, sophisticated financially motivated cybercrime gangs have recently begun using tactics that were once associated only with nation-state backed actors to plunder organizations around the world. Though relatively small in number, these organized crime gangs are responsible for a bulk of the cybercrime-related damage that bu
Patch now...: Microsoft today released patches for 63 vulnerabilities as part of its November Patch Tuesday update. Twelve of the bugs were deemed Critical, two were publicly known at the time of release, and one is reportedly under active attack. The bug being exploited is CVE-2018-8589, a Windows Win32k elevation of privilege vulnerability. It was reported by researchers as Kaspersky Labs, a sign attackers are using it in malware, notes Dustin Childs of Trend Micro's Ze...