<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>
16
Nov 2018

IRCTC wakes up after 2 years to fix its security bug

IRCTC wakes up after 2 years to fix its security bug

It took nearly two years for India's largest ecommerce website, Indian Railway Catering and Tourism Corporation (IRCTC), to fix a security vulnerability that could have given hackers unfettered access to the personal information of passengers.

The bug would have given attackers access to passenger details such as name, age, gender and insurance nominees without their knowledge or consent. Interestingly, the Indian Railways decided to stop free mandatory travel insurance from September 1, allowing users to instead opt-in or opt-out of travel insurance

14
Nov 2018

India has been the target of over 4.3 Lakh cyber attacks from five countries

India has been the target of over 4.3 Lakh cyber attacks from five countries

The countries include China, Russia and the US while more than 73,000 attacks were initiated from India between January and June this year, a Finnish cyber-security company said.

"The relatively higher number of inbound attacks on Indian honeypots reflects how the fast-digitising country is becoming more lucrative for global cyber criminals.," Leszek Tasiemski, Vice President of cyber security products R&D at F-Secure, said in a statement on Sunday.

13
Nov 2018

Critical WordPress zero-day vulnerability allows hackers to conduct privilege escalation attacks

Critical WordPress zero-day vulnerability allows hackers to conduct privilege escalation attacks

Cybercriminals are exploiting a privilege escalation zero-day vulnerability present in WP GDPR Compliance - a WordPress plugin - that aids website owners to become GDPR complaint. The vulnerable plugin is reportedly used by more than 100,000 users and all of them are now feared to be exposed to malicious backdoor attacks.

Two critical exploits are found.

The first exploit allows modification of users' registration settings. Meanwhile, the second exploit involves injecting malicious scheduled actions to be executed by WP-Cron. Both these attacks use different types of backdoor scripts, researchers said.

The vulnerability was patched in the newer updated version 1.4.3. Meanwhile, all sites running version 1.4.2 and older versions are still vulnerable to this exploit.

07
Nov 2018

Mining Bitcoin Takes 3 Times More Energy Than Extracting Gold or Copper, New Research Says

Mining Bitcoin Takes 3 Times More Energy Than Extracting Gold or Copper, New Research Says

Researchers at the Oakridge Institute for Science and Education in Ohio also compared the energy consumption required to mine other cryptocurrencies, which were all found to be generally higher than that of gold.

Cryptocurrency mining is a process in which a "miner" packages a block of cryptocurrency transactions into a blockchain, a ledger of transactions.

The work requires powerful computers, servers, and cooling devices, which all add to growing energy costs. In some countries, energy costs make purchasing a Bitcoin as expensive as mining one.

The power demand associated with Bitcoin mining is predicted to triple this year and if it does, the energy consumption required to mine cryptocurrency will surpass that of entire countries.

04
Nov 2018

5G (and even 6G) could put your business at risk for a cyberattack

5G (and even 6G) could put your business at risk for a cyberattack

The next generation of wireless networking standards could leave critical security gaps open, according to University of Dundee research.

"In its current state, 5G does not close all the security gaps, which could result in numerous cyber-attacks and users being charged for the mobile phone usage of a third party," University of Dundee's Saša Radomirovic said. And while the team has proposed fixes, they "remain concerned about are the less than perfect privacy protections it provides leaving users vulnerable to targeted attacks," Radomirovic said.

01
Nov 2018

83% Avoid a Business Following Breach and 21% Never Return

83% Avoid a Business Following Breach and 21% Never Return

Almost half (44%) of US consumers have suffered the negative consequences of a security breach or hack, according to new research conducted on behalf of secure payments provider to contact centers, PCI Pal.

The research found that 83% of consumers will stop spending with a business for several months in the immediate aftermath of a security breach or a hack. Even more significantly, over a fifth (21%) of consumers will never return to a brand or a business post-breach, representing a significant loss of revenue. For any consumer facing business, this figure offers a stark warning.

