Maktub ransomware phishing scam knows your home address and uses it as leverage
Ransomware is one of the most prevalent security threats at the moment, and each week there are new examples that up the ante a little more. In recent months we have seen cross-platform ransomware, Tesla 4's unbreakable encryption, and the MBR-overwriting antics of PETYA, but a new phishing scam takes another approach.
In a cleverly orchestrated campaign, a phishing scam is doing the rounds whereby malware meets social engineering in a bid to extract cash from victims. It marries together the file-encrypting Maktub ransomware with a thinly-veiled threat -- home addresses. Quoting victims' home addresses to them serves two purposes: it adds a level of authenticity to the phishing email, but also acts as additional leverage by upping the fear level.
WhatsApp's end-to-end encryption is not all it's cracked up to be
Just a few days ago, WhatsApp trumpeted the roll out of end-to-end encryption for its messaging service. The world rejoiced. With events such as the battle between Apple and the FBI turning attention to encryption, the announcement was well-timed to ride the crest of the wave. But it seems that for all of the bluster and bravado, the news about extra protection may not be quite as good as it seems.
Analysis of WhatsApp's privacy documentation reveals that the Facebook-owned company retains a huge amount of data about messages that are sent. If this all sounds familiar, it's because the retention of metadata is precisely what the NSA was (is?) up to, trawling web communications and upsetting Edward Snowden and privacy advocates around the world. WhatsApp's encryption and policies mean that those who are concerned about their privacy should not rest on their laurels.
The FBI vs Apple fight is not over
The recent furore between Apple and the FBI over access to the San Bernadino shooter’s iPhone brought privacy debates firmly into the public eye. Despite tech giants, politicians and privacy campaigners explaining the potential ramifications of the case, many people remained on the fence.
A recent survey by the Pew Research Centre found that the majority of Americans sided with the FBI and believe that Apple should have complied with its demands. I find this deeply concerning because it shows how easily our collective privacy could be eroded in the name of national security, and also how little most people seem to understand the encryption technologies which protect us all.
Startup company launches solution to protect connected cars from cyber attacks
In our increasingly connected world it isn't just your computer or smartphone that can fall victim to attack. The Internet of Things is producing a whole new generation of vulnerable devices.
Not least of these are connected cars where attackers can potentially infiltrate and take control over car systems, even killing the engine as you drive.
Basic API security measures are often overlooked
APIs are the glue that holds much of the digital world together, connecting systems, apps and data. But a new survey reveals that many organizations are failing to place enough emphasis on API security.
Research company Ovum in partnership with bot detection and mitigation firm Distil Networks, surveyed 100 IT and security professionals. They found that 30 percent of APIs are planned out with no input from the IT security team and 27 percent of APIs proceed through the development stage without the IT security team weighing in.
FBI briefs senator about how it cracked San Bernardino iPhone, but keeps Apple in the dark
It turned the case of the century in to the case that didn’t really happen. The battle between Apple and the FBI came to a sudden end last month when the US Justice Department said it didn’t need the iPhone manufacturer's help, and then successfully hacked its way into the iPhone in question.
With the San Bernardino shooter's iPhone seemingly successfully cracked, the FBI last night revealed to Senator Dianne Feinstein just how it managed it. There are no current plans to share this information with Apple, but FBI Director James Comey revealed that the tool that was brought in only works on the iPhone 5c.
Microsoft releases Cloud App Security to protect SaaS apps and data
Back in September of last year we reported that Microsoft had announced its purchase of cloud security firm Adallom to help its customers protect their cloud-based data and applications.
In February it teased that a new Cloud App Security offering based on Adallom's technology would be released in April. Well, today the wait is over and the product becomes generally available as a cloud-delivered service to help IT and security teams gain visibility and control over cloud apps.
What you need to know about erasing SSDs
Until recently, hard disk drives prevailed as the dominant storage device on desktop computers, laptops, smartphones, tablets, servers, and data centers. But thanks to the drop in price for solid state drives (SSD), that has changed. SSDs are more popular among both individual users and businesses. But for all of the advantages, they also possess unique traits that present some difficulties in wiping data from them.
