The MerchantStoreDirectoryAbout UsAdd-siteLink to Us

 

2,294 Internet Secuirty Issues Resources

Misc. - Numbers

0-days hitting Fedora and Ubuntu open desktops to a world of hurt
If your desktop runs a mainstream release of Linux, chances are you're vulnerable.
December 14, 2016
Read More


1 in 3 Americans report financial losses due to being defrauded
With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the Internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to the Digital Citizens Alliance.
August 09, 2016
Read More


1 in 3 content theft websites expose visitors to malware
A Digital Citizens investigation has found that malware operators and content theft website owners are teaming up to target consumers -- with an unexpected assist from U.S.-based tech firms. the research found that 1 in 3 content theft websites expose consumers to dangerous malware that can lead to serious issues such as ID theft, financial loss and ransomware.
July 21, 2016
Read More


1 in 3 organizations have experienced an insider attack in the last year
A new Bitglass report on insider threats in the enterprise found that, in a third of organizations surveyed, careless or malicious user behavior resulted in data leakage, up slightly from a year ago. 56 percent of respondents believe insider leaks have become more frequent in the last year.
September 30, 2016
Read More


1 in 5 executives take risks with sensitive data to meet regulatory demands
The Anti-Money Laundering Directive (AML), the EU-US Privacy Shield and the Market Abuse Directive (MAD) and Regulation (MAR) are the three biggest regulatory pressures across EMEA, according to a survey conducted by Vanson Bourne.
October 14, 2016
Read More


1Password Travel Mode protects passwords from border agents
1Password has created Travel Mode, a new feature that will allow users to protect their 1Password data from unwarranted searches when they travel.
May 24, 2017
Read More


2 handy yet hidden Chromebook security features
Chromebook security gets simpler with these ultra-useful but off-the-beaten-path options.
June 19, 2017
Read More


3 encryption tools for Linux that will keep your data safe
Encryption isn't just for geeks or the paranoid. Everyone can benefit from keeping private data safe from prying eyes.
November 14, 2016
Read More


3 in 5 companies expect to be breached in 2017
New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.
May 18, 2017
Read More


3 sour notes interrupting security
Great musicians and instruments alone do not make beautiful music. It is the conductor who leads the orchestra and turns the collection of sounds into perfectly executed harmony. Likewise, security operations teams need more than just experienced professionals and best-of-breed tools -- they need orchestration.
March 23, 2017
Read More


3 ways to secure your hybrid datacenter
To unleash the power of the hybrid cloud, enterprises need to create increasingly complex environments using a growing number of resources on top of Infrastructure-as-a-service platforms (IaaS). However, creating robust network topologies on top of IaaS is challenging and complicated.
August 15, 2016
Read More


4 charged, including Russian gov't agents, for massive Yahoo hack
Hackers targeted Yahoo accounts of officials for intelligence and financial gain, U.S. government says
March 15, 2017
Read More


4 vectors transforming the security software market
The security software market is undergoing a transformation due to four key developments, according to Gartner. The use of advanced analytics, expanded ecosystems, adoption of SaaS and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments.
May 31, 2017
Read More


5 incident response practices that keep enterprises from adapting to new threats
Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators -- hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them.
May 30, 2017
Read More


8 RCE, DoS holes in Microsoft Malware Protection Engine plugged
After the discovery and the fixing of a "crazy bad' remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote code execution or to denial of service.
May 30, 2017
Read More


8 tech dangers every novice can avoid with these tips
Read this to be smarter about buying and using tech devices.
January 11, 2017
Read More


9 data security tips for cloud migration
For organizations considering cloud migration, here are nine proactive steps that companies can take to ensure a smooth transition and get tighter cloud security.
August 23, 2016
Read More


10 predictions on IT changes over the next 36 months
Today's IT organizations are divided into two camps: those that thrive by effectively leveraging digital technologies, new business models, and entrepreneurial cultures; and those that are saddled by technical debt, plodding business processes, and lack of a digitally-fueled vision for the future.
November 7, 2016
Read More


12 tips for implementing secure business practices
Optiv Security shared a list of a dozen tips for implementing secure business practices during the 2016 holiday season. Security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year.
December 12, 2016
Read More


13 countries join global ransomware fight
Just three months after the successful launch of the No More Ransom project, law enforcement agencies from a further 13 countries have signed up to fight ransomware together with the private sector.
October 17, 2016
Read More


14 arrested for laundering millions stolen with malware
The UK National Crime Agency (NCA) has arrested fourteen individuals suspected of laundering more than £11 million stolen through the use of malware.
November 7, 2016
Read More


15 new ransomware decryption tools added to No More Ransom
Nine months after the launch of the No More Ransom (NMR) project, an ever-growing number of law enforcement and private partners have joined the initiative, allowing more victims of ransomware to get their files back without paying the criminals.
April 5, 2017
Read More


21% of websites still use insecure SHA-1 certificates
New research from Venafi Labs shows that 21 percent of the world's websites are still using certificates signed with the vulnerable Secure Hash Algorithm, SHA-1.
March 8, 2017
Read More


23 Lawmakers Want to Know what DOJ Would Do with Expanded Hacking Authority
The U.S. Congress has a month to decide on what it should do about a pending rule change that would arguably grant federal law enforcement agencies more authority to remotely hack into computers. Congress can let this amended rule go into effect by doing nothing, so before they let their idleness get the better of them, a group of nearly two-dozen members of the House and Senate are now pushing the Justice Department for more details.
October 27, 2016
Read More


23% of security pros are blind to encrypted traffic threats
According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected.
April 6, 2017
Read More


25% of healthcare organizations using public cloud do not encrypt data
A HyTrust survey of 51 healthcare and biotech organizations found that 25 percent of those organizations using the public cloud do not encrypt their data.
February 20, 2017
Read More


35% of websites still using insecure SHA-1 certificates
35 percent of the world's websites are still using insecure SHA-1 certificates, according to Venafi. this is despite the fact that leading browser providers, such as Microsoft, Mozilla and Google, have publicly stated they will no longer trust sites that use SHA-1 from early 2017. by February 2017, Chrome, Firefox and Edge, will mark websites that still rely on certificates that use SHA-1 algorithms as insecure.
November 21, 2016
Read More


38% of consumers affected by ransomware pay up
Consumers are increasingly being targeted with ransomware, and many of them are paying up, according to Trustlook.
April 18, 2017
Read More


40 Asus RT routers open to attack through web interface vulnerabilities
If you own an Asus RT wireless router, and you haven't updated its firmware for a while, now is the time to do it.
May 11, 2017
Read More


45% of large British businesses sustained a successful ransomware attack
Over a third of British businesses (36 percent) are not very confident that efforts to completely eradicate a recent ransomware attack from work systems have been successful.
April 5, 2017
Read More


50+ vulnerabilities found in popular home gateway modems/routers
Researcher Gergely Eberhardt with Hungarian security testing outfit SEARCH Laboratory has unearthed over fifty vulnerabilities in five home gateway modems/routers used by Hungarian Cable TV operator UPC Magyarorsz६ but also by many ISPs around the world.
July 26, 2016
Read More


52% of enterprises choose cloud as the platform of choice
Adoption reality finally measures up to hype for cloud computing. There are game-changing consequences for IT departments as DevOps' influence extends across the enterprise, according to ServiceNow.
October 30, 2016
Read More


53% of DDoS attacks result in additional compromise
DDoS attack volume has remained consistently high and these attacks cause real damage to organizations, according to Neustar. the global response also affirms the prevalent use of DDoS attacks to distract as "smokescreens" in concert with other malicious activities that result in additional compromise, such as viruses and ransomware.
October 5, 2016
Read More


54% of organizations have not advanced their GDPR compliance readiness
More than half of organizations have failed to begin any work on meeting minimum General Data Protection Regulation (GDPR) compliance, according to a study conducted by Vanson Bourne.
January 1, 2017
Read More


55% of apps are already in the cloud, security a priority
Executives are increasingly adopting a digital business model, with the cloud as the key enabler. However, security concerns and tepid execution complicate the ability of the executives' organizations to deliver on that commitment.
August 30, 2016
Read More


58% of orgs have no controls in place to prevent insider threats
More than half of organizations (58 percent) still lack the appropriate controls to prevent insider attacks, with just under half (44 percent) unaware if their organization has experienced an insider attack at all, according to a new survey of more than 500 cybersecurity professionals.
August 05, 2016
Read More


60+ million Dropbox login credentials have been stolen
A breach disclosed by Dropbox in 2012 has resulted in the theft of usernames and hashed and salted passwords of over 60 million users.
August 31, 2016
Read More


61 percent of Americans fear having their cars or home security cameras hacked
As more and more devices get connected to the Internet of Things, so their susceptibility to hacking increases too.
July 28, 2016
Read More


61% of employers have no BYOD policy
Trustlook has shared findings on the latest BYOD trends and best practices from a survey of 320 Android users.
October 26, 2016
Read More


65% of social engineering attacks compromised employee credentials
Social engineering is having a notable impact on organizations across a range of industrial sectors in the US.
December 2, 2016
Read More


66% of US law firms reported a breach in 2016
The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments.
July 6, 2017
Read More


68% of organizations don't have an IoT test strategy
Capgemini and HPE examined the state of application quality and testing practices across multiple industries and 32 countries. they discovered that, despite 85% claiming that IoT products are a part of their business operations, 68% of organisations in which IoT plays a role, do not currently have a test strategy for this specific aspect of IT.
September 15, 2016
Read More


65% of Windows devices still running Windows 7, released in 2009
To analyze the current state of device security, Duo Security analyzed more than two million devices, 63 percent of which were running Microsoft operating systems.
November 2, 2016
Read More


75% of the top 20 US banks are infected with malware
SecurityScorecard released its 2016 Financial Cybersecurity Report, a comprehensive analysis that exposes cybersecurity vulnerabilities across 7,111 global financial institutions including investment banks, asset management firms, and major commercial banks.
August 05, 2016
Read More


80 Sony IP camera models come with backdoors
80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more.
December 6, 2016
Read More


88% of all ransomware is detected in the healthcare industry
Solutionary found that companies in the healthcare industry had the most ransomware present, accounting for 88 percent of all ransomware detections in Q2. In addition, Cryptowall was the top ransomware variant detected during the quarter, accounting for nearly 94 percent of detections.
July 27, 2016
Read More


80% of digital publishers don't know how their web traffic is audited
The burden of proof is on publishers to defend their web traffic, yet 80 percent admit they don't have insight into how their traffic is audited, raising questions about which traffic is non-human traffic (NHT).
December 9, 2016
Read More


88% of employees lack awareness to stop privacy or security incidents
The results of a new survey testing employee data privacy and cybersecurity knowledge reveal that 88 percent lack the awareness to stop preventable cyber incidents.
October 27, 2016
Read More


91% of phishing attacks are display name spoofs
GreatHorn analyzed more than 56 million emails from 91,500 corporate mailboxes from March to November 2016. the data found that display name spoofs are the clear phishing weapon of choice for cybercriminals.
February 1, 2017
Read More


93% of SOC managers unable to triage all potential threats
In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future.
December 13, 2016
Read More


97 percent of companies don't have a GDPR plan
Organizations - both SMBs and large enterprises - lack general awareness of the requirements of the new regulation, how to prepare for it, and the impact of non-compliance on data security and business outcomes, according to Dell.
October 12, 2016
Read More


100 best practices in Big Data security
The Cloud Security Alliance (CSA) released the new handbook from the CSA Big Data Working Group, outlining the 100 best practices in Big Data security.
August 29, 2016
Read More


100+ online shops compromised with payment data-stealing code
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping.
October 7, 2016
Read More


132 compromised apps removed from Google Play
Google has recently removed 132 Android apps from Google play due to them containing hidden iFrames linking to malicious domains in their local HTML pages.
March 2, 2017
Read More


132 Google play apps tried to infect Android users with... Windows malware
Researchers suspect developers didn't intentionally spawn the malicious apps.
March 1, 2017
Read More


300+ Cisco switches affected by critical bug found in Vault 7 data dump
While combing through WikiLeaks' Vault 7 data dump, Cisco has unearthed a critical vulnerability affecting 300+ of its switches and one gateway that could be exploited to take over the devices.
March 19, 2017
Read More


2017: a year to make security updates a priority
On a recent webinar, looking at the trends in the vulnerability landscape throughout 2016, Kasper Lindgaard, Director of Secunia Research @Flexera Software pointed to some of the trends which hadn't changed and that we do not expect to change as we enter 2017: the number of vulnerabilities continue to rise every year.
December 27, 2016
Read More


20,000 affected by Tesco Bank security breach
It's been a rough weekend for 20,000 customers of British retail Tesco Bank: they've witnessed their bank accounts being plundered and have been phoning the bank to report the theft, but most of them couldn't get through.
November 7, 2016
Read More


20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.
April 7, 2017
Read More


6,000+ compromised online shops -- and counting
A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates payment card information users enter to pay for their shopping. But, as it turns out, that was just the tip of the iceberg.
October 13, 2016
Read More


36,000 SAP systems exposed online, most open to attacks
ERPScan released the first comprehensive SAP Cybersecurity Threat Report, which covers three main angles: Product Security, Implementation Security, and Security Awareness.
August 02, 2016
Read More


130,000 Avtech IP cameras, DVRs can be easily roped into IoT botnets
Security researcher Gergely Eberhardt has unearthed over dozen of vulnerabilities in most IP cameras, NVRs and DVRs by Taiwanese manufacturer Avtech, including things like plaintext storage of administrative password and authentication bypass flaws.
October 12, 2016
Read More


185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet.
March 9, 2017
Read More


270,000 customers affected in UK loan firm Wonga data breach
Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered in a data breach.
April 10, 2017
Read More


350,000 Twitter bot sleeper cell betrayed by love of Star Wars and Windows Phone
Computer researchers uncover yuuuge dormant army
January 20, 2017
Read More


500,000+ devices have dangerous apps installed
At Mobile World Congress 2017, connected cars, the future of smart homes and, of course, the newest handsets are top of the agenda. Intel Security's latest findings show consumers are being tempted by the efficiency and entertainment of such connected devices, revealing the average British person now spends 35% of their time at home online.
February 28, 2017
Read More


880,000 users exposed in MoDaCo data breach
Subscribers of UK-based MoDaCo, a forum specialising in smartphone news and reviews, have been unpleasantly surprised by notifications that the site and their account have been compromised.
September 20, 2016
Read More


1 million Google accounts compromised by Android malware called Gooligan
86 apps available in third-party marketplaces can root 74 percent of Android phones.
November 30, 2016
Read More


1.9 million Bell Canada customer account details stolen, leaked
Anonymous hackers have stolen and leaked 1.9 million email addresses and some 1,700 names and active phone numbers of Bell Canada customers.
May 17, 2017
Read More


6.6 million ClixSense users exposed in wake of site, company hack
If you've ever registered with ClixSense -- and millions have -- you can consider all your personal information shared with the service compromised.
September 14, 2016
Read More


8 million GitHub profiles scraped, data found leaking online
Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. the backup of the database was downloaded by at least one third party, and it's likely being traded online.
November 18, 2016
Read More


17 million Zomato accounts for sale following breach
Popular restaurant search and discovery service Zomato has suffered a breach, and the attackers made off with 17 million user records.
May 18, 2017
Read More


$77 million in Bitcoin stolen from Bitfinex exchange
Popular Hong Kong-based cryptocurrency exchange Bitfinex has suffered a security breach that resulted in the theft of millions' worth of Bitcoin.
August 03, 2016
Read More


200 million financial services records breached in 2016, 900% increase from 2015
The financial services industry was attacked more than any other industry in 2016 -- 65 percent more than the average organization across all industries, according to the IBM X-Force Research team.
May 2, 2017
Read More


1.37 billion data records compromised globally in 2016
Gemalto's Breach Level Index revealed that 1,792 data breaches led to 1.37 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.
March 28, 2017
Read More


1.4 billion Android devices vulnerable to hijacking thanks to Linux TCP bug
8 out of 10 Android devices vulnerable to spying since they are vulnerable to the Linux TCP bug.
August 17, 2016
Read More


8.4 billion connected things will be in use worldwide in 2017
Gartner forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. Total spending on endpoints and services will reach almost $2 trillion in 2017.
February 7, 2017
Read More


(IN)SECURE Magazine issue 54 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 54 has been released today.
June 27, 2017
Read More


(IN)SECURE Magazine issue 53 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 53 has been released today.
March 30, 2017
Read More


(IN)SECURE Magazine issue 51 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 51 has been released today.
September 22, 2016
Read More


Misc. - A

A checklist for people who understand cyber security
By now, it's pretty much an accepted reality that it's only a matter of time until an organization -- any organization -- gets breached by cyber attackers.
November 10, 2016
Read More


A closer look at IT risk management and measurement
In this podcast recorded at Black Hat USA 2016, Casey Corcoran, Partner, FourV Systems, talks about the most significant trends cyber security and risk management.
August 22, 2016
Read More


A guide on how to prevent ransomware
Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable.
May 15, 2017
Read More


A hidden account in Dell's security software could allow an attacker to gain 'full control'
Dell has issued a number of important patches today, as security researcher have reportedly uncovered a number of critical software flaws in some of the company's software destined for enterprise users.
July 21, 2016
Read More


A Monster Solar Storm Could Cost the US $40 Billion Daily
Our planet is due to be hit with a powerful solar storm, an event that happens about once every hundred years. new research shows that losses from the ensuing blackouts could total $41.5 billion per day in the US alone, including nearly $7 billion lost in trade.
January 19, 2017
Read More


A new $500,000 iOS bug bounty beats Apple's offer
Security firm Exodus Intelligence will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS.
August 10, 2016
Read More


A new age of digital signatures is upon us
The increased adoption of digital signatures should not come as a surprise: many businesses are trying to digitalise their everyday processes, and digital signatures are both reliable and secure due to several features, and are increasingly easy to use.
March 14, 2017
Read More


A new approach is needed in the battle against cyber attacks
How do you search for something that's invisible? An increase in the sophistication of cyber attacks means that it takes an average of 146 days before a corporate hack is discovered. Modern breaches are a mix of chameleonic deception and clever automation, enabling malicious code to be concealed deep inside the corporate network. In the battle to fight cybercrime, discovering the undetectable is a challenge CISOs face every day. with this in mind, organisations must turn to new and innovative methods of discovery such as threat hunting, the process of proactively searching networks to detect and isolate sophisticated threats.
March 27, 2017
Read More


A new bug allows any website to crash a Windows Vista, 7, or 8 PC
A recently discovered bug could allow any website to crash your Windows Vista, 7, or 8 PC with a simple edit to image names, reminiscent of the similar 'c: concon' bug on Windows 95 and 98.
May 26, 2017
Read More


A new ransomware outbreak similar to WCry is shutting down computers worldwide
Like earlier ransomware worm, new attacks use potent exploit stolen from the NSA.
June 27, 2017
Read More


A quarter of banks' data breaches are down to lost phones and laptops
Just 20 per cent were the result of hacking
August 25, 2016
Read More


A third of employees say it's common to take corporate data with them when leaving a company
Today's workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data.
April 21, 2017
Read More


A USB dongle can hijack all your Web accounts and router in 30 seconds, even if your computer is locked
A security researcher finds a gaping hole in automatic network connections made by plugging in a dongle.
November 21, 2016
Read More


A vigilante hacker may have built a computer worm to protect smart devices
Symantec has noticed the Hajime IoT malware leaving a message on the devices it infects
April 19, 2017
Read More


A WannaCry flaw could help some victims get files back
Since the WannaCry ransomware ripped through the internet late last week, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Finding a flaw in WannaCry's encryption scheme, after all, could decrypt all those systems without any ransom.
May 18, 2017
Read More


A Windows XP bug makes it possible to recover files encrypted by WannaCry
In an unusual turn of events, a Windows bug has been found to work in favor of victims instead of attackers, allowing WannaCry victims that run Windows XP to decrypt the files encrypted by the ransomware.
May 19, 2017
Read More