31
Oct 2018

New attack technique uses YouTube and Office documents to spread malware

New attack technique uses YouTube and Office documents to spread malware

A new attack technique that allows attackers to embed malicious code into videos in Microsoft Word documents has been discovered by security experts. The technique allows malicious JavaScript code execution when a user clicks on a YouTube video thumbnail attached within a Word document.

A hacker could also conduct this attack without alerting the user or requesting user consent about executing malicious code. A successful attack could allow an attacker to execute any malicious code on a targeted computer.

Cymulate researchers were able to perform this attack by exploiting the video-embedding feature that creates an HTML script behind the video image. This, in turn, gets executed by Internet Explorer when the thumbnail inside the document is clicked by the user. This HTML code could also be modified by attackers to point to the malware instead of the YouTube video.

30
Oct 2018

The Problems With Using Artificial Intelligence And Facial Recognition In Policing

The Problems With Using Artificial Intelligence And Facial Recognition In Policing

Predictive policing uses data to forecast areas where crime will happen, by mapping 'hot spots'. More interestingly, it can also score and flag people most likely to be involved in violence.

As well as mapping out possible criminal hotspots, software could also assign a numerical threat score and a color coded threat level (red, yellow, or green) to any person that a police department searched for.

In the context of white collar crime, companies are already creating software to predict the 'typical' face of a white collar financial criminal. Researchers can therefore apply machine learning techniques to quantify the 'criminality' of an individual. Doing so in the terrorism space for aiding arrests, however, would be problematic. Concerns have been voiced by many that that stop and search powers are already used unfairly against those who look visibly Muslim.

26
Oct 2018

New Android malware TimpDoor can convert devices into mobile backdoors

New Android malware TimpDoor can convert devices into mobile backdoors

A new Android malware dubbed TimpDoor has been discovered by security experts. The malware is being distributed as part of a phishing campaign and is being sent to victims SMS messages. The attackers behind the campaign trick victims into downloading and installing a fake voice-message app, that contains TimpDoor.

Once the malware-laced app is installed a background service begins a Socks proxy server that redirects all network traffic via an encrypted connection from a third-party server. This allows attackers the ability to bypass security protections and access internal networks.

13
Oct 2018

Artificial Intelligence is key cybersecurity weapon in the IoT era: Research

Artificial Intelligence is key cybersecurity weapon in the IoT era: Research

The research revealed that in the quest to protect data and other high-value assets, security systems incorporating machine learning and other AI-based technologies are essential for detecting and stopping attacks that target users and IoT devices.

The majority of respondents from India agree that security products with AI functionality will help to:

  • Reduce false alerts (69 percent)
  • Increase their team’s effectiveness (65 percent)
  • Provide greater investigation efficiencies (56 percent)
  • Advance their ability to more quickly discover and respond to stealthy attacks that have evaded perimeter defense systems (66 percent)
12
Oct 2018

Data Leak Due To API Vulnerability Causes Google+ Shut Down

Data Leak Due To API Vulnerability Causes Google+ Shut Down

As stated in their blog post, Google plans on sunsetting its social networking platform Google Plus (also Google+). Part of the reason behind this decision is due to a vulnerability that leaked private profile data of hundreds of thousands of customers.

The exposed information did not include any profile posts, messages, phone numbers, or other account data. However, it did leak all public information from the profile fields. This includes usernames, email addresses, gender, age, and occupation.

11
Oct 2018

Hackers can compromise your WhatsApp account by tricking you into answering a video call

Hackers can compromise your WhatsApp account by tricking you into answering a video call

Recently, an iOS 12 texting bug has been infuriated numerous users where it reportedly sends users’ messages to the wrong recipients.

As noticed by several users, the new iOS has a bug in its iMessage feature that breaches users' privacy. Those who have upgraded to iOS 12 may have observed merging of threads from a single contact.

Apple has allegedly launched this feature for user convenience as it merges all conversation threads from a single user into one thread. Despite sounding convenient, the problem became a pain the neck for the average iOS user. Due to the vulnerability, iMessage incorrectly merged chats, making users send messages to the wrong recipients.

