Dan Goodin
Dan Goodin
CRITIC
img-contested
N/A
0 reviews
PUBLIC
img-contested
N/A
2 reviews

RECENT ARTICLES

Sort by:
No Rating
Google Play caught hosting an app that steals users’ cryptocurrency

Google Play caught hosting an app that steals users’ cryptocurrency

Google Play has been caught hosting yet another malicious app, this time one that was designed to steal cryptocurrency from unwitting end users, researchers said Friday.The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers, a researcher with Eset said in a . As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers.So-called clipper malware has targeted...

arstechnica.com
Dan Goodin
February 11, 2019
Worthy
Share
Save
Give Tip
Review
No Rating
“Catastrophic” hack on email provider destroys almost two decades of data

“Catastrophic” hack on email provider destroys almost two decades of data

Email provider VFEmail said it has suffered a catastrophic destruction of all of its servers by an unknown assailant who wiped out almost two decades' worth of data and backups in a matter of hours.“Yes, @VFEmail is effectively gone,” VFEmail founder Rick Romero Tuesday morning after watching someone methodically reformat hard drives of the service he started in 2001. “It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.”Yes, is effectively gone. It will likely not return.I never thought anyone...

arstechnica.com
Dan Goodin
February 13, 2019
Worthy
Share
Save
Give Tip
Review
No Rating
Microsoft patches zero-day vulnerabilities in IE and Exchange

Microsoft patches zero-day vulnerabilities in IE and Exchange

Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code.The IE vulnerability, , allows attackers to test whether one or more files are stored on disks of vulnerable PCs. Attackers first must lure targets to a malicious site. Microsoft, without elaborating, said it has detected active exploits against the vulnerability, which is indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of...

arstechnica.com
Dan Goodin
February 13, 2019
Worthy
Share
Save
Give Tip
Review
No Rating
Windows trust in abandoned code lets ransomware burrow deep into targeted machines

Windows trust in abandoned code lets ransomware burrow deep into targeted machines

Attackers behind one of the world’s more destructive pieces of ransomware have found a new way to defeat defenses that might otherwise prevent the attack from encrypting data: installing a buggy driver first and then hacking it to burrow deeper into the targeted computer.The ransomware in this case is RobbinHood, known for  and systems in . When networks aren’t protected by robust end-point defenses, RobbinHood can easily encrypt sensitive files once a vulnerability has allowed the malware to gain a toehold. For networks that are better fortified, the ransomware has a harder time.Now,...

arstechnica.com
Dan Goodin
February 11, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
One of the most destructive botnets can now spread to nearby Wi-Fi networks

One of the most destructive botnets can now spread to nearby Wi-Fi networks

Over the past half decade, the Emotet malware has emerged as a that pillages people’s bank accounts and installs other types of malware. The sophistication of its code base and its regularly evolving methods for tricking targets into clicking on malicious links—in September, for instance, it began a spam run that —has allowed it to spread widely. Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks.Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all...

arstechnica.com
Dan Goodin
February 11, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
Nasty Android malware reinfects its targets, and no one knows how

Nasty Android malware reinfects its targets, and no one knows how

A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off.xHelper came to light last May when a researcher from security firm Malwarebytes published . Three months later, Malwarebytes after the company’s Android antivirus app detected xHelper on 33,000 devices mostly located in the US, making the malware one of the top Android threats. The encryption and heavy obfuscation made analysis hard, but Malwarebytes researchers ultimately concluded that...

arstechnica.com
Dan Goodin
February 13, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
US government goes all in to expose new malware used by North Korean hackers

US government goes all in to expose new malware used by North Korean hackers

The US Pentagon, the FBI, and the Department of Homeland Security on Friday exposed a North Korean hacking operation and provided technical details for seven pieces of malware used in the campaign.The US Cyber National Mission Force, an arm of the Pentagon’s US Cyber Command, that the malware is “currently used for phishing & remote access by [North Korean government] cyber actors to conduct illegal activity, steal funds & evade sanctions.” The tweet linked to a , the Alphabet-owned malware repository, that provided cryptographic hashes, file names, and other technical details that can help...

arstechnica.com
Dan Goodin
February 14, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
500 Chrome extensions secretly uploaded private data from millions of users

500 Chrome extensions secretly uploaded private data from millions of users

More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome Web Store extensions that had more than 1.7 million installations. After the researchers privately reported their findings to Google, the company identified more than 430...

arstechnica.com
Dan Goodin
February 14, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
Over 500 Chrome Extensions Secretly Uploaded Private Data

Over 500 Chrome Extensions Secretly Uploaded Private Data

More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday.ARS TECHNICAThis story originally appeared on , a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.The extensions were part of a long-running malvertising and ad-fraud scheme that was discovered by independent researcher Jamila Kaya. She and researchers from Cisco-owned Duo Security eventually identified 71 Chrome...

wired.com
Dan Goodin
February 17, 2020
Worthy
Share
Save
Give Tip
Review
No Rating
Apple pushes fix for “FacePalm,” possibly its creepiest vulnerability ever

Apple pushes fix for “FacePalm,” possibly its creepiest vulnerability ever

Apple has patched one of its creepiest vulnerabilities ever—a flaw in its FaceTime messenger app that made it possible for people to .The bug in Group FaceTime, a feature that allows conference-call-style chats, made it trivial for someone to eavesdrop on someone else simply by initiating a FaceTime call, swiping up and choosing “add person,” and entering their own number to add themselves as a participant in a Group FaceTime call. While people on the receiving end would see a call was coming through, they would have no idea that the person trying to connect could already hear nearby audio...

arstechnica.com
Dan Goodin
February 8, 2019
Worthy
Share
Save
Give Tip
Review
OUTLETS
wired.com

wired.com

CRITIC
img-trusted
91%
PUBLIC
img-trusted
80%
arstechnica.com

arstechnica.com

CRITIC
img-trusted
82%
PUBLIC
img-trusted
85%