Security News > 2020

Jim Sanborn, who designed the Kryptos sculpture in a CIA courtyard, has released another clue to the still-unsolved part 4. I think he's getting tired of waiting. Did we mention Mr. Sanborn is 74?...

The Iran-based hacking group Charming Kitten has resurfaced with a new campaign that uses fake interviews to target public figures to launch phishing attacks and steal victims' email-account information. Certfa-who has been tracking the group since 2018-also observed Charming Kitten in the process of designing a malware for Windows machines, though it's currently unknown who it will target and how grand the scope will be, researchers wrote.

FBI Director Chris Wray said Wednesday that Russia is engaged in "Information warfare" heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America's election infrastructure. "Unlike a cyberattack on an election infrastructure, that kind of effort - disinformation - in a world where we have a First Amendment and believe strongly in freedom of expression, the FBI is not going to be in the business of being the truth police and monitoring disinformation online," Wray said.

To mark the occasion, Dropbox also revealed details on a handful of older, resolved bugs for the first time. The issue involved a feature for Dropbox Professional and Business users that allows them to password-protect their shared links via an option in Link Settings.

Researchers from VPN Pro recently discovered the bad apps when looking into the dangerous permissions that popular free antivirus apps request. As the researchers kept digging into the excessive, unnecessary, dangerous permissions these apps ask for, the name Hi Security popped up again.

A review by two computer security experts of the mobile app that malfunctioned during Iowa's critical tally of the Democratic Party's caucus has uncovered that it insecurely sends data, ProPublica reports. Veracode found that the app was vulnerable to hacking "Because of a lack of safeguards, transmissions to and from the phone were left largely unprotected," it reported.

Until now, Emotet was known to be able to deliver itself to other computers on the same network thanks to its propagation component, which spreads the malware via mounted shares or the use of exploits. According to Binary Defense researchers, it now has another, even more dangerous propagation trick that allows it to "Hop" onto other Wi-Fi networks and try to compromise computers on it.

Today, Open Bug Bounty already hosts 680 bug bounties, offering monetary or non-monetary remuneration for security researchers from over 50 countries. Global companies such as Telekom Austria, Acronis, or United Domains run their bug bounties at Open Bug Bounty.

Two researchers have created a solution that could help security researchers and IoT manufacturers with detecting zero-day exploits targeting internet-connected devices more speedily than ever before. It's called honware, and it's a virtual honeypot framework that can emulate Linux-based Customer Premise Equipment and IoT devices by using devices' firmware image.

Which ten software vulnerabilities should you patch as soon as possible? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.