Access governance holds the security line
We must continue to hold the line, and we are, in this war on information security. we must continue to find our stride and take steps forward in regard to technology advancement especially as related to identity and access governance solutions.
August 19, 2016
Read More


Accurate cross-browser fingerprinting is possible, researchers show
A group of researchers have come up with a browser fingerprinting technique that can allow interested parties to "identify" users across different browsers (on the same machine).
January 17, 2017
Read More


Acronis True Image Next Generation brings anti-ransomware, blockchain-based features
Acronis has unveiled Acronis True Image Next Generation, a new premium subscription option for Acronis True Image 2017.
January 19, 2017
Read More


Actively exploited Firefox, Tor Browser 0-day patched, update now!
Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users.
December 1, 2016
Read More


Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited by threat actors at this very moment.
March 30, 2017
Read More


Adaptive Research & Design Co.
data recovery from crashes, viruses, electrical surges, and sabotage, on hard and floppy drives under any operating system.
Provides a Service
Read More


Adobe emits emergency patch for Flash hole malware is exploiting right this minute
Windows folks -- how can we say this? UPDATE ASAP
October 26, 2016
Read More


Adobe Reader, Edge, Safari and Ubuntu fall in first day at Pwn2Own
The annual hacking contest has a prize pool of $1 million
March 16, 2017
Read More


Adobe quietly bundles data-collecting Chrome extension with latest Reader update
Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension ("Adobe Acrobat") that can collect some of their operating environment data.
January 13, 2017
Read More


Adobe unveils cloud-based digital signature built on an open standard
With more than seven billion mobile devices in the world and cyber-threats at an all-time high, demand has surged for simple and secure ways to sign and manage documents on smartphones and tablets. at the same time, new electronic signature regulations, like eIDAS in the European Union, have paved the way for electronic signatures to be adopted globally.
February 22, 2017
Read More


Addressing pain points in governance, risk and compliance
In this day and age, it seems as though every business has some form of alphabet soup or acronym salad that shapes the decisions they make as it pertains to their information security programs. Between data privacy laws, regulations on the financial industry, calls for a healthcare focused cybersecurity framework, and regular updates to the PCI DSS, the ever-growing need for a well-established information security program is apparent.
February 27, 2017
Read More


Adoption of advanced technology continues quickly despite security gaps
93% will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year. 63% of those also believe their organisations are deploying these technologies ahead of having appropriate data security solutions in place, according to Thales.
March 16, 2017
Read More


Advanced Windows botnet spreads Mirai malware
Kaspersky Lab experts are analyzing the first Windows-based spreader for the Mirai malware as part of a concerted effort to close down Mirai botnets in the wild.
February 22, 2017
Read More


Advancing a standard format for vendors to disclose cybersecurity vulnerabilities
Technology providers and their customers are joining forces to advance a standard format for vendors to disclose cybersecurity vulnerabilities.
January 20, 2017
Read More


Advantages of quantum processing shown in head-to-head race
A prototype quantum processor repeatedly beat a traditional, classical processor in a race to solve a puzzle, figuring out a secret combination up to 100 times faster by using exotic physics to sort through data that was deliberately packed with errors.
May 12, 2017
Read More


AdWords malvertising targets macOS users
Researchers at threat prevention company Cylance have discovered a malvertising campaign on Google AdWords for the search term "Google Chrome", where unsuspecting macOS users were being tricked into downloading a malicious installer.
November 1, 2016
Read More


AES-256 keys sniffed in seconds using €200 of kit a few inches away
Van Eck phreaking getting surprisingly cheap
June 23, 2017
Read More


After a data breach is disclosed, stock prices fall an average of 5%
Data security breaches can negatively impact an entire organization -- including sales, marketing and IT -- and have a significant negative impact on company finances and shareholder value, according to a new Ponemon research study.
May 16, 2017
Read More


After DDOS attack, senator seeks industry-led security standards for IoT devices
Attack reveals a 'new level of vulnerability,' Sen. Mark Warner says
October 28, 2016
Read More


After getting pwned and owned, Microsoft vows to fix Edge security
Microsoft is working to reduce the attack surface and restrict unauthorized access of its Edge browser.
March 27, 2017
Read More


After Massive Phishing Attack, Google Improves Gmail Security
Google announced that it has added a suite of new security features to Gmail. These additions will make it easier for the company to detect phishing attempts, fight malware that spreads via attachments, let businesses make sure internal data stays within their control, and warn users when they're visiting a suspicious website. The additions still won't be enough to keep you totally safe, but you're definitely more secure than before.
May 31, 2017
Read More


After MongoDB attack, ransomware groups hit exposed Elasticsearch clusters
Over 600 Elasticsearch instances had their data wiped and replaced with a ransom message
January 13, 2017
Read More


After WannaCry chaos, ShadowBrokers threaten 'Data Dump of the Month' service, including Windows 10 exploits
News over the past week has been dominated by the fallout from the WannaCry ransomware. Now the hacking group that released the NSA's hacking tool kit into the wild has announced plans to start an exploit subscription service in June.
May 17, 2017
Read More


After WannaCry, ex-NSA director defends agencies holding exploits
There's not much more topical than cyber security right now. and who better to talk about it than former director of the NSA and ex-chief of the Central Security Service, general Keith Alexander?
May 16, 2017
Read More


After WannaCry, Microsoft amps up security updates
The tech giant releases several Windows XP patches to address vulnerabilities that are in heightened danger from cyberattacks by government organizations.
June 13, 2017
Read More


After WikiLeaks' CIA dump, China tells U.S. to stop spying
PRC Foreign Ministry denounces alleged hacking
March 9, 2017
Read More


After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
O2 confirms online thefts using stolen 2FA SMS codes
May 3, 2017
Read More


AI can increase corporate profitability by average of 38% by 2035
Businesses that successfully apply artificial intelligence (AI) could increase profitability by an average of 38 percent by 2035, according to Accenture. The introduction of AI could lead to an economic boost of US$14 trillion in additional gross value added (GVA) across 16 industries in 12 economies.
June 21, 2017
Read More


AI SaaS application for cyber attack detection
PatternEx announced the first Artificial Intelligence SaaS application for cyber attack detection at RSA Conference 2017. PatternEx's flagship product, the PatternEx Threat Prediction Platform, is available as a SaaS application with a free trial period to selected customers.
February 17, 2017
Read More


AIG now Sells Cybersecurity Insurance that Covers Online Bullying, Extortion
Most big companies have some sort of insurance to cover their butts in a world where data breaches are an everyday occurrence, but now AIG is joining the ranks of insurers offering (wealthy) consumers coverage as a buffer against the threat of the internet.
April 3, 2017
Read More


AirDroid app opens millions of Android users to device compromise
Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through malicious updates.
December 2, 2016
Read More


AKBuilder: a builder for exploit-laden Word documents
One doesn't have to be a great coder to become a successful cybercriminal, as underground markets are filled with offerings that automate one or another step of an attack chain.
February 8, 2017
Read More


Al-Jazeera reportedly hit by systematic hacking attempts
Al-Jazeera, the Doha-based broadcaster owned by the ruling family of Qatar, says the websites and digital platforms of Al Jazeera Media Network, its parent company, "are undergoing systematic and continual hacking attempts."
June 9, 2017
Read More


Alarming cloud encryption misconceptions revealed
Businesses have a high level of concern about the exposure of sensitive and regulated data in the cloud to security threats. Yet despite this, the majority of data owners outsource responsibility for data protection, even though they still bear full legal liability if there is a breach.
October 14, 2016
Read More


AlienVault USM Anywhere: Security in the cloud, for the cloud
In this podcast recorded at RSA Conference 2017, Denny LeCompte, SVP, Products at AlienVault, talks about AlienVault USM Anywhere, a SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your cloud, hybrid cloud, and on-premises environments.
February 23, 2017
Read More


Alleged Kelihos botmaster indicted
36-year-old Pyotr Levashov was charged on Friday in the US with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft.
April 24, 2017
Read More


Alleged Kickass Torrents owner arrested, site taken down
Artem Vaulin, a 30-year-old Ukrainian that is believed to be the creator and owner of Kickass Torrents, currently the most popular and most visited illegal file-sharing website, has been arrested in Poland on Wednesday.
July 21, 2016
Read More


Almost 2 million Android devices could be infected with FalseGuide botnet malware
While there has been some effort invested by Android smartphone manufacturers to deliver Google's monthly security updates to at least some of their devices, the situation is far from being completely rectified. with Google recently admitting that half of active Android devices had not received a security update in 2016, it paints a worrying picture, particularly after major security vulnerabilities such as Stagefright being discovered in the OS.
April 27, 2017
Read More


Already on probation, Symantec issues more illegit HTTPS certificates
At least 108 Symantec certificates threatened the integrity of the encrypted Web.
January 20, 2017
Read More


Amazon Chimes into video-conferencing: watch out Skype and Google
See this, Cisco?
February 14, 2017
Read More


Amazon launches DDoS protection service AWS Shield
Following the massive attack that took down the servers of the DNS service provider Dyn and a number of high profile websites including Netflix, Twitter, Spotify and Reddit last month, Amazon Web Services (AWS) has announced a new technology to protect sites against distributed denial of service (DDoS) attacks.
December 5, 2016
Read More


Amazon scammers hijack seller accounts, lure users with good deals
Amazon buyers are being targeted by clever scammers that either set up independent seller accounts or hijack those of already established, well-reputed sellers, then offer pricy items at unbeatable prices.
January 12, 2017
Read More


Amazon Silk browser removes Google's default encryption
Google's good intentions of keeping searches made via its search engine protected through default encryption have been stymied by Amazon.
July 26, 2016
Read More


American Spies now Have Their Very Own Smartphone App
CHRIS RASMUSSEN is an evangelist, and his message is crowdsourcing. as a career analyst inside the National Geospatial-Intelligence Agency, Rasmussen's sermons have been limited to a closed top-secret community. But this week, he's going public with his most radical idea to date, in the form of a smartphone app for senior US intelligence officers.
April 4, 2017
Read More


Americans increasingly worry about online privacy and security
Americans are increasingly concerned about their online privacy and security, and apprehensive about increased government surveillance in the new presidential administration, the results of a recent survey by AnchorFree have revealed.
February 16, 2017
Read More


Amex users hit with phishing email offering anti-phishing protection
American Express users are being actively targeted with phishing emails impersonating the company and advising users to create an "American Express Personal Safe Key" to improve the security of their accounts.
September 15, 2016
Read More


Ammyy Admin remote admin tool repeatedly bundled with Trojans
The website of the company that develops the popular remote administration software Ammyy Admin has been repeatedly compromised in the last year or so, and users who downloaded the tool were saddled with malware.
July 20, 2016
Read More


Amnesty International uncovers phishing campaign against human rights activists
Attacker targeted groups in Qatar, Nepal using extensive fake social media profile.
February 14, 2017
Read More


An untold cost of ransomware: It will change how you operate
Ransomware is unfortunately an IT reality. with the complexity and frequency of attacks, there is a good chance you or someone you know has been impacted. Many victims attacked are tempted to just pay the ransom and be done with it; a strategy that is more widely-used than you might think. Even the FBI has admitted that sometimes paying the ransom is the way to go.
April 21, 2017
Read More


Analysis of 500 million passwords shows what you should avoid
A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are paying for the privilege to test them out against many online services.
May 12, 2017
Read More


Analysis of new Shamoon infections
All of the initial analysis pointed to Shamoon emerging in the Middle East. this however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector.
January 26, 2017
Read More


Analyzing the latest wave of mega attacks
A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record-setting DDoS attacks caused by the Mirai botnet.
November 16, 2016
Read More


Analyzing phishing attacks against 500,000 mailboxes at 100 organizations
Phishing has evolved from a mere nuisance into a global epidemic in which organizations of all sizes and across all industries are being negatively impacted at high frequency.
May 31, 2017
Read More


Android 7.0 Nougat is out, with new security features
Google has released Android 7.0 Nougat, and the newest version of the popular mobile OS is already being rolled out to Google's existing Nexus devices.
August 23, 2016
Read More


Android adware infiltrates devices' firmware, Trend Micro apps
Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile devices.
March 18, 2016
Read More


Android apps based on Adobe AIR SDK send out unencrypted data
Developers using the Adobe AIR SDK should update to the latest version of the software development kit and rebuild the apps as soon as possible if they don't want their users' traffic being exposed to attackers.
September 15, 2016
Read More


Android backdoor found sending personal information from US users to China
Mobile security firm Kryptowire has discovered a backdoor in several Android smartphones sold in the US. the company says that the firmware collected personal data about users without consent, and sent this private information on to Chinese firm Shanghai Adups Technology Company.
November 15, 2016
Read More


Android Banking Malware Wants a Selfie Before It Cleans you Out
Smile and say cheese, hapless Android trojan victims. There's a new piece of malware out there that wants you to snap a selfie before it starts bleeding you dry.
October 17, 2016
Read More


Android banking Trojan asks victims to send selfies with ID cards
The Acecard Android Trojan is a threat that has been around for quite some time.
October 17, 2016
Read More


Android devices delivered to employees with pre-installed malware
A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees.
March 13, 2017
Read More


Android 'forensic' app pulled from Google Play after vulnerability report
Remote code execution threat via MITM attack, it is claimed
July 3, 2017
Read More


Android Forums resets passwords after hack
Only 2.5 per cent of userbase affected
March 23, 2017
Read More


Android malware attacks your router through your smartphone
A new strain of malware has been discovered, which was seen targeting Android devices in order to hack into routers to further spread malicious activity online.
January 4, 2017
Read More


Android malware HummingBad is back on Google Play
A common recommendation that Android users get for avoiding malware is to stick with Google play and not download any apps from other sources. Trouble is, as HummingBad proved early last year by penetrating the search giant's defenses, that advice is not exactly bullet-proof.
January 23, 2017
Read More


Android malware spreading through Google's AdSense network
A group of security researchers have recently discovered a new strain of malware targeting the Android operating system by Google, which also uses its advertising network AdSense to spread itself.
August 16, 2016
Read More


Android ransomware attacks have grown by 50% in just over a year
Ransomware targeting the Android operating system has grown by over 50% in just a year, as more consumers switch from their PCs to their smartphones, making the mobile OS ecosystem a more worthwhile target for cybercriminals.
February 22, 2017
Read More


Android spyware targets business executives
Overreliance on smartphones, both in out personal and professional lives, is a reality for many of us. These devices hold a lot of sensitive information -- information that could be worth a lot to some people, especially if you are a high-positioned executive in a thriving business.
November 3, 2016
Read More


Android Trojan SpyNote leaks on underground forums
Its free availability makes it likely that it will be used in attacks soon, researchers say
July 29, 2016
Read More


Android Trojan targets customers of 94 banks in US, Europe
If you've recently installed a Flash Player Android app and now almost every app you open asks you for your payment card details, you've been infected with a banking Trojan.
November 2, 2016
Read More


Android users to be warned of suspect Google account activity in real-time
Android users will soon enjoy an additional security layer that will allow them to quickly discover that their Google account might have been compromised.
August 02, 2016
Read More


Android-rooting Gooligan malware infects 1 million devices
At an estimated rate of 13,000 smartphones a day
November 30, 2016
Read More


Android's "Secure Enclave" / Private Content and Strong Encryption
Recent iterations of the Android OS have exposed more of the ARM Trusted Execution Environment or Secure Element, allowing you to use encryption that can be strongly tied to a piece of hardware. it's a subsystem where you can create strongly protected keys (symmetric and asymmetric), protected against extraction and rate limited (via user authentication) against brute force attacks, using them against streams of data to encrypt or decrypt securely.
December 23, 2016
Read More


Android, Debian & Ubuntu Top List of CVE Vulnerabilities In 2016
On a CVE basis for the number of distinct vulnerabilities, Android is ranked as having the most vulnerability of any piece of software for 2016 followed by Debian and Ubuntu Linux while coming in behind them is the Adobe Flash Player.
January 3, 2017
Read More


Anthem ready to pay $115 million to settle data breach lawsuit
US health insurer Anthem has agreed to pay $115 million to settle a class-action suit mounted in the wake of the massive data breach it suffered in late 2014/early 2015.
June 26, 2017
Read More


Anti-Phishing Working Group
Committed to wiping out Internet scams and fruad.
An Article
Read More


Anti-piracy tech firm Denuvo inadvertently leaks sensitive info
Denuvo Software Solutions has suffered an embarrassing and potentially damaging information leak.
February 6, 2017
Read More


Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday.
March 9, 2017
Read More


App developers aren't ready for iOS transport security requirements
Many iOS apps opt out of Apple's App Transport Security (ATS) feature or deliberately weaken it.
December 6, 2016
Read More


Apple deleted server supplier after finding infected firmware in servers
Report: Siri, internal development servers affected by fake firmware patch.
February 24, 2017
Read More


Apple finally announces bug bounty program
Apple is finally going to monetarily reward security researchers for spotting and responsibly disclosing bugs in the company's products.
August 05, 2016
Read More


Apple issues security updates for macOS, iDevices
It's time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari.
May 16, 2017
Read More


Apple patches drive-by Wi-Fi flaw with emergency iOS patch
Less than a week after Apple pushed out iOS 10.3 comes an iOS emergency patch that all iDevice owners should implement as soon a possible.
April 4, 2017
Read More


Apple patches iOS security flaws found in spyware targeting activist
An Israeli security firm allegedly targeted Ahmed Mansoor, an activist in the United Arab Emirates
August 25, 2016
Read More


Apple plugs three actively exploited iOS zero-days
Owners of Apple's mobile devices are advised to upgrade to iOS version 9.3.5 as soon as possible, as it fixes three zero-day vulnerabilities actively exploited in the wild.
August 26, 2016
Read More


Apple releases iOS 9.3.5 to fix 3 zero-day vulnerabilities
"Trident" vulnerabilities were used to target a human rights activist.
August 25, 2016
Read More


Apple releases security patches for everything, update today!
On Monday, Apple released its latest batch of security patches for macOS, Safari, iOS, watchOS, tvOS, iTunes and iCloud for Windows.
January 24, 2017
Read More


Apple says it's working to fix security holes revealed by the WikiLeaks release of CIA documents
The leaks detail 14 different iOS exploits that the CIA could use to compromise Apple devices.
March 8, 2017
Read More


Apple websites can leak Apple ID passwords
Consider this scenario: Someone logs on to amazon.com using password xyz123. Then, they logon to gmail, where their password is also xyz123. Then, they logon to Facebook, where, yet again, their password is xyz123.
September 14, 2016
Read More


Apple's iCloud saved deleted browser records, security company finds
Moscow-based Elcomsoft noticed the issue when trying to extract records from iCloud accounts
February 9, 2017
Read More


Apple's malware problem is accelerating
For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the perceived invulnerability of Macs to all manner of computer nasties may not have any grounding in reality -- or at least, not anymore.
January 19, 2017
Read More


Apple's new anti-tracking system will make Google and Facebook even more powerful
The brutal logic of online advertising
June 6, 2017
Read More


Apple, Windows tech support scams: US cracks down on fake security alerts
Don't call that toll-free number if you see what looks like a security alert in your browser.
May 15, 2017
Read More


Application security trends: What you need to know
Today at Infosecurity Europe 2017, High-Tech Bridge released a summary report on application security trends for Q1 -- Q2 2017.
June 6, 2017
Read More


Approaching security self-sufficiency
As part of my role as CSO, I'm extremely lucky to get to have conversations with CISOs, CTOs, and other technology leaders across industries. One of the things that has always struck me throughout my career is how, while there are certainly issues specific to each business, the vast majority of the challenges we face as defenders are the same.
December 14, 2016
Read More


AppSec teams facing resourcing issues that are making them vulnerable
A new Bugcrowd study of one hundred CISOs revealed that 94 percent are concerned about breaches in their publicly facing assets in the next 12 months, particularly within their applications.
February 2, 2017
Read More