06
Oct 2018

Apple iOS 12 Texting Bug Sends Messages To Wrong Contacts

Apple iOS 12 Texting Bug Sends Messages To Wrong Contacts

Recently, an iOS 12 texting bug has been infuriated numerous users where it reportedly sends users’ messages to the wrong recipients.

As noticed by several users, the new iOS has a bug in its iMessage feature that breaches users' privacy. Those who have upgraded to iOS 12 may have observed merging of threads from a single contact.

Apple has allegedly launched this feature for user convenience as it merges all conversation threads from a single user into one thread. Despite sounding convenient, the problem became a pain the neck for the average iOS user. Due to the vulnerability, iMessage incorrectly merged chats, making users send messages to the wrong recipients.

26
Sep 2018

The dark web is where hackers buy the tools to subvert elections

The dark web is where hackers buy the tools to subvert elections

Voter data and the digital weapons hackers use to subvert elections are bought and sold daily on a corner of the internet known as the dark web.

Hackers also sell stolen logins, details on website exploits, voting machine vulnerabilities, and ransomware on the dark web.

When companies like Equifax or government agencies like the Office of Personnel Management (OPM) are hacked, the data is usually sold in dark web forums. Voter data is particularly cheap, says TechRepublic staff writer Alison DeNisco Rayome.

25
Sep 2018

Critical vulnerability impacts hundreds of thousands of IoT cameras

Critical vulnerability impacts hundreds of thousands of IoT cameras

A critical vulnerability in NUUO software could allow attackers to remotely view video feeds and tamper with the recordings of hundreds of thousands of surveillance cameras, Tenable reveals. The bug, which Tenable researchers called Peekaboo, supposedly impacts over 100 brands and 2,500 different models of cameras that are integrated with NUUO's software.

NUUO's software and devices are widely used for web-based video monitoring and surveillance in multiple industries, including retail, transportation, education, government, and banking. The vulnerability, an unauthenticated stack buffer overflow, could lead to remote code execution. Tracked as CVE-2018-1149, it features a CVSSv2 Base score of 10.0.

24
Sep 2018

Have an account in Netflix? Beware of phishing scammers!

Have an account in Netflix? Beware of phishing scammers!

Phishing scammers are after Netflix accounts by sending emails to steal sensitive details from the subscribers of the platform. The email scammers are asking victims to enter the credentials on their Netflix account and their payment information.

There is also a button that urges users to update their accounts. As of Now, Netflix has 130 Million active subscriptions which made is a popular target. One additional problem is the amount of people who reuse passwords across multiple accounts, this means that attackers can successfully steal Netflix login credentials to try on other accounts including email and online banking logins.

20
Sep 2018

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers steal information that briefly remains in the memory (RAM) after the computer is shut down.

However, to make the cold boot attacks less effective, most modern computers come bundled with a safeguard, created by the Trusted Computing Group (TCG), that overwrites the contents of the RAM when the power on the device is restored, preventing the data from being read.

17
Sep 2018

Safari & Edge Vulnerability Allowed Hackers To Perform Address Bar Spoofing Attacks

Safari & Edge Vulnerability Allowed Hackers To Perform Address Bar Spoofing Attacks

A vulnerability in the Safari browser allowed attackers to take control of the content displayed on the address bar and the security researcher who discovered this found that the method enables the bad actor to perform phishing attacks that are very difficult for the user to identify.

The browser bug is a race condition which is allowing the JavaScript to change the address bar before even the web pages is loaded completely.

When the bug was tested with PoC (Proof-Of-Concept) Code, The page was able to load content from Gmail while the page is hosted on sh3ifu.com and it works perfectly although there are some elements that kept loading as the page loaded completely indicating that it an incomplete process.

16
Sep 2018

Phishing warning: One in every one hundred emails is now a hacking attempt

Phishing warning: One in every one hundred emails is now a hacking attempt

One in every one hundred emails sent round the globe has malicious intent, likely to deliver malware, conduct spear-phishing, commit fraud or other activity conducted by cyber criminals.

In many cases, it just takes one malicious email being successful to provide attackers with a doorway into the back-end of a target network and a route to significant damage.

