The Wikileaks portal has recently published a document from the CIA Vault 7 series, containing the informations about a malicious firmware called Cherry Blossom.

Why is Cherry Blossom so dangerous?
The program was designed to compromise wireless networking devices, such as wifi routers from popular companies like Asus, D-Link, 3Com, Linksys, and Apple. The wireless devices were selected as a target because they do not require physical link and can be easily infected by the Cherry Blossom program during the of their firmware over a wireless access.

Once infected, the wifi device becomes a so-called FlyTrap, capable of handling a variety of malicious tasks. FlyTrap is capable of checking a user’s network traffic, redirecting them to a

The security experts from UpGuard company have reveled that a Deep Root Analytics firm, working for the Republican Party, was storing sensitive data on about 200 millions of Americans on an unsecured Amazon S3 server.

The amount of information exposed by the incident was tremendous. The names, dates of birth, home addresses, phone numbers, and voter registration details of nearly all of America’s registered voters were exposed.

It is believed to be the largest ever known exposure of voter information to date.

The Deep Root company has admitted to its mistake and takes "full responsibility for this situation." The data was exposed between 1st and 14th of June, during the updated security settings.

The security experts from ESET company have discovered a new malware, called Industroyer, that was designed to target equipment installed in power grids.

The experts claim that Industroyer is very dangerous software because it is capable of attacking so-called critical infrastructure, through controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).

Malicious software has a primary and secondary backdoor feature  a port scanner to search the local network for attached devices, and a data wiper module that deletes the malwa

The portal Zaufana Trzecia Strona has recently informed about a leakage of over 50,000 data records from the Independent Public Medical Facility in Koło (town in central Poland).

The stolen data did not concern patients alone, but also included  confidential informations about the hospital staff.

The culprits responsible for the theft have accessed patient healthcare records, containing the most valuable information available, including personal and social security numbers, home addresses and patient health histories.

In the case of hospital staff, the stolen data included series and numbers of the ID cards, mothers' maiden names and bank accounts' numbers.

Surprisingly, to acquire the access to

Last month, the police in eastern China's Zhejiang province have arrested 22 people on suspicion of  illegally obtaining and selling iPhone customers data.

It was confirmed that the suspects worked in direct marketing and outsourcing for Apple in China.

The Chinese officials claim that the arrested searched an internal Apple database for sensitive info and then sold it to the black market vendors for between 10 to 180 yuan ($1.50 to $26.50) per piece of information. It is estimated that the suspects may have earned over 50 million yuan, which is the equivalent of approximately $7.4 million.

Apple users are probably wondering what sort of information was stolen/sold?
The data contained customer's names, phon

A sophisticated phishing campaign has been directed at the iCloud app users. Recently, a large group of Apple's clients have been receiving false e-mail messages informing the user that their iCloud accounts have been compromised and need to be reset. In order to do so, the users are advised to click on the attached link.
Upon clicking the link the users are redirected to a fake, phishing page designed to look like a official Apple's website. The users are then asked to enter their Apple ID and password to proceed. Once the login process is complete, the victims are advised to confirm their personal information, including their address, phone number, date of birth and credit card information.
This is more than enough information for identity thieves to steal the

The security experts from Check Point company have recently discovered a new threat, known as Judy.

What exactly is “Judy”, and why is it considered dangerous?

In short, Judy is a new virus which has successfully bypassed the Google Play Store’s security means, and infected over forty popular game apps. Each app containing Judy's code is capable of silently registering the endangered device to a C&C server, and download additional payload that starts the actual malicious process.

Furthermore, the Judy apps can also display a large number of advertisements. The ads would often dominate the screen almost to the point that the users would need to click on the ads to get rid of them.

According to

The security experts from Georgia Institute of Technology (“Georgia Tech”) have discovered a new class of potential attacks affecting Android devices. The exploit, called Cloak and Dagger, affects all versions of Android systems, including the latest 7.1.2.

The way Cloak and Dagger works is pretty straightforward: a malicious app gets downloaded and installed to the Android device, with the necessary permissions being granted without requiring the user’s input.

The exploit takes advantage of two Android permissions – SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE (“a11y”). The first permission allows apps to overlap on a device’s screen, and the second lets disabled users enter inputs via voice commands.&l

We have already written about biometric security systems, commonly implemented, as an additional security measure in debit or credit cards. Similar biometrics-based authentication systems can be found in modern smartphones.
 
One of the most popular models – Samsung Galaxy S8 smartphone – was equipped not with one but three biometric security systems, including face recognition, a fingerprint scanner, and – advertised as “one of the safest ways to keep your phone locked” – an iris scanner. Unfortunately, this claim is now longer true.
 
German hackers from the Chaos Computer Club (CCC) have proven that Samsung’s iris scanner can be fooled by showing it a picture of the owner’s eye. 
However, i

It's a possibility because the “world's first operational Robocop” has already reported for duty in Dubai.

The robot, a customized REEM model was designed by the Spanish company PAL Robotics. Here you can see the robot in action. It is less than 170 cm tall, and its armor is made of high-strength plastic.

The main advantage of the robot is its ability to communicate in several languages, which is a big plus for providing information to foreign visitors. The machine is equipped with a touch screen that can be used to pay fines for traffic violations, or to report offenses and crimes directly to the local police station. It is also fitte

Do not be fooled by the tempting messages send via WhatsApp, offering one year of free membership access to Netflix.

WhatsApp users have been receiving scam messages from friendly sources, linking to a Netflix-like page. The person who clicks on the link will be redirected to the page that promises free access to Netflix on one condition – sending the link to 10 more people using the WhatsApp messenger.

If the condition is met, the victim is redirected to an external domain, unrelated to Netflix, that uses a trusted certificate to feign legitimacy. This page has the ability to automatically detect a device’s language and display its contents accordingly. It also allows the cybercriminals to mine the mobile devices for data, send SMS messag

The security experts from Google Project Zero have revealed a vulnerability associated with Wi-fi chipsets developed by Broadcom, currently being used in the Android, iPhone, Samsung, Acer, Motorola, LG, Sony Ericson and Asus devices.

The flaw can be exploited by hackers to gain control over the device. In order to do so the attackers need to be within the Wi-fi range of the affected device to silently take it over. The vulnerability allows to send Wi-fi frames, crafted with abnormal values, to the Wi-Fi controller in order to overflow the firmware’s stack.

High-skilled hackers can also deploy malicious code to take full control over the victim's device and install malicious apps, like banking Trojans and ransomware, without the victim's kno

Cybercriminals have attacked PKO BP bank clients. Fraudsters have been sending false e-mail messages entitled "Payment confirmation".

The messages do not contain any text, but only attached PDF file named "pko-trans-details-170507-121204.pdf".

As reported by the Niebezpiecznik portal, when the file is being opened, it tries to establish a connection with the cybercriminals' server. If a user opens a file using Adobe Acrobat Reader in Windows, the connection to the server is blocked.

However, should the user open the file with another program, he or she may download the malicious file which will infect the computer.

PKO BP bank assures that they analyze every signal and information recei

Once again Android OS uses were attacked by the unknown group of cybercriminals. The hackers have created a new banking malware, masquerading as a Flashlight LET Widget app. Dissimilar to other banking trojans with a static arrangement of targeted banking apps, this malware can progressively change its functionality.

The malicious app, detected by the security experts from ESET company, was defined as Trojan.Android/Charger.B.

Once the app is installed and launched, it requests device administrator rights. With the rights and permissions granted, the app hides and is available only as a Widget.

The malware registers the infected device to the hackers’ server. Based on commands from the server, the trojan can steal victims