Iranian hackers suspected in worldwide DNS hijacking campaign

Mysterious group hijacks DNS records to reshape and hijack a company’s internal traffic to steal login credentials.


US cybersecurity firm FireEye has uncovered an extremely sophisticated hacking campaign during which a suspected Iranian group redirected traffic from companies all over their globe through their own malicious servers, recording company credentials for future attacks.

Affected organizations include telecoms, ISPs, internet …

In 2019 Here’s How To Stop And Block Robocalls, Spam, And Unknown Calls On iPhone, Android

Robocalls are at epidemic levels. Here are some ways to get a handle on them in the new year. And one way to stop them cold.

Scammers have gotten craftier, but the scams are the same. They pretend to be global tech companies, big banks, or the IRS.  They’re all after your money and all are a colossal waste of your … Read more...

As digital threats grow, will cyber insurance take off?

Cyberattacks cost the world more than natural disasters – US$3 trillion in 2015, a price that may climb to $6 trillion annually by 2021 if present trends continue. But most people – and even most businesses – don’t have insurance to protect themselves against this rising threat.

Insurance against all kinds of risks – disease, disaster, legal liability and more … Read more...

Britain has reportedly practiced a cyberattack to send Moscow into total blackout

  • Britain’s military just underwent a $130.5 million (£100 million) exercise, part of which focussed on what to do if Russia attacks the West.
  • If Russia does, Britain will send Moscow into total darkness by launching a cyberattack on its electricity supply, Military sources told the Sunday Times.
  • The two-day training exercise took place on Saturday and Sunday deep in a

With Chrome 70, hundreds of popular websites are about to break

A lot of secure sites are set to grind to a halt with security error messages in the next version of Google  Chrome, after the browser will drop trust for a major HTTPS certificate provider following a series of security incidents.

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites … Read more...

California passes law that bans default passwords in connected devices

Good news!

California has passed a law banning default passwords like “admin,” “123456” and the old classic “password” in all new consumer electronics starting in 2020.

Every new gadget built in the state from routers to smart home tech will have to come with “reasonable” security features out of the box. The law specifically calls for each device to come … Read more...

New hack bypasses iPhone’s lock screen on iOS 12

Apple’s iPhone is advertised as a highly secure device, which is why it’s a bit funny when someone easily beats its security shortly after a major new version of iOS is released.

A YouTube video posted last week alleges that it’s possible to bypass the lock screen of an iPhone running iOS 12 without knowing the password, and access both … Read more...

New study finds 5 of every 6 routers are inadequately updated for security flaws

Consumer group blames open source libraries and the lack of auto-update mechanisms.

A new study by a US consumer nonprofit has found that five out of six home routers are inadequately updated for security flaws, leaving the devices, and indirectly their users, vulnerable to hacking.

Carried out by the American Consumer Institute (ACI), the study analyzed a sample of 186 … Read more...

First UEFI malware discovered in wild is laptop security software hijacked by Russians

“LoJax” repurposed LoJack anti-theft agent as rootkit that could survive OS re-installs.


ESET Research has published a paper detailing the discovery of a malware campaign that used repurposed commercial software to create a backdoor in computers’ firmware—a “rootkit,” active since at least early 2017 and capable of surviving the re-installation of the Windows operating system or even hard drive … Read more...

This is how cyber attackers stole £2.26m from Tesco Bank customers

Poor debit card security and a “series of errors” in reporting exacerbated an incident that could have been easily avoided.

The inner workings of a cyber attack against Tesco Bank which saw £2.26m stolen from 9,000 customers — and resulted in the bank being fined over £16.4m for the failings that allowed it to happen — have been revealed.

The …