The attacks are relatively simple to carry out, because rather than needing to spoof an entire domain, they can much more easily spoof a display name or email address - particularly if the victim is using a smartphone. Rather than sending individual messages, the attacker send a more general message containing what looks like an internal company link, which once clicked, can lead to a malware payload or credential harvesting site.

13
Sep 2018

Amazon may share your payments information to govt

Amazon may share your payments information to govt

This would include a customer’s payments data, including personal information, and sensitive data that Amazon could share with Indian government authorities and enforceable agencies, if a user agrees to avail of the payments service locally.

This is in contrast to Amazon’s US practice where, while disclosing user data to the government, the company also has a transparency report that publishes the number of government requests it has received, mentioning how many of them were answered fully or partially along with queries it refused to answer legally.

11
Sep 2018

ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation

ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation

A pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients have been uncovered, which allow attackers to execute code as an administrator on targeted Microsoft Windows machines.

It allowed an attacker with access to the target PC to use a specially crafted malicious OpenVPN configuration file, which the service would use to execute a user’s VPN connection instead of a legitimate file. Thus, it offered an adversary escalated privileges.

"The 'Connect' method accepts a class instance argument that provides attacker control of the OpenVPN command line," VerSprite explained in an alert it issued at the time. "An attacker can specify a dynamic library plugin that should run for every new VPN connection. This plugin will execute code in the context of the system user."

06
Sep 2018

New Silence hacking group suspected of having ties to cyber-security industry

New Silence hacking group suspected of having ties to cyber-security industry

The report, published by Moscow-based cyber-security firm Group-IB, breaks down the activity of a previously unreported cyber-criminal group named Silence.

Silence also created their own tools, such as:
  1. Silence-- a framework for infrastructure attacks;
  2. Atmosphere--a set of software tools for attacks on ATMs;
  3. Farse--a tool to obtain passwords from a compromised computer;
  4. Cleaner--a tool for logs removal.

These tools, coupled with the group's lay-low tactics helped it go under the radar for far longer than many of its counterparts. New Russian-speaking "Silence" group linked to the theft of at least $800,000 from Russian and Eastern European banks and financial institutions.

02
Sep 2018

Researchers find new POS malware with no data exfiltration capabilities

Researchers find new POS malware with no data exfiltration capabilities

Researchers have discovered a point-of-sale malware program, RtPOS, that saves payment card data locally but does not exfiltrate it to a command-and-control server, perhaps so its activity is less likely to be detected as anomalous.

The lack of exfiltration also suggests that the malware is a post-compromise tool that attackers would only use if they've already compromised the target machine and have other means of transmitting the stolen data. However, it's also possible that RtPOS is merely in development and its exfiltration capabilities simply haven't been added yet.

RtPOS has existed in some form since at least last year. With zero networking capabilities, it can only be found on the victim's infected endpoint. It features a Russian language code, and its file name, alohae.exe, falsely suggests that the malware is really the "Windows Logon Service."

31
Aug 2018

Android Phones From 11 Vendors Vulnerable To AT Commands Attacks

Android Phones From 11 Vendors Vulnerable To AT Commands Attacks

A group of security researchers have discovered how AT command exploit attacks threaten most Android smartphones today. Reportedly, they tested Android phones from 11 vendors, all of which were found vulnerable to AT command attacks.

AT commands 'support telephony functions' in the smartphones. All the commands, according to the researchers, could allow an attacker to gain access to the device via the USB interface. To exploit this vulnerability, an attacker simply needs to hide malicious content in any charging station or USB docks. After the target phones connect with the USB, the attacker can intrude the device and can exploit the device AT commands for malicious activities.

30
Aug 2018

Windows Task Scheduler Zero-Day Exposed; No Patch Available

Windows Task Scheduler Zero-Day Exposed; No Patch Available

A zero-day flaw has been revealed by a Twitter user SandboxEscaper, for the Windows Task Scheduler in 64-bit Windows 10 and Windows Server 2016 systems. Apparently, this vulnerability is out in the wild, and there are no known patches or specific workarounds at present.

