dcsimg

A week in security (January 8 – January 14)

It’s very early in the year, yet everyone has already had a complete meltdown (pun intended) over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems in patching persisted. As if this wasn’t challenging enough, some online criminals jumped … [Read more...]

WPA3 will secure Wi-Fi connections in four significant ways in 2018

CES, the annual consumer electronics extravaganza in Las Vegas, isn’t just a showcase for virtual reality and poorly-timed power outages. It’s also an opportunity to get a peek at the future of network security. That’s why on the first day of CES, the Wi-Fi Alliance announced the newest security protocol for Wi-Fi devices: WPA3. The new protocol is the most significant upgrade to Wi-Fi security … [Read more...]

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and laying bare a design flaw in nearly all modern processors. The fallout from these revelations continues … [Read more...]

A week in security (January 1-8)

New year, new threats, as 2018 gets underway. On our blog, we had dubious searches aplenty for those hunting for Malwarebytes information, and we also covered the huge Meltdown/Spectre bug, affecting hardware going back to 10 years. Other news Coin miners are at it again, with a proof of concept for hacking public Wi-Fi and injecting cryptomining code into browsing sessions. (source: The … [Read more...]

Meltdown and Spectre: what you need to know

The Google Project Zero team, in collaboration with other academic researchers, has published information about three variants of a hardware bug with important ramifications. These variants—branch target injection (CVE-2017-5715), bounds check bypass (CVE-2017-5753) and rogue data cache load (CVE-2017-5754)—affect all modern processors. If you’re wondering if you could be impacted, the … [Read more...]

A week in security (December 11–17)

Last week we explained what fast flux is and how it’s being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed you about an ad server found predominantly on adult websites, which has taken the lead in the … [Read more...]

A week in security (December 04 – December 10)

Last week on the blog, we looked at a RIG EK malware campaign, explored how children are being tangled up in money mule antics, took a walk through the world of Blockchain, and gave a rundown of what’s involved when securing web applications. We also laid out the trials and tribulations of the Internet of Things, advised you to be on the lookout for an urgent TeamViewer update, tore down the … [Read more...]

How cryptocurrency mining works: Bitcoin vs. Monero

Ever wondered why websites that are mining in the background don’t mine for the immensely hot Bitcoin, but for Monero instead? We can explain that. As there are different types of cryptocurrencies, there are also different types of mining. After providing you with some background information about blockchain [1],[2] and cryptocurrency, we’ll explain how the mining aspect of Bitcoin works. And how … [Read more...]

How we can stop the New Mafia’s digital footprint from spreading in 2018

Cybercriminals are the New Mafia of today’s world. This new generation of hackers are like traditional Mafia organizations, not just in their professional coordination, but their ability to intimidate and paralyze victims. To help businesses bring a good security fight to the digital streets, we released a new report today: The New Mafia, Gangs, and Vigilantes: A Guide to Cybercrime for CEOs. This … [Read more...]

How to harden AdwCleaner’s web backend using PHP

More and more applications are moving from desktop to the web, where they are particularly exposed to security risks. They are often tied to a database backend, and thus need to be properly secured, even though most of the time they are designed to restrict access to authenticated users only. PHP is used to develop a lot of these web applications, including several dedicated to AdwCleaner … [Read more...]