News broke yesterday that Equifax have gained control of 138 domain names, registered by cybersquatters in the wake of their now-infamous data breach, in order to try and lure customers away from their legitimate ‘Equifax Security’ site for a variety of potentially concerning reasons.
It has been reported that A new banking Trojan dubbed IcedID has recently been spotted operating in the wild. Although IcedID is fairly new to the cybercrime arena, security experts suggest that the malware’s capabilities are on par with Dridex, Zeus and Gozi – all of which are proliferating banking malware that have previously caused widespread destruction and chaos in cyberspace.
It has been reported that someone claims to have broken iPhone X’s Face ID security already- but even so, people are surprised at just how quickly Apple’s hi-tech new Face ID for iPhone X seems to have been ‘pwned’ – with researchers able to get through the facial scan used to ID owners. Vietnamese security firm Bkav claims to have broken Face ID (although it’s yet to be confirmed by other security firms) with a simple mask.
The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties. A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents.
News broke yesterday that a cybersecurity company based in Singapore has already ‘beaten’ the latest facial recognition feature unveiled by Apple for their latest model, the iPhone X. Bkav says a 3D-printed mask costing just $150 (£115) to make has fooled the Face ID software, which is used to unlock the iPhone X, authorise payments and log in to apps.
Security researchers have discovered an exploit within an Antivirus software that takes advantage of the “restore from quarantine” function and allows a user to move a piece of malware from the quarantined folder to somewhere else on the victim’s computer, allowing the malware to be executed.
It has been revealed that security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service. This in turn can allow a hacker global access to metadata in the developers Twilio accounts, including messages, call metadata and recordings.