The UK's controversial Snooper's charter (or draft Investigatory Powers Bill) has been updated to grant the police sweeping new powers. The new legislation will permit authorities to not only access the browsing histories of suspected criminals, but also to remotely hack into computers and phones in certain circumstances.

Previous version of the bill had limited such powers to the investigation of "serious crime", but the updated version expands this dramatically. Home Secretary Theresa May is hoping to push the draft Investigatory Powers Bill through parliament later this year. The bill has already met with strong criticism from not only privacy groups, but also governmental advisers. While there are some concessions to protect unbreakable encryption, the latest changes will do little to assuage concerns with the bill.

Continue reading →

There are two kinds of people in this world, and I don’t mean those who can read binary and those that cannot. I’m thinking about those who are aware of the security risks smartphones pose, and those who aren’t.

And according to a new survey by security firm Norton, the world is literally split in half over this -- 56 percent of those surveyed say the prospect of the financial and banking information stored on their phone being hacked is "upsetting". Meaning, for the remaining 44 percent it’s not upsetting.

Continue reading →

Just because your business doesn’t have a website, that doesn’t mean it can’t be a victim of a DDoS (distributed denial of service) attack. This sentence might not make much sense at this point, but keep reading.

Security firm Kaspersky Lab and researchers B2B International looked at what cyber-crooks go for when attacking businesses and enterprises, and here’s what they came up with:

Continue reading →

Recently Anonymous has mostly been in the news for targeting Islamic State on the web, playing its part in helping to shut down thousands of ISIS-supporting accounts on Facebook and Twitter.

But the hacktivist collective, which has been active since 2003, has initiated a lot of campaigns over the years, targeting a variety of people and organizations, some more successfully than others. The group’s list of achievements is quite impressive -- ranging from getting an internet predator arrested, to taking on the Church of Scientology.

Continue reading →

Oooohhh, things are about to get really interesting in the cyber-security world. Kaspersky Lab has just declared war on the infamous hacking collective Lazarus Group, and it’s bringing its friends to the fight.

Together with Novetta and "other industry partners", Kaspersky Lab has announced the formation of Operation Blockbuster targeted at disrupting the activity of the Lazarus Group.

Continue reading →

There have been 1,673 data breaches last year. They have led to 707 million data records being compromised. Those are the results of a new report by digital security firm Gemalto, entitled Breach Level Index.

The Breach Level Index tracks all data breaches worldwide, looking at their size, severity, as well as the number of records compromised.

Continue reading →

German intelligence agencies are set to gain greater NSA-style surveillance powers after the German Interior Ministry announced plans to use Trojans to spy on the internet activities of suspects. Known as Bundestrojaner, the Trojan would give the government the ability to not only track which sites a target visits, but also record conversations, make use of webcams, access data and log keystrokes.

The Trojan has been in testing since late last year, and having received governmental approval could now be widely dispatched. Widely described as malware and spyware, the tool cannot be used without a court order, but this will do little to assuage the fears of privacy groups.

Continue reading →

Linux Mint is one of the best distos around, but if you’ve installed it recently you might have done so using a compromised ISO image.

The Linux Mint team today reveals that hackers made a modified Linux Mint ISO with a backdoor in it, and managed to hack the Mint website so it pointed to this bad version.

Continue reading →

A researcher from Google Project Zero discovered a serious security issue with the technical support tools supplied with Comodo software products. Tavis Ormandy found that Comodo Antivirus, Comodo Firewall, and Comodo Internet Security all included a bundled VNC server with either no password protection, or a very weak password.

GeekBuddy is a remote desktop tool used by support staff to troubleshoot customer problems, but it also serves as a backdoor that allows for near-unrestricted access to users' computers. The tool installs with full admin rights, meaning that an attacker could very easily gain complete control of a remote computer.

Continue reading →

Listen to Tim Cook and you’d be forgiven for thinking that Apple was standing up for the little guy, sticking up for the likes of you and I in fighting the FBI. The FBI, Apple would have you believe, wants Apple to break encryption, thereby weakening security for everyone. But that's not really the case at all.

The FBI has not asked for encryption to be broken; it wants access to data on the San Bernardino shooter's iPhone, and it wants to do so by using the (as yet unknown) PIN that has been used to lock it. Get it wrong too many times and the device is wiped. The FBI wants custom firmware to be made available that would allow it to brute force the PIN. It's nothing to do with cracking encryption, but that's not what Apple wants you to believe. It's an exercise in misdirection and a classic straw man argument. The problem is, if the straw man goes up in flames, will Apple too?

Continue reading →

We all know that hackers are looking to steal credentials and get their hands on sensitive data, but exactly how does this process work?

Researchers at data protection company Bitglass carried out its second 'Where’s Your Data' experiment, creating a digital identity for an employee of a fictitious retail bank, a functional web portal for the bank, and a Google Drive account, complete with real credit-card data.

Continue reading →

A new study by security firm Tripwire says IT security experts are very confident they can detect a breach, and that they can detect it quite fast. For automated tools, they do not share the same levels of confidence.

The survey questioned 763 IT professionals in various verticals, including retail, energy, financial services and public sector organizations in the US, about the seven key security controls that need to be in place in order to quickly spot an ongoing hack attack.

Continue reading →

Privacy International has lost a court case that questioned the legality of GCHQ's hacking operations. The UK-based privacy and human rights charity launched a legal campaign after Edward Snowden revealed the spying and surveillance that was being carried out by the NSA and GCHQ.

In the course of the case, GCHQ admitted for the first time that it was involved in hacking devices and computers not only in the UK, but around the world. The Investigatory Powers Tribunal (IPT) ruled that activities such as the installation of keyloggers, the remote activation of microphones and cameras, and the use of malware by the intelligence agency is entirely legal.

Continue reading →

In today’s mobile-centric world, using mobile phones for Internet banking is standard practice for most people, but do customers know they could be at risk of a new type of scam?

SIM swap fraud, where scammers cancel and re-activate new SIM cards to hack into bank accounts, is reportedly on the rise.

Continue reading →

I arrived onsite to suite 102 -- the bank’s corporate headquarters -- around 9:40 am. I was impersonating a local utility worker -- with all the garments like a hardhat, clipboard, obnoxious yellow vest, and some old Timberland work boots. I played the part well.

When I approached the suite I saw a giant glass entrance into the main office of the bank with a secretary minding the entrance and questioning visitors. I also noticed employees were entering and exiting an unmarked door at the end of the hallway -- no cameras to be seen. I proceeded slowly past the main entrance and then ran to catch the secured door as it was closing behind an unsuspecting employee. I was in!

Continue reading →