Security News

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for demonstrating that they could hijack a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

Someone has been trojanizing a wide variety of hacking tools to compromise the machines of hackers who want to use the tools for free, Cybereason researcher Amit Serper has revealed. "So far, we have found samples that are either pretending to be various hacking tools or pretending to be installers of the Chrome Internet browser," they noted.

Far from being depressed, Wiley was expressing the forlorn hope that infosec as a field would be less dominated by malicious persons trying to make a fast buck by scamming honest folk and businesses out of their hard-earned money. As Check Point's incident response head honcho, Wiley has full visibility into what the infosec company's operations involve.

Virgin Media, one of the UK's biggest ISPs, on Thursday admitted it accidentally spilled 900,000 of its subscribers' personal information onto the internet via a poorly secured database. In a separate email to subscribers, shared with El Reg by dozens of readers, the telco expanded: "The database was used to manage information about our existing and potential customers in relation to some of our marketing activities. This included: contact details, technical and product information, including any requests you may have made to us using forms on our website. In a very small number of cases, it included date of birth."

A UK cybercrime vigilante was so incensed by tech support scammers he reverse-hacked the call centre in India to reveal CCTV footage of perpetrators as they ripped off their victims in real-life calls. During 2019, Browning said he was able to identify dozens of call centres in India where many of tech support scams targeting English speakers originate.

Dubbed SurfingAttack by a US-Chinese university team, this is no parlor trick and is based on the ability to remotely control voice assistants using inaudible ultrasonic waves. Voice assistants - the demo targeted Siri, Google Assistant, and Bixby - are designed to respond when they detect the owner's voice after noticing a trigger phrase such as 'Ok, Google'.

Always stay alert to potential security attacks on mobile devices. Aaron Turner, president and chief security officer of Highside, a distributed identity and secure collaboration technology company, said hardened Android devices are preferred over iOS devices, because iOS devices rely on a single-point-of-failure security model and don't allow users to select which encryption roots their device trusts.

Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo's lawyer. Assange appeared in the central London court via video link from prison.

Vulnerabilities in two popular WordPress plugins, ThemeREX Addons and ThemeGrill Demo Importer, are being exploited to hack websites. Just days after the existence of the flaw was made public, ThemeGrill customers started reporting that the security hole had apparently been exploited to hack their websites.

A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers a ransom to unlock its systems. Because of the ransomware attack, patients had their medical care and treatment disrupted, the complaint alleges.