BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Firefox Zero-Day Vulnerability Exploited in Targeted Attacks

view counter
Updates released by Mozilla for its Firefox web browser on Tuesday patch a critical vulnerability that has been actively exploited in attacks. The zero-day flaw, tracked as CVE-2019-11707 and described as...
Continue reading
  0 Comments
0 Comments

France Seeks Hacker for Trial Over Death Following Prank

view counter
French prosecutors on Tuesday ordered infamous French-Israeli hacker Ulcan to stand trial over a telephone prank targeting the father of a French journalist who died soon after of a heart attack....
Continue reading
  0 Comments
0 Comments

New Variant of the Houdini Worm Emerges

view counter
A new variant of the well-known Houdini Worm has been spotted in phishing attacks earlier this month, Cofense’s security researchers report.  Named WSH Remote Access Tool (RAT) by its author, the...
Continue reading
  0 Comments
0 Comments

London Gallery Chief Quits After Israel Spyware Report

view counter
The head of London's Serpentine Galleries, Yana Peel, resigned on Tuesday following a newspaper report about her links to a controversial Israeli spyware firm. The board of trustees of the contemporary...
Continue reading
  0 Comments
0 Comments

Free Cloudflare Tool Helps CAs Securely Issue Certificates

Cloudflare DCV tool
view counter
Internet performance and security firm Cloudflare on Tuesday announced the availability of a free API designed to help certificate authorities (CAs) securly issue certificates by ensuring that malicious actors cannot complete...
Continue reading
  0 Comments
0 Comments

Modular Backdoor Can Spread Over Local Network

view counter
A recently discovered backdoor can spread itself over a local network, in addition to allowing attackers to install additional malware onto compromised machines.  Initially observed in February this year, when still...
Continue reading
  0 Comments
0 Comments

Critical Flaw Exposes TP-Link Wi-Fi Extenders to Remote Attacks

TP-Link extender vulnerability
view counter
A critical remote code execution vulnerability discovered by an IBM X-Force researcher allows an unauthenticated attacker to take complete control of some TP-Link Wi-Fi extenders. Firmware updates that should patch the...
Continue reading
  0 Comments
0 Comments

Aptible Raises $12 Million to Launch Compliance Platform

view counter
San Francisco, CA-based Aptible has raised $12 million in a Series A funding round led by Maverick Capital, with additional investors Thrive Capital and Western Technology Investment. Aptible  was founded in...
Continue reading
  0 Comments
0 Comments

Russia Says Victim of US Cyberattacks 'for Years'

view counter
The Kremlin on Tuesday said Moscow had been the victim of US cyberattacks "for years" following a New York Times report that Washington is stepping up digital incursions into Russia's power...
Continue reading
  0 Comments
0 Comments

Facebook Open Sources CTF 2019 Challenges

view counter
Facebook’s first-ever global Capture the Flag (CTF) competition took place earlier this month and the company has now made the challenges available in open source.  Over 1,600 teams from over 65...
Continue reading
  0 Comments
0 Comments

Serious Vulnerabilities in Linux Kernel Allow Remote DoS Attacks

SACK Panic
view counter
A security researcher working for Netflix has discovered that the Linux kernel is affected by potentially serious vulnerabilities that can be exploited by a remote, unauthenticated attacker to launch denial-of-service (DoS)...
Continue reading
  0 Comments
0 Comments

Florida Effort to Block Election Hacking Gets Extra $2M

view counter
Florida’s county elections departments will retain $2.3 million in unspent grant money aimed at stopping cyber-attacks on the state’s voting system, Gov. Ron DeSantis announced Monday. DeSantis announced the unspent money...
Continue reading
  0 Comments
0 Comments

Cyberattacks Target DNA Sequencing software

view counter
A threat actor that appears to be based in Iran is targeting a vulnerability in a popular DNA sequencing LIMS software, a security researcher had discovered.  The attack was initial observed...
Continue reading
  0 Comments
0 Comments

Mirai Offspring "Echobot" Uses 26 Different Exploits

view counter
A recently discovered variant of the Mirai Internet of Things (IoT) malware uses a total of 26 different exploits for the infection phase, Akamai reports.  Targeting improperly secured IoT devices, Mirai...
Continue reading
  0 Comments
0 Comments

Android Apps Target Bitcoin, By-Passing 2FA

view counter
Last week researchers reported on apps abusing the Android push notifications feature to deliver spam. Now other researchers have described apps using a similar but more advanced approach to by-pass two-factor...
Continue reading
  0 Comments
0 Comments

Researcher Scrapes and Posts 7 Million Venmo Transactions

view counter
Venmo is a peer-to-peer mobile app designed to make it easy to send and receive payments from friends. It is owned by PayPal -- and it is no stranger to security...
Continue reading
  0 Comments
0 Comments

DHS Issues Alert for Windows 'BlueKeep' Vulnerability

view counter
The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) on Monday issued an alert for the Windows vulnerability tracked as BlueKeep and CVE-2019-0708. CISA says...
Continue reading
  0 Comments
0 Comments

Decryptor Released for Latest GandCrab Ransomware Variants

view counter
A free decryption tool is now available for the victims of the latest variants of the GandCrab ransomware.  Released on the NoMoreRansom website, the tool provides victims with the possibility to...
Continue reading
  0 Comments
0 Comments

Push Technology Used in Mobile Attacks

view counter
Researchers have detected an Android trojan that abuses the web push technology. In its benign use, web push is used by legitimate websites -- such as news sites -- to send...
Continue reading
  0 Comments
0 Comments

Federal Agencies Still Using Knowledge-Based Identity Verification

view counter
Some U.S. government agencies still rely on knowledge-based identity verification despite the fact that this system has been easy to beat following the massive data breaches suffered by the Office of...
Continue reading
  0 Comments
0 Comments