First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

Posted on February 14th, 2019 by Responsible Cyber

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, […]

Read More

Google paid out $3.4m in bug bounties last year

Posted on February 14th, 2019 by Responsible Cyber

by Lisa Vaas A 19-year-old researcher from Uruguay; a restaurant owner from Cluj, Romania; and a Cambridge professor: these are just three of the 317 researchers who were rewarded for reporting vulnerabilities and helping keep Google users safer in 2018, the company said in its yearly bug bounty payout wrap-up. Google awarded a total of […]

Read More

Digital signs left wide open with default password

Posted on February 6th, 2019 by Responsible Cyber

by Lisa Vaas Security researcher Drew Green has pried open an internet-connected digital signage system thanks to a default admin web interface password: an easily changeable password that allowed him into the web interface, from where he stumbled onto a chain of vulnerabilities that could allow a malicious attacker to upload whatever unsavories they’d like […]

Read More

Privilege escalation vulnerability uncovered in Microsoft Exchange

Posted on January 30th, 2019 by Responsible Cyber

by John E Dunn A researcher has discovered an alarming way that an attacker controlling a Microsoft Exchange mailbox account could potentially elevate their privileges to become a Domain Administrator. The consequences of this would be devastating, but according to Dirk-jan Mollema of Dutch company Fox-IT, it can be achieved by combining three separate weaknesses in […]

Read More

Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges

Posted on January 30th, 2019 by Responsible Cyber

Anyone with access to an Exchange mailbox can take control of domain, security researcher says. Microsoft Exchange 2013 and newer versions are vulnerable to a privilege escalation attack that gives anyone with a mailbox a way to gain domain administrator rights at potentially 90% of organizations running Active Directory and Exchange, according to a security […]

Read More