Business email compromise claims the Pomeroy Investment Corporation, which reported last month that a bogus email induced an employee to wire $495,000 to an offshore account. Investigation is in progress.
As Android becomes a harder target since withdrawing third-party-app access to getRunningTasks(), its accessibility services appear poised to become attackers’ preferred route. Exploitation would require user interaction, probably with adware-like attacks.
IBM warns that footprinting is back. Such pre-attack reconnaissance includes several techniques, including “network topology mapping, host discovery, account footprinting, TCP/UDP port scan and TCP/UDP service sweep.”
Recorded Future looks at proof-of-concept exploits and finds a surge in their production by black hats. They also note that Twitter seems to be replacing Pastebin as a favorite venue for sharing exploits.
FireEye and CyberArk both reported earnings late yesterday. FireEye posted a better than expected loss of $0.47 per share on $168.0 million in revenue. CyberArk reported $0.23 in earnings per share on $46.9 million in revenue. FireEye also saw an increase in security subscription services, which it sees as playing a greater role in its business. FireEye’s CEO DeWalt will fleet up to Executive Chairman, with Kevin Mandia moving in as the new CEO.
The Los Angeles Police Department succeeded in gaining access to a murder victim’s locked iPhone 5s, hitherto thought more resistant to cracking than the iPhone 5c used by the San Bernardino jihadist. Observers expect this to inform the crypto wars.
Craig Wright seems to have given up, albeit ambiguously, his claim to be Satoshi Nakamoto.