News and Blog

The Dark Overlord hacks plastic surgery clinic; demands ransom

Nude pictures never go unnoticed, and when these belong to celebrities and the mighty Royals, then people are bound to go crazy. This perhaps was in the mind of The Dark Overlord hacker group when they decided to invade the privacy of a well-known London-based celebrity plastic surgery clinic London Bridge Plastic Surgery (LBPS).

Artificial intelligence smart enough to fool Captcha security check

Computer scientists have developed artificial intelligence that can outsmart the Captcha website security check system.

Captcha challenges people to prove they are human by recognising combinations of letters and numbers that machines would struggle to complete correctly.

Researchers developed an algorithm that imitates how the human brain responds to these visual clues.

The neural network could identify letters and numbers from their shapes.

The research, conducted by Vicarious - a Californian artificial intelligence firm funded by Amazon founder Jeff Bezos and Facebook's Mark Zuckerberg - is published in the journal Science.

What is Captcha?

FIN7 Spear Phishing Attacks Now Aim At Avoiding Detection

The FIN7 hacking group has been targeting organizations from the retail sector of late, and Security Research Team from ICEBERG was busy tracking the activities of FIN7. According to their findings, FIN7 is exploiting victims in the retail industry using various phishingtechniques and continuously adapting phishing documents to evade detection.

After compromising the Point of Sale systems of the targeted company, it steals a massive amount of protected card data. FIN7 is extremely flexible when it comes to adaptability and manages to avoid detection along with affecting a large number of retail companies across the US.

Fake Cryptocurrency Apps on Play Store Stealing User Data

The US-based cryptocurrency exchange service Poloniex, which happens to be the largest exchange service in the world with over a hundred types of cryptocurrencies available for trading/buying, has been in the news lately for all the wrong reasons.

In August 2017, we reported that a security researcher managed to bypass the 2FA (two-factor authentication) process at Poloniex. Using Reddit handle Poloniex2FASucks the researcher revealed that he waited for 60 days for the company to respond and fix the issue but ultimately sold the vulnerability.

Reaper malware outshines Mirai; hits millions of IoT devices worldwide

Last year the world was startled when Mirai malware managed to infect a whopping 500,000 IoT devices and formed a massive army of botnets and then disrupted internet service in the US and Europe through launching DDoS attacks. The haunting memories are brought back to our attention with the emergence of malware that is trying to perform similar acts.

Google might block embedded cryptocurrency mining with new Chrome feature

Google Aims To Put An End To Secret Cryptojacking By Making In-Browser Permissions Necessary.

In-browser cryptocurrency mining has become the latest obsession among website operators as it is being deemed as the perfect alternative to display ads. However, the point of debate is that these miners are being deployed without asking or informing users. On the other hand, it is recommended in mining scripts that before making money through users’ resources, web operators must ask for user consent.

Android Apps Infected with Sockbot Malware Turn Devices into Botnet

Cybercriminals apparently are well aware of the fact that Minecraft is a truly profitable gameperhaps that’s why they are eager on identifying new ways of exploiting it. Reportedly, there are a number of Minecraft oriented Android apps available on Google Play Store that are infecting devices and turning them into botnets.

Post Cyberattack: The Next Steps Your Business Needs to Take

Technology has transformed the face of modern business, and thanks to the internet, it’s easier and faster to share data than ever before. However, sending your sensitive information out into the ether comes with a certain amount of risk, especially now cyber attacks are happening so frequently.

Cyber resilience is essential for any business, and it makes sense to minimize the likelihood of a breach happening in the first place. Unfortunately, no company is ever entirely protected from hackers, so what should you do if the worst has already happened? Here are five steps to take in the wake of a cyber attack.


Vulnerability in WPA2 Protocol Allows Attackers to Intercept and Decrypt Encrypted Data Traffic

According to cyber-security researchers Frank Piessens and Mathy Vanhoef from Belgium’s Katholieke Universiteit Leuven, there is a dangerous flaw in the WPA2 protocol which can be exploited by cybercriminals to intercept emails, passwords and other kinds of encrypted data. However, this will be successful only if the attacker is within the range of the vulnerable device or access point.

An attacker can also inject malicious content such as ransomware into a website when a client is visiting. The proof-of-concept of this exploit has been dubbed as KRACK, which is an abbreviation of Key Reinstallation Attacks. The findings of the research were disclosed on Monday followed by an advisory by US-CERT that has been distributed to nearly 100 organizations. In the advisory, it is stated that:

Google launches advanced Gmail security features for high-risk users

(Reuters) - Alphabet’s Google Inc said on Tuesday that it would roll out an advanced protection program in order to provide stronger security for some users such as government officials and journalists who are at a higher risk of being targeted by hackers.

The internet giant said that users of the program would have their account security continuously updated to deal with emerging threats.

The company said it would initially provide three defenses against security threats, which include blocking fraudulent account access and protection against phishing.

The program would include additional reviews and requests in the account recovery process to prevent fraudulent access by hackers who try to gain access by pretending they have been locked out.


is loading the page...