BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Android Apps Target Bitcoin, By-Passing 2FA

view counter
Last week researchers reported on apps abusing the Android push notifications feature to deliver spam. Now other researchers have described apps using a similar but more advanced approach to by-pass two-factor...
Continue reading
  0 Comments
0 Comments

Researcher Scrapes and Posts 7 Million Venmo Transactions

view counter
Venmo is a peer-to-peer mobile app designed to make it easy to send and receive payments from friends. It is owned by PayPal -- and it is no stranger to security...
Continue reading
  0 Comments
0 Comments

DHS Issues Alert for Windows 'BlueKeep' Vulnerability

view counter
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) on Monday issued an alert for the Windows vulnerability tracked as BlueKeep and CVE-2019-0708. CISA says...
Continue reading
  0 Comments
0 Comments

Decryptor Released for Latest GandCrab Ransomware Variants

view counter
A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware.  Released on the NoMoreRansom website, the tool provides victims with the possibility to...
Continue reading
  0 Comments
0 Comments

Push Technology Used in Mobile Attacks

view counter
Researchers have detected an Android trojan that abuses the web push technology. In its benign use, web push is used by legitimate websites -- such as news sites -- to send...
Continue reading
  0 Comments
0 Comments

Federal Agencies Still Using Knowledge-Based Identity Verification

view counter
Some U.S. government agencies still rely on knowledge-based identity verification despite the fact that this system has been easy to beat following the massive data breaches suffered by the Office of...
Continue reading
  0 Comments
0 Comments

Investigation and Response is a Team Sport

view counter
I’ve talked before about how we have the tools and technologies to make the intelligent SOC a reality. It’s a welcomed development given the global cybersecurity skills shortage of three million...
Continue reading
  0 Comments
0 Comments

U.S. Planted Powerful Malware in Russia's Power Grid: Report

US hacking Russia's power grid
view counter
The New York Times reported over the weekend that the United States planted potentially destructive malware in Russia’s electric power grid, but President Donald Trump has denied the claims. The newspaper...
Continue reading
  0 Comments
0 Comments

Brian Weeden Quoted by Politico on U.S.-China Competition and Avoiding Conflict in Space

Illustration of astronauts on the moon
Apollo 16 landing on the moon
Illustration of the moon in space
The NASA logo
A top Chinese general has a warning for any U.S. leaders planning an arms race in space: Be prepared to lose. Outspending a rival power into economic exhaustion might have helped...
Continue reading
  0 Comments
0 Comments

Hackers Target Recent Vulnerability in Exim Mail Server

view counter
Cybercriminals are already targeting a recently disclosed vulnerability in the open-source Exim mail server, Cybereason reports.  Tracked as CVE-2019-10149, the vulnerability was disclosed early this month, but it has existed in...
Continue reading
  0 Comments
0 Comments

French Authorities Release Free Decryptor for PyLocky Ransomware

view counter
The French Ministry of Interior has released a free decryption tool for the PyLocky ransomware to help victims recover their data.  Initially spotted in attacks in July and August last year,...
Continue reading
  0 Comments
0 Comments

Vulnerabilities Expose BD Infusion Therapy Devices to Attacks

Vulnerabilities found in BD Alaris Gateway Workstation
view counter
CyberMDX, a research and analysis company specializing in medical device security, on Thursday revealed that its employees identified two serious vulnerabilities in infusion therapy products from medical technology firm BD. The...
Continue reading
  0 Comments
0 Comments

Vulnerabilities in Thunderbird Email Client Allow Code Execution

view counter
Security updates released by Mozilla this week for the Thunderbird email client address vulnerabilities that could be exploited to execute arbitrary code on impacted systems.  Available as version 60.7.1, the latest Thunderbird iteration...
Continue reading
  0 Comments
0 Comments

Canadian City Loses $500,000 to Phishing Attack

view counter
The City of Burlington, Ontario, revealed Thursday that it fell prey to "a complex phishing email" that cost the City CAD $503,000 (around USD $375,000). Few details have yet been released....
Continue reading
  0 Comments
0 Comments

Hackers Behind 'Triton' Malware Target Electric Utilities in US, APAC

view counter
Xenotime, the threat actor behind the 2017 Trisis/Triton malware attack, is now targeting — in addition to oil and gas organizations — electric utilities in the United States and the Asia-Pacific...
Continue reading
  0 Comments
0 Comments

Another World Password Day Has Passed and Little Has Changed

view counter
Six weeks ago, we celebrated World Password Day. Yet, unfortunately, not much has changed since last year. Cyber breaches are bigger and worse than ever. Hardly a week goes by without...
Continue reading
  0 Comments
0 Comments

New API Changes How Ad Blockers Work in Chrome

view counter
Google this week announced the introduction of a new API that effectively changes the manner in which ad blockers work in Chrome.  The Internet search giant has made numerous changes to...
Continue reading
  0 Comments
0 Comments

Amid Privacy Firestorm, Facebook Curbs Research Tool

view counter
Facebook has curbed access to a controversial feature allowing searches of the vast content within the social network -- a tool which raised privacy concerns but was also used for research...
Continue reading
  0 Comments
0 Comments

Yubico Replacing YubiKey FIPS Devices Due to Security Issue

YubiKey FIPS series impacted by crypto flaw
view counter
Yubico is in the process of replacing YubiKey FIPS (Federal Information Processing Standards) security keys following the discovery of a potentially serious cryptography-related issue that can cause RSA keys and ECDSA...
Continue reading
  0 Comments
0 Comments

New Malware Lays P2P Network on Top of IPFS’

view counter
A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report.  Discovered in May 2019 and dubbed IPStorm,...
Continue reading
  0 Comments
0 Comments