A cryptocurrency mining virus that hijacks computers and smartphones after they visit websites has surged in the last three months, thanks to risky smartphone apps and infected webpages.
Ticketmaster was warned in April that it had been the victim of a hack attack, digital bank Monzo has claimed. Ticketmaster had previously said it did not know about the breach until June and had then acted quickly to inform “all relevant authorities”.
The personal details and payment card data of guests from hundreds of hotels, if not more, have been stolen this month by an unknown attacker, Bleeping Computer has learned. The data was taken from FastBooking, a Paris-based company that sells hotel booking software to more than 4,000 hotels in 100 countries —as it claims on its website. In emails the company sent out to affected hotels today, FastBooking revealed the breach took place on June 14, when an attacker used a vulnerability in an application hosted on its server to install a malicious tool (malware). This tool allowed the intruder remote access to the server, which he used to exfiltrate data. The incident came to light when FastBooking employees discovered this malicious tool on its server.
A security researcher took to his Twitter account on Friday to reveal a bug on iOS devices that can allow passcodes to be bypassed through a brute force attack. The video demonstration caused Apple to push back calling the finding an “error.” Co-founder of cybersecurity firm Hacker House Matthew Hickey posted a video where he exhibited a method that allowed him to enter an unlimited number of passcodes even on the latest version of iOS 11.3.
A group of researchers has demonstrated that smartphone batteries can offer a side-channel attack vector by revealing what users do with their devices through analysis of power consumption. Both snitching and exfiltration were described in this paper (PDF), accepted for July’s Privacy Enhancing Technologies Symposium.