Retefe Trojan just Got More Powerful by Adding the WannaCry Trick to its Arsenal
The Retefe trojan banking malware campaign has returned and is now leveraging EternalBlue -- the leaked NSA surveillance exploit -- to target Swiss financial institutions. Read more.
Apple OS High Sierra Reportedly Has a Password Problem
There's a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday, the same day the widely anticipated update was released. Read more.
SEC hackers accessed authentic data used by companies in tests
Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter. The sources spoke anonymously because it is not a public investigation. Read more.
Breach at Sonic Drive-In May Have Impacted Millions of Credit, Debit Cards
In a story broken by KrebsOnSecurity, Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale of millions of stolen credit and debit card accounts that are now being peddled in shadowy underground cybercrime stores. Read more.
Signal Update Keeps Users’ Address Book Secret
Open Whisper Systems, the non-profit behind Signal, is launching an experimental new method that will prevent users from needing to share their contact lists with Signal while still letting them use their existing address books to make encrypted calls and send encrypted texts. Signal's creators, like the developers of so many other social apps, have long considered that contact-sharing request a necessary evil, designed to make the app as easy to use as your normal calling and texting features. Read more.
Internet Explorer bug leaks whatever you type in the address bar
Security researcher Manuel Caballero disclosed a bug in Internet Explorer that leaks any text typed into the search bar to the current website in the user’s browser. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. Read more.
