Tuesday, 19 March 2019

Ransomware Fighter Lives in Fear for his Life

This hacker hacks the hackers. He reverse-engineers ransomware so that victims can decrypt their files without paying money to criminals.

But the polar bear-loving Fabian Wosar lives in hiding at an undisclosed location. It’s all thanks to the threats and abuse he receives from ransomware gangs, which he describes as “the Russian mob.”

Scary stuff. In today’s SB Blogwatch, we peek behind the curtain and marvel.

Read more: securityboulevard.com/2019/03/ransomware-fighter-lives-in-fear-for-his-life

Friday, 15 March 2019

Android Security is a Hot Mess (yet Again)

Google’s Android smartphone platform is under fire again. Hundreds of “legitimate” apps have been infected with malicious third-party libraries—and not for the first time. These apps account for more than 320 million downloads.

The so-called SimBad and Operation Sheep SDKs are malicious, according to researchers. They’re able to phish, steal data and pop up ads over other apps.

Google keeps talking a grand talk, but is it proactive enough about nuking malware in the Play Store? In today’s SB Blogwatch, we avoid an Android army ambush.

Read more: securityboulevard.com/2019/03/android-security-is-a-hot-mess-yet-again

Thursday, 14 March 2019

30 years into the web, Sir Tim vents on scams, hacks and hate

Sir Tim Berners-Lee has been painting a slightly depressing picture of the web’s problems. But his recent open letter also celebrates the web’s extraordinary achievements.

So happy birthday, World Wide Web. It was 30 years ago when Sir Tim formally proposed Mesh, or Mine, or what we now know as the web.

As he super-tweeted in the 2012 Olympic Games, this is for everyone. But not everyone is on board the TBL-fanboi bus. In this week’s Security Blogwatch, we spin sticky silk.

Read more: techbeacon.com/security/30-years-web-sir-tim-vents-scams-hacks-hate

Tuesday, 12 March 2019

Citrix Systems Breached ‘for 10 Years by Iran,’ Claims Unknown Infosec Firm

Citrix Systems’ networks were infested with hackers, who stole terabytes of data. So says a security service provider nobody’s heard of—and that seems to have popped out of nowhere.

It was Iran, alleges the dubitable company. And so the mainstream media rush to parrot the unfound finding. But where’s the evidence?

Neither Citrix nor the FBI are saying. In today’s SB Blogwatch, we feel like useful idiots.

Read more: securityboulevard.com/2019/03/citrix-systems-breached-for-10-years-by-iran-claims-unknown-infosec-firm

Friday, 8 March 2019

Chrome Zero-Day RCE: Exploit in the Wild – Patch Now

Google is warning Chrome users to update their browser installations immediately. Previous versions have a nasty security bug that allows remote code execution.

And it’s not theoretical: It turns out that this vulnerability was already being exploited before the patch was available. Google is being super-cagey about the exact nature of the flaw, but the company is being unusually insistent about how urgent this is.

So you know what to do and when to do it. In this week’s SB Blogwatch, we sit up and take notice.

Read more: securityboulevard.com/2019/03/chrome-zero-day-rce-exploit-in-the-wild-patch-now