Unfortunately, knowledge of the proper solid state drive erasure methods has not been anywhere near as fast or as ubiquitous as the SSD adoption rate. So you will often see methods that are assumed to be reliable -- such as reformatting and factory resets -- being performed on solid state drives. But that doesn’t mean it’s impossible to properly erase data from SSDs -- it just means users need to understand all of the technical features, the key situations when data has to be absolutely erased and the most reliable data removal method that needs to be used.
The doctor will lose your data now -- 1 in 5 doctors' mobile devices could be at high risk
More than 27 million Android devices running medical apps are likely to have high risk malware installed according to a new report.
The Mobile Threat Intelligence report from threat defense company Skycure is focused on healthcare and finds that doctors who use mobile devices to assist their day-to-day practice are exposed to network threats, and that these significantly increase over time.
Only a third of businesses have proper DDoS protection
Among the biggest cyber-threats to businesses nowadays are phishing, patch exploitation, trojans and DDoS (Distributed Denial of Service), yet new figures show that a quarter of companies don’t have an anti-DDoS protection set up.
Those are the results of a new survey by security firm Kaspersky Lab and B2B International. According to their research, approximately half of businesses surveyed understand the risks cyber-attacks pose, not just to their financials, but also to their reputation. Approximately, the same percentage also thinks being protected from DDoS attacks is an important cybersecurity requirement.
Full end-to-end encryption shows WhatsApp is serious about privacy
Encryption has been a hot topic for some time, but the battle between Apple and the FBI really brought it to the fore in recent weeks. In response to the FBI trying -- ultimately successfully -- to crack into the San Bernardino shooter's iPhone, WhatsApp was just one of the companies that promised to increase encryption.
Today the popular chat tool made good on its promise, enabling full end-to-end encryption; this means that calls, messages, photos, videos, files, voice messages, and group chats are all protected with end-to-end encryption. Importantly, this extra layer of security is enabled by default, leading WhatsApp to claim it is "a leader in protecting your private communication".
IT pros have bad security habits
Double standards, double standards everywhere. Our IT bosses might force us to change our passwords every so often, but they rarely change their own credentials, even though theirs offer administrative privileges.
Those are the results of a new survey conducted by cyber security vendor Lieberman Software. The company had asked 200 IT professionals at RSA Conference 2016 about their password changing habits.
iPhone 6s security flaw lets anyone bypass the passcode and access contacts and photos
It might have taken the FBI quite some time to find a way to unlock a shooter's iPhone 5C, but it turns out to be trivially easy to access contacts and photos stored on the company’s newest flagship, the iPhone 6s.
The trick makes use of Siri and Twitter, and as the owner of a 6s I’ve been able to test this method myself, and can confirm not only that it works, but it’s very simple to implement.
Mossack Fonseca hack exposes shady financial practices of world's rich and famous
One of the largest data breaches in history has resulted in the leak of eleven million confidential documents -- around 2.6TB of data -- from financial firm Mossack Fonseca, one of the most secretive companies in the world.
According to the BBC, the leaked documents reveal how "Mossack Fonseca has helped clients launder money, dodge sanctions and evade tax". The client list features some of the world’s richest and most influential people -- including 12 current or former heads of state -- and their irrepressible greed has now been laid out for all to see. The data shows how thousands of off-shore shell companies have been created in order to hide money from the tax man and also reveals "a suspected billion-dollar money laundering ring involving close associates of Russian President Vladimir Putin".
The threat of ransomware is so great, the US and Canada issue joint security alert
Malware is far from being a new problem, but the inexorable rise of ransomware has taken many by surprise. There have been a number of very high profile instances of ransomware such as PETYA, and the threat is perceived as being so high that the US and Canada have taken the unusual step of issuing a joint security alert.
The likes of TeslaCrypt 4 feature 'unbreakable encryption' and use scare-tactics to encourage victims to part with their money. This is what has prompted the joint alert from the US Department of Homeland Security and the Canadian Cyber Incident Response Centre which warns about "destructive ransomware variants such as Locky and Samas". Interestingly, the advisory actively discourages victims from bowing to ransom demands.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.