Google has pulled a malicious click fraud app from Google Play that spoofs the popular BatteryBot Pro app.
Grant Wilcox, an ethical hacking degree candidate at the University of Northumbria in the U.K., said the Wassenaar Arrangement rules were one reason he decided not to publish exploits he developed for his dissertation.
Ad fraud malware is one of the more profitable specialties in the cybercrime world, and the attackers who use it often have to adapt their tactics in order to keep the money rolling in. One of the tactics that they have adopted in recent months is that of updating the version of Flash that’s installed on an infected machine.
Core Security disclosed information on command-injection vulnerabilities found in a number of AirLive IP-enabled cameras after repeated attempts to disclose to the manufacturer were ignored.
Attackers have compromised the network of Italian intrusion software vendor Hacking Team and released a large cache of the company’s private documents, including customer invoices that show sales to oppressive governments.
Harvard University warned students of a data breach that may have exposed school network and email logins.
Dennis Fisher and Mike Mimoso discuss the OS X and iOS patches, the potential for the new cyber UL project run by Mudge, and the lawsuit against OPM after its data breach.
The SANS Internet Storm Center reports that the Angler Exploit Kit, pushing Cryptowall 3.0 ransomware, uses rapidly changing URL patterns—almost daily changes—to evade detection and rake in profits.
The chairman of the powerful Senate Judiciary Committee is asking some pointed questions of the FBI director about the bureau’s use of zero-day vulnerabilities, phishing attacks, spyware, and other controversial tools. Sen. Charles Grassley (R-Iowa) has sent a letter to FBI Director James Comey asking for “more specific information about the FBI’s current use of[…]
A week after admitting that several of its security appliances ship with static SSH keys, Cisco warned customers on Wednesday that its Unified Communications Domain Manager platform has a default, static password for an account that carries root privileges. The vulnerability affects versions of the software prior to 4.4.5 and the company said there are no[…]