Arduino's new open source kit makes creating IoT devices easy
The Arduino team is using Kickstarter to crowdfund their latest project: the ESLOV IoT Invention Kit.
September 30, 2016
Read More


Are businesses spending their money on the wrong IT security?
Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, issued in conjunction with analyst firm 451 Research.
January 27, 2017
Read More


Are enterprises ready for drones?
From package delivery to props in major sporting events, drones continue to play major roles in everyday life. But are enterprises prepared for the rise of the drones in their operations?
March 6, 2017
Read More


Are you ready for the EU GDPR?
Current application test data management practices are not adequate to meet the compliance requirements of the EU General Data Protection Regulation (GDPR), according to CA Technologies. In fact, only 31 percent of respondents believed that their organizations' current testing practices fully comply with the GDPR, which will affect any business that handles European personal data.
November 14, 2016
Read More


Are we drowning in a sea of negative security press?
It would seem from news accounts that the increase in the number of new vulnerabilities and security issues in devices, software and systems is escalating out of control. Consider the significant vulnerabilities and security issues reported in just the past two weeks:
November 4, 2016
Read More


Armor Anywhere: Managed security for any cloud
As growing businesses increasingly rely on public, private and hybrid cloud platforms in addition to internal infrastructures, at Armor is launching Armor Anywhere to keep sensitive data safe.
August 02, 2016
Read More


Armor helps streamline HITRUST certification
As the healthcare industry continues to be a major cybercrime target, compliance has gained even more significance. HITRUST certification has emerged as the benchmark for healthcare organizations to demonstrate sound security policies and a commitment to patient privacy.
August 26, 2016
Read More


Artificial intelligence in cybersecurity: Snake oil or salvation?
So what is machine learning? Machine learning in an integral part of the "umbrella term" artificial intelligence. Put simply, it is the science of enabling computers to learn and take action without being explicitly programmed. this is achieved through complex algorithmic models applied to data. from this are derived data-driven predictions or decisions.
September 13, 2016
Read More


As Deadline Begins to Pass, WannaCry Falls Short of Six Figures
One week ago a global cyberattack dubbed "unprecedented' by Europol began infecting an estimated 200,000 of the world's computers, starting a seven-day countdown to the destruction of data if victims didn't pay a ransom.
May 19, 2017
Read More


As GDPR deadline looms, time for compliance is running out
GDPR is a game-changing piece of data protection legislation that goes into effect on May 25, 2018.
May 26, 2017
Read More


As Microsoft touts Windows Insider for biz, let's take a look at W10's broken 2FA logins
For months now, the Windows 10 Anniversary Update has broken two-factor logins using certain smart cards — and Microsoft has refused to discuss it.
February 15, 2017
Read More


As UK govt calls for encryption backdoors, EU lawmakers propose a ban on them
As the UK gets hit by terror attacks one after the other, the government's cry for making sure terrorists and criminals can't find "safe spaces" online has become a constant.
June 19, 2017
Read More


As voice interaction increases, what will security look like in the next 5 years?
In Mary Meeker's recent annual report on the State of the Internet, she dedicated a chunk of it to the liftoff of the voice interface. the voice UI makes human interaction with computers possible through speech.
July 25, 2016
Read More


Ashley Madison users blackmailed again
Criminals are still trying to shake down users of the Ashley Madison dating/cheating online service.
April 25, 2017
Read More


ASLR-security-busting JavaScript hack demo'd by university boffins
Amster-damn, that's a hell of a vulnerability to make browser bug exploitation easier
February 14, 2017
Read More


Assess, report and remediate security-related configuration issues
Qualys announced Security Configuration Assessment (SCA), a new add-on for Vulnerability Management (VM) that provides customers cloud-based tools to automate configuration assessment of global IT assets using the latest out-of-the-box Center for Internet Security (CIS) benchmarks.
June 13, 2017
Read More


ATM Black Box attacks: 27 arrested all over Europe
The efforts of a number of EU Member States and Norway, supported by Europol's European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), culminated in the arrest of 27 individuals linked with so-called ATM Black Box attacks across Europe.
May 18, 2017
Read More


Attack rates are increasing across the board
Finance and technology are the sectors most resilient to cyber intrusions, new research from Vectra Networks has found.
June 8, 2017
Read More


Attack types companies expect to encounter in 2017
What are the key attack types expected to cause the biggest security problems in 2017 and how successful will businesses be at defending against them?
February 16, 2017
Read More


Attackers can hijack unencrypted web traffic of 80% of Android users
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM position also affects some 1.4 billion Android devices, Lookout researchers have warned.
August 16, 2016
Read More


Attackers can steal smartphone users' PINs by tapping into data collected by mobile sensors
Researchers have demonstrated that a malicious website or app could work out smartphone users' PINs or passwords based just on the data collected by various motion sensors on modern mobile devices.
April 12, 2017
Read More


Attackers could steal millions through online phone verification systems
Many systems can be tricked to call premium-rate numbers set up by attackers
July 18, 2016
Read More


Attackers exploited SS7 flaws to empty Germans' bank accounts
Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks' two-factor authentication and drain their customers' bank accounts.
May 4, 2017
Read More


Attackers shift away from file-based techniques
Cyber attack methods are becoming more sophisticated in order to bypass traditional file-scanning protection systems according to a new study.
April 27, 2017
Read More


Attackers thrive in a fluid market, while bureaucracy constrains defenders
A new global report from Intel Security and the Center for Strategic and International Studies (CSIS) reveals three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles.
March 2, 2017
Read More


Attackers will target U.S. power systems
A hack on the Ukrainian power grid in late 2015 "blacked out more than 225,000 people," according to Claims Journal, which described this type of attack as a "nightmare scenario for top U.S. officials." they also reported that "U.S. Cyber Command chief Adm. Michael Rogers has previously warned that it's not a matter of if, but when attackers will also target U.S. power systems."
March 8, 2016
Read More


Attacks exploiting software vulnerabilities are on the rise
Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver dangerous code without arousing user suspicion.
April 21, 2017
Read More


Attacks within the Dark Web
For six months, Trend Micro researchers operated a honeypot setup simulating several underground services on the Dark Web. The goal of their research was to see if those hidden services will be subjected to attacks.
May 31, 2017
Read More


Aukey Wireless Indoor Surveillance Camera review: Its performance doesn't measure up to the features
Aukey's first home security camera promises panoramic views and motion-triggered alerts, but suffers from hit-or-miss accuracy.
February 20, 2017
Read More


Australian blood donors' info found leaking from insecure server
Personal information of some 550,000 Australian blood donors has been sitting exposed on a web developer's server and has been downloaded by a person who effectively stumbled on it.
October 28, 2016
Read More


Australian police blame WannaCry for spoiling 8,000 traffic cam tickets
Australian police have had to suspend upward of 8,000 tickets for speeding and running red lights after learning the cameras that caught the acts had become infected with a virus. The Victoria, Australia police blamed the WannaCry virus, which spread through Windows computers last month, locking down systems and demanding a ransom be paid before they could be used again.
June 27, 2017
Read More


Autofill on Chrome and Safari can Give Hackers Access to your Credit Card Info
With a simple exploit, browsers like Chrome and Safari can be tricked into handing over your credit card information to hackers. and you wouldn't even realize it.
January 10, 2017
Read More


Automating PKI for the IoT platform
In this podcast recorded at RSA Conference 2017, Jeremy Rowley, Executive VP of Emerging Markets at DigiCert, talks about automating PKI for IoT platform and building scalable solutions for the IoT platform.
March 6, 2017
Read More


Avast finds over 5.3 million hackable smart devices in Spain
More than 150,000 of those vulnerable IoT devices were webcams, including 22,000 hackable baby monitors and webcams in Barcelona.
February 27, 2017
Read More


Average data breach cost declines 10% globally
The average cost of a data breach is $3.62 million globally, a 10 percent decline from 2016 results. This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study conducted by Ponemon Institute, these data breaches cost companies $141 per lost or stolen record on average.
June 21, 2017
Read More


Avoid adware with Unchecky
Unchecky is a free tool which monitors installations and automatically unchecks unrelated "offers", helping ensure you only install the software you expect.
August 29, 2016
Read More


Azure AD Connect vulnerability allows attackers to reset admin passwords
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft warned on Tuesday.
June 29, 2017
Read More


Misc. - B

'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception
Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed what they call a serious security flaw that makes it possible to read encrypted messages.
January 13, 2017
Read More


Backdoor uses TeamViewer to spy on victims
A backdoor Trojan with spying capabilities that has been previously directed against European and Russian users is now being lobbed at US users, Dr. Web researchers have warned.
August 23, 2016
Read More


Backdoored Firefox extension checks Instagram for C&C info
Turla, an APT cyberespionage group that has been targeting corporations, intelligence and other government agencies for years, is using a malicious Firefox extension to backdoor targets' systems.
June 7, 2017
Read More


Bad bots attack 96% of websites with login pages
Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.
March 17, 2017
Read More


Bad news, fandroids: Mobile banking malware now encrypts files
First Faketoken stole credentials, now it holds data to ransom
December 20, 2016
Read More


Bad security habits persist, despite rising awareness
While 82 percent of respondents believe the IT security industry is making progress against cyber attacks, those gains are undercut by egregious security practices in critical areas such as privileged account security, third-party vendor access and cloud, according to CyberArk.
September 23, 2016
Read More


BAE Systems sold cyber-surveillance tools to autocratic regimes
British multinational BAE Systems has sold sophisticated surveillance technology to many repressive governments in the Middle East and Africa, an investigation by BBC Arabic and Danish newspaper Dagbladet has revealed.
June 16, 2017
Read More


BankBot Trojan found lurking on Google Play
As predicted earlier this year, the leaking of the source code and instructions for creating a potent Android banking Trojan has resulted in a surge of malware based on it.
April 18, 2017
Read More


Banking customers hesitant to use mobile features due to security concerns
Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.
August 19, 2016
Read More


Banking trojan executes when targets hover over link in PowerPoint doc
Novel infection method doesn't require link to be clicked.
June 9, 2017
Read More


Banks are building a real-time global payment network using blockchain technology
Nine out of 10 banking professionals surveyed at large US, European and Canadian commercial banks said their company is currently exploring the use of blockchain technology for payments, according to a new report from Accenture. the initiatives are designed to reduce costs, speed payments, reduce errors and drive new revenues.
October 27, 2016
Read More


Banks around the world hit with fileless malware
Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world.
February 8, 2017
Read More


Banks around the world targeted in watering hole attacks
The January attacks against Polish financial institutions through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle, elements of which are slowly coming to light.
February 14, 2017
Read More


Bart ransomware victims get free decryptor
AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free).
July 21, 2016
Read More


Battling cyber security's human condition
There is no silver bullet when it comes to cyber security. Organizations with multi-million dollar IT budgets still make headlines for being successfully breached, and even government intelligence organizations can't keep their hacking tools secret despite having some of the strongest protections and strictest policies on the planet.
May 3, 2017
Read More


Basic file deletion increases exposure to security risks
The use of improper data removal methods and the poor enforcement of data retention policies have created the perfect storm for confidential, oftentimes sensitive data to be lost or stolen, according to Blancco Technology Group.
September 23, 2016
Read More


Be careful on Google Play
An often repeated piece of advice given to users of mobile devices says that they should stick to well-reputed, official app stores if they want to avoid malware.
April 21, 2017
Read More


Beeps, roots and leaves: Car-controlling Android apps create theft risk
Haven't named and shamed car-makers though
February 20, 2017
Read More


Behavioural profiling: Spotting the signs of cyber attacks and misuse
Behavioural profiling is increasingly recognised as a new level of protection against cyber attacks and systems abuse, offering the potential to pick out new and unknown attacks, or to spot activities that may be missed. the basic premise is to establish a sense of how the system and its users behave, and provide a basis to protect against compromise by watching out for unwanted activities.
April 25, 2017
Read More


Best practices for securing your data in-motion
Security and compliance is at the top of every IT pro's mind, yet much of that effort is focused on protecting data within the organization that's "at rest." While it's important to protect all data, data in-motion is when it's at its most vulnerable point and needs to be more of a focus of your efforts.
October 25, 2016
Read More


BENIGNCERTAIN-like flaw affects various Cisco networking devices
The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to search for similar flaws in other products -- and they found one.
September 19, 2016
Read More


Best practices for enterprises to effectively combat cybercrime
Employee training and cyber awareness, combined with a solid defense strategy and best-in-class cybersecurity tools and software, are essential to reducing the risks of data breaches.
November 1, 2016
Read More


Betabot steals passwords, downloads ransomware
The infamous and ever-changing Betabot information-stealing Trojan is back again, and has been observed downloading another well-known threat -- the Cerber ransomware.
September 2, 2016
Read More


Beware of browser hijacker that comes bundled with legitimate software
Lavians, a "small software vendor team," is packaging its offerings with a variant of browser-hijacking malware Bing.vc.
August 12, 2016
Read More


Beware the coffee shop: Mobile security threats lurk around every corner
40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office, according to a new report from iPass. Cafes and coffee shops were ranked the number one high-risk venue by 42 percent of respondents, from a list also including airports (30 percent), hotels (16 percent), exhibition centers (7 percent) and airplanes (4 percent).
May 23, 2017
Read More


Beware! Malware distributors are switching to less suspicious file types
Recent email-based malware distribution campaigns have used malicious LNK and SVG attachments instead of JavaScript.
February 6, 2017
Read More


Big Data investments are up, but fewer organizations plan to invest
Big Data investments continue to rise but are showing signs of contracting, according to Gartner. Their survey revealed that 48 percent of companies have invested in Big Data in 2016, up 3 percent from 2015. However, those who plan to invest in Big Data within the next two years fell from 31 to 25 percent in 2016.
October 5, 2016
Read More


Biggest limiting factors to universal adoption of connected devices
After surveying 250 respondents at CES 2017, the Open Connectivity Foundation (OCF) concluded that more than 60 percent of respondents consider standardization and interoperability when it comes to purchasing connected devices, cybersecurity concerns, and overall technological innovation in our society.
February 24, 2017
Read More


Biometric skimmers: Future threats to ATMs
Kaspersky Lab experts investigated how cybercriminals could exploit new biometric ATM authentication technologies planned by banks. While many financial organizations consider biometric-based solutions to be one of the most promising additions to current authentication methods, cybercriminals see biometrics as a new opportunity to steal sensitive information.
September 23, 2016
Read More


Businesses finally realize that cyber defenses must evolve
Cybersecurity is finally getting the attention it deserves -- it is only regrettable that this good news is the result of bad news: more numerous, complex, and damaging cyber attacks than ever before.
June 22, 2017
Read More


Businesses still confused about GDPR
European businesses are still unsure about GDPR — almost 78% of IT decision makers at more than 700 European companies either lacked understanding about the impact of the regulation on their organizations or were completely unaware of it. However, encryption, which is addressed by the GDPR, is desired by more than every third company in a new IDC survey.
March 1, 2017
Read More


Bitglass announces integration with Trustwave Managed Security Services
Bitglass announced at RSA Conference 2017 new integration with the Trustwave Managed Detection service. this service has been enhanced to support events and additional threat intelligence from leading cloud access security broker (CASB) providers like Bitglass. this increased security visibility helps Trustwave detect cloud-based threats earlier by leveraging support for the latest CASB technologies.
February 16, 2017
Read More


BitSight: Outdated Operating Systems, Browsers Put Many Organizations At Risk
he easiest way to improve a device's security is to make sure it's using the latest version of its operating system, browser, and other software. Updates often patch known vulnerabilities or bolster an app's defenses. But a new report from BitSight, the self-described "standard in security ratings," shows that many organizations don't update the operating systems or browsers of the many devices they have to manage.
June 8, 2017
Read More


Black horse blacks out: Lloyds Bank website goes down
Company: we don't know what happened, couldn't tell you if we did
January 11, 2017
Read More


Blame it on your brain: Researchers discover why we ignore PC security warnings
This is the reason so much security work goes on in the background, without your knowledge.
August 22, 2016
Read More


Boardroom perspectives on cloud implementation
Although there's a significant uptick in cloud adoption at the enterprise level, companies are missing the full benefit of their cloud adoptions by not factoring their IT implementations into their overall business strategy, according to Accenture.
September 30, 2016
Read More


Boffins exploit Intel CPU weakness to run rings around code defenses
Branch buffer shortcoming allows hackers to reliably install malware on systems
October 20, 2016
Read More


Boffins turn phone into tracker by abusing pairing with -- that's right -- IoT kit
Security researchers exploit vulns in Belkin home automation product
November 7, 2016
Read More


Bogus anti-WannaCry apps cropping up on Google Play
While the world is still battling the WannaCry ransomworm menace, fraudsters have decided to exploit the threat's visibility and users' confusion to make them install fake Android apps that supposedly protect against it.
May 25, 2017
Read More


Bogus Pokemon Go guide app roots Android devices
The popularity of Pokemon Go is apparently on the wane, but there are still more than enough players to make it a good lure for cyber crooks.
September 16, 2016
Read More


Bondnet botnet goes after vulnerable Windows servers
A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, "earning' him around $1,000 per day.
May 4, 2017
Read More


Bored employees seen as biggest potential data security risk
Employees who become distracted at work are more likely to be the cause of human error and a potential security risk, according to a snapshot poll conducted by Centrify at Infosec Europe in London this week.
June 8, 2017
Read More


Bose accused of spying on end users, data mining their private records via headphone app
One of the major drawbacks to the Internet of Things ecosystem and "smart' devices more generally is the way both are treated as a gold mine for gathering information on end users, often without their knowledge or consent. Bose is the latest company to stand accused of such shenanigans in a lawsuit filed yesterday in federal district court.
April 19, 2017
Read More


Bose is spying on us, lawsuit alleges
The proposed class-action suit claims the audio company uses its wireless headphones and Bose Connect app to collect private data and sell it to third parties, report says.
April 19, 2017
Read More


Bracing for the Denial of Things
turn out the lights in any major city in the developed world, and you know what? it's not really all that dark. Unless you've managed to lock yourself in a broom closet (I won't ask) then chances are, while it may be dim, it won't actually be dark.
April 12, 2017
Read More


Brainjacking: Hacking brain implants
Did you know that Dick Cheney, former US Vice President who held that office from 2001 to 2009, had the wireless telemetry on his implantable cardioverter-defibrillator disabled during his time in office for fear of political assassination?
August 26, 2016
Read More


Brands increasingly targeted by false websites and phishing
DomainTools released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals creating look-alike domains for phishing. the research surfaced multiple malicious domains each day spoofing Amazon, Apple, Gap, Nike, and Walmart.
May 3, 2017
Read More


Brave VMs to destroy themselves, any malware they find on HP's new laptop
1 like = 1 prayer for pre-baked Bromium virtualization tech
February 13, 2017
Read More


Breach analytics platform speeds up incident response
It's increasingly said by experts that data breaches are now a matter of when rather than if. Being able to respond quickly is therefore vital for companies to minimize damage and disruption.
February 13, 2017
Read More


Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts
Former gov.UK advisor Rohan Silva branded 'utterly clueless'
June 6, 2017
Read More


Breaking TLS: Good or bad for security?
As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network.
May 23, 2017
Read More


Breathing new life into SSL VPNs: Making the most of the security benefits
Network security has been in an accelerated arms race for over a decade, with IT managers constantly adding new technologies to secure various network resources in an attempt to stay ahead of the bad guys. While the newer technologies can certainly help improve the overall security profile and reduce risks, there are also additional security benefits to be gained by creatively leveraging products you probably already have in your network.
August 10, 2016
Read More


BrickerBot bricked 2 million IoT devices, its author claims
The author of BrickerBot, which ॥uro;'bricks॥uro;' IoT devices by rewriting the flash storage space and wiping files, has emerged to explain that the malware first attempts to secure the units without damaging them.
April 24, 2017
Read More


