The service became notorious for its use by ne’er-do-wells looking to make a quick buck by hijacking the processing power of victim machines to generate virtual money Coinhive, a cryptocurrency mining service that rose to infamy after it began to be co-opted for cryptojacking campaigns in 2017, is shutting down. In a short blog post
Shares of JD.com, the Chinese e-commerce service that rivals Alibaba, are on the rise today after the online retailer announced better than expected results for Q4 2018, bucking uncertainty around tech companies in China. The company reported net revenue of RMB 134.8 billion ($219.6 billion) for the final quarter of last year. Despite representing the
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive’s service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief
This time last year, we said that 2018 would be the year of mobile malware. Today at MWC, we’re calling 2019 the year of everywhere malware. In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was
The advanced persistent threat (APT) group known since 2013 as BRONZE UNION, as well as Emissary Panda, APT 27 and LuckyMouse, is believed to be based in China, according to Secureworks. Published today, the State of the [BRONZE] UNION Snapshot and A Peek into BRONZE UNION’S Toolbox, are based on nearly two years of continuous,in-depth visibility
If you’re not the paying sort, Medium has a mile-wide new hole in its paywall that might interest you. (But really, you should be the paying sort.) On Wednesday, Medium CEO and Twitter co-founder Ev Williams announced that Medium is tearing down its paywall for readers that visit the site through Twitter. In tweets, Williams
by Paul Ducklin The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and finds out whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week’s stories: Millions of “private” medical helpline calls exposed on internet Virus
Summary Secureworks® Counter Threat Unit™ (CTU) researchers have tracked the activities of the BRONZE UNION threat group (also known as Emissary Panda, APT 27, and LuckyMouse) since 2013. CTU™ analysis suggests that BRONZE UNION is located in the People’s Republic of China. The threat group has historically leveraged a variety of publicly available and self-developed
The BRONZE UNION threat group focuses on espionage and targets a broad range of organizations and groups using a variety of tools and methods. Wednesday, February 27, 2019 By: Counter Threat Unit Research Team This blog and the accompanying threat analysis, entitled A Peek Into BRONZE UNION’S Toolbox, are based on nearly two years of
Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution
French startup Blade, the company behind Shadow, is launching a new set-top box to access its cloud gaming service — the Shadow Ghost. I’ve been playing with the device for a couple of weeks and here’s my review. The Shadow Ghost is a tiny little box that doesn’t do much. The true magic happens in
The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to find weaknesses before they can be exploited.
These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with
Threat actors can use firmware attacks on bare-metal cloud servers to easily gain persistent access to the hardware, according to new research from hardware security startup Eclypsium. The research showed how vulnerabilities in baseboard management controllers (BMCs) and weaknesses in the reclamation process of bare-metal cloud servers can allow attackers to add other malicious implants
A graduate of The College of Saint Rose in Albany, New York, has been charged with damaging college computers, according to the Department of Justice’s (DoJ’s) US Attorney’s Office of the Northern District of New York. The 26-year-old Albany resident is reportedly a citizen of India who has been in the United States on a student visa.
Lightstream, a Chicago-based company which develops tools to augment livestreams, has raised $8 million in new funding as it looks to add monitoring, management, and monetization services to its suite of editing technologies. Last year, the company inked a partnership with Microsoft‘s live-streaming Twitch competitor, Mixer, to let streamers on the platform add professional flourishes
by Danny Bradbury Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats. The Mozilla Corporation, which is the arm of the Mozilla Foundation that develops and maintains its software, made the striking warnings in a letter to the country’s government last week. The letter, written to
With FIDO2 certification for Android, Google is setting the stage for password-less app and website sign-ins on a billion devices Android is now certified for the FIDO2 authentication standard, meaning that people who use Google’s mobile operating system may soon be able to forgo passwords when logging into apps and websites on their Android-powered devices,
Tinder, the dating app company which, as of late, has been more fully embracing its status as the preferred hook-up app of choice for the younger generation, is today launching a new feature designed for its college-aged Tinder U users: Spring Break mode. The feature will allow students to swipe through potential matches before heading
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that
These days, we seem to have a newfound reliance on all things ‘smart.’ We give these devices the keys to our digital lives, entrusting them with tons of personal information. In fact, we are so eager to adopt this technology that we connect 4,800 devices per minute to the internet with no sign of slowing down.
Young women in West Virginia will join more than 6,000 high school girls for the second year of Girls Go CyberStart, an interactive series of digital challenges that teachers girls about cybersecurity. First introduced in 2018, the program launched with 231 participants from 27 high schools across West Virginia. This year, according to West Virginia’s governor, Jim Justice,
Whether protected through copyright, trade secret, trademark, or patents, software technology companies depend on IP more so than perhaps any other business type in history. It is surprising, then, just how little founders think about protecting their own IP. Sure, “product-market fit” is an all-engrossing search for truth that tolerates no distraction, but that is
by Danny Bradbury Officials in Tampa, Florida, were scrabbling to regain control of the mayor’s Twitter account this week after a hacker hijacked it to post bomb threats and child sex abuse images. The attacker, who took over the account just two weeks before the city’s municipal elections, tried to implicate others in the hijacking.
The keeper of the internet’s ‘phone book’ is urging a speedy adoption of security-enhancing DNS specifications The Internet Corporation for Assigned Names and Numbers (ICANN) – which supervises the Domain Name System (DNS) – is urging all DNS stakeholders to do their parts in order to enhance the security of one of the internet’s foundations.
OnePlus promised us a 5G handset this year. At Mobile World Congress this week, the company kind of, sort of delivered. Unlike the sea of other 5G devices unveiled at the show, however, the company’s offering is still very much in the prototype phase — like, behind protective glass with all of the interesting bits
At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, “Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information,” the new attacks could allow remote attackers to bypass
We’ve touched down in Barcelona for Mobile World Congress 2019 (MWC), which is looking to stretch the limits of mobile technology with new advancements made possible by the likes of IoT and 5G. This year, we are excited to announce the unveiling of our 2019 Mobile Threat Report, our extended partnership with Samsung to protect
Two US House committees will hold hearings next week, each focusing on data privacy as public pressure continues to mount for regulations that address protecting American consumers. On Tuesday, February 26, the House Consumer Protection and Commerce subcommittee will hold its hearing, “Protecting Consumer Privacy in the Era of Big Data.” The following day the
Traditionally, the Google Assistant always lived under the home button on Android phones, but as the company announced at MWC today, LG, Nokia, Xiaomi, TCL and Vivo are about to launch phones with dedicated assistant buttons, similar to what Samsung has long done with its Bixby assistant. The new phones with the button that are