Cybersecurity News and Product Reviews | SC Media

Home

Broadened CIA cyberattack powers put businesses on alert

The greater business community should be on higher alert for cyberattacks by nation-state actors after the report last week that President Trump signed a “presidential finding” around cyberwarfare that gives the CIA broader powers to launch cyberattacks against U.S. adversaries. After all, following the Stuxnet attack by the U.S. in 2009 the Iranians responded not…

Misconfigured S3 exposes Twilio users to Magecart attack

A misconfiguration in an S3 bucket that was hosting a Twilio Javascript library caused a bad threat actor to inject code that made Twilio users load an extraneous URL on their browsers that has been associated with the Magecart group of attacks. In a company blog, Twilio said this solely affected v1.20 of the TaskRouter JS…

Chinese-made drone app may be spying on Americans

An Android application that controls a drone manufactured by China-based Da Jiang Innovations (DJI) contains a self-update feature that bypasses the Google Play Store, thus creating the ability for the app to transmit sensitive personal information to DJI’s servers or possibly the Chinese government. The DJI GO 4 Android app has been designed for use…

Apple Store

Apple to send research phones to trusted hackers

Apple on Wednesday officially launched its iOS Security Research Device (SRD) program — a significant milestone for the white-hat hacker community, which has made significant strides in recent years gaining the trust of software developers, tech manufacturers and website operators that previously were reluctant to work with outsiders on security issues. Under the terms of…

Twitter hackers accessed direct messages for 36 accounts

The hackers who ran a cryptocurrency scam using high-profile, verified Twitter accounts, including those belonging to Joe Biden, Apple, Bill Gates, Uber and Barack Obama, accessed the direct messages (DMs) of 36 accounts and downloaded account data from eight accounts via “Your Twitter Data.” There is no indication that the DMs of any former or…

Dacls RAT’s goals are to steal customer data and spread ransomware

The Dacls remote access trojan that is capable of attacking Windows, Linux and macOS environments has been used to distribute VHD ransomware and to target customer databases for attempted exfiltration, according to researchers. Kaspersky on Wednesday revealed this latest intel on Dacls in a company blog post and corresponding press release that also detailed an…

To reduce security errors, employers must relieve stress and fatigue

Working professionals are blaming stress, time pressure, fatigue and distractions for lapses in safe cyber practices – and current conditions caused by the Covid-19 pandemic may only be exacerbating the problem. According to a newly published research report from Tessian, a survey of 2,000 working professionals in the U.S. and UK found that 43 percent…

New cryptominer botnet spreads payload, less intrusive

A new cryptocurrency-mining botnet attack called Prometei bypasses detection systems and monetizes its campaigns in less intrusive ways. It is the first time that anyone’s documented a multi-modular botnet, according to Talos, which discovered the botnet and dubbed it “Prometei.” The botnet, which has been active since March, spreads a payload to provide financial benefits…

Next post in Security News