Bringing security into IT and application infrastructures
In this podcast recorded at Black Hat USA 2016, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about a new trend in bringing security into IT and application infrastructures, as well as working with the DevOps team for increased security.
August 09, 2016
Read More


Brother and sister arrested for spying on Italian politicians for years
Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians, state institutions and law enforcement agencies, businesses and businesspeople, law firms, leaders of Italian masonic lodges, and Vatican officials for years.
January 12, 2017
Read More


Bruce Schneier: the US government is coming for your code, techies
Open source has won, but victory may be fleeting
February 14, 2017
Read More


Bug in Rockwell's PLCs allows attackers to modify firmware
There is an undocumented SNMP community string in Rockwell Automation's MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely change settings or modify the device firmware, and therefore compromise the PLCs.
August 17, 2016
Read More


Building a Framework for IoT Security Compliance
As more IoT devices are connected, the possibility of compromised security increases. That's why there's a need to establish best practices for security.
March 14, 2017
Read More


Build serverless, secure apps in the cloud
Swirlds released the SDK for the hashgraph distributed consensus platform, which is free for download (the registration fields are optional).
August 15, 2016
Read More


Build your own IMSI slurping, phone-stalking Stingray-lite box -- using bog-standard Wi-Fi
Uni eggheads discuss track-and-trace threat
November 3, 2016
Read More


Building a strong cybersecurity program for the long haul
Patch Tuesday is approaching and there is a chance it might be a boring one. Hopefully, I didn't jinx things by saying that, but I think most of what we'll see is a bit of volume on the third-party side. Before we get into the forecast, though, let's talk about the recent roller coaster we've all been on.
June 12, 2017
Read More


Building the IoT monster
When Mary Shelley wrote Frankenstein, she imagined the misguided doctor assembling his creature from dead body parts, who instead of elevating science, created something dark and terrible. a modern day Mary might well imagine the monster being assembled, not from arms and legs, from nanny-cams, door locks, and DVRs.
October 30, 2016
Read More


Burglars can easily make Google Nest security cameras stop recording
Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range, a security researcher has found.
March 21, 2017
Read More


Business and IT decision makers are aligned on key IT trends
Business decision makers' (BDMs) and IT decision makers' (ITDMs) understanding of current IT trends are much closer than they are generally perceived to be, according to a new Dell State of IT Trends 2016 global study.
July 29, 2016
Read More


Business still ill-prepared to handle modern DDoS attacks
In September 1996, New York City's original ISP, Panix, was hit by a SYN flood denial of service attack that took them offline for several days. at a time when only 20 million Americans were online, this was one of the first high profile examples of the growing importance of network and service availability.
September 14, 2016
Read More


Businesses deploy sensitive data to new environments without adequate security
According to a new report, 93 percent of enterprises will use sensitive data in advanced technology environments (such as cloud, SaaS, big data, IoT and container) this year.
March 16, 2017
Read More


Businesses forget good security practices in DevOps environments
Many organizations don't enforce proper security measures in their DevOps environments, putting both the company and the product at risk. this is according to a new report by Venafi looking into security practices among DevOps adopters.
April 20, 2017
Read More


Businesses need to protect data, not just devices
As organizations embrace the digital transformation of their business, they are increasingly facing new security concerns. More companies are moving away from device-centric, platform-specific endpoint security technologies toward an approach that secures their applications and data everywhere.
July 29, 2016
Read More


BuzzFeed vandalized by hacking group after exposing alleged member
A number of BuzzFeed posts were vandalized by hackers this morning in apparent retaliation for a story that claimed to expose a member of their group. the hacking group, which goes by OurMine, changed the titles of several BuzzFeed posts to read "Hacked by OurMine" and replaced the body of some stories with a note not to "share fake news about us again."
October 5, 2016
Read More


By 2018, 25 percent of new mobile apps will talk to IoT devices
With the convergence of devices, bots, things and people, organizations will need to master two dimensions of mobility, according to Gartner. CIOs and IT leaders will need to excel at mainstream mobility and to prepare for the post-app era.
September 28, 2016
Read More


By the end of March no one will remember that Microsoft missed a Patch Tuesday
Like the weather in Minnesota, the March Patch Forecast is unpredictable at best. be prepared for turbulent times interspersed with moments of calm.
March 13, 2017
Read More


BYOD: how to provide secure access to network resources
IT organizations have little or no choice when it comes to bring your Own Device (BYOD) programs. Employees want to access the network with their personally owned devices, and in today's landscape where employers compete for skilled employees, companies want to be known for giving employees the privilege of doing so.
December 6, 2016
Read More


Misc. - C

CA Technologies acquires Veracode for $614 million
CA Technologies has signed a definitive agreement to acquire Veracode for approximately $614 million in cash. the transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including regulatory approvals.
March 7, 2017
Read More


CalPERS Adopts a More Secure Networking Approach
The California Public Employees' Retirement System deployed a system with full visibility of physical and virtual networks, boosting performance and security.
September 23, 2016
Read More


Cameras and DVRs used in massive Minecraft server DDoS attack
Internet-connected devices like cameras, thermostats, and even locks are being sold to us as a convenience. Unfortunately they've become a major convenience for criminals, too.
September 26, 2016
Read More


Can a computer system compete against human CTF experts?
DARPA announced on Thursday that a computer system designed by a team of Pittsburgh-based researchers is the presumptive winner of the Agency's Cyber Grand Challenge.
August 05, 2016
Read More


Can an automated defence network protect Britain from low-level threats?
A recent Freedom of Information request found that the number of breaches reported to the ICO in the last 12 months has nearly doubled from the previous year, so something clearly had to be done.
September 15, 2016
Read More


Can Big Data analytics strengthen your security posture?
The Ponemon Institute released the results of its first report focused on how big data analytics are being used by organizations to strengthen cybersecurity postures. Their findings are based on a survey with responses from 592 IT and IT security practitioners from US-based organizations across multiple industries.
September 6, 2016
Read More


Can biometrics and the FIDO Alliance save us from password overload?
All the available evidence indicates our password-based security system is broken.
September 6, 2016
Read More


Can Dell change endpoint security?
Traditional PC security is failing most companies, and a new approach is required if enterprises are to be protected. Can PC vendors like Dell dramatically improve endpoint security?
June 12, 2017
Read More


Can Process Explorer stop malware infections -- not just detect them?
Sysinternals' Process Explorer has always been used to detect malware infections, but that's just the start of its advantages. Just running the program in the background might stop some threats installing in the first place.
October 12, 2016
Read More


Can smartphone thieves be identified in seconds?
Ben-Gurion University of the Negev (BGU) researchers have developed a technique that identifies a smartphone thief or intruder in under 14 seconds.
February 8, 2017
Read More


Can we extinguish the Mirai threat?
The recent massive DDoS attack against DNS provider Dyn has jolted (some of) the general public and legislators, and has opened their eyes to the danger of insecure IoT devices.
October 30, 2016
Read More


Can you justify your security spend?
In this podcast recorded at RSA Conference 2017, Todd Bramblett, President of Nehemiah Security, talks about why cyber risk has become such a hot topic, the importance of IT operations and cybersecurity working together, as well as the AtomicEye RQ platform.
March 23, 2017
Read More


Can you trust your Android VPN client?
Do you trust your Android VPN client to keep your data secure and your online browsing private? Perhaps you shouldn't.
January 26, 2017
Read More


Can your company keep up with quickly-changing cyber security regulations?
Compliance with requirements and regulations is an ongoing challenge for businesses. In the cyber security space, the threat environment is constantly changing, and organizations have to meet some 500-600 different regulations and laws, as Internet of Things (IoT) devices proliferate and new, massive Distributed Denial of Service (DDoS) attacks are seen on a near-daily basis. as technology continues to evolve with such innovations as cloud computing and Big Data, security professionals are on a never-ending quest to stay up to speed on security controls and best practices.
December 23, 2016
Read More


Can your Netgear router be hijacked? Check now!
Yesterday, researcher Simon Kenin of Trustwave SpiderLabs released information about an authentication bypass flaw affecting a wide variety of Netgear routers, as well as PoC attack code for triggering it.
January 31, 2017
Read More


Capsule8: Container-aware real-time threat protection
Despite massive adoption of Linux in the enterprise, there has been no world-class security offering for Linux infrastructure – until now.
March 2, 2017
Read More


Cardiff researchers get "250k to monitor Brexit hate crime on Twitter
Pre-crime snoops study spread of cruel chatter
February 9, 2017
Read More


Catapult Integrated Systems
is a premier systems integrator and commercial managed Internet services provider serving northern California since 1992.
Provides a Service
Read More


Centrify Identity Platform now secures Mac endpoints
Centrify announced enhancements to the Centrify Identity Platform that deliver local administrator password management for Macs and Mac application management and software distribution via turnkey integration with the Munki open source solution.
June 6, 2017
Read More


Centrify recognises EMEA channel achievements
Centrify has announced the winners of its EMEA Channel Programme Awards. The awards were presented at a ceremony held on 7th June 2017 at The Distillery, Portobello Road in London.
June 8, 2017
Read More


Cerber ransomware rakes in cash by recruiting unskilled hackers
Cerber's creators take 35 percent of the profit, and the rest goes to partners
August 16, 2016
Read More


Cerber2 ransomware released, no decryption tool available
The author of the widely distributed Cerber ransomware has released a newer version, and files encrypted with Cerber2, unfortunately, can't be decrypted without paying the ransom.
August 08, 2016
Read More


CERT updates insider threat guidebook
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. the guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.
February 10, 2017
Read More


CERT: HTTPS Interception Products Weaken Companies' Security
The United States Computer Emergency Readiness Team (CERT) issued a report in which it warned companies and other organizations against using HTTPS or TLS interception products. CERT said that such products often make those companies' communications less secure, because the products don't properly validate server connections and may use weaker cryptography.
March 16, 2017
Read More


Certificate policy violations force reform at StartCom and WoSign
The two CAs will be separated and their CEO will be replaced
October 10, 2016
Read More


Certs up! Apple and Google take certificates more seriously
As we near 2017, browsers start complaining more about rotten website security, but it's never been easier to assure yourself you're safe.
November 16, 2016
Read More


Challenges of cybersecurity due diligence in the acquisition process
Acquirers are increasingly aware of the need for vigorous cybersecurity due diligence in M&A, yet often lack the proper personnel to conduct thorough analyses, according to a new study by West Monroe Partners and Mergermarket. as the importance of big data and IT rises across sectors, cybersecurity has become a vital area to assess at deal targets.
July 21, 2016
Read More


Charger mobile ransomware steals contacts and SMS messages
Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger.
January 24, 2017
Read More


Check Point says Fireball malware hit 250 million; Microsoft says no
Either way, Microsoft assures us that Windows 10 S would have been immune.
June 23, 2017
Read More


Check Point says Judy is "possibly the largest malware campaign found on Google Play"
After WannaCry's sizable impact on many Windows machines around the world, details have been revealed of a malware campaign targeting Android devices through the Google Play Store. The auto-clicking adware, named 'Judy', was discovered by the IT security firm, Check Point. It is estimated to have affected between 8.5 and 36.5 million users.
May 29, 2017
Read More


Checklist: IoT security and privacy
The Online Trust Alliance (OTA) released the consumer IoT security and privacy checklist, which contains steps consumers can take to help increase the security, privacy and safety of their connected home and wearable technologies.
October 5, 2016
Read More


Chicago Public Schools: Greater Visibility of Software Assets is Reduci ng Cyber Security Risk
Chicago Public Schools employs 40,000 staff in hundreds of buildings across the Chicago area. as part of its commitment to expanding technology in classrooms and driving efficiency, the District needed to understand their application footprint across their increasingly diverse computing infrastructure.
January 31, 2017
Read More


China emerges as digital rights champion with new info privacy law
Well, sort of
April 11, 2017
Read More


China pays for Windows XP addiction as 'WannaCry' hits
1 in 5 PCs still run the ancient, obsolete OS, so infections come as no surprise
May 15, 2017
Read More


Chinese hackers go after third-party IT suppliers to steal data
The hacking group APT10 has been blamed for the global cyberespionage campaign
April 4, 2017
Read More


Chinese hackers ordered to pay $9 million over insider trading
Three Chinese citizens, who have obtained millions from illicit stock trades based on insider information they stole from two US law firms by hacking, have been ordered to give back the money (including money given to Hong's mother) and pay over $5 million in civil penalties.
May 11, 2017
Read More


Chinese researchers hijack Tesla cars from afar
Tesla car owners are urged to update their car's firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car's brakes and other, less critical components.
September 20, 2016
Read More


Chrome bug triggered errors on websites using Symantec SSL certificates
The bug affected Chrome on all platforms, as well as the WebView component on Android
December 5, 2016
Read More


Chrome users on macOS to see more dangerous site warnings
MacOS users who use Chrome to surf the web are likely to see more security warnings in the coming days, as Google's Safe Browsing service will start flagging sites peddling potentially unwanted software.
March 2, 2017
Read More


Chromebooks may add fingerprint scanning, following Android and Windows
A thread on Google's Chromium code repository suggests the feature is being built into future Chromebooks.
September 6, 2016
Read More


CIA's Windows XP to Windows 10 malware: WikiLeaks reveals Athena
WikiLeaks says the CIA's Athena malware can be used to spy on Windows XP through to Windows 10 computers.
May 22, 2017
Read More


CIOs increasingly focus on innovation
Two-thirds of organizations are adapting their technology strategies in the midst of global political and economic uncertainty, with 89 percent maintaining or ramping up investment in innovation, including in digital labor, and 52 percent investing in more nimble technology platforms, according to the 2017 Harvey Nash/KPMG CIO Survey.
May 24, 2017
Read More


Cisco and IBM Security announce services and threat intelligence collaboration
In a new agreement, Cisco and IBM Security will work closer together across products, services and threat intelligence for the benefit of customers.
May 31, 2017
Read More


Cisco confirms NSA-linked zeroday targeted its firewalls for years
Company advisories further corroborate authenticity of mysterious Shadow Brokers leak.
August 17, 2016
Read More


Cisco patches Equation group exploit
Investigation of a leaked Equation group exploit led to the discovery of a similar vulnerability
September 19, 2016
Read More


Cisco patches leaked 0-day in 300+ of its switches
Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been available for a month now.
May 10, 2017
Read More


Cisco plugs critical bug in ASA security devices
Cisco has patched a critical vulnerability in the Identity Firewall feature of Cisco ASA Software, which would allow a remote attacker to execute arbitrary code and obtain full control of the system (or cause a reload).
October 20, 2016
Read More


Cisco plugs critical flaw in data center operations management solution
Cisco has patched another critical vulnerability in its Unified Computing System Performance Manager software.
July 21, 2016
Read More


Cisco plugs critical hole in Prime Home management platform
Cisco has released nine security alerts on Wednesday, and among these are two for critical vulnerabilities in its ASR 900 Series routers and the Cisco Prime Home management platform (for provisioning and managing in-home devices).
November 3, 2016
Read More


Cisco plugs two Cloud Services Platform system compromise flaws
Cisco has patched two serious vulnerabilities in Cisco Cloud Services Platform 2100, both of which could allow a remote attacker to execute arbitrary code on a targeted system.
September 22, 2016
Read More


Cisco Prime Home flaw allows hackers to reach into people's homes
Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices.
February 2, 2017
Read More


Cisco starts publishing fixes for EXTRABACON exploit
Starting last Wednesday, Cisco has begun publishing fixes for the SNMP RCE flaw in the software of its Adaptive Security Appliances (ASA), which can be triggered through the EXTRABACON exploit leaked by the Shadow Brokers.
August 29, 2016
Read More


Cisco WebEx extension opens Chrome users to drive-by malware attacks
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website.
January 24, 2017
Read More


CISOs must assess risks and identify the real security budget
Organizations spend an average of 5.6 percent of the overall IT budget on IT security and risk management, according to Gartner. However, IT security spending ranges from approximately 1 percent to 13 percent of the IT budget and is potentially a misleading indicator of program success, analysts said.
December 9, 2016
Read More


CISOs need teamwork and a framework, says Chief Cybersecurity Officer at Trend Micro
Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.
July 20, 2016
Read More


CISSP Planning Kit: your guide to CISSP certification and beyond
Studying for the CISSP exam can seem overwhelming, which is why (ISC)2 developed this quick guide. Download this planning kit for a CISSP overview, study tips, preview of how to maintain your certification, and more.
January 10, 2017
Read More


Citizens will share personal data with smart city programs by 2019
The rapid pace of technological and societal change has given government CIOs a new sense of urgency and a willingness to experiment with smart city and open data initiatives, according to Gartner. If managed effectively, this shift will position governments at the core of technological innovation in society.
December 20, 2016
Read More


City of San Diego Upgrades Security, Slashes Risks
The city is expanding its security platform, which provides constant, in-depth visibility into networks and data flow and greatly reduces its threat exposure.
November 7, 2016
Read More


Civilization infrastructure: Connected sensors and digital intelligence
A new type of infrastructure needs to be built that is not just going to reshape business, but also the way people live, according to Gartner. CIOs are the builders of this infrastructure, which Gartner calls the "civilization infrastructure".
October 19, 2016
Read More


CLDAP reflection attacks generate up to 24 Gbps of traffic
Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method.
April 12, 2017
Read More


Clear and present danger: Combating the email threat landscape
Like it or loathe it, email is here to stay. Despite the ubiquity of file sharing services like OneDrive and Google Docs, email remains a fast and convenient way for users to review, communicate and collaborate. Almost 25 years since the first email attachment was sent, businesses around the globe remain heavily dependent on using email to send their files. Indeed, according to research firm Radicati, business emails are set to reach 116.4 billion a day before the end of 2016.
September 30, 2016
Read More


Clever spear-phishing emails hit employees involved in SEC filings
FireEye has flagged a sophisticated spear-phishing campaign hitting US-based businesses with emails purportedly coming from the US Securities and Exchange Commission (SEC).
March 8, 2017
Read More


Cloak & Dagger exploit: What you need to know
Should you be concerned about this new Android exploit called Cloak & Dagger? Here's what you need to know!
May 25, 2017
Read More


Cloud adoption hits all-time high, Microsoft and Google dominate
With continued growth in use of Office 365 and G Suite, overall cloud adoption has hit an all-time high, according to Bitglass. Fifty-nine percent of organizations worldwide now use one of these two apps, up from 48 percent in 2015.
November 16, 2016
Read More


Cloud and IoT adoption requires organizations to future-proof PKI implementations
New research by the Ponemon Institute shows an increased reliance on PKIs in today's enterprise environment, driven by the growing use of cloud-based services and applications and the Internet of Things.
October 11, 2016
Read More


Cloud DLP policy violations rise as Slack, HipChat, and similar services increase in popularity
Cloud DLP policy violations in collaboration services like Slack and HipChat are on the rise, accounting for nearly 10 percent of total violations this quarter, according to Netskope. These services have skyrocketed in popularity as methods of sharing and downloading data, emphasizing the need for enterprises to put policies in place to ensure this data is safe and secure.
June 14, 2017
Read More


Cloud going mainstream, few are maximizing value
While cloud adoption continues to accelerate, few organizations are maximizing the value that cloud can offer, according to IDC. the increased cloud adoption is being fueled by cloud-native applications, including security and the IoT cloud-based solutions.
September 21, 2016
Read More


Cloud IT infrastructure revenues grew 14.9% to $8 billion in 1Q17
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew 14.9% year over year in the first quarter of 2017 (1Q17), reaching $8 billion, according to IDC.
July 3, 2017
Read More


Cloud IT infrastructure spend grew to $32.6 billion in 2016
According to IDC, vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 9.2% year over year to $32.6 billion in 2016, with vendor revenue for the fourth quarter (4Q16) growing at 7.3% to $9.2 billion.
April 10, 2017
Read More