US-CERT has confirmed that the exploit works on 64-bit Windows 10 and Windows Server 2016 systems and is rooted in the Windows task scheduler.

This exploit misuses SchRpcSetSecurity to alter permissions to allow a hard link to be created, and then calls a print job using XPS printer (installed with Windows XP Service Pack 2+) to call the hijack DLL as SYSTEM (via the Spooler process).

Here, a part of this interface termed SchRpcSetSecurity is open for access so anyone can set local file permissions through it. Since the API function of ALPC does not check permissions, any potential local bad actor can alter them to gain escalated privileges.

29
Aug 2018

WB govt taking steps to combat 'Momo Challenge': Official

WB govt taking steps to combat 'Momo Challenge': Official

Government sought help from cyber experts on how to tackle the menace and interviewed Sandeep Sengupta, the managing director of the Indian School of Ethical Hacking.

He said, "Administrators who are running the Game hack social media numbers of the players and blackmail them through other social networking sites. They keep a tab on the status people post on social networking sites and choose those who are showing suicidal tendency for sending them an invite to play the game."

27
Aug 2018

Lawsuite filed against Google for misleading users about location tracking feature

Lawsuite filed against Google for misleading users about location tracking feature

Google was in the news last week for a misleading claim that "with Location History off, the places you go are no longer stored," which is not true. Now, the search engine giant is once again in the news after a San Diego man has filed the first lawsuit against Google over this issue.

However, it turned out that to fully opt-out of having your location activities stored by Google, you also have to disable the 'Web and App Activity' control as well, about which the company has mentioned deep into its product documentation.

In response to the AP investigation, Google defended itself by saying, "there are a number of different ways that Google may use location to improve people's experience," and that "we provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time."

The company even slightly changed its location policy, making it clear that even after turning off the Location History option, some Google services would continue collecting location information on you.

24
Aug 2018

How Blockchain Could Put An End To Fake Online Identities

How Blockchain Could Put An End To Fake Online Identities

Last year, a U.S. based car dealership was forced to pay a $3.6 million fine after it was discovered that it had planted fake reviews.

But with blockchain, there will be ways to track whether the person leaving a review actually ate dinner at the restaurant they’re reviewing, groomed their dog at the salon they’re rating or purchased the product they’re giving five stars.

Blockchain records quantifiable data and stores it in a block, which is then added together in a chain of similar information blocks. Each block needs to be verified across a network of computers before it can be added to the chain; once it has been verified, it cannot be altered, meaning the data is both transparent and secure.

This system can be used to create a digital map of someone, almost like an online ID; birth records, home addresses and university certificates can all be kept on blockchain.

23
Aug 2018

Paytm launches its own AI cloud for India

Paytm launches its own AI cloud for India

The platform aims at facilitating business-centric apps for organizations that need high-quality solutions for cloud computing, automate their workflow, easy payments, messaging and customer engagement without the hassle of managing hardware and software.

The company has committed around Rs 250 crore in this business.

21
Aug 2018

Augmented reality examples: Companies are putting AR to work

Augmented reality examples: Companies are putting AR to work

AR is no longer a future tech dream; it has become a realistic, game-changing tool for visualizing data in industries from engineering and manufacturing to construction and healthcare.

Organizations are using AR to cut costs, bring new products to market, improve collaboration between remote teams, visualize problems before they show up in the real world. Here are some examples of how companies are implementing AR.

  1. Communicating with IoT becomes easy with AR. Companies collect a staggering amount of data from IoT devices. But they struggle to make use of that information in a way that creates real benefit. AR can help with this by helping humans interface more quickly with machines to get to problems faster.
  2. Engineering firm Aecomis using mixed reality tech to help architects and engineers on multiple continents visualize models of large, complex building projects.
  3. AR systems are used by Volkswagen to help its workers navigate massive factories for maintenance, inventory, inspections and other tasks.
  4. Home improvement startup Porch connects a network of 250,000 home improvement contractors with homeowners who need help with appliance repairs and upgrades.
  5. Aircrafts manufacturer Boeing winds thousands of miles of wire into planes each year.
20
Aug 2018

Google location tracker is tough dodge

Google location tracker is tough dodge

An Associated Press report found Google continues to track a user's location even when that person attempts to turn off the various location services provided through the Android operating system and its apps.

