Two US senators have asked the Department of Homeland Security (DHS) to look into the possible dangers of US government workers using VPN apps that are owned by foreign companies and which redirect sensitive government-related traffic through servers located in other countries –namely China and Russia. Their request comes after heightened fears on Washington’s side that foreign governments are spying on US citizens and government workers using commercial products.
Google has open sourced ClusterFuzz, one of its automated bug-hunting tools that has helped it find around 16,000 bugs in Chrome. The so-called fuzzing tool, or rather infrastructure, is adept at finding memory-corruption bugs that often end up requiring a security patch. Until now, only Google engineers and select open-source projects have been able to use ClusterFuzz. But now any software developer can use the automated bug hunter, Google has announced.
The Swiss government has issued a 150,000 Swiss franc (US$149,790) challenge to online hackers; break into our new generation electronic voting system and we’ll reward you. The federal chancellery announced a dummy run election will be held from February 25 to March 24 and invited anyone who wants to display their online piracy talents to sign up at onlinevote-pit.ch. They can then “try to manipulate the vote count, to read the votes cast, to violate voting secrecy or to bypass security systems,” it said in a statement. The amount of the reward paid out will depend upon the level of intrusion achieved by each hacker.
Australia’s security agencies are urgently investigating an attempt to hack the federal parliament’s computer network, with the parliament unable to rule out a foreign government being behind the attack. In a joint statement, Scott Ryan and Tony Smith – parliament’s presiding officers – reported a “security incident on the parliamentary computing network” occurred overnight and into Friday morning. No data breach has been reported, and they said all passwords had been reset out of “an abundance of caution”.
A powerful form of Android malware with spy capabilities has re-emerged with new tactics — this time masquerading as a popular online privacy application to trick users into downloading it. First uncovered in August last year, Triout malware collects vast amounts of information about victims by recording phone calls, monitoring text communications, stealing photos, taking photos, and even collecting GPS information from the device, allowing the user’s location to be tracked. The campaign has been active since May last year, with users previously duped into downloading the malware with a fake version of an adult app — but now those behind Triout have altered their tactics, distributing the malware with a re-purposed version of a legitimate privacy tool that has been ripped from the Google Play store.