Cloud providers not expanding security as fast as customers adopt cloud
Information security professionals trust the cloud even less now than they did last year, despite efforts by cloud-service providers to tighten security, according to the SANS Institute.
October 4, 2016
Read More


Cloud security broker Netskope raises $100m more led by Lightspeed and Accel
As enterprises continue to move more of their computing to the cloud, and across an ever-expanding range of devices from computers to phones and tablets and more, hackers continue to find ways to break into those systems -- resulting an unprecedented number of breaches globally. Now, one of the more prominent security startups fighting this has raised a significant round of funding to help tackle the issue head-on.
June 6, 2017
Read More


Cloud security market in the retail sector expected to grow
The global cloud security market in the retail sector is expected to grow at a CAGR of close to 21% until 2020, according to Technavio.
August 19, 2016
Read More


Cloud-based security services market to reach nearly $9 billion by 2020
Growth in worldwide cloud-based security services will remain strong, reaching $5.9 billion in 2017, up 21 percent from 2016, according to Gartner. Overall growth in the cloud-based security services market is above that of the total information security market. Gartner estimates the cloud-based security services market will reach close to $9 billion by 2020.
June 19, 2017
Read More


Cloud-based single sign-on means access and security everywhere
The cloud is now the standard of corporate organizational life. It is a standard practice for nearly every sector of every industry. So, there must be solutions available to help manage these cloud applications.
April 14, 2017
Read More


Cloudbleed: what you need to know and what you need to do
Cloudflare has had a sizeable data leak. Here's what that means for you.
February 24, 2017
Read More


CloudConnect: Enabling the Industrial Internet of Things
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about Unidirectional CloudConnect, an essential enabler for the Industrial Internet of Things.
November 7, 2016
Read More


Cloudflare Bug Leaks Passwords, API Keys and More
Cloudflare is a web optimization company and provides SSL encryption to millions of websites all around the internet. the company recently announced that a bug in its software that reared its head after an update has led to the leak of sensitive personal information by the company. the leak was first spied by Tavis Ormandy, who works or Google Project Zero security initiative on February 18.
February 24, 2017
Read More


CloudFlare Bug Put Sensitive Data at Risk
Cloudflare revealed that a memory leak in its parser made sensitive information, such as HTTP cookies or authentication tokens, publicly available. some of this private data was cached by search engines (Google, Yahoo, Bing, and others), but all have reportedly purged the info from their services.
February 24, 2017
Read More


CloudPets connected toys can be turned into remote surveillance devices
The CloudPets data breach saga continues, as Spiral Toys finally reported the breach to the California Attorney General's Office.
March 1, 2017
Read More


Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. the group has been active since June 2016, and their latest attacks happened in July and August.
November 22, 2016
Read More


CodexGigas: Malware profiling search engine
CodexGigas is a free malware profiling search engine powered by Deloitte Argentina, which allows malware analysts to explore malware internals and perform searches over a large number of file characteristics.
August 30, 2016
Read More


Cognitive systems and artificial intelligence revenues to reach $47 billion in 2020
Widespread adoption of cognitive systems and artificial intelligence (AI) across a broad range of industries will drive worldwide revenues from nearly $8 billion in 2016 to more than $47 billion in 2020. According to IDC, the market for cognitive/AI solutions will experience a CAGR of 55.1% over the 2016-2020 forecast period.
November 4, 2016
Read More


Comcast is the honey badger of ISPs -- injects pop-ups into browsers, doesn't give a fsck
Nothing to see here. Move along
November 23, 2016
Read More


Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January
Web giant will start labeling insecure websites insecure
September 8, 2016
Read More


Common enterprise IoT devices are hackable in minutes
Common enterprise IoT devices pose an inherent risk to the overall security posture of organisations, according to ForeScout Technologies.
October 27, 2016
Read More


Companies struggling to meet GDPR standards
A new survey conducted by Vanson Bourne asked IT leaders in the U.S., UK, Germany and France about their current data policies to see how well aligned they are with the EU General Data Protection Regulation (GDPR), which comes into force on May 25, 2018.
May 30, 2017
Read More


Compared to last month's Patch Tuesday, April will be a light drizzle
March saw a sizable release from Microsoft after a missed Patch Tuesday. Any way about it, April will be a lighter month than March. Windows 10 1703 has officially released to MSDN. Windows 10 1507 reaches end of service in May, so for those on the original release branch, now is the time. Start upgrading those systems still on 1507 to prevent not having security exposures.
April 10, 2017
Read More


Components of an effective vulnerability management process
Vulnerabilities continue to grab headlines. Whether it is a zero-day that affects "tens of millions" servers around the globe or an old unpatched flaw that leads to a data compromise, we will keep reading about them. the modern security landscape demands a process to manage and keep on the top of the ever-evolving threats and vulnerabilities.
October 11, 2016
Read More


Compromised Joomla sites are foisting ransomware on visitors
Administrators of WP and Joomla sites would do well to check for specific fake analytics code injected into their properties, as a ransomware delivery campaign taking advantage of vulnerable sites has been going strong for over a month now.
July 18, 2016
Read More


Compromised: 339 million AdultFriendFinder users
Friend Finder Networks, the company that operates sites like Adultfriendfinder.com ("World's largest sex & swinger community"), and Cams.com ("Where adults meet models for sex chat live through webcams") has been breached -- again!
November 14, 2016
Read More


Compromising Linux virtual machines via FFS Rowhammer attack
A group of Dutch researchers have demonstrated a variant of the Rowhammer attack that can be used to successfully compromise Linux virtual machines on cloud servers.
August 18, 2016
Read More


CompTIA Cybersecurity Analyst certification to include behavioral analytics
CompTIA unveiled a vendor-neutral certification, CompTIA Cybersecurity Analyst (CSA+), that brings behavioral analytics to the forefront of assessing cyber threats.
February 20, 2017
Read More


Conan Exiles' Endowment Slider will not Appear In Console Versions
Missing members.
March 8, 2017
Read More


Congressional Encryption Working Group says encryption backdoors are near unworkable
The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. the group has just published its end-of-year report summarizing months of meetings, analysis and debate.
December 23, 2016
Read More


Connected devices and the future of payments
More than 80 percent of Americans have a strong interest in using connected devices to make purchases, with a keen eye toward security and data concerns, according to Visa and Pymnts.
June 9, 2017
Read More


Connected devices riddled with badly-coded APIs, poor encryption
The advent of home automation and rapid rise of smart home connected devices is seeing some vendors and new startups scramble to become a part of the movement, with ABI Research forecasting 360 million smart home device shipments by 2020.
September 19, 2016
Read More


Connected home solutions adoption remains limited
Adoption of newer connected home solutions is still at the early adopter phase, according to Gartner. the survey, of nearly 10,000 online respondents in the U.S., the U.K. and Australia during the second half of 2016, found that only about 10 percent of households currently have connected home solutions.
March 8, 2017
Read More


Connected homes and new hacking risks
Eight out of ten US consumers have a home data network and more than a third of them connect entertainment systems, gaming consoles and other smart devices to the Internet, increasing the risk of home cyber attacks, according to the Hartford Steam Boiler Inspection and Insurance Company (HSB).
January 27, 2017
Read More


Connecticut-based WhartonBrooks plans to launch a Windows 10 Mobile phone
A Connecticut-based company called WhartonBrooks has announced plans this week to release a Windows 10 Mobile phone sometime later this fall. the details of this device have yet to be revealed.
August 25, 2016
Read More


Consumer and business perspectives on IoT, augmented reality risks
As every business becomes a digital business, the spread of technology such as augmented reality (AR) and Internet of Things (IoT) devices can add significant business value and personal convenience. Yet a new study from ISACA shows that consumers and IT professionals disagree on the risks and rewards.
November 14, 2016
Read More


Consumers harassed by 30 million spam calls every day
Consumers are giving up twice as much sensitive data over the previous year, according to First Orion.
September 12, 2016
Read More


Consumers ready to walk away from their favorite retailers if a breach occurs
Consumers are wary of the increased frequency of cyber attacks against retailers, and many are ready to walk away from their favorite retailers if a breach occurs. In fact, in surveying 448 consumers, KPMG found that 19 percent said they would stop shopping at a retailer that had been a victim of a cybersecurity incident, even if the company took the necessary steps to remediate the issue.
August 25, 2016
Read More


Consumers regularly share passcodes, creating compromising situations
Consumers keep more and more sensitive personal and professional information on their mobile phones, but most people remain alarmingly casual about adequately protecting that private content, according to Keepsafe.
December 14, 2016
Read More


Consumers are still making basic security faux pas online
Security remains top of mind as over 70 per cent of consumers noted they always think about their security/privacy when shopping online, according to Centrify. Unfortunately, despite the changing attitudes towards security, some consumers are still making basic security faux pas online.
November 23, 2016
Read More


Consumers worried about privacy more than ever
84% of U.S. consumers expressed concern regarding the security of their personally identifiable information (PII) and 70% told IDC that their concern is greater today than just a few years ago.
January 25, 2017
Read More


Consumers worry more about cybercrime than physical crime
Consumers are more worried about cybercrime than physical world crime, according to Sophos. the survey polled 1,250 consumers in the US, UK, Germany, Austria and Switzerland.
December 14, 2016
Read More


Container Health Index: Red Hat's standard for trusted containers
Red Hat introduced the Container Health Index, which provides a comprehensive image detail of any enterprise container service. the index grades all of Red Hat's containerized products as well as the Red Hat base layer of containers from certified ISV partners, with Red Hat planning to certify containerized products from 20 ISVs within the next 90 days.
May 3, 2017
Read More


Continuous security in the web application space
What we're seeing in the market right now is increased consolidation among vendors. They're buying each other, more products covering another vendor's territory are being introduced, and this is all creating confusion for anyone trying to put together a security program.
August 17, 2016
Read More


Cookies Are the Original Ransomware
The existence of ransomware--and probably 90 percent of all malware--can be blamed on the now-defunct Netscape, which invented the tracking cookie other browsers quickly adopted.
May 18, 2017
Read More


Corporate insiders sell secrets and access on dark web
Dark web marketplaces have witnessed an increase of employees offering insider traders, fraudsters and hackers information, help or outright access to their company's networks -- for a fee, of course.
February 2, 2017
Read More


Corporate Office 365 users hit with clever phishing attack
Corporate Office 365 users are being targeted by phishers using a clever new trick to bypass email filters and the default security protections of the Microsoft service.
December 14, 2016
Read More


Could an independent NGO solve the problem of cyber attack attribution?
Cyber attack attribution is a necessary prerequisite for holding actors accountable for malicious cyber activity, but is notoriously difficult to achieve. Perhaps it's time to create an independent, global organization that will investigate and publicly attribute major cyber attacks?
June 14, 2017
Read More


Could this be you? Really Offensive Security Engineer sought by Facebook
'Here's your new password, champ -- GoF*!#Urs3lf'
December 6, 2016
Read More


CRIME, TIME, BREACH and HEIST: a brief history of compression oracle attacks on HTTPS
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical.
August 11, 2016
Read More


Criminalization of DNS for phishing continues to advance
Cybercriminals have been shifting their tactics markedly, by registering more and more domain names, rather using web servers and domains they have hacked into. These "malicious domain registrations" accounted for half of all the domain names used for phishing in 2016, according to APWG.
June 28, 2017
Read More


Criminals Access Three's Upgrade Systems, Compromise Over 130,000 Accounts
The UK ISP, Three, announced that criminals used employee logins to access its phone upgrade system. they used this access to steal phones that were supposed to be sent as upgrades to customers, and personal information from more than 133,000 thousand accounts was compromised in the process.
November 18, 2016
Read More


Critical cybersecurity priorities for the next US president
While the US presidential campaign has occasionally focused on cyber security, the topic demands more urgent attention from the individual elected as the 45th President of the United States.
October 18, 2016
Read More


Critical flaw opens Netgear routers to hijacking
Several Netgear router models can be easily hijacked by remote, unauthenticated attackers, CERT/CC has warned on Friday.
December 12, 2016
Read More


Critical holes in Micro Focus Filr found, plugged
Popular enterprise file management and collaborative file sharing solution Micro Focus Filr sports half a dozen security flaws, most of which can be exploited -- either by themselves or concatenated -- to take over control of the (virtual) appliance.
July 25, 2016
Read More


Critical Linux bug opens systems to compromise
Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers -- both local and remote -- to obtain root shell on affected Linux systems.
November 15, 2016
Read More


Critical RCE flaw in ATM security software found
Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions.
May 4, 2017
Read More


Critical Samba code execution hole plugged, patch ASAP!
The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
May 25, 2017
Read More


Critical Xen hypervisor flaw endangers virtualized environments
The vulnerability allows attackers with access to a guest OS to read the host's memory
April 5, 2017
Read More


Cross-border action dismantles network of payment card fraudsters
A successful operation that took down an international criminal network of payment card fraudsters was carried out thanks to cross-border cooperation in Europe.
June 13, 2017
Read More


Crowdsourced security testing and bug bounties
In the past few years, the bug bounty economy has been growing steadily, with more organizations getting on board every day.
June 26, 2017
Read More


Cyber extortionists target North American companies
A group of financially motivated hackers is targeting networks and systems of North American companies, threatening to leak the stolen information and cripple the company by disrupting their networks if they don't pay a hefty ransom.
June 16, 2017
Read More


Cyber insecurity is pervasive, citizens feeling concerned and vulnerable
More than three-quarters of U.S. citizens (79 percent) are concerned about the privacy and security of their personal digital data, and 63 percent say they would feel more confident if the government agencies and service providers with which they interact had stronger data-privacy and security policies, according to an Accenture survey of nearly 3,500 U.S. citizens.
April 11, 2017
Read More


CyberArk: Windows 10 Vulnerable To Rootkits Via Intel's Processor Trace Functionality
CyberArk, a security company that specializes in stopping targeted attacks against other companies, has found a hooking technique that can bypass the Windows 10 "PatchGuard' kernel protection using hardware functionality found on Intel processors. The technique can be used to create persistent malware after a computer has already been infected.
June 23, 2017
Read More


Cybersecurity battleground shifting to Linux and web servers
Despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. This attack pattern demonstrates the urgent need for heightened security measures to protect Linux servers and Linux-dependent IoT devices, according to WatchGuard Technologies.
June 27, 2017
Read More


Cybersecurity trends: Fight against cybercrime shows both improvements and downsides
Trustwave released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases.
June 21, 2017
Read More


Cybersecurity: Industry concerns and suggestions for policy makers
The EU Agency for Network and Information security -- ENISA -- together with industry recently reached a common position on cybersecurity, that reflects the concerns of industry and provides a set of suggestions for policy makers.
May 23, 2017
Read More


Cybersecurity: to automate or not to automate?
There are seven vital automated IT security applications that will function as the stepping stones necessary to advance cybersecurity in the new world of artificial intelligence, according to ABI Research.
April 12, 2017
Read More


Cybersecurity: workforce gap to hit 1.8 million by 2022
The cybersecurity workforce gap is on pace to hit 1.8 million by 2022 -- a 20% increase since 2015. 68% of workers in North America believe this workforce shortage is due to a lack of qualified personnel.
June 9, 2017
Read More


CSOs reveal true cost of breaches
Over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent, according to the Cisco 2017 Annual Cybersecurity Report (ACR).
February 1, 2017
Read More


Cyber attacks: Hindsight is 20/20, GDPR is even better
The dust is beginning to settle on the EU referendum result. But, while the UK's departure from the union is set to shake things up for many businesses nationwide, there's at least one EU ruling that UK businesses will still have to comply with: the General Data Protection Regulation.
August 24, 2016
Read More


Cyber criminals targeting healthcare orgs' FTP servers
FBI's Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes.
March 27, 2017
Read More


Cyber crooks' latest tricks for targeting Chrome users
Chrome users have lately been targeted with a few unusual malware delivery and scam attempts.
February 22, 2017
Read More


Cyber espionage topping the list of largest security concerns
20 percent of global organizations rank cyber espionage as the most serious threat to their business, with 26 percent struggling to keep up with the rapidly evolving threat landscape. In addition, one in five U.S. organizations have suffered a cyber espionage-related attack in the last year.
March 15, 2017
Read More


Cyber Europe 2016: Analyzing realistic cybersecurity incidents
The European ICT Industry is one of the most advanced in the world. Making the EU's single market fit for the digital age could contribute €415 billion per year to the economy and create hundreds of thousands of new jobs. the pervasiveness of high-speed connectivity and the richness and quality of online services in the European Union are among the best globally.
October 17, 2016
Read More


Cyber extortionists hold MySQL databases for ransom
Ransomware has become cyber crooks favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware.
February 27, 2017
Read More


Cyber insurance: what and why?
High-profile cyber-attacks are fast becoming the norm in modern society, with 2016 being arguably the worst year for major security breaches. National Crime Agency statistics released earlier in the year reinforced this, revealing how last year saw cybercrime overtake more traditional forms of crime in the UK for the first time.
March 19, 2017
Read More


Cyber News Rundown: Edition 2/3/17
 
February 3, 2017
Read More


Cyber resilience: Securing global infrastructures
It seems like every part of the human experience is touched by technology in some way. In many respects, it makes our lives safer, our communication easier, and creates opportunities that we couldn't have even imagined two decades ago. at the same time, this increasing dependence on technology is also driving a rapid threat evolution, featuring a wide range of risks.
July 19, 2016
Read More


Cyber risk in advanced manufacturing: how to be secure and resilient
Nearly half of surveyed manufacturing executives lack confidence their assets are protected from external threats, according to a new study from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI).
November 17, 2016
Read More


Cyber synergy: the need for collaborative cyber intelligence
It's official -- cybercrime now has a bigger impact than any other form of crime in the UK. That's the conclusion drawn by the National Crime Agency (NCA) and Strategic Cyber Industry Group after releasing the Cyber Crime Assessment 2016 report which found that businesses are unable to keep pace with the speed of criminal attack development in what it describes as a 'cyber arms race'.
July 20, 2016
Read More


Cyber terrorism seen as biggest single future threat
47% of UK IT decision makers (ITDMs) are more worried about cyber terrorism attacks now than they were 12 months ago, according to IP EXPO Europe. this was identified as the biggest cyber security risk in the future (27%), followed by attacks to national infrastructure (13%).
September 21, 2016
Read More


Cyberattack suspected in Ukraine power outage
Ukraine's national power company investigates whether hacking caused blackout in Kiev
December 20, 2016
Read More


Cyberattacks against IoT devices tripled in 2016
It only takes one successful cyber-attack to seriously hurt a company, so it's shocking to see that UK businesses suffered, on average, almost 230,000 cyber-attacks in 2016.
January 11, 2017
Read More


Cyberattacks cost SMBs an average of $86,500
On average, a single cybersecurity incident now costs large businesses a total of $861,000. Meanwhile, SMBs pay an average of $86,500. to assess the state of the security landscape in the U.S. and across the world, Kaspersky Lab looked at the attitudes toward security, the cost of data breaches and the losses incurred from incidents.
September 15, 2016
Read More


Cybercrime can come in any shape or size, and not always the form you'd expect
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals.
April 27, 2017
Read More


Cybercrime not slowing down anytime soon
In Q3 2016, cybercriminals were increasingly more ingenious, using innovative technologies and new tools to spread their wares. this is confirmed by the 18 million new malware samples captured by PandaLabs in this quarter alone, an average of 200,000 each day.
October 25, 2016
Read More


Cybercriminals select insiders to attack telecom providers
Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources.
August 24, 2016
Read More


Cybereason unveils complete next-generation endpoint platform
Cybereason unveiled a new Endpoint Security Platform that includes next-generation antivirus (NGAV) functionality at RSA Conference 2017 in San Francisco. by integrating Cybereason's endpoint detection and response platform with classic and next-generation antivirus, enterprises can secure their environment against threats on a single agent for ease of deployment and management.
February 14, 2017
Read More