The AP reported apps like Google Maps require a person's location to function, and notes the app does ask for permission to track an individual using a function called Location History. This app tracks every place a person has been and then displays it on a map in timeline fashion. While this tracking can be turned off, AP found Google used verbal gymnastics to inform its users they were no longer being tracked, while still keeping tabs on their location.

19
Aug 2018

Evidence in Police Body Cameras Can Be Easily Tampered With

Evidence in Police Body Cameras Can Be Easily Tampered With

A new policy has been proposed that would mandate LAPD police officers to release footage within 45 days unless used for a critical court case.

Footage may have proven to be useful in criminal prosecutions, however there are a lot of risks involved in such technologies as the data in these body cameras can be prone to modification and outright deletion due to multiple vulnerabilities in the body camera software.

Josh Mitchell, Principal Cybersecurity Consultant at Nuix has listed a number of ways for which footage can be accessed remotely, ultimately leading to compromise of the evidence. Mitchell analysed the body camera models, which are marketed specifically for law enforcement purposes.

Mitchell has uncovered a number of other security problems that are associated with mobile applications, software, cloud services and body cameras using default credentials. Most of these devices don't use the cryptographic protection and none of the video files are digitally signed by the video camera.

17
Aug 2018

Android Storage Systems Targeted By "Man-in-the-Disk" Attacks

Android Storage Systems Targeted By 'Man-in-the-Disk' Attacks

Man-in-the-Disk is a new attack technique that targets Android storage systems that use insufficient storage protocols in third-party applications. Hackers are taking advantage of these protocols to crash a victims Android mobile device.

Hackers are targeting the way in which smartphones and the majority of the mobile devices are handling storage which does not get applied to Androids' sandbox storage. Researchers from Checkpoint claimed there are vulnerabilities in how Google's Android OS utilizes external storage resources. This usually occurs when developers are careless about where they store app data.

External storage is essentially a partition on the device's storage card which is shared by all applications. Man-in-the-Disk targets the external disk on mobile devices. There are some apps that use external storage over internal storage if there is no free storage available on the device.

Google suggests that developers should add validation for external storage, the company also says that files should be signed and cryptographically verified before loading dynamically.

16
Aug 2018

Instagram hack is locking hundreds of users out of their accounts

Instagram hack is locking hundreds of users out of their accounts

Instagram has been hit by a widespread hacking campaign which appears to have affected hundreds of users, leaving them unable to recover their accounts.

Login attempts appear to be failing, and when password reset and recovery emails are requested, many users are reporting that the email addresses linked to their accounts have been changed to .ru domains.

While it is unknown who is behind the compromise, the use of .ru email addresses may indicate the source is from Russia -- or threat actors pretending to be from the country.

Usernames, profile images, passwords, email addresses and connected Facebook accounts are being changed, according to victims. A connection made between the compromised accounts is the use of Disney or Pixar characters when new profile pictures have been uploaded.

16
Aug 2018

Hackers withdraw Rs 94 crore after stealing ATM card data from Pune bank

Hackers withdraw Rs 94 crore after stealing ATM card data from Pune bank

The hackers stole details of multiple Visa and Rupay debit card owners. The details were used to carry out around 12,000 transactions worth Rs 78 crore in 28 countries on August 11. Similarly in India, 2,841 transactions worth Rs 2.50 crore were carried out.

The attack did not stop here. On August 13, in another malware attack on the bank's server a SWIFT transaction was initiated and Rs 14.42 crore was transferred to the account of ALM Trading Limited in Hanseng Bank, Hong Kong.

The total amount stolen is around Rs 94.42 crore and Cosmos Bank had to pay payment gateways such as Visa, Rupay and National Payments Corporation of India.

14
Aug 2018

Android Pie is here! Let's enjoy a slice

Android Pie is here! Let's enjoy a slice

Google's latest flavor of Android is jam-packed with all sorts of new features, including a brand-new gesture navigation system, new UI elements, and a heap of under-the-hood tweaks that aim to make this the best version of Android to date.

