Researchers say they discovered a technique for exploiting Visa contactless cards that could allow attackers to bypass certain a pair of anti-fraud “payment checks” that normally require a purchaser’s verification. Positive Technologies researchers Leigh-Anne Galloway and Tim Yunusov successfully tested the exploit on five major banks in the U.K., according to a company blog post…
The massive Capital One data breach that compromised the personal information of 100 million credit card customers and applicants serves as a stark reminder that misconfigurations and malicious insiders can defeat the most well-intentioned cyber defenses, even when companies rely on a third-party cloud service to securely manage their data. In the case of Capital…
VxWorks, a real-time operating system (RTOS) that runs on more than 2 billion devices — many in industrial, health-care and enterprise environments — has been found to contain 11 vulnerabilities, six of which are critical flaws that enable remote code execution. Around 200 million devices are running the vulnerable versions of the RTOS, according to…
The Georgia State Patrol was reportedly the target of a July 26 ransomware attack that has necessitated the precautionary shutdown of its servers and network. Per local news affiliate WHNT, the GSP has confirmed that the incidence could slightly impact response times; however, members of the force still have other channels of communication such as…
Russian state-sponsored cyber actors “conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections,” the U.S. Senate Select Committee on Intelligence concludes in the first volume of its report on Russia’s efforts to interference in America’s most recent presidential election. Released yesterday, volume one focuses specifically on…
Researchers at Tenable have disclosed five unpatched vulnerabilities in Comodo Antivirus, which reportedly will be patched by Monday of next week. The most significant of the zero-days appears to be CVE-2019-3969, a local privilege escalation condition that results from an flawed verification mechanism in the CmdAgent.exe process file. “A local process can bypass the signature…
An analysis of 3.9 million online posts published on underground forums found that ransomware, crypters and trojans were the most frequently referenced categories of malware and malicious tools – an indication of their popularity among forum visitors and potential cybercriminals. Web shells, remote access trojans, adware, computer viruses, FUD (fully undetectable) crypters, exploit kits and rootkits – in that…
On the same day that former U.S. special counsel Robert Mueller publicly testified that Russia is actively taking measures to interfere with America’s 2020 elections, Sen. Cindy Hyde-Smith, R-Miss., blocked the passage of three bills designed to boost the security of elections or the federal government. Yesterday, the senator rejected two separate bills (1, 2),…
The U.S. Federal Trade Commission today announced that it has penalized Facebook $5 billion as punishment for what it described as deceptive privacy practices, and imposed new restrictions on the social media giant. Facebook likewise announced that it has agreed to the terms of the deal. In conjunction, the Department of Justice officially filed a…
A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…