Cybersecurity analytics and operations: Need for automation and orchestration
New research from Enterprise Strategy Group (ESG) shows that when it comes to the evolution of Cybersecurity Analytics and Operations, 71% of respondent organizations find it more difficult today than it was two years ago due to the changing threat landscape, followed by volume of alerts and increased regulatory changes.
May 10, 2017
Read More


Cybersecurity is not receiving enough attention from presidential candidates
Heading into the first presidential debate, 58 percent of Americans feel the presidential candidates are not paying enough attention to cybersecurity, according to LifeLock.
September 23, 2016
Read More


Cybersecurity talent crisis continues, technical skills in high demand
Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), has released a global report outlining the talent shortage crisis impacting the cybersecurity industry across both companies and nations. 82 percent of respondents admit to a shortage of cybersecurity skills, with 71 percent of respondents citing this shortage as responsible for direct and measureable damage to organizations whose lack of talent makes them more desirable hacking targets.
July 28, 2016
Read More


Cybersecurity today: Turning positive with new thinking and innovation
In this podcast recorded at RSA Conference 2017, Melanie Ensign, Co-Chair for WISP and Head of Security & Privacy Communications at Uber, and Ajay Arora, CEO and founder of Vera Security, talk about how information security is changing on several levels and how modern security teams are now looking at their responsibility in their companies as enabling new business opportunities.
March 19, 2017
Read More


Cybersecurity training management and skills assessment platform
No cost and open source cybersecurity massive open online course (MOOC) provider Cybrary announced the launch of its Teams training management and skills assessment platform at RSA Conference 2017.
February 14, 2017
Read More


Cyberspies tap free tools to build powerful malware framework
The Netrepser cyberespionage group managed to infect hundreds of computers belonging to government agencies and organizations
May 5, 2017
Read More


Misc. - D

D-Link DWR-932 router is chock-full of security holes
Security researcher Pierre Kim has unearthed a bucketload of vulnerabilities affecting the LTE router/portable wireless hotspot D-Link DWR-932. Among these are backdoor accounts, weak default PINs, and hardcoded passwords.
September 29, 2016
Read More


Dagah: Penetration testing for enterprise mobility programs
Shevirah Inc. will unveil at Black Hat USA 2016 the free version of dagah -- a product that empowers security test teams to assess the security posture of their mobility programs including the users, devices, configurations, and applications.
August 04, 2016
Read More


Dailymotion urges users to reset passwords in wake of possible breach
Breach notification service LeakedSource has added information about over 87 million Dailymotion users to its search index.
December 6, 2016
Read More


Dangerous Android threat points to Italian spyware maker
A piece of Android spyware recently analyzed by researchers with the RedNaga Security team seemed to be yet another Hacking Team spying tool but, according to more recent revelations, another Italian company is its likely source.
November 16, 2016
Read More


Dark web fraud guides reveal potential threats to orgs
An in-depth look at content from more than 1,000 fraud guides available for sale on the dark web revealed that the majority of these guides are useless. Still, as many as 20 percent have the potential to cause financial harm to individuals and organizations by instructing readers how to exploit legitimate policies and processes or use malicious code against an organization's systems.
June 7, 2017
Read More


DARPA wants to create secure data-sharing tech
The agency seeks proposals that would secure shared data on handheld devices in remote areas
January 12, 2017
Read More


Dashlane teams with Intel to improve password protection
Security breaches have been one of the major themes of 2016, so going into the new year it's no surprise that companies are keen to try to make things more secure.
January 3, 2017
Read More


Data breach activity reaches all-time high
With over 1,200 breaches and over 3.4 billion records exposed, 2017 is already on pace to be yet another "worst year on record' for data breach activity, according to Risk Based Security.
May 23, 2017
Read More


Data breaches becoming more complex, pervasive and damaging
Data breaches are becoming more complex and are no longer confined to just the IT department, but are now affecting every department within an organization. Each breach leaves a lingering, if not lasting imprint on an enterprise, Verizon 2016 Data Breach Investigations Report (DBIR) shows.
February 17, 2017
Read More


Data breaches hit all-time record high, increase 40% in 2016
The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout. this represents a substantial hike of 40 percent over the near record high of 780 reported in 2015.
January 20, 2017
Read More


Data breaches: Playing by a new set of rules?
Tell me, what's your response when you hear that a company that was breached are now losing customers? I suppose it's at this point the word reasonable makes an appearance. Whether this is the regulator, or in fact data subjects whose personal data is now being packaged and sold to identity thieves.
March 16, 2017
Read More


Data of 200 million Yahoo users offered for sale
Data of some 200 million Yahoo users has been offered for sale on the TheRealDeal dark web market by "peace_of_mind" (aka "Peace").
August 02, 2016
Read More


Data Privacy day reminds digital citizens to better manage their privacy
Many consumers do not fully understand how their information is collected, used and stored by the devices, apps and websites they use every day.
January 16, 2017
Read More


Data protection for any cloud, anywhere
In this podcast recorded at Black Hat USA 2016, Jeff Schilling, CSO at Armor, talks about Armor Anywhere, which provides user-friendly managed security, with visibility and controls to ensure the protection of workloads, assets and applications.
August 29, 2016
Read More


Data Security
Seclore is an information rights management company which helps to protect documents and information by preserving enterprise rights management.
Provides a Service
Read More


Data security and mobile devices: how to make it work
There has been a lot of hype in the media about messaging tools. But recently, some of the headlines have taken a negative turn. Just last month, we read how a London-based banker was fired and fined more than £37,000 by the FCA for leaking confidential company data via WhatsApp. In this case, the employee stated that he simply wanted to 'impress' a friend. not all cyber fraud is a crime of 'boastfulness'.
May 2, 2017
Read More


Data security disruptions can have cascading negative impacts
Nine in 10 global cybersecurity and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017, according to AIG.
May 11, 2017
Read More


Data-centric IoT security for Hadoop Big Data environments
Hewlett Packard Enterprise (HPE) introduced today at RSA Conference 2017 HPE SecureData for Hadoop and IoT, designed to easily secure sensitive information that is generated and transmitted across Internet of Things (IoT) environments, with HPE Format-preserving Encryption (FPE).
February 15, 2017
Read More


Database containing info of 1.5 million online daters found leaking
Sensitive personal information of some 1.5 million users of several dating/cheating websites and apps has been found to be accessible via the Internet. this information includes the users' username, (plaintext) password, email address, gender, date of birth, country of residence and photos, as well as sexual preferences.
October 5, 2016
Read More


DC police surveillance cameras were infected with ransomware before inauguration
Malware seized 70 percent of DC police DVRs a week before Trump's inauguration.
January 30, 2017
Read More


DDoS and web application attacks keep escalating
Akamai Technologies released its Second Quarter, 2016 State of the Internet / Security Report, which highlights the cloud security landscape, specifically trends with DDoS and web application attacks, as well as malicious traffic from bots.
September 15, 2016
Read More


DDoS attack on Dyn came from 100,000 infected devices
DNS service provider Dyn says Mirai-powered botnets were the primary source for Friday's disruption
October 26, 2016
Read More


DDoS attacks continue to escalate in both size and frequency
Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks.
July 19, 2016
Read More


DDoS attacks increase 83%, Russia top victim
DDoS attacks increased 83 percent to more than 182,900 attacks in the second quarter of the year, according to Nexusguard.
July 27, 2016
Read More


DDoS attacks increasingly form blended attacks of more vulnerabilities
DDoS attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard. Hybrid attacks were a common attack pattern against financial and government institutions.
February 9, 2017
Read More


DDoS attacks from webcams, routers hit Singapore's StarHub
The outage follows IoT-based DDoS attacks that knocked out internet access to many US sites
October 26, 2016
Read More


DDoS attacks via WordPress now come with encryption
Kaspersky Lab experts have noted an emerging trend -- a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend -- an attack exploiting vulnerabilities in WordPress via an encrypted channel.
December 14, 2016
Read More


DDoS attacks: $100,000 per hour is at risk during peak revenue generation periods
Neustar and Harris Interactive conducted global, independent research of 1,010 directors, managers, CISOs, CSOs, CTOs, and other c-suite executives to find out how DDoS attacks affect their organizations and what measures are in place to counter these threats. the respondents span many industries, including technology, financial services, retail, healthcare and energy.
May 2, 2017
Read More


DDoS downtime calculator based on real-world information
Are you wondering how you can assess the risks associated with a DDoS attack? Incapsula's free DDoS Downtime Calculator offers case-specific information adjusted to the realities of your organization.
September 13, 2016
Read More


DDoS protection quiz-based training course
The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection.
November 22, 2016
Read More


DDoS script kiddies are also... actual kiddies, Europol arrests reveal
Young 'uns hire tools to hit infrastructure, info systems
December 12, 2016
Read More


Deadlines for investigating and reporting data breaches
75% of organisations set fixed time limits for investigating potential security incidents, according to Balabit. However, 44% of respondents reported missing internal or external deadlines for investigating or reporting a breach in the last year, and 7% said a missed deadline had resulted in serious consequences.
December 19, 2016
Read More


Deception mechanisms for detecting sophisticated attacks
Private information stored in document files is the most popular target for attacks coming from professional hackers, according to TopSpin Security. File traps, including Office files, recent docs and deleted docs, were touched the most times during the research.
October 12, 2016
Read More


Deception security doesn't have to be onerous or expensive
When talking about deception security, most infosec pros' mind turns to honeypots and decoy systems -- additional solutions that companies have to buy, deploy, and manage.
March 22, 2017
Read More


Defeating Magento security mechanisms: Attacks used in the real world
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches.
May 9, 2017
Read More


DefecTor: DNS-enhanced correlation attacks against Tor users
A group of researchers from Princeton University, Karlstad University and KTH Royal Institute of Technology have devised two new correlation attacks that can be leveraged to deanonymize Tor users.
September 30, 2016
Read More


Definitive EU net neutrality guidelines released
The Body of European Regulators for Electronic Communications (BEREC) has published the final guidelines aimed at helping EU member states' National Regulatory Authorities (NRAs) implement EU net neutrality rules.
August 31, 2016
Read More


Delayed breach notifications open door to regulatory fines
As more data breaches occur everyday and more data privacy regulations come into force, such as EU GDPR, organizations are beginning to make data governance and data protection more of a priority.
December 16, 2016
Read More


Delilah malware secretly taps webcam, blackmails and recruits insider threat victims
Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company's secrets.
July 18, 2016
Read More


Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody.
March 8, 2016
Read More


Dell SonicWALL GMS comes with hidden default account
While developing new audit modules for the company's vulnerability scanning technology, Digital Defense researchers found six vulnerabilities in Dell's SonicWALL Global Management System, four of them deemed critical.
July 21, 2016
Read More


Demand for cloud data encryption creates CASB market growth
The global cloud access security brokers market will expand at a CAGR of 16.7% during the period between 2016 and 2024, according to a new report by Transparency Market Research. the overall market was worth US$3,371.4 mn in 2015 and is expected to reach a valuation of US$13,218.5 mn by 2024.
July 18, 2016
Read More


Democracy for the Internet of Things
In the past I've written a number of times on the way that the IoT potentially changes the relationship between governments and their constituents -- and a profound change that will be. Yet, this change is a two way street and perhaps the IoT will open the door to a more direct kind of democracy, where citizens and government are more intimately and inextricably linked.
October 17, 2016
Read More


Despite tremendous growth, most IoT projects fail
60 percent of IoT initiatives stall at the Proof of Concept (PoC) stage and only 26 percent of companies have had an IoT initiative that they considered a complete success. Even worse: a third of all completed projects were not considered a success, according to Cisco.
May 24, 2017
Read More


Detect and block Mac ransomware with Little Flocker
Windows ransomware may make all the headlines, but other platforms are vulnerable too. the first Mac ransomware was uncovered last year, and it's only a matter of time before the next one strikes.
February 20, 2017
Read More


Detect observation and evade theft of sensitive data
Jacob Torrey is an Advising Research Engineer at Assured Information Security, where he leads the Computer Architectures group. He has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture.
March 18, 2016
Read More


Detecting PLC malware in industrial control systems
How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems (ICS) detect it?
February 21, 2017
Read More


Deutsche Telekom confirms malware attack on its routers
German telecom giant Deutsche Telekom has confirmed that the connectivity problems some 900,000 of its customers experienced on Sunday are the result of a hack attempt.
November 28, 2016
Read More


Deutsche Telekom goes drone hunting
Drone popularity continues to rise rapidly as they become ever cheaper and more powerful. Easy availability and large payloads conspire to increase the potential for dangerous drone misuse -- everything from industrial espionage to drug and weapon smuggling to terrorist attacks.
December 1, 2016
Read More


Devices with Qualcomm modems safe from critical ASN.1 telecom flaw
The ASN.1 data parsing vulnerability exists in the baseband of Qualcomm modems, but cannot be exploited.
July 25, 2016
Read More


DevSecOps: Build a bridge between fast and secure software development
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications.
June 15, 2017
Read More


DevSecOps: Building continuous security into IT and app infrastructures
In this podcast recorded at RSA Conference 2017, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about DevSecOps.
March 9, 2017
Read More


DevSecOps: to drive the digital imperative
Dan Hushon, CSC's CTO, has identified six trends around the philosophy of DevSecOps that company leaders need to be thinking about to drive digital transformation.
December 13, 2016
Read More


DHS to enforce extra security checks instead of airplane carry-on laptop ban
Travelers from all over the world who plan to fly into the US will be subjected to more rigorous security checks before being allowed to board the plane, the Department of Homeland Security has decided. Still, they will be allowed to take their laptops in the passenger cabin.
June 29, 2017
Read More


Did Tesco Bank attackers guess victims' payment card details?
A group of researchers from Newcastle University have discovered a practical and easy way for attackers to quickly guess individuals' Visa payment card info needed to perform fraudulent card-not-present transactions (e.g. when online shopping).
December 2, 2016
Read More


Differences in personal security behaviors of US and UK workers
Wombat surveyed more than 2,000 working adults -- 1,000 in the US and 1,000 in the UK -- about cyber security topics and best practices that are fundamental to network and data security, including mobile device habits and password security.
June 13, 2017
Read More


Digital disruptors demand a new approach to IT
Digital disruptors such as algorithms, artificial intelligence (AI), bots and chatbots are already transforming businesses. Gartner expects that algorithmic business will create even greater levels of disruption and new industries. to support the new capabilities and business models of digital and algorithmic business, CIOs must design and deploy their digital business technology platform.
October 3, 2016
Read More


Digital transformation initiatives: what are you doing to get ahead?
Digital transformation initiatives are more successful when they have buy-in from across the business, according to Splunk.
May 12, 2017
Read More


Disable WPAD now or have your accounts and private data compromised
Researchers show the WPAD protocol can be used to steal user data despite HTTPS or VPN connections
August 10, 2016
Read More


Display the cryptographic signing information about any file on your Mac
Verifying a file's cryptographic signature can help the user deduce its trustability. If you're using OS X, there is no simple way to view a file's signature from the UI, unless you're using the WhatsYourSign utility.
August 22, 2016
Read More


Disconnect between investment and expected security improvements
Less than half of US firms will increase their investment in cybersecurity protection to match an expected rise in data breaches, according to a new survey conducted by Ovum. Yet just over half of executives surveyed believe their company will have stronger cybersecurity protection in a year.
May 25, 2017
Read More


Distil Networks releases Hi-Def fingerprinting solution
Distil Networks announced the bot mitigation industry's first Hi-Def fingerprinting solution. Hi-Def device fingerprinting goes beyond IP- and header-centric identification by actively pulling additional data from the browser to identify devices with precision. this approach minimizes false positives and creates an even clearer picture of web traffic, allowing web defenders to make access decisions with certainty.
November 4, 2016
Read More


DLP APIs: The next frontier for Data Loss Prevention
According to the Breach Level Index, there have been 7,094,922,061 data records lost or stolen since 2013 with 4,417,760 records lost or stolen every day, 184,073 records every hour, 3,068 records every minute and 51 every second.
June 19, 2017
Read More


DNSMessenger backdoor/RAT uses DNS queries to communicate with C&C server
How to make sure that your malware will be able to communicate with its C&C servers even if the infected machine sits behind a company firewall and traffic to and from the corporate network is regularly inspected? Pack the needed information into DNS traffic.
March 6, 2017
Read More


DNSSEC: don't throw the baby out with the bath water
A recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. the article reported that DNSSEC-signed domains can be used to conduct reflected DDoS attacks with large amplification factors (averaging 28.9x in their study) that could potentially cripple victim servers.
August 29, 2016
Read More


Do we live in a riskier world? C-suite and senior level experts weigh in
72 percent of global business leaders say they're operating in a riskier world, spurred by increasingly regulated industries, advanced technology and rapid digitalization, according to BDO USA.
June 30, 2017
Read More


Do you know which data compliance standards apply to your organization?
Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations.
December 1, 2016
Read More


Docs.com's "public by default" setting to blame for users publishing sensitive info?
The search option on Docs.com, Microsoft's publishing and file sharing service, has been temporarily disabled as it could be used to trawl published documents for sensitive user information (social security numbers, dates of birth, phone numbers, etc.).
March 27, 2017
Read More


Doctor Who-inspired proxy transmogrifies politically sensitive web to avoid gov censorship
Slitheen tool smuggles browsers into cyber-Tardis
April 21, 2017
Read More


DocuSign breached, stolen info used for targeted phishing campaign
Phishing emails impersonating electronic signature technology provider DocuSign are not an unusual sight, but the latest campaign has the added advantage of specifically targeting registered DocuSign users.
May 16, 2017
Read More


Does your organization have an endpoint security strategy?
Only thirty-three percent of IT security professionals have security strategies in place to protect the growing number of endpoints on their networks, according to a recent study conducted by Dimensional Research among 500 IT security pros.
October 11, 2016
Read More


Dok Mac malware intercepts victims' web traffic, installs backdoor
A new piece of Mac malware, more insidious and dangerous that all those encountered before, has been flung at European users via fake (but relatively convincing) emails.
May 2, 2017
Read More


Don't forget to pack security for the journey to the cloud
When you move workloads to public cloud platforms, you offload many tasks on the cloud provider, but don't fall for the misconception that you're entirely off the hook with security.
March 29, 2017
Read More


Don't Get Scammed by Digital Crooks
The feds in the US seem incapable of stopping these phone and pop-up scammers; protect yourself.
October 20, 2016
Read More


Don't take your hands off the wheel
Let me tell you a story. it's a story about my brother-in-law, whom, for the sake of decency, we'll call Steve.
February 6, 2017
Read More


DoS technique lets a single laptop take down an enterprise firewall
ICMP Type 3 Code 3 packets can overload firewalls, researchers warn
November 14, 2016
Read More


Dota 2 Dev forum breached, nearly 2 million users affected
A hacker has breached the official Dota 2 Dev forum and made off with the entire forum database, which contains email addresses, usernames, IP addresses, and salted password hashes of 1,923,972 users.
August 10, 2016
Read More


Double Robotics Telepresence Robot can be hacked
Rapid7 researchers have discovered a number of vulnerabilities in the Double Robotics Telepresence Robot, the company's iPad-based telepresence device that looks a bit like a Segway.
March 14, 2017
Read More


DoubleAgent attack uses built-in Windows tool to hijack applications
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines.
March 22, 2017
Read More


DressCode Android malware found in 3,000 apps
When Check Point researchers unearthed more than 40 apps on Google play (and 400 on third party app stores) infected with the so-called DressCode malware in late October, it was just the tip of the iceberg.
October 3, 2016
Read More


Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln
JavaScript smuggles malicious payload into PCs
November 29, 2016
Read More


Duo Beyond Helps other Companies be as Secure as Google
Two years ago, Google published a paper describing a "zero-trust" security framework for its enterprise infrastructure that went beyond firewalls. Duo Security has taken that framework and packaged it into a complete security solution that it can now offer to its corporate customers that want to avoid data breaches seen at Sony and elsewhere.
February 8, 2017
Read More