What are the features?
  1. With Android Pie, you can chuck the traditional navigational bar entirely, opting instead for a little pill-shaped nub at the bottom of the screen.
  2. It makes it much easier to flip between your active apps, lining them up horizontally so that you can just slide between them.
  3. Recent Android revisions have put a big focus on improving battery life, and that's definitely true again with Android Pie thanks to the new Adaptive Battery feature.
  4. The new Android Pie feature isn't just a simple ambient light sensor, but rather another machine learning ability that tracks the brightness level you like – and when and where you like it like that. And then it adjusts accordingly.
  5. If you reply to a message or email from an alert, you'll see a trio of contextual "smart replies" that can save you a lot of time and hassle with a single tap.
  6. Android Pie adds native support for cutouts. Sure, notched Android phones are already widely available from various makers, but by baking in support natively, it ought to make for a more consistent UI experience – particularly for notifications.
  7. Android Pie has a quick think about what your next move will be and automatically pops up options to save you a few taps.
10
Aug 2018

ATM hacking becomes a priority in IBM cybersecurity facilities

ATM hacking becomes a priority in IBM cybersecurity facilities

Jackpotting, also known as a black box attack, is when an ATM is physically targeted. Drills and damaging the front of these machines can open the way for criminals to access the network and system within.

Once a threat actor has established a connection and exploited the system, an ATM can be forced to spew out cash uncontrollably. To make things worse, these systems are sometimes compromised and then remotely controlled later, when cash mules are waiting to grab the proceeds.

In order to try and tackle the issue, IBM Security has launched X-Force Red Labs, a set of four facilities to test and improve the security of devices including ATMs. IBM said the facilities will be based in Austin, TX; Hursley, England; Melbourne, Australia; and Atlanta, GA, and include a dedicated ATM testing practice "in response to increased demand for securing financial transaction systems."

03
Aug 2018

Spam still the top source of malware: F-Secure

Spam still the top source of malware: F-Secure

"Email spam is once again the most popular choice for sending out malware," says Päivi Tynninen, Threat Intelligence Researcher at F-Secure. "Of the spam samples we've seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites."

Attackers have become smarter and savvier, which reflects in the kind of spam emails that are being sent. "Spam is becoming an increasingly successful attack vector, with click rates rising from 13.4% in the second half of 2017 to 14.2% in 2018," says Adam Sheehan, Behavioral Science Lead at MWR InfoSecurity.

02
Aug 2018

SamSam ransomware attacks: India among top 10 victims

SamSam ransomware attacks: India among top 10 victims

India seems to have emerged as an attractive target for hackers. It emerged as a top victim in the SamSam ransomware attack that was first reported in 2015.

Hackers have reportedly made a killing launching SamSam ransomware into vulnerable computer systems. In thirty months, they have reportedly collected about $6.5 billion to release the information locked in the systems that were taken hostage by them. The ransom amount was initially pegged at $8,50,000, but with more attacks getting reported, the aggregate amount shot up to $6.5 million.

SamSam is different from the traditional ransomware attacks which, generally, are not targeted. Cyber security experts say the attack method is surprisingly manual. It is more like a cat burglar than smash-and-grab attack. "The attacker can employ countermeasures to evade security tools and if interrupted, can delete all trace of itself immediately, to hinder investigation," according to Internet security solutions company Sophos.

Exclusive Blog

Read All Exclusive Blog »
Cyber Criminals are turning into Cryptominers, Dominating Cyber Threat Landscape
Cyber Criminals are turning into Cryptominers, Dominating Cyber Threat Landscape

According to Check Point, during the period July to December 2017, one in five Organizations are affected by crypto mining malware, tools that enable cybercriminals to hijack the victim's CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-users CPU power.

Read Details

Hacking Tools

Explore All Hacking Tools »
UFTP - UDP based FTP with encryption
UDP based FTP with encryption

UFTP is an encrypted multicast file transfer program for secure, reliable & efficient transfer of files. It also helps in data distribution over a satellite link.

Read Details