Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

Adware Is the Malware You Should Actually Be Worried About

Adware Is the Malware You Should Actually Be Worried About

Distributed largely through the third-party Android app store 9Apps, the adware was originally a more clunky, obvious type of malware that masqueraded as legitimate apps but asked for a suspicious number of device permissions to run and displayed a lot of intrusive ads.

The Biggest Cybersecurity Crises of 2019 So Far

The Biggest Cybersecurity Crises of 2019 So Far

In March, following a research report from the threat intelligence firm Kaspersky, computer maker Asus disclosed a supply chain attack sometime in the second half of 2018 that had compromised the company's Live Update tool to push malware to almost 1 million customers.

Airport Facial Recognition, How Abusers Exploit Basic Apps, and More News

Airport Facial Recognition, How Abusers Exploit Basic Apps, and More News

Airport Facial Recognition, How Abusers Exploit Basic Apps, and More News. Stalkers have ways of tracking you even without fancy malware, airport facial recognition is becoming more common, and WIRED has some advice on how to take the very best fireworks photos.

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

According to Cavallarin, Apple said it would fix the problem by mid-May. When the company still hadn’t done so by the time a standard 90-day disclosure deadline had passed, Cavallarin went public, publishing a full description and proof-of-concept code on May 24.

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

Analysts at two security firms, Crowdstrike and Dragos, tell WIRED that they've seen a new campaign of targeted phishing emails sent to a variety of US targets last week from a hacker group known by the names APT33 , Magnallium, or Refined Kitten, and widely believed to be working in the service of the Iranian government.

Global Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

Global Takedown Shows the Anatomy of a Modern Cybercriminal Supply Chain

On Thursday, police in six countries along with the US Justice Department and Europol announced the takedown of Goznym—linked with another operation known as Avalanche, an associated cybercrime operation that was largely dismantled in 2016 —including the arrest of five of its members across Bulgaria, Georgia, Moldova, and Ukraine.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe .

Supply Chain Hackers Snuck Malware Into Videogames

Supply Chain Hackers Snuck Malware Into Videogames

Now researchers at security firms Kaspersky and ESET have uncovered evidence that the same hackers who targeted Asus with that sort of supply chain hack earlier this year have also targeted three different videogame developers—this time aiming even higher upstream, corrupting the programming tools relied on by game developers.

A New Breed of ATM Hackers Gets in Through a Bank’s Network

A New Breed of ATM Hackers Gets in Through a Bank’s Network

Beyond so-called jackpotting attacks , which cause individual ATMs to spit out money , hackers are manipulating ATM networks and the digital authentication checks in the machines to cash out fraudulent transfers they initiate around the globe.

How Android Fought an Epic Botnet—and Won

How Android Fought an Epic Botnet—and Won

Google Play Protect , which helps weed out bogus Android apps, has been increasingly able to detect when Chamois is running on a device and disable it.

'Exodus' Spyware Posed as a Legit iOS App

'Exodus' Spyware Posed as a Legit iOS App

The iOS version of Exodus, built to look like a mobile carrier support app, used all of the mechanisms iOS offers legitimate apps to grab as much of a target’s data as possible.

How to Check Your Computer for Hacked Asus Software Update

How to Check Your Computer for Hacked Asus Software Update

Attackers compromised Asus’s Live Update tool to distribute malware to almost 1 million customers last year, according to initial findings researchers at the threat intelligence firm Kaspersky Lab disclosed Monday.

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

So like clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating system that could allow malware to inject data into the most privileged code running on its computers, Mountain View's hackers are revealing that fresh zero-day vulnerability to the world.

ATM Hacking Has Gotten So Easy, the Malware's a Game

ATM Hacking Has Gotten So Easy, the Malware's a Game

(But at that point, ATM cyberthief, why would you?) “These people do have a sense of humor and some spare time.” Konstantin Zykov, Kaspersky Lab Kaspersky started tracking the WinPot family of malware back in March of last year, and in that time has seen a few technical versions on the theme.

Be Careful Using Bots on Telegram

Be Careful Using Bots on Telegram

"A bot would dramatically undercut the security properties of a chat." Kenn White, Open Crypto Audit Project But Telegram's bot platform relies instead on the Transport Layer Security protocol used in HTTPS web encryption. While researching one such malware scheme, Forcepoint accidentally discovered that Telegram chats that include bots have reduced security.

The Year Cryptojacking Ate the Web

The Year Cryptojacking Ate the Web

For example, the cloud monitoring and defense firm RedLock said in February that Tesla's Amazon Web Services cloud infrastructure was running mining malware thanks to an inconspicuous, but extensive cryptojacking campaign.

The Iran Hacks Cybersecurity Experts Feared May Be Here

The Iran Hacks Cybersecurity Experts Feared May Be Here

But while concrete attribution remains elusive, a wave of recent digital attacks has led some security analysts to suggest that Iranian state-sponsored hackers may have ramped up their digital assaults against the US and Europe as well."If you look at these groups, they’re not hacking for money, what they’re doing is very much nation state motivations," says Eric Chien, a fellow in Symantec's security technology and response division.

Russia's Elite Hackers May Have New Phishing Tricks

Russia's Elite Hackers May Have New Phishing Tricks

It's not uncommon to see them come out with a new variant or a totally new malware family."Palo Alto Networks researchers have only found one sample of the special Cannon-laced malicious document so far, but it was part of a broader APT 28 phishing campaign they observed that focused on government targets in North America, Europe, and a former USSR state that the company declined to name.Meanwhile, investigators at FireEye observed an extensive phishing campaign launched last week that appears to come from APT 29 hackers, also called Cozy Bear.