Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor running a global espionage campaign against military personnel, enterprises, medical professionals, lawyers, journalists, educational institutions, and activists.

More than 1 million people downloaded a copycat WhatsApp app from the Google Play Store, according to a report from The Hacker News. The app, which is officially called Update WhatsApp Messenger, w…

Not a whole lot of new lessons to be learned from this, but basic reinforcement of old ones:

• It's easy to get users, even high-profile at-risk users, to install arbitrary applications. Since there's little to be gained from litigating this basic fact, we have to work around it. We recommend at-risk users stick to relatively recent iPhones, not because Android phones can't be made to be asymptotically as secure, but simply because it's more difficult (technically and logistically) to set up a deployment process that gets an application installed on an iPhone that can do as much as these backdoored Android apps can.

• The biggest threat facing users on general-purpose computers (Windows or Mac) is email attachments. The most profitable desktop infection vector here seems to have been Word macros. There's no point in litigating whether people should or shouldn't use Word documents; they're going to do that. So we have to work around that. Our recommendation is that users be trained not to view attachments on general-purpose computers by clicking on them. Two options: view attachments on iOS devices, where the viewers are less privileged and less full-featured, or always opening them using Google's office tools.

To me, the big lesson of the past few years working with non-technical users targeted by attackers is: general purpose computers simply aren't secure, and can't (for normal users) be made secure. Get people out of computer apps and onto phone or web apps.

San Francisco – The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake...

CrookedStyleSheets - Webpage tracking only using CSS (and no JS)

GulfTech Research and Development

There has been no shortage of incidents proving that website security questions are far from secure.

We show how third-party scripts exploit browsers’ built-in login managers (also called password managers) to retrieve and exfiltrate user identifiers without user awareness. To the best of our knowledge, our research is the first to show that login managers are being abused by third-party scripts for the purposes of web tracking.

Infrared (IR) light is invisible to humans, but cameras are optically sensitive to this type of light.
In this paper, we show how attackers can use surveillance cameras and infrared light to establish bi-directional covert communication between the internal networks of organizations and remote attackers. We present two scenarios: exfiltration (leaking data out of the network) and infiltration (sending data into the network). Exfiltration. Surveillance and security cameras are equipped with IR LEDs, which are used for night vision. In the exfiltration scenario, malware within the organization access the surveillance cameras across the local network and controls the IR illumination. Sensitive data such as PIN codes, passwords, and encryption keys are then modulated, encoded, and transmitted over the IR signals. Infiltration. In an infiltration scenario, an attacker standing in a public area (e.g., in the street) uses IR LEDs to transmit hidden signals to the surveillance camera(s). Binary data such as command and control (C&C) and beacon messages are encoded on top of the IR signals. The exfiltration and infiltration can be combined to establish bidirectional, 'air-gap' communication between the compromised network and the attacker. We discuss related work and provide scientific background about this optical channel. We implement a malware prototype and present data modulation schemas and a basic transmission protocol. Our evaluation of the covert channel shows that data can be covertly exfiltrated from an organization at a rate of 20 bit/sec per surveillance camera to a distance of tens of meters away. Data can be covertly infiltrated into an organization at a rate of over 100 bit/sec per surveillance camera from a distance of hundreds of meters to kilometers away.

It seems like the Cyber Security Lab at Ben-Gurion University is the place where air gaps go to die. They’ve knocked off an impressive array of air gap bridging hacks, like modulating power supply fans and hard drive activity indicators. The current work centers on the IR LED arrays commonly seen encircling the lenses of security cameras for night vision illumination. When a networked camera is compromised with their “aIR-Jumper” malware package, data can be exfiltrated from an otherwise secure facility. Using the camera’s API, aIR-Jumper modulates the IR array for low bit-rate data transfer. The receiver can be as simple as a smartphone, which can see the IR light that remains invisible to the naked eye. A compromised camera can even be used to infiltrate data into an air-gapped network, using cameras to watch for modulated signals. They also demonstrated how arrays of cameras can be federated to provide higher data rates and multiple covert channels with ranges of up to several kilometers.

Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB.

View the latest news and breaking news today for U.S., world, weather, entertainment, politics and health at CNN.com.

For the first time, hackers have shut down a plant by crippling its safety system.

A researcher finds dozens of UK schools' smart heating systems are vulnerable to being attacked.

Don't laugh. Epson printer/fax machines dating back to 1999 have this problem

TL;DR:
HP had a keylogger in the keyboard driver. The keylogger saved scan codes to a WPP trace. The logging was disabled by default but could be enabled by setting a registry value (UAC required).
Get the list of affected hardware and patch here: https://support.hp.com/us-en/document/c05827409

A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman god of duality.

We loved what Apple used to do about security. During the past years, the company managed to build a complete, multi-layer system to secure its hardware and software ecosystem and protect its customers against common threats. Granted, the system was not without its flaws (most notably, the obligator

Update: We’ve been getting a lot of great feedback from people on HackerNews and Reddit. Here are answers to a few common questions:
• The System76 Firmware Update Tool is Open Source and located at...