Article Trunk



Posts Tagged ‘cybercrime’

TrickBot malware learns how to spam, ensnares 250M email addresses

Old bot, new tricks. TrickBot, a financially motivated malware in wide circulation, has been observed infecting victims’ computers to steal email passwords and address books to spread malicious emails from their compromised email accounts. The TrickBot malware was first spotted in 2016 but has since developed new capabilities and techniques to spread and invade computers ...

What CISOs need to learn from WannaCry

In 2017 — for the first time in over a decade — a computer worm ran rampage across the internet, threatening to disrupt businesses, industries, governments and national infrastructure across several continents. The WannaCry ransomware attack became the biggest threat to the internet since the Mydoom worm in 2004. On May 12, 2017, the worm ...

Homeland Security has tested a working BlueKeep remote code execution exploit

Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a vulnerable device. To date, most of the private exploits targeting BlueKeep would have triggered a denial-of-service condition, capable of knocking computers offline. But an exploit able to remotely run code or malware ...

Some sage security advice after Radiohead’s unreleased music hack

Bad news: Radiohead was hacked. Last week, a hacker stole the band’s lead singer Thom Yorke’s private minidisk archive from the band’s third album and subsequent major worldwide hit, “OK Computer.” The hacker demanded $150,000 or they’d release it to the public. Stuck between a ransom and a hard place, Radiohead released the tapes themselves. ...

AI security startup Darktrace’s CEO defeats buzzword bingo with trust and transparency

It takes a lot of trust to allow a company to come in and install a mystery box on their network to monitor for threats. It’s like inviting in a security guard to sit in your living room to make sure nobody breaks in. Yet that’s exactly what Darktrace does. (The box, not the security ...

Top voting machine maker reverses position on election security, promises paper ballots

Voting machine maker ES&S has said it “will no longer sell” paperless voting machines as the primary device for casting ballots in a jurisdiction. ES&S chief executive Tom Burt confirmed the news in an op-ed. TechCrunch understands the decision was made around the time that four senior Democratic lawmakers demanded to know why ES&S, and ...

A ‘backdoor’ in Optergy smart building tech gets maximum severity score

Homeland Security has given the maximum severity score for a vulnerability in a popular smart building automation system. Optergy’s Proton allows building owners and managers to remotely monitor energy consumption and manage who can access the premises. The box is web-connected, and connects to other devices — like air conditioning and heating — in the ...

In a rare advisory, NSA urges users to patch BlueKeep flaw

The National Security Agency has issued a rare advisory warning users to update their systems to protect against BlueKeep, a new security vulnerability with the capacity to rapidly spread between computers. The “critical”-rated bug affecting computers running Windows XP and later, can be exploited to remotely run malware at the system level, which has full ...

Microsoft warns users to patch as exploits for ‘wormable’ BlueKeep bug appear

Microsoft has issued its second advisory this month urging users to update their systems to prevent a re-run of attacks similar to WannaCry. The software giant said Thursday that the recently discovered “wormable” vulnerability in Remote Desktop Services for Windows can allow attackers to remotely run code on a vulnerable computer — such as malware ...

Thousands of vulnerable TP-Link routers at risk of remote hijack

Thousands of TP-Link routers are vulnerable to a bug that can be used to remotely take control the device, but it took over a year for the company to publish the patches on its website. The vulnerability allows any low-skilled attacker to remotely gain full access to an affected router. The exploit relies on the ...