Research News, Articles and Updates

Researchers: Security of messaging apps breaks down during group chats

Academic researchers have reported vulnerabilities in the group communication protocols of three encrypted messaging apps -- WhatsApp, Signal, and Threema -- that could allow attackers to willfully subvert their integrity and confidentiality.

Newly created tool spots TLS vulnerability in major banking and VPN apps

Eight banking apps and one virtual private app were found to contain a hidden vulnerability in their TLS protections, which can be exploited to perform MITM attacks, according to academic researchers who created a new black-box tool capable of detecting the flaw.

Hello, Charming Kitten: Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.

Study: Organizations suffer critical and costly IT incidents five times a month

On average, organizations suffer a critical IT incident five times per month, with each one costing a mean of $141,628, according to a Quocirca/Splunk study. Another study, from Ponemon Research/Radware, found that 45 percent of 600 surveyed CISOs experienced a data breach in the last year.

Russian underground shop selling RDP servers for $15 or less

Russian dark web marketplace Ultimate Anonymity Services was recently observed selling more than 35,000 compromised RDP servers, which cybercriminals can leverage to anonymize themselves or to directly access victims' networks.

Russian cybercriminals' most popular anonymization tools include Linken Sphere, Whatleaks

Russian cybercriminals looking to anonymize their identities while engaging in illegal activity have a few new or improved tools to choose from, according to researchers from Flashpoint.

WannaCry and Hollywood hospital ransomware attacks crossed a line for some cybercriminals

The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.

Attackers can pull data from air-gapped networks' surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using surveillance cameras.

Skating on thin ice: Avril Lavigne is most dangerous celebrity to search online

According to McAfee's 11th annual Most Dangerous Celebrities study, online searchers for the Canadian singer result in more malicious websites than searchers for any other famous personality.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Malicious replacement touchscreens could completely compromise phones, researchers demonstrate

Mobile users who substitute their damaged phone touchscreens or other hardware components with third-party replacements could be infecting their phones with malicious components that could allow attackers to completely compromise the device.

Dating apps that collect personal details may attract scammers, researchers warn

Users of online dating apps could end up the target of spear phishing and social engineering scams, especially when these services make one's personal information accessible to virtually anyone, Trend Micro researchers have warned.

Hackers will weaponize AI, survey says

Of 100 infosecurity professionals surveyed, 34 percent fingered Russia as the biggest threat to cybersecurity in the U.S., followed closely by organized crime at 33 percent, according to a Cylance blog post.

Researchers deliberately get phished, learn that account exploitation often takes more than 24 hours

Researchers at Imperva recently set up fake online accounts and intentionally allowed themselves to be phished by scammers in order to observe how behavior cybercriminals act after they come into possession of a victim's credentials.

Survey: Infosec professionals work long shifts, yet feel rewarded

In a recent survey of 360 infosec professionals, 57 percent of respondents said that they work on weekends, while 29 percent said they work at least ten hours a day.

Majority of surveyed execs have inherited cybersecurity problems after acquiring a software company

In a recent M&A survey focused on the software industry, 52 out of 100 senior global executives confirmed that their companies inherited cybersecurity problems from a software business that they either merged with or acquired.

Dark web services getting attacked too, as Tor sites become less hidden

Despite their anonymity, sites and services hidden on the dark web are not immune to cyberattacks, as recently demonstrated by a group of researchers who coaxed cybercriminals into attacking fake Tor sites in order to study their behavior.

Survey: U.S. execs bearish on 2018 cybersecurity spending, despite increase in threats

Only 49 percent of surveyed U.S. executives expect to spend more on cybersecurity in a year's time, despite a 56-percent majority expecting the number of data breach attempts to rise in 2018, according to a new research study.

Paid in the USA: Americans more likely to pony up when infected with ransomware

The U.S. suffered 34 percent of global ransomware infections last year - and it's no wonder why, with 64 percent of Americans willing to pay to retrieve their encrypted files, compared to 34 percent of victims worldwide, according to Symantec.

Side-channel attack technique steals PINs by analyzing smart device sensor readings

Researchers in the UK have uncovered a technique for malicious websites to spy on smart device owners and even decipher their screen touches and PIN number entries by secretly monitoring their devices' sensor data.

Survey: Americans overwhelmingly disapprove of ISPs sharing data without consent

In a recent poll of more than 1,200 Americans, 92 percent agreed that Internet providers should not be allowed to monitor their activity online and sell that data to third parties without consent -- a strong indictment of Senate Joint Resolution 34, which lifted FCC restrictions that would have prevented ISPs from engaging in this practice.

Are West Africa's 'Yahoo boys' and BEC scammers creating the next cybercrime hotbed?

West Africa may be on the verge of developing its own fully realized underground cybercrime market, buoyed by a combination of traditional 419 advance-fee fraudsters and more sophisticated actors that prefer business email compromise and tax scams.

Analysis: Election hackers used many of the same techniques as Carbanak gang

An analysis of two DHS reports focusing on Russia's reputed interference in the 2016 U.S. election revealed common bonds between the infamous hacking campaign, dubbed Grizzly Steppe, and activity by the Carbanak cyber gang. However, an expert with ESET doesn't think the overlap is significant.

Survey explores the minds of hackers: 81% claim they can compromise target in under 12 hours

Eighty-eight percent of hackers surveyed at the 2016 DEF CON conference claimed they can compromise a target in less than 12 hours, while 81 percent said they can identify and exfiltrate a target's data in the same amount of time.

Kaspersky: Banking malware attacks up 30.6% in 2016; finance sector phishing also more prevalent

The number of cyberattacks targeting financial institutions and their customers soared to new heights in 2016, according to Kaspersky Lab, which observed nearly 1.09 million banking trojan attacks on users in 2016.