Dyn DDoS attack post-mortem: Users inadvertently helped
As StarHub, one of the three major telcos in Singapore, confirmed that they were the latest victim of "intentional and likely malicious distributed denial-of-service attacks" on their DNS system, Dyn has published a short post-mortem of the unprecedented DDoS attacks it suffered on Friday (October 21, 2016).
October 27, 2016
Read More


Dyn DDoS attack: the aftermath
On October 21, new Hampshire-based Internet performance management company Dyn suffered the largest DDoS attack ever to be registered.
October 22, 2016
Read More


Dynamically generated whitelists help stop hackers
Whitelists have traditionally been used as a way of limiting what users can do, but they're time consuming to maintain and keep up to date.
May 26, 2017
Read More


Misc. - E

Easy Solutions launches digital threat protection suite
Today at RSA Conference 2017 in San Francisco, Easy Solutions unveiled its Digital Threat Protection suite. the offering enables organizations with a proactive strategy against fraud by detecting and mitigating attacks aimed at stealing personal information of customers and employees.
February 13, 2017
Read More


eBook: Defending against crypto ransomware
Unlike traditional malware, crypto ransomware doesn't steal information. Instead, it encrypts a victim's documents, spreadsheets, pictures, videos and other files, and then demands a ransom to unlock the encrypted files – a form of digital blackmail. the ransom amount varies, from $150--$500 for an individual to thousands of dollars for an organization.
August 16, 2016
Read More


EFF: Half of web traffic is now encrypted
Half of the web's traffic is now encrypted, according to a new report from the EFF released this week. the rights organization noted the milestone was attributable to a number of efforts, including recent moves from major tech companies to implement HTTPS on their own properties. Over the years, these efforts have included pushes from Facebook and Twitter, back in 2013 and 2012 respectively, as well as those from other sizable sites like Google, Wikipedia, Bing, Reddit and more.
February 22, 2017
Read More


Effective ICS cyber defense methods
Cyber defense risks are on the top of concern for every manager operating manufacturing and critical infrastructure. the solutions for protecting the Confidentiality, Integrity and Availability (C-I-A) of IT systems are widely understood and accepted by most organizations.
January 24, 2017
Read More


Egyptian civil society NGOs targeted with sophisticated phishing
In the last few months, a number of Egyptian civil society organizations, lawyers, journalists, and independent activists have been targeted with personalized and generic emails aimed at revealing their Gmail or Dropbox credentials to the attackers.
February 2, 2017
Read More


Electronic Frontier Foundation reveals its privacy and security wishlist for 2017
With the end of the year approaching, many people are looking back over 2016 and picking out the highlights. Others, however, are looking back to see what can be learned for 2017; this is exactly what digital rights group Electronic Frontier Foundation is doing.
December 20, 2016
Read More


Elegant 0-day unicorn underscores "serious concerns" about Linux security
Scriptless exploit bypasses state-of-the-art protections baked into the OS.
November 22, 2016
Read More


ElcomSoft Grabs 'Deleted' Safari History from iCloud
Before web browsers embraced private windows, clearing their history was something of a technological rite of passage. Embarrassing searches? Gone. Porn? Never heard of it. But now ElcomSoft has revealed that it's possible to retrieve deleted history from Apple's Safari browser from iCloud. Whoops.
February 9, 2017
Read More


Email and IoT security issues persist
New AT&T research shows many businesses are not effectively protecting their data. as more organizations adopt cloud architectures, traditional security protections aren't enough.
March 2, 2017
Read More


Email attacks exploit unpatched Microsoft Word vulnerability
Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
April 10, 2017
Read More


Email scammers swindle US State Supreme Court judge out of $1 milion
If often happens to less prominent individuals, but this time it happened to a US State Supreme Court judge: scammers have managed trick her into wiring the money meant for buying an apartment to a bank account under their control.
June 21, 2017
Read More


Email-based attacks exploit unpatched vulnerability in Microsoft Word
Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
April 10, 2017
Read More


Email-borne threats: Watch your inbox closely on Thursdays
Malicious email attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favor sending malicious messages Tuesday through Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-sale (POS) campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favor Mondays.
June 8, 2017
Read More


Emergency Flash Player patch fixes zero-day critical flaw
Adobe warns that hackers are already exploiting the vulnerability in limited attacks
October 26, 2016
Read More


Employee burnout: the biggest workplace challenge in 2017
The biggest threat to building an engaged workforce in 2017 is employee burnout. a new study by Kronos and Future Workplace found 95 percent of human resource leaders admit employee burnout is sabotaging workforce retention, yet there is no obvious solution on the horizon.
January 10, 2017
Read More


Employees rely largely on personally owned mobile devices in the workplace
Mobile device adoption in the workplace is not yet mature, found a recent survey from Gartner. Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs.
November 30, 2016
Read More


Employees' bad security habits put businesses in danger
Employees have poor security practices and use completely unsecured private devices for work, putting their organizations at huge risk of cyber-attacks, a new report by WinMagic says. After polling workers in the UK, the report says more than four in ten (42 percent) use private devices for work, accessing corporate data and e-mail accounts.
December 9, 2016
Read More


Employees increasingly allowed to move data onto personal mobile devices
Corporate data governance programs are difficult to establish and enforce. for the most part, these programs lack the necessary people, processes and technology to effectively fend off security threats, data breaches, regulatory fines and lawsuits.
April 28, 2017
Read More


Employment scams target recent college grads
As if the job market isn't hard enough to break into, rising seniors and recent college graduates are employment scam targets. In January, the FBI issued a warning that employment scams targeting college students are still alive and well.
March 7, 2017
Read More


Enable self-healing endpoint security with Application Persistence
In this podcast recorded at RSA Conference 2017, Richard Henderson, Global Security Strategist at Absolute Software, and Todd Wakerley, SVP of Product Development at Absolute Software, talk about Application Persistence.
March 7, 2017
Read More


Enabling the Industrial Internet of Things with Unidirectional CloudConnect
Waterfall Security Solutions launched Unidirectional CloudConnect, a solution based on its patented Unidirectional Gateway technology, designed to meet the challenges of both cybersecurity and interoperability.
October 27, 2016
Read More


Encrypted messaging app Confide suffers from many security issues
Confide, the encrypted instant messaging application with a self-destructing messaging system that has become popular with White House staffers, is not so secure after all.
March 8, 2017
Read More


Encrypted webmail service Lavabit relaunched
Lavabit, the secure encrypted webmail service used by Edward Snowden, is back online.
January 23, 2017
Read More


Encryption ransomware hits record levels
The amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 up from 92 percent in Q1.
November 18, 2016
Read More


End the air gapping myth in critical infrastructure security
In an environment where we're seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections.
December 14, 2016
Read More


End-to-end email encryption with no central point of attack
A seamless, easy-to-use, and secure end-to-end encrypted business collaboration tool with no central point of attack is a holy grail for every business, and Boston-based security company PreVeil believes they have the right solution on hand.
June 15, 2017
Read More


End-to-end network segmentation essential for security, yet few deploy
As point-of-sale breaches, ransomware attacks and various other customer data breaches continue to make local and national headlines, IT professionals agree that network segmentation -- the ability to create secure, network-wide "swim lanes" for applications or services -- is an essential measure to mitigate security risks.
September 12, 2016
Read More


Endpoint security is only one piece of the puzzle
Like many of you, I attended RSAC in February. Wading through the crowd of more than 43,000 people, I was interested to see how many new and improved endpoint security solutions were being touted by big-name vendors and newcomers alike.
March 21, 2017
Read More


Endpoint Protector 5: Responsive interface and updated eDiscovery module
CoSoSys released Endpoint Protector 5 with updates on the management console which has been redesigned for a modern, user-friendly and responsive experience.
June 6, 2017
Read More


Energy sector IT pros overconfident in data breach detection skills
A new study by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the energy sector.
September 20, 2016
Read More


Enhance iMessage security using Confide
One of the new features in iOS 10 offers the possibility of deploying specially crafted applications within iMessage. Most users will probably (ab)use this new functionality for sending tiresome animations and gestures, but some applications can actually provide added value for iMessage communication.
September 29, 2016
Read More


Enhanced security facilitates your safe move to the cloud
If you haven't moved at least some of your data to the cloud, you will. it's inevitable at this point. Even the most highly secured organizations have some of their data on the cloud.
January 3, 2017
Read More


ENISA says crypto backdoors are a bad idea
"History has shown that technology beats legislation, and criminals are best placed to capitalise on this opportunity," the European Network and Information Security Agency (ENISA) noted in a recently released opinion paper on encryption.
December 14, 2016
Read More


Enterprise endpoint security: Millions of devices still running outdated systems
Duo Security analyzed the security health of 4.6 million endpoint devices, including 3.5 million mobile phones across multiple industries and geographic regions.
June 5, 2017
Read More


Enterprise multi-factor authentication market to cross $1 billion this year
Evolving cyber threats contribute to hundreds of millions of dollars in losses for businesses each year due to compromised credentials and data breaches.
October 10, 2016
Read More


Enterprises too complacent in the face of rising mobile threats
Enterprises continue to fall short when it comes to protecting corporate data on mobile apps and devices, according to the Mobile Security and Risk Review released by MobileIron at Black Hat USA 2016. Mobile threats are on the rise but only 8% of companies are enforcing OS updates and less than 5% are using App Reputation or Mobile Threat Detection software.
August 04, 2016
Read More


Equipment already in space can be adapted for extremely secure data encryption
In a new study, researchers from the Max Planck Institute in Erlangen, demonstrate ground-based measurements of quantum states sent by a laser aboard a satellite 38,000 kilometers above Earth. This is the first time that quantum states have been measured so carefully from so far away.
June 19, 2017
Read More


ESET antivirus opens Macs to remote code execution
Like any other software, security software is sure to have some vulnerabilities that can be exploited by attackers.
February 28, 2017
Read More


Espionage group uses cybersecurity conference invite as a lure
A cyber espionage group that has been targeting organizations in Southeast Asia for years is misusing a legitimate conference invite as a phishing lure to trigger the download of backdoor malware.
October 30, 2016
Read More


Essential Pokemon Go protection tips
Since its release, Pokemon Go has become the most downloaded game in history on iOS and Android. However, Gemalto is now warning its millions of players around the world to stay safe and ensure they only battle fellow players' gyms, not viruses and identity theft.
August 26, 2016
Read More


Eternal Blues: A free EternalBlue vulnerability scanner
It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install -- on all their systems -- the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits.
June 30, 2017
Read More


EU court: Site operators can log visitors' IP address for protection against attacks
The Court of Justice of the European Union (CJEU) has ruled that the German government can collect and keep IP addresses of visitors to websites operated by German Federal institutions, in order to protect those sites against cyberattacks (e.g. denial-of-service attacks)
October 20, 2016
Read More


EU privacy watchdogs want answers from WhatsApp and Yahoo about user data
They told WhatsApp to stop sharing users' data with Facebook until an EU investigation is complete
October 28, 2016
Read More


EU says UK surveillance laws are illegal and not 'justified within a democratic society'
But whether or not the ruling will stick once the UK leaves the EU isn't clear
December 21, 2016
Read More


EU wants to curb export of cyber-surveillance tech
The European Commission has proposed a new amendment to the regulation that forms the basis of EU's export control regime of dual-use technology, i.e. technology that can be used for both peaceful and military aims.
October 4, 2016
Read More


EU wants to increase privacy in WhatsApp, Gmail and iMessage by preventing unwanted tracking
Facebook, Apple and Google face a drop in ad revenue if EU proposals to apply the same rules to online messaging services that currently apply to telecoms companies go through. In a nutshell, the proposals suggest that the likes of WhatsApp, Gmail and iMessage should ask for explicit user permission to allow tracking with a view to delivering targeted ads.
January 10, 2017
Read More


European businesses not seeking help from the security industry ahead of GDPR
European research by PAC and Reliance acsn has outlined the challenges and concerns that security professionals across Europe are facing and how they approach the serious issue of outsourcing functions. One of the key findings of the report was that compliance and GDPR were not seen as important reasons for employing third party security firms, despite the need for detailed knowledge to comply with regulations.
May 4, 2017
Read More


European Commission chucks cash at UR -- the universal language of mind your own biz
Funding for French privacy browser -- and why not
June 27, 2017
Read More


European companies hit with highly customizable ransomware
Panda Security researchers have been following and analyzing ransomware attacks that have been targeting European business for a few months now, and have tied them to the same group.
April 3, 2017
Read More


European Institute for Computer Anti-Virus Research (EICAR)
leads task forces, organizes conferences, and publishes documents.
Provides Information
Read More


European Parliament Doubles Budget for 'Free' Software Audit and Bug Bounty Projects
The European Parliament approved a budget increase for auditing the open source software used by its institutions. the budget also covers a new bug bounty program, which is meant to encourage outside security researchers to report bugs in software that the European Union uses in its IT infrastructure.
December 1, 2016
Read More


European privacy advisor wants encryption without backdoors
"The confidentiality of online communications by individuals and businesses is essential for the functioning of modern societies and economies. the EU rules designed to protect privacy in electronic communications need to reflect the world that exists today," European Data Protection Supervisor (EDPS) Giovanni Buttarelli opined after reviewing a new proposal on the ePrivacy Directive.
July 29, 2016
Read More


Europol and GCA will fight cybercrime through the exchange of information
Europol and the Global Cyber Alliance (GCA) signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber risk and improving internet security throughout Europe and beyond.
January 31, 2017
Read More


Europol identifies eight main cybercrime trends
The volume, scope and material cost of cybercrime all remain on an upward trend and have reached very high levels. some EU Member States now report that the recording of cybercrime offences may have surpassed those associated with traditional crimes.
September 28, 2016
Read More


Europol terrorism investigations data found exposed online
700 pages of confidential dossiers, which included details about terrorism investigations in Europe, have been found exposed on the Internet by the reporters of Dutch TV documentary programme Zembla.
December 1, 2016
Read More


Evaluating artificial intelligence and machine learning-based systems for cyber security
All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most trends in our industry, the available protection solutions range from elegantly-designed platforms to clumsily-arranged offerings. The big problem is that many enterprise security teams cannot always tell the difference.
June 19, 2017
Read More


Even a cybersecurity firm can fall for a W-2 phishing scam
US Tax day (April 18) is quickly approaching, and scammers are hard at work to get what they can before the set tax season deadline.
March 19, 2017
Read More


Even the World's Largest Internet Companies Get Phished, Just Like your Grandma
If you've ever been duped by a phishing scam, you can feel a little less stupid about it today, because you've been joined in that sad club by Google and Facebook.
April 28, 2017
Read More


Evernote employees will be able to read notes only if users allow it
Evernote has recently announced that, starting on January 23, 2017, Evernote users' unencrypted notes will be accessible to some Evernote employees.
December 16, 2016
Read More


Every third American has lost money to online criminals
With nearly half of Americans reporting they have been tricked or defrauded, citizens are concerned that the internet is becoming less safe and want tougher federal and state laws to combat online criminals, according to a new Digital Citizens Alliance survey released today at Black Hat USA 2016.
August 04, 2016
Read More


Everything we Know About the Cyber Attack that Crippled America's Internet
Friday's DDoS attack on Dyn's domain name servers was unprecedented. the attack utilized a botnet made up of "internet of things" (IoT) devices (think: smart TVs, DVRs, and internet-connected cameras) to take down a major piece of internet infrastructure. the result? for most of Friday, people across the United States and some parts of Europe were unable to access sites like Amazon, Twitter, CNN, PayPal, Spotify and more. Here's what we know so far.
October 22, 2016
Read More


Evolution of security operations from reactionary survival mode to forced sophistication
The most security-sensitive companies approach their job and their day with the default assumption that they have been hacked, and they set out to prove that important components of their environment are safe. Less security-sensitive companies approach each day with the assumption that they are clean, and start looking for breaches. Or, at least, that's Paul Farrell's experiences have taught him.
April 13, 2017
Read More


Ewind Android adware is actually a full-fledged Trojan
Palo Alto Networks researchers have analyzed a string of legitimate-looking Android apps and have discovered that the adware included in them has the potential to do much more than just show ads.
April 12, 2017
Read More


Executive spotlight: iovation's new Vice President of Product
Last week iovation announced that Dwayne Melancon was leaving Tripwire after 17 years and joining the company as the new Vice President of Product, so we decided to get in touch and see what are his future plans.
April 27, 2017
Read More


Expert tips for managing your cloud data
Networking, governance issues are key
April 3, 2017
Read More


Explained: Apple iCloud kept 'deleted' browser histories for over a year
Cupertino giant quickly purged supposedly dead files when word got out
February 9, 2017
Read More


Exploit for Windows DoS zero-day published, patch out on Tuesday?
A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it.
February 3, 2017
Read More


Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers.
April 11, 2017
Read More


Exploring data security in the legal sector and beyond
BitSight analyzed the Security Ratings of more than 20,000 organizations in six industries -- Finance, Legal, Healthcare, Retail, Government and Energy. the objective was to highlight quantifiable differences in security performance across industries from the past 12 months and identify areas of cybersecurity risks.
December 9, 2016
Read More


Exploring trends in automated crypto trading
Despite the risks, many traders continue to be attracted to cryptocurrency trading due to the earning potential it offers. Sasha Ivanov, CEO of Waves, explains that the crypto market is inefficient, opportunities for arbitrage exist between exchanges, and the market is very volatile and unregulated with a constantly shifting landscape.
January 1, 2017
Read More


Explosive global attack delivers destructive Petya ransomware
Less than two months after the disastrous, global WannaCry infestation, a variant of the Petya ransomware dubbed PetrWrap has started hitting companies in Ukraine, Russia and Europe.
June 27, 2017
Read More


Exposing voting machine vulnerabilities
Cylance announced the successful exploitation of critical vulnerabilities in a common model of voting machine. the exploitation of these vulnerabilities was previously thought to only be theoretical in nature prior to this revelation. the compromise techniques are relatively simple to undertake, but do require physical access to the voting machine.
November 7, 2016
Read More


Extensive shift to hybrid infrastructure services is underway
The growth of cloud and industrialized services and the decline of traditional data center outsourcing (DCO) indicate a massive shift toward hybrid infrastructure services, according to Gartner.
April 7, 2017
Read More


EyePyramid clears the way for future malware attacks
Several weeks ago, the release of court documents revealed a long-standing cyber espionage campaign aimed at Italian politicians and businesspeople, law firms, state institutions and law enforcement agencies, and many others.
February 1, 2017
Read More


Misc. - F

F-Secure buys industrial control security firm
Also locks down automotive and aviation electronics
February 16, 2017
Read More


F-Secure buys Little Flocker to combat macOS ransomware
Little Flocker enforces low-level access control to files and other sensitive resources like the webcam and microphone
April 6, 2017
Read More


Facebook and GitHub test new account recovery option
Facebook and GitHub have partnered to provide GitHub users who employ two-factor authentication an easier way to recover access to their account in case they get locked out of it.
January 31, 2017
Read More


Facebook Becomes the Latest Major Company to Support U2F Security Keys
The Universal 2nd Factor (U2F) standard designed by the Fast Identity Online (FIDO) Alliance gained Facebook as another important supporter.
January 26, 2017
Read More


Facebook buys black market passwords to keep your account safe
The company's security chief says account safety is about more than just building secure software.
November 9, 2016
Read More


Facebook gets physical for safer logins
Facebook has been offering the two factor authentication login option for a while now, and is now trying to make its use easier than ever before.
January 27, 2017
Read More


Facebook gets serious about the big bucks in TV shows
Facebook doubles down on its big bet to create homemade TV shows.
February 9, 2017
Read More


Facebook is still figuring out how to tackle fake news
Facebook realizes that "fake news" is a problem, but is still a long way from figuring out how to solve it. at CODE Media today, Facebook VP of partnerships Dan Rose said combatting fake news is "something that's really important to us," but acknowledged that the company is "just getting started" and "there's a lot of work we can do."
February 14, 2017
Read More


