New Android malware disguises itself as a system update

New Android malware disguises itself as a system update

It is a spyware capable of making the user release complete control of the device to criminals, spy on all their browsing and allow personal data and files to be accessed without much effort – including bank and social network information or stored photos and videos.

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Although these methods exploit a covert timing channel in the CPU cache, the new attack devised by Ben-Gurion researchers targets a cache-based side-channel in modern web browsers.This string search is followed by a request for a CSS element that requires DNS resolution from the malicious server.

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities

Ten people belonging to a criminal network have been arrested in connection with a series of SIM-swapping attacks that resulted in the theft of more than $100 million by hijacking the mobile phone accounts of high-profile individuals in the U.S. The Europol-coordinated year-long investigation was jointly conducted by law enforcement authorities from the U.K., U.S., Belgium, Malta, and Canada.

Police are increasingly using digital vehicle forensics to solve cases

Police are increasingly using digital vehicle forensics to solve cases

The same way that a smart phone’s location data and gyroscope data can be used to infer certain things about the phone holder’s location and actions, many people aren’t aware that similar information is stored in a black box within your car.

T-Mobile rounds out this awful year with another data breach, affecting hundreds of thousands of subscribers

T-Mobile rounds out this awful year with another data breach, affecting hundreds of thousands of subscribers

T-Mobile has confirmed to Android Police it has shut down a data breach operation that may have harvested a small group of customers' phone numbers, number of lines per account, and call diagnostic metrics.

Cyber-Criminals Target Naked Zoom Users

Cyber-Criminals Target Naked Zoom Users

The email, titled "Regarding Zoom Conference call," claims that the attacker exploited a zero-day vulnerability to access the victim's private data.

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

QakBot Banking Trojan Returned With New Sneaky Tricks to Steal Your Money

In an analysis released by Check Point Research today, the latest wave of Qbot activity appears to have dovetailed with the return of Emotet — another email-based malware behind several botnet-driven spam campaigns and ransomware attacks — last month, with the new sample capable of covertly gathering all email threads from a victim's Outlook client and using them for later malspam campaigns.

Alexa hack granted attackers access to an Echo user's smart home network

Alexa hack granted attackers access to an Echo user's smart home network

A number of vulnerabilities have been revealed in Amazon's Alexa, highlighting the need for providers of smart home platforms, such as Apple's HomeKit, to maintain security as part of the service.

Stalkers are using video doorbells and other 'smart' devices to harass victims, say police chiefs

Stalkers are using video doorbells and other 'smart' devices to harass victims, say police chiefs

Stalkers hacked into smart devices including video doorbells to target their victims in their own homes during the Covid-19 lockdown, police chiefs have said.

Amazon's Alexa may have witnessed alleged Florida murder, authorities say

Amazon's Alexa may have witnessed alleged Florida murder, authorities say

Police in Florida believe recordings from a murder suspect's Amazon Echo may contain crucial information as they investigate an alleged argument at the man's home that ended in his girlfriend's death.

In land of big data, China sets individual privacy rights

In land of big data, China sets individual privacy rights

BEIJING (Reuters) - China is poised to enshrine individuals’ rights to privacy and personal data for the first time, a symbolic first step as more of the country of 1.4 billion people becomes digitised - and more vulnerable to leaks and hacks.

5 Common Social Engineering Techniques to Avoid During Lockdown

5 Common Social Engineering Techniques to Avoid During Lockdown

Social engineering is the practice of psychological techniques that are used on people with the intention of eliciting sensitive information from them in order to gain access to secure systems.Described below are some of the 5 most common social engineering techniques that attackers like to use.

Tracking NSO, the media shy Israeli firm behind Pegasus

Tracking NSO, the media shy Israeli firm behind Pegasus

October ended with the news that an Israeli spyware called Pegasus was used to snoop around two dozen Indian users of WhatsApp, including notable journalists, lawyers and activists.

This Online Black Market Will Sell Your Entire Digital Identity

This Online Black Market Will Sell Your Entire Digital Identity

An online marketplace called Richlogs is selling stolen digital fingerprints that include access to a person’s entire online presence or web activity.Basically, it’s enough data to let a buyer totally assume their identity online, according to a report published Wednesday by the cybersecurity firm IntSight.

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer

Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.

Revenge porn victims being failed by outdated laws and policing

Revenge porn victims being failed by outdated laws and policing

Victims of image-based sexual abuse – such as upskirting, revenge porn and fake porn – are having their lives shattered amid outdated and ineffective laws and police inaction, a report reveals.

Cyberstalking Techniques: What Stalkers Can Do If They Have Your Name & Surname (Part I)

Cyberstalking Techniques: What Stalkers Can Do If They Have Your Name & Surname (Part I)

Your stalker can simply enter name/surname to Maltego’s database, and see what contact information is available about his victim online: what emails, what domains have a person by the same name are registered.

Controversial police policy will see some UK rape victims asked to grant access to their phones

Controversial police policy will see some UK rape victims asked to grant access to their phones

The new policy was introduced after a number of rape and sexual assault cases collapsed at the last minute after it was found that exculpatory evidence existed on the phones of alleged victims, and had not been disclosed to the defence.

DeepFake Ransomware, OaaS Part 1

DeepFake Ransomware, OaaS Part 1

Fakeware is a type of malicious software that automatically generates fake video which shows the victim performing an incriminatory or intimate action and threatens to distribute it unless a ransom is paid.

Cyberstalking: Definition, Laws, and How to Stay Safe

Cyberstalking: Definition, Laws, and How to Stay Safe

Most people are victimized for an average of Cyberstalking is a serious crime with scary statistics. However, most organizations that specialize in this area have definitions that contain the same elements: While stalking can be done by a stranger, most victims know their stalker.

Mumbai-based Businessman Loses Rs 1.86 Crore After Six Missed Calls

Mumbai-based Businessman Loses Rs 1.86 Crore After Six Missed Calls

The hackers had allegedly got a new SIM card in the businessman’s name, deactivated his old SIM card through the missed calls, reported Mumbai Mirror. The businessman had six missed calls from two numbers on his mobile phone.

The Amazon Alexa Eavesdropping Nightmare Came True

The Amazon Alexa Eavesdropping Nightmare Came True

C’t magazine listened to many of the files and was able “to piece together a detailed picture of the customer concerned and his personal habits.” It found that he used Alexa in various places, has an Echo at home, and has a Fire device on his TV.

Google’s G Suite Twitter account is the latest to get hacked in bitcoin scam

Google’s G Suite Twitter account is the latest to get hacked in bitcoin scam

Google’s official G Suite Twitter account is the latest victim of an ongoing bitcoin scam that has been plaguing the social media platform for the last few weeks, joining companies like Target (which saw a similar hack this morning), via The Next Web.

Schneier on Security

Schneier on Security

In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel.

Novel Attack Technique Uses Smart Light Bulbs to Steal Data

Novel Attack Technique Uses Smart Light Bulbs to Steal Data

Researchers have determined that some light bulbs are suitable for covert data exfiltration from personal devices, and can leak multimedia preferences by recording their luminance patterns from afar. Moreover, the adversary needs to plant malware that encodes private data from the target device and sends it to the smart light bulbs.

Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn

Hackers Made Half a Million Dollars Pretending They Watched You Watch Porn

Since July, cybersecurity researchers, journalists and victims, have seen a spike in extortion letters and emails demanding hefty sums of bitcoin. Kar said the company also fielded reports from victims in India, where scammers appear to be targeting at the moment in particular.