Blog

Blog

Android P promises new security and privacy features

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...
Blog

LA Times homicide website throttles cryptojacking attack

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...
Blog

Swisscom data breach exposes 800,000 customers

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers. Data exposed during the breach included: Customers' first and last names Customers' home addresses Customers' dates of birth ...
Blog

Smominru! Half a million PCs hit by cryptomining botnet

Why go to all the bother of writing ransomware that demands victims pay a Bitcoin ransom? If all you want is cryptocurrency, why not use the infected computers to mine the crypto coins themselves? That way you don't have to rely on a human victim buying some Bitcoin, and nervously making their way onto the dark web to make their ransom payment....
Blog

Reddit rolls out 2FA to all its users

Reddit, the so-called "front page of the internet", has some important news for its 250 million registered users. You can now secure your Reddit account with two-factor authentication (2FA). The additional layer of security has been rolled out as an option to all users following months of beta-testing. To enable the feature, Reddit users must access...
Blog

Less than 10% of Gmail users have enabled two-factor authentication

Internet users are doomed. I don't mean you or me; the fact that we're reading this article on Tripwire's The State of Security blog means we at least have a passing interest in protecting ourselves online. No, I mean those folks who, like us, use the internet but don't take the steps necessary to put in place the most rudimentary defenses to...
Blog

WhatsApp flaw could allow anyone to sneak into your private group chat

WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group...
Blog

The Top 10 State of Security Articles of 2017

With 2017 coming to a close, we wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between Christmas and the New Year. My favourite State of Security blogs from 2017 Pentest Toolbox Additions 2017 It´s becoming a yearly tradition, but one our readers and I...
Blog

How a hack almost sprung a prisoner out of jail

We're all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites. To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL - for instance, appIe.com rather than apple.com (hint: if you didn't notice, the first "appIe" had a...
Blog

A Boeing 757 was hacked remotely while it sat on the runway

If you thought it was scary when security researchers remotely hijacked a Jeep as it was driven down the freeway, consider this - now airplanes are getting hacked. The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19,...
Blog

Microsoft issues advisory to users after macro-less malware attacks

Hackers have been found exploiting a freshly-uncovered vulnerability in Microsoft's software to install malware on business computers. According to security researchers, since last month a Russia-linked hacking group known as APT28 have been using a Microsoft protocol called Dynamic Data Exchange (DDE) to run malicious code through a poisoned Word...