Researchers have found a vulnerability in two popular email encryption protocols

Share this

European security researchers have found an alarming new vulnerability in the most common forms of email encryption. The attack, described in a report published Monday morning, lets bad actors inject malicious code into intercepted emails, despite encryption protocols designed to protect against code injection. Implemented correctly, the malicious code could be used to steal the entire contents of a target’s inbox. The vulnerability affects two of the most common email encryption protocols, PGP and S/MIME, although the degree of vulnerability depends heavily on the client’s implementation of the protocol. A…

Share this
Read More

Laundered Bitcoin Billions Linked to UK Company

Share this

A UK company has been linked to the laundering of 650,000 stolen bitcoins worth £4.5bn.The coins were taken by hackers from Tokyo-based Bitcoin exchange Mt Gox, leaving tens of thousands of customers out of pocket. It’s not clear who is in control of the London-based firm Always Efficient LLP. Mt Gox operator Mark Karpeles apologised to investors and said he was co-operating with the investigation. The FBI has charged a Russian national with laundering the stolen bitcoins. Mt Gox matched up those who wanted to buy the crypto-currency with dollars,…

Share this
Read More

Winter Olympics hit by cyber-attack

Share this

The official Winter Olympics website was taken offline after being hit by a cyber-attack, officials have confirmed. The site was affected just before the beginning of the opening ceremony in Pyeongchang, South Korea. TV and internet systems at the Games were also disrupted, though operations were restored about 12 hours later. However, a spokesman said that the International Olympic Committee would not be commenting on who might have been behind the incident. “Maintaining secure operations is our purpose,” said Mark Adams. He added that the issue was being dealt with…

Share this
Read More

Dutch DDoS mystery: Who’s behind the sudden massive wave of attacks on banks?

Share this

There is as yet no indication of who is behind the massive distributed denial of service (DDoS) attacks on Netherlands banks and government websites that ran from last weekend to Tuesday. Initial reports suggesting a Russian connection appear baseless. The attacks began just a couple of days after media reports stated that Dutch intelligence tipped off their American counterparts about state-sponsored Russian spies hacking the apparatus of the Democratic Party and stealing the infamous “leaked emails” that may have swayed the 2016 election. “This weekend’s DDoS attacks were heavier than…

Share this
Read More

Microsoft issues emergency Windows update in a move to disable Intel’s buggy Spectre fixes

Share this

Microsoft has issued another out-of-band security update this month, to deal with the issues around Intel’s Spectre firmware updates. Intel warned last week that its own security updates have been buggy, causing some systems to spontaneously reboot. Intel then buried a warning in its latest financial results that its buggy firmware updates could lead to “data loss or corruption.” Intel has been advising PC makers and customers to simply stop updating their firmware right now, until properly tested updates are available. Microsoft has gone a step further, and is issuing…

Share this
Read More

Fitness app Strava exposes the location of military bases

Share this

Strava, the popular app for tracking running, cycling and swimming, is not the most obvious go-to for exposing national secrets, but a heatmap of activity from users has been found to unearth the locations of U.S. military bases worldwide. The company’s review of 2017 showed all routes taken by its users across the world. It was released back in November 2017, but it came to the fore this weekend when Australian student Nathan Ruser noticed that trails from Strava users in certain countries made it possible to identify military from the U.S. and…

Share this
Read More

Former Employees Confirm that Lyft Staffers Spied on Passengers

Share this

Just like Uber’s  scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft says that widespread access to the company’s back end let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.” When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what…

Share this
Read More

Hackers can see your Tinder photos and figure out your matches

Share this

Tinder isn’t using encryption to keep your photos safe from strangers who are sharing the same coffee shop Wi-Fi as you, security researchers have found out. Researchers from the Tel Aviv-based firm Checkmarx found that Tinder’s iOS and Android mobile apps still lack basic HTTPS encryption, meaning that anyone sharing the same Wi-Fi as you can see your Tinder photos or add their own into the photostream. The firm built a proof-of-concept app called TinderDrift, demoed on YouTube, that can reconstruct a user’s session on Tinder if that person is…

Share this
Read More

Intel tells users to stop installing chip patches

Share this

Software patches issued to fix serious security flaws on Intel chips should no longer be applied, the company has said. The patches tried to tackle flaws called Meltdown and Spectre that, if exploited, could expose important data. Many reported that their machines slowed down or stopped working when they applied Intel’s updates. Intel said it now knew what caused these problems and was developing fresh patches that would work better. In a statement, Intel spokesman Navin Shenoy said it had been investigating why the earlier patches caused “higher-than-expected reboots and…

Share this
Read More

Hackers breach National Bank systems making off with Ksh 29m

Share this

Hackers have breached the National Bank of Kenya systems making away with Ksh 29 million. Confirming the incident through a statement on their twitter handle, @National_Bank,  National Bank confirmed the incident stating that indeed there was an attempt fraud in normal course of business on 17th January but the bank’s monitoring and security resources frustrated the attempt “The amount of attempted fraud is about Ksh 29 million and we are confident we will recover most of that money,” read the statement. The bank also confirmed that security are in pursuit…

Share this
Read More