Showing only posts in Ars Technica. Show all posts.

11 million devices infected with botnet malware hosted in Google Play

Source

Enlarge (credit: Getty Images ) Five years ago, researchers made a grim discovery—a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected …

Google calls for halting use of WHOIS for TLS domain verifications

Source

Enlarge (credit: Getty Images) Certificate authorities and browser makers are planning to end the use of WHOIS data verifying domain ownership following a report that demonstrated how threat actors could abuse the process to obtain fraudulently issued TLS certificates. TLS certificates are the cryptographic credentials that underpin HTTPS connections …

Ever wonder how crooks get the credentials to unlock stolen phones?

Source

Enlarge (credit: Getty Images) A coalition of law-enforcement agencies said it shut down a service that facilitated the unlocking of more than 1.2 million stolen or lost mobile phones so they could be used by someone other than their rightful owner. The service was part of iServer, a …

Massive China-state IoT botnet went undetected for four years—until now

Source

Enlarge (credit: Getty Images) The FBI has dismantled a massive network of compromised devices that Chinese state-sponsored hackers have used for four years to mount attacks on government agencies, telecoms, defense contractors, and other targets in the US and Taiwan. The botnet was made up primarily of small office …

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew

Source

Enlarge (credit: Getty Images) A supply chain failure that compromises Secure Boot protections on computing devices from across the device-making industry extends to a much larger number of models than previously known, including those used in ATMs, point-of-sale terminals, and voting machines. The debacle was the result of non-production …

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

Source

Enlarge (credit: Getty Images) Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the …

As quantum computing threats loom, Microsoft updates its core crypto library

Source

Enlarge (credit: Getty Images) Microsoft has updated a key cryptographic library with two new encryption algorithms designed to withstand attacks from quantum computers. The updates were made last week to SymCrypt, a core cryptographic code library for handing cryptographic functions in Windows and Linux. The library, started in 2006 …

Rogue WHOIS server gives researcher superpowers no one should ever have

Source

Enlarge (credit: Aurich Lawson | Getty Images) It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and …

Found: 280 Android apps that use OCR to steal cryptocurrency credentials

Source

Enlarge (credit: Getty Images) Researchers have discovered more than 280 malicious apps for Android that use optical character recognition to steal cryptocurrency wallet credentials from infected devices. The apps masquerade as official ones from banks, government services, TV streaming services, and utilities. In fact, they scour infected phones for …

US charges Russian military officers for unleashing wiper malware on Ukraine

Source

Enlarge (credit: Getty Images) Federal prosecutors on Thursday unsealed an indictment charging six Russian nationals with conspiracy to hack into the computer networks of the Ukrainian government and its allies and steal or destroy sensitive data on behalf of the Kremlin. The indictment, filed in US District Court for …

Zyxel warns of vulnerabilities in a wide range of its products

Source

Enlarge (credit: Getty Images) Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which can be targeted as an initial point of entry into large networks. The …

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

Source

Enlarge (credit: Yubico) The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as …

City of Columbus sues man after he discloses severity of ransomware attack

Source

Enlarge (credit: Getty Images ) A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a recent ransomware attack on the city of Columbus scooped up reams of sensitive personal information, contradicting claims made by city officials. The order, issued by a …

Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says

Source

Enlarge (credit: Getty Images) Critics of spyware and exploit sellers have long warned that the advanced hacking sold by commercial surveillance vendors (CSVs) represents a worldwide danger because they inevitably find their way into the hands of malicious parties, even when the CSVs promise they will be used only …

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Source

Enlarge (credit: Getty Images ) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices. The attacks target …

Hackers infect ISPs with malware that steals customers’ credentials

Source

Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day vulnerability that allowed them to infect at least four US-based ISPs with malware that steals credentials used by downstream customers, researchers said Tuesday. The vulnerability resides in the Versa …

Android malware steals payment card data using previously unseen technique

Source

Enlarge (credit: d3sign ) Newly discovered Android malware steals payment card data using an infected device’s NFC reader and relays it to attackers, a novel technique that effectively clones the card so it can be used at ATMs or point-of-sale terminals, security firm ESET said. ESET researchers have named …

Novel technique allows malicious apps to escape iOS and Android guardrails

Source

Enlarge (credit: Getty Images) Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypass safety guardrails built by both Apple and Google to prevent unauthorized apps. Both mobile operating systems employ mechanisms designed to help users steer clear of apps that …

“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update

Source

Enlarge (credit: Getty Images) Last Tuesday, loads of Linux users—many running packages released as early as this year—started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: “Something has gone seriously wrong.” The cause: an update Microsoft issued …

Windows 0-day was exploited by North Korea to install advanced rootkit

Source

Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on behalf of the North Korean government so they could install custom malware that’s exceptionally stealthy and advanced, researchers reported Monday. The vulnerability, tracked as CVE-2024-38193, was one of six zero-days …

Google’s threat team confirms Iran targeting Trump, Biden, and Harris campaigns

Source

Enlarge / Roger Stone, former adviser to Donald Trump's presidential campaign, center, during the Republican National Convention (RNC) in Milwaukee on July 17, 2024. (credit: Getty Images) Google's Threat Analysis Group confirmed Wednesday that they observed a threat actor backed by the Iranian government targeting Google accounts associated with US …

Nashville man arrested for running “laptop farm” to get jobs for North Koreans

Source

Enlarge Federal authorities have arrested a Nashville man on charges he hosted laptops at his residences in a scheme to deceive US companies into hiring foreign remote IT workers who funneled hundreds of thousands of dollars in income to fund North Korea’s weapons program. The scheme, federal prosecutors …

512-bit RSA key in home energy system gives control of “virtual power plant”

Source

Enlarge When Ryan Castellucci recently acquired solar panels and a battery storage system for their home just outside of London, they were drawn to the ability to use an open source dashboard to monitor and control the flow of electricity being generated. Instead, they gained much, much more—some …

Students scramble after security breach wipes 13,000 devices

Source

Enlarge (credit: Getty Images) Students in Singapore are scrambling after a security breach wiped notes and all other data from school-issued iPads and Chromebooks running the mobile device management app Mobile Guardian. According to news reports, the mass wiping came as a shock to multiple students in Singapore, where …

Mac and Windows users infected by software updates delivered over hacked ISP

Source

Enlarge (credit: Marco Verch Professional Photographer and Speaker ) Hackers delivered malware to Windows and Mac users by compromising their Internet service provider and then tampering with software updates delivered over unsecure connections, researchers said. The attack, researchers from security firm Volexity said, worked by hacking routers or similar types …

« newer articles | page 2 | older articles »