WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group chats,...

Android users would be wise to remember that just because an app appears in the official Google Play store doesn't mean that it should be considered entirely trustworthy. Researchers at Trend Micro have described how they recently uncovered a total of 36 apps in the official Android app marketplace that secretly harvested the details of users, tracked...

With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year. My favourite State of Security blogs from 2017 Pentest Toolbox Additions 2017 It´s becoming a yearly tradition, but one our readers and I love!...

If you still haven't properly secured your Twitter account with two-factor authentication then you have one less excuse today. Twitter has announced that you can now use third-party apps (such as Google Authenticator, Authy, or 1Password) to verify yourself at login. https://twitter.com/TwitterSafety/status/943542421698125824 Which is great news,...

No-one responsible for computer security should forget what happened in October 2016. The Mirai botnet launched an attack on the internet, the scale of which had never been seen before. By unleashing a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn, Mirai managed to knock out significant chunks of the internet - making it...

We're all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites. To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL - for instance, appIe.com rather than apple.com (hint: if you didn't notice, the first "appIe" had a capital...

For as long as I can remember, members of the public have been losing money to scammers, as they've been tricked into sending their hard-earned cash via Western Union. Scammers prey on the vulnerable and gullible, tricking them into wiring money via Western Union with the promise that it will help with medical bills, pay for for a new internet romance's...

If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this - now airplanes are getting hacked. The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19,...

Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers. According to security researchers, since last month a Russia-linked hacking group known as APT28 have been using a Microsoft protocol called Dynamic Data Exchange (DDE) to run malicious code through a poisoned Word...

A researcher has uncovered security holes in Google's bug-tracking database that could have potentially resulted in malicious hackers accessing sensitive information, including details of ways to exploit unpatched vulnerabilities in Google products. Researcher Alex Birsan has described how he managed to trick Google Issue Tracker (known internally to...

Reports appeared on Tuesday that a new ransomware outbreak was hitting organisations in Russia and Ukraine. Victims included the Russian newswire Interfax, Ukraine's Odessa airport, and the Kiev subway system. Media outlets like Fontanka.ru found their website's disrupted by the attack, and urged readers to follow them on social media for updates while...

In our previous article, we laid the groundwork for what we believe to be a serious threat to ICS/SCADA devices: social engineering. We continue here with some definitions, some of which you may already know.  Phishing Phishing is a relatively broad term for any attempt to trick victims into sharing sensitive information, such as passwords, usernames...

Words have meaning. Cybersecurity and IT professionals routinely abuse the terms “policy” and “standard” as if they are synonymous. The same holds true for compliance terms since these terms tend to get thrown in the same bucket even though there are significant differences that should be kept in mind. Why Should You Care? Beyond just using...

Nobody welcomes the prospect of having our online accounts hacked. It's a pain in the neck resetting passwords, warning your contacts, and worrying about the prospect that your identity may be stolen. But for some of us, the consequences of having our Gmail account compromised by state-sponsored hackers could be even more catastrophic and even life...

Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank's servers. The Far Eastern International Bank has confirmed that malware had been found on it computer systems, affecting PCs and servers, as well as its SWIFT terminal. SWIFT (the Society for Worldwide Interbank Financial...

When hackers broke into the email account of a New Zealand grape-grower with the intent of stealing NZD $90,000 (approximately US $70,000) their plan came so very close to fruition. As Stuff New Zealand reports, it was only because of the careful eye of Kathryn Walker, the general manager of Marlborough Vintners (who - notably - previously had a 12-year...

Europol, the European Union's police agency, has warned of the significantly rising threat posed by ransomware. As Associated Press reports, delegates at an international conference were told by Europol Executive Director Rob Wainwright that ransomware had taken the cybercrime threat to "another level." An 80-page report published by the agency...

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information. The most recent warning of Android malware relates to a new banking trojan called Red Alert 2.0 that has managed to infiltrate a number of third-party app stores...

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims' sites via a backdoor. The popular Display Widgets plugin was removed from the official WordPress.org plugin repository after it was found collecting information about website visitors and inserting content into...

Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa, and Google Home using ultrasound. A team from China's Zhejiang University devised the technique, which they have dubbed "DolphinAttack". Now, it's important to stress that this is a *potential* problem. Although...