A new world record on Distributed Denial of Service (DDoS) attacks was set last week, reaching over one terabit per second (1 Tbps)

“Internet of Things (IoTs) -powered DDoS attacks have now reached an unprecedented size, as it is too easy for hackers to gain control of poorly configured, or vulnerable, IoT devices. Late last year, we reported that lazy manufacturers of the IoTs and home routers are reusing the same set of hard-coded SSH (Secure Shell) cryptographic [...]

Super user level malware: an upcoming threat

It might come as a surprise to those who follow computer security news that the security vulnerabilities that get the most attention in the media, such as Stagefright, Quadrooter and the Trident iOS exploits,  are, in fact, rarely used for banking fraud. What they do is give an attacker so-called root or superuser level access, [...]

Qadar banking malware stayed under the radar for 3 years, according to IBM

The operators of the Qadar banking malware have attacked banks worldwide for 3 years, continuously adapting their defences against detection with more and more sophistication. 18 UK banks have been attacked since August 2016. Losses are not disclosed. IBM states: “…this Trojan has been flying under the radar for over three years, attacking banks in [...]

Just view a picture on an Android phone and get 100% hacked

900 million phones are systematically open for this hack, called Quadrooter, which was detected in early August 2016. The toxic effect of this attack is that it is providing the hacker a 100% remote takeover with root-access over the operating system. At this position the hacker can steal and manipulate everything, including financial transactions and gain [...]

What the Trident iOS exploits reveal about future mobile security challenges

On August 24th 2016, Apple released a security update for iOS devices which addressed a trio of vulnerabilities that has become known as Trident. The backstory for this patch is interesting: A human rights activist in Saudi Arabia, Ahmed Mansoor, received a suspicious text message promising new information on torture in the United Arab Emirates. [...]

Press Release: Outsmarting the mobile phone hackers through innovation

Protectoria announced today a technological break-through for payment transaction security.  The technology enables PSD2 (Payment Services Directive II) security compliance for payments for a single smartphone without any other pre-requisites other than an Internet connection and a security enhanced payment app.  The security solution -The Protectoria Secure Mobile Platform- has been analysed and independently verified [...]

Cyber Risk Just Became Unarguably Systemic

Based on a meta-review of 17 scientific studies, ENISA (The European Union Agency for Network and Information Security) estimates the cost of cyber-attacks for EU member countries at as much as 1.6 percent of GDP, or an annual total of $41.3 billion annually. There are big uncertainties for the stated figures, which can indicate that [...]

US Government (FTC and FCC) has started an investigation into mobile security patching practices

Mobile manufacturers and mobile operators generally leave mobile operating systems unpatched after selling it to the end user, or at best provides patching of security vulnerabilities way too late. The Stagefright vulnerability shows how severe this situation has become, with nearly 1 billion Android devices still vulnerable a year after the potentially remotely exploitable weakness [...]

Weak access privileges and lack of strong authentication in on-line gaming

Pure luck has saved a major on-line gaming organisation from a financial meltdown due to ransomware. Weak governance and implementation of access management together with lack of strong authentication and authorization have shown how easy attackers could enter into the very core of a critical infrastructure, even though state of the art technologies are used. [...]

THE CRIMINALS NEW WEAPON HAS ARRIVED – THE OVERLAY MALWARE – CHALLENGING THE CURRENT MOBILE SECURITY SOLUTIONS IN THE MARKET

Recent studies done by IBM (1), Symantec (2), Fireeye (3) on overlay malware such as Bial Bot, GM Bot, Cron Bot, KNL Bot and SlemBunk conclude that they are very cheap to buy on the black market and very simple to implement from a technical viewpoint.  These factors combined with the powerful capability to manipulate [...]