Security News

The fate of the man accused of leaking top-secret CIA hacking tools - software that gave the American spy agency access to targets' phones and computer across the world - is now in the hands of a jury. Joshua Schulte stands accused of stealing the highly valuable materials directly from the CIA's innermost sanctum and slipping them to WikiLeaks to share with the rest of the planet.

Airline pilots faced with hacked or spoofed safety systems tend to ignore them - but could cost their airlines big sums of money, an infosec study has found. The team, who presented their paper at the NDSS infosec symposium, found that while their attacks against these systems "Created significant control impact and disruption through missed approaches", all pilots in the study were able to cope and land their simulated aircraft safely.

Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies. The claims made by the company are based on the evidential connection between tools, tactics, and procedures used by a hacking group, dubbed 'APT-C-39' against Chinese industries, and the 'Vault 7' hacking tools developed by the CIA. As you may remember, the massive collection of Vault 7 hacking tools was leaked to the public in 2017 by the whistleblower website Wikileaks, which it received from Joshua Adam Schulte, a former CIA employee who is currently facing charges for leaking classified information.

Speaking at the RSA Conference 2020 on Thursday, security technologist Bruce Schneier called for a better cooperation between security experts and government policymakers. From education systems to election structures, society is built on conventional "Models" that made sense when they were first formed hundreds of years ago, said Schneier, a lecturer at the Harvard Kennedy School.

HackerOne announced findings from the 2020 Hacker Report, which reveals that the concept of hacking as a viable career has become a reality, with 18% describing themselves as full-time hackers, searching for vulnerabilities and making the internet safer for everyone. The annual report is a study of the bug bounty and vulnerability disclosure ecosystem, detailing the efforts and motivations of 3,150 hackers from over 120 countries who successfully reported one or more valid security vulnerabilities on HackerOne.

An apparent ransomware attack on an accounting firm in December exposed the patient data of Community Care Physicians, a large upstate New York medical group, as well as other clients of the firm. Some of the data that was breached as a result of the attack on Albany, New York-based BST & Co. CPAs LLC has shown up on the publicly accessible website of ransomware gang Maze, which purportedly names and shames victims into paying ransoms, says Brett Callow, a threat analyst with the security firm Emsisoft.

A newly identified hacking group has been targeting gambling companies in Asia, the Middle East and Europe, using backdoors to steal source code and other data, according to new research from security firm Trend Micro. The APT group was first discovered in the summer of 2019 by the consultancy Talent-Jump Technologies, which was conducting an incident response operation for a client located in the Philippines when it came across a never-before-seen backdoor connected to these hackers, according to the Trend Micro report.

McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month.

The officials gathered for the China Initiative Conference, an event that explored Chinese intellectual property transgressions. China engages in a broad spectrum of trade theft activity, including not just hacking but also physical theft, inappropriate use of materials licensed from joint ventures, and information fed to it by insiders working at western companies, they said.

The United States today announced criminal charges against four Chinese Army soldiers who, it is claimed, are the hackers who stole 145 million Americans' personal data from credit scorer Equifax. Wu Zhiyong, Wang Qian, Xu Ke, and Liu Lei, are all said to have been members of the People's Liberation Army's 54th Research Institute hacking team, and are accused of illegally accessed Equifax's customer databases.