Facebook malware allegedly spreading celebrity sex tapes through Chrome extension
A new spam campaign has recently been seen spreading on Facebook, which allegedly contains sex videos of celebrities. In reality, it leads unsuspecting users into downloading a malicious Chrome extension.
December 9, 2016
Read More


Facebook Messenger end-to-end encryption rolled out for all users
Facebook Messenger's Secret Conversations feature, which allows end-to-end encryption of messages exchanged by two users that have enabled the option, has finally been rolled out to all Messenger users.
October 5, 2016
Read More


Facebook moderators can inspect private messages of users suspected of terror links
Pressured by European governments, Facebook, Twitter and Google are trying to tackle the extremist propaganda and recruitment on their social networks and sites.
June 30, 2017
Read More


Facebook turns Safety Check over to its users
The world's largest social network won't be deciding what events warrant a Safety Check. you will.
November 17, 2016
Read More


Facebook, Google ban fake news sources from their ad networks
Despite Mark Zuckerberg's dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads.
November 15, 2016
Read More


Fake DVLA SMS tricking UK residents into sharing payment card info
SMS messages made to look like they are coming from the Driver and Vehicle Licensing Agency (DVLA) are being flung at UK residents, in an attempt to trick them into sharing sensitive information.
April 3, 2017
Read More


Fake executive social media accounts threaten enterprises
New research has uncovered numerous duplicative Twitter and LinkedIn accounts among Fortune 500 leaders, raising concerns about potential security vulnerabilities.
November 16, 2016
Read More


Fake iPhone order dispatch confirmations hitting inboxes
Fake dispatch confirmation emails for a bogus order of an iPhone from Apple's App Store are hitting inboxes, warns Hoax-Slayer.
August 05, 2016
Read More


Fake LinkedIn emails phishing job seekers
Fake LinkedIn emails are hitting inboxes, trying to get recipients to hand over their CVs.
April 18, 2017
Read More


Fake news services and tools proliferate on online markets
Fake news is not a new concept, but the Internet -- and social media and networks in particular -- have made it infinitely easier for it to spread and reach its target audience.
June 15, 2017
Read More


Fake Pornhub apps are spreading online to lock you out of your Android device
Be careful about streaming some of those sexytime videos online on your smartphone-- your device might just end up getting locked up and held hostage, but certainly not of the kinky sort.
February 22, 2017
Read More


Fake SEO plugin backdoors WordPress installations
Administrators of WordPress sites, beware! a fake SEO plugin is being used by attackers to compromise WP installations.
April 3, 2017
Read More


FalseGuide malware infects millions of Android users via Google Play
Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the play Store. the latest large-scale batch to be discovered takes the form of adware known as FalseGuide.
April 26, 2017
Read More


Family dynamics in a connected world
A new global study by Intel Security aims to better comprehend how families' attitudes and habits are evolving as their homes and lifestyles become increasingly connected.
January 24, 2017
Read More


FBI allays some critics with first use of new mass-hacking warrant
Judge authorized order allowing US to change data in thousands of infected devices.
April 24, 2017
Read More


FBI: Hackers are targeting state election systems
Voter registration databases from two states were reportedly targeted in the hacks
August 29, 2016
Read More


FCC orders TP-Link to allow third-party firmware on their routers
The Federal Communications Commission's Enforcement Bureau has reached a $200,000 settlement with TP-Link in regards to selling in the US routers that could operate at output levels higher that allowed by FCC rules.
August 03, 2016
Read More


FCC to halt rule that protects your private data from security breaches
FCC chair plans to halt security rule and set up vote to kill privacy regime.
February 24, 2017
Read More


FDA urges patients to implement patch to secure their cardiac implants
Patients who have been implanted with pacemakers and defibrillators manufactured by US-based St. Jude Medical are urged to make sure that their Merlin@home Transmitter unit is plugged in and connected to the Merlin.net network, so that it can receive a critical security patch.
January 12, 2017
Read More


Featured talks at the upcoming Hack In the Box Security Conference
The 8th annual Hack In the Box Security Conference in Amsterdam will feature brand new 2 and 3-day hands-on technical trainings covering a wide variety of topics from Linux kernel exploitation techniques to advanced malware analysis and more.
January 9, 2017
Read More


Federal regulators: Increasing cybersecurity stance on financial institutions
Everyone is increasing the attention of cybersecurity given the continued parade of hacking incidents. Just last week, the three main prudential regulators for financial institutions–Office of the Comptroller of the Currency (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC)–released new proposed cybersecurity risk mitigation standards called, Enhanced Cyber Risk Management Standards.
October 25, 2016
Read More


Feds are using big data analytics for cybersecurity, but is it effective?
81 percent of Feds say their agency is using big data analytics for cybersecurity in some capacity -- 53 percent are using it as a part of their overall cybersecurity strategy and 28 percent are using it in a limited capacity. However, breaches continue to afflict agencies with 59 percent of Feds reporting their agency deals with a cybersecurity compromise at least once a month due to their inability to fully analyze data, according to MeriTalk and Cloudera.
August 30, 2016
Read More


Feds Shut Down Scam that Used Pop-Up Alerts to Scare People Into Thinking Computers Were Hacked
If you've ever browsed some of the internet's seedier nooks and crannies, you might be familiar with a particular type of scam: the pop-up warning (usually accompanied by a loud, alarm-like sound) telling you that your computer has been compromised and you must call tech support immediately.
October 12, 2016
Read More


Feds strike another multi-national "tech support" scam
Lucrative career path: Convince users that Event Viewer "errors" are terrifying.
October 13, 2016
Read More


Fight fraud: Scams, identity theft, ransomware attacks
In an increasingly technology-oriented world, cybercrime has become all too common for both consumers and businesses. Internet crime takes many forms and includes everything from large-scale data breaches to consumer issues like identity theft and cyberstalking to widespread scams and ransomware.
October 18, 2016
Read More


Fighting attackers in the era of data jacking
In this podcast recorded at RSA Conference 2017, Zohar Alon, CEO at Dome9 Security, talks about how attackers can compromise systems with valuable data that are either on-prem or in the cloud, how they can monetize them, and what we as security vendors and security professionals can do in order to prevent them.
March 8, 2017
Read More


Fighting sophisticated phishing threats during the digital revolution
In this podcast recorded at RSA Conference 2017, Damien Hugoo, Director of Product Marketing at Easy Solutions, talks about what organizations can do in order to take a proactive approach in defending employees and users against phishing attacks.
March 2, 2017
Read More


Fileless attack framework was used in many recent attacks
In the last month or so, a number of security companies spotted attackers targeting a variety of organizations around the world with spear-phishing emails delivering PowerShell backdoors (some of them fileless), misusing legitimate utilities, and communicating with C&C servers through DNS traffic.
March 17, 2017
Read More


Fileless Powershell malware uses DNS as covert communication channel
DNSMessenger is a multistage threat written in Powershell that uses DNS for two-way communication with attackers
March 3, 2017
Read More


Final warning: Popular browsers will soon stop accepting SHA-1 certificates
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates. other browser makers plan to do the same.
November 17, 2016
Read More


Finally, enterprise-wide encryption strategies increase!
New research by the Ponemon Institute captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their most sensitive data.
April 14, 2017
Read More


Financial malware attacks increase as malware creators join forces
Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company's IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.
August 12, 2016
Read More


Fine-tuning the SOX compliance process
The annual Sarbanes-Oxley (SOX) Compliance Survey released by Protiviti reveals a new set of challenges facing public companies amid their compliance efforts.
June 14, 2017
Read More


Fingbox: Network security and Wi-Fi troubleshooting
Fingbox allows you to secure and troubleshoot your home network. It plugs in to your existing router, alerting you when it senses anything out of the ordinary -- from new devices on your network, changes in your Internet performance, or unidentified devices that could be an unwelcome intruder.
November 24, 2016
Read More


Fireball malware infected 250 million computers worldwide
Check Point researchers discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, named Fireball, takes over target web browsers, turning them into zombies.
June 1, 2017
Read More


Firefox 0-day exploited in the wild to unmask Tor users
An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser users.
November 30, 2016
Read More


Firefox 51 starts flagging HTTP login pages as insecure
Mozilla has released Firefox 51 on Tuesday, and this latest stable version of the popular browser comes with many security fixes and improvements.
January 25, 2017
Read More


Firefox Focus: Private iOS browsing made easy
Mozilla has released Firefox Focus, an iOS app that lets you browse the Internet without having to worry who's tracking your online activity.
November 18, 2016
Read More


Firefox to prevent sites from tracking users by checking their battery status
Version 52 of the popular Firefox browser will no longer allow websites to access the Battery Status API and the information it can provide about the visitor's device.
November 3, 2016
Read More


Firmware security: An overlooked threat
An increase in connected devices as part of organizations' hardware footprint, combined with increasingly inventive attack methods from cybercriminals, has brought firmware security into the spotlight.
October 20, 2016
Read More


First all-machine hacking tournament coming to Las Vegas
Long-lived critical flaws in widely deployed bedrock internet infrastructure are not rare. Analysts have estimated that, on average, such flaws go unremediated for 10 months before being discovered and patched, giving nefarious actors ample opportunity to wreak havoc in affected systems before they move on to exploit new terrain.
July 18, 2016
Read More


First complete sabotage attack demonstrated on a 3-D printed drone propeller
Researchers from three universities combined their expertise to demonstrate the first complete sabotage attack on a 3D additive manufacturing (AM) system, illustrating how a cyber attack and malicious manipulation of blueprints can fatally damage production of a device or machine.
October 20, 2016
Read More


First post-quantum cryptography on a contactless security chip
Due to their computing power, quantum computers have the disruptive potential to break various currently used encryption algorithms. Infineon Technologies has successfully demonstrated the first post-quantum cryptography implementation on a commercially available contactless security chip, as used for electronic ID documents.
May 30, 2017
Read More


Five crucial ways to help keep a system safe from harm
We're living in an incredible age of technology, invention and innovation. It's hard to imagine that just a short time ago we couldn't order groceries for delivery from our phones, or ask into the air any question, to be answered immediately by a robot sitting on a countertop. "Okay, Google -- what do I have to do today?"
July 6, 2017
Read More


Five emerging technology trends essential to business success
People hold the power to shape and apply technology to create positive change, improve lives, and transform business and society, according to Accenture Technology Vision 2017, the annual technology report that predicts the most significant technology trends that people will apply to disrupt business over the next three years.
January 27, 2017
Read More


Five emerging trends impacting the IT consulting services market
The top five emerging trends driving the global IT consulting services according to Technavio are:
October 26, 2016
Read More


Five tips to help execute an employee training program
One of the best ways to reduce the risk of data breaches is employee training. this is particularly important during the fall "back to business" season when many employees are returning to the office after a well-deserved summer break, according to Shred-it.
August 18, 2016
Read More


Five trends to help senior executives protect against fraud threats
A new Experian report identifies five trends that businesses should assess and take action on to mitigate fraud and improve the customer experience in today's fast-paced, consumer-centric environment.
July 20, 2016
Read More


Five ways to prevent data leaks
The story still strikes fear into the hearts of IT departments: as many as 70 million credit- and debit card accounts were compromised in less than a month during the Target data breach.
February 13, 2017
Read More


Five ways to respond to the ransomware threat
The ransomware threat has taken a sharp upturn this year. In fact, a recent industry study found that nearly half of all U.S. businesses have experienced at least one ransomware attack in the past year alone. While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they're victimized, Logicalis US suggests CXOs focus first on how to protect, thwart and recover from a potential attack.
September 13, 2016
Read More


Fix crap Internet of Things security, booms Internet daddy Cerf
Don't just fling unsecured open source OSes at world+dog, father of the Internet begs
March 21, 2017
Read More


Flashlight app on Google play delivered highly adaptable banking Trojan
A modified version of the Charger mobile ransomware has been downloaded from Google play by up to 5,000 users.
April 20, 2017
Read More


Flaw in Wix website builder risked computer worm
The problem resided with a cross-site scripting (XSS) vulnerability found in websites from Wix
November 3, 2016
Read More


Flaw with password manager LastPass could hand over control to hackers
The exploits require tricking a user to visiting a malicious website
July 27, 2016
Read More


Flawed code hooking engines open endpoints to compromise
Six common security issues stemming from the incorrect implementation of code hooking and injection techniques have been unearthed by EnSilo researchers in over 15 different products, including anti-virus (AV) and anti-exploitation solutions, data loss prevention software (DLP) and host-based intrusion-prevention systems (HIPS).
July 19, 2016
Read More


Flaws in Moodle CMS put thousands of e-learning websites at risk
The vulnerabilities could allow attackers to gain administrative privileges and execute malicious PHP code on web servers
March 21, 2017
Read More


Flaws in Moodle CMS put thousands of e-learning websites at risk
The vulnerabilities could allow attackers to gain administrative privileges and execute malicious PHP code on web servers
March 21, 2017
Read More


Flaws in Network Management Systems open enterprise networks to attacks
For quite a while now, Rapid7 researchers Tod Beardsley and Deral Heiland have been looking for vulnerabilities in various Network Management Systems (NMSs).
September 8, 2016
Read More


FlockFlock: File access enforcement for macOS
The more serious you are about information security, the more you realize it's difficult to be sure a system isn't compromised. While malware authors don't target the Mac platform as much as Windows, it doesn't mean you should be complacent about its security.
August 11, 2016
Read More


Florida court's schizophrenic rulings throw mobe passcode privacy into doubt
Jail for one, pass for so-called celebs in sex tape case
May 31, 2017
Read More


For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST's centralized National Vulnerability Database (NVD), Recorded Future researchers have found.
June 7, 2017
Read More


Forget about the malware, go after attackers' tactics, techniques and procedures
The cybercriminal's options for monetizing attacks has never been broader, less complex, or less risky, and attempts to detect intrusions by detecting the malware they use has never been more pointless, a study commissioned by Arbor Networks has revealed.
June 22, 2017
Read More


Forget your Google password and sign in with your phone
Log in to your Google account with a few simple taps on your phone.
September 7, 2016
Read More


Former Expedia IT support worker gets prison time for hacking execs' emails, insider trading
A IT support technician formerly employed at Expedia offices in San Francisco was sentenced to 15 months in prison for securities fraud, plus three years supervised release.
April 26, 2017
Read More


Former Expedia IT support worker spied on company executives
A computer support technician formerly employed at Expedia offices in San Francisco pleaded guilty to securities fraud. Jonathan Ly, 28, admitted he used his position in tech support at Expedia to access emails of Expedia executives so that he could trade in Expedia stock and illegally profit from non-public information.
December 6, 2016
Read More


Former NSA techies raise $8m for their data governance startup
Immuta to free up data scientists in 'highly regulated' environments
February 16, 2017
Read More


Foscam IP cameras riddled with gaping security holes
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months ago, Foscam has still not fixed the issues.
June 8, 2017
Read More


Fostering a safe place for businesses to work in
It's no secret that in the past few years, business leaders have begun to realise the potential of digital transformation to give their organisation a competitive edge. Through driving productivity, empowering staff and creating engaging experiences for customers; investing in digital technology has become a number one priority for businesses looking to secure their place in our digital tomorrow.
June 22, 2017
Read More


Four high-profile vulnerabilities in HTTP/2 revealed
Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new version of the HTTP protocol that serves as one of the main building blocks of the Worldwide Web.
August 03, 2016
Read More


Four IT trends CIOs need to know about
CIOs looking for a benchmark to gauge IT success can depend on user experience metrics to provide the answer. In each of today's "third platform" technologies -- cloud, analytics, security and mobile -- emerging millennial users expect their compute experience to be seamless, secure, and portable, but delivering on those expectations is not as easy as it sounds.
August 08, 2016
Read More


Four Keys to Ensuring Security in a Managed Service Environment
When you outsource IT services to a managed service provider, it stands to reason that the provider takes on considerable responsibility for securing that environment. Ultimately, though, it is still your company and, therefore you, who must share the responsibility for securing every piece of data.
August 04, 2016
Read More


Four ways to keep data safe during election season
There is no shortage of passionate feelings among voters when it comes to this November's presidential election. Those feelings extend tenfold to each candidate's campaigns. Although campaigns depend on passion and monetary contributions to keep going, they also rely on something else: data.
October 18, 2016
Read More


Fraudsters accessed Three UK customer database with authorised credentials
Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three's status report on the investigation, the attackers were able to access the company's customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones.
November 18, 2016
Read More


Free download -- SysAdmin Magazine: Tools & Tips for Security Admins
Every day security administrators monitor networks, support security tools, establish security requirements, perform vulnerability assessments, and much more. SysAdmin Magazine offers a wide range of helpful and time-tested tips and tools every security administrator will find useful.
October 30, 2016
Read More


Free tool for Active Directory changes monitoring
Netwrix Change Notifier for Active Directory tracks changes to Active Directory (AD) users, group memberships, OUs, permissions, and provides visibility into what's happening inside your AD.
October 26, 2016
Read More


Free your files! No-cost decryption tools released for two ransomware programs
These ransomware programs appeared in recent months, but their encryption implementations are weak compared to others
July 22, 2016
Read More


French surveillance law is unconstitutional after all, highest court says
Giving government spies unfettered access to everyone's wireless communications is not such a good idea after all
October 22, 2016
Read More


Fresh Bluetooth Developer Toolkit line tackles IoT security, interoperability
The Bluetooth Special Interest Group (SIG) released several updates to its developer toolkit line-up, which enables developers to build smarter when creating things like mobile apps and low-cost beacons, as well as gateways that control IoT sensors.
September 22, 2016
Read More


Friction matters: Data security lessons from Snapchat and Google
In this podcast recorded at RSA Conference 2017, Grant Shirk and Veliz Perez, Head of Product Marketing and Product Marketing Manager at Vera respectively, talk about how the need to protect confidential data extends past the borders of your business.
February 28, 2017
Read More


FTC goes after D-Link for shoddy security in routers, cameras
Security experts have been warning about the dangers of poorly secured IoT products.
January 5, 2017
Read More


FTC: D-Link Failed to Secure Routers, IP Cameras
The Federal Trade Commission (FTC) filed a complaint against D-Link saying the company failed to secure its routers and internet-connected cameras.
January 6, 2017
Read More


FTSE companies lack secure data collection methods
With less than a year remaining until the commencement of the GDPR, new research reveals that more than one-third of all public web pages of FTSE 30 companies capturing personally identifiable information (PII) are in danger of violating the regulation by doing so insecurely.
June 2, 2017
Read More


Misc. - G

Gartner identifies top technologies for information security
Gartner highlighted the top technologies for information security and their implications for security organizations in 2017.
June 14, 2017
Read More


GDPR privacy, preparations and understanding
A new GDPR privacy benchmarking study by IAPP and TRUSTe provides insight into how companies are preparing for the sweeping changes to privacy laws under the EU General Data Protection Regulation (GDPR).
November 10, 2016
Read More


GDPR requirements: Five high-priority actions
The European General Data Protection Regulation (GDPR) will have a global impact when it goes into effect on May 25, 2018. Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
May 3, 2017
Read More


GDPR: Are you prepared?
Many European and US businesses are ill-prepared for the recently agreed EU General Data Protection Regulation (GDPR) and are at risk of falling foul of its rules around the use and control of personal data, according to a study conducted by Vanson Bourne.
September 14, 2016
Read More


Generational differences increase security risks
There are two major IT security risks that enterprises need to prepare for -- Millennials and the impending General Data Protection Regulation (GDPR).
April 6, 2017
Read More


German Android users bombarded with banking malware masquerading as legitimate apps
Fortinet researcher Kai Lu warns of a fake email app that is capable of stealing login credentials from 15 different mobile banking apps for German banks.
November 21, 2016
Read More


German consumer groups sue WhatsApp over privacy policy changes
The Federation of German Consumer Organizations wants WhatsApp to stop passing users' contact lists to its parent company, Facebook
January 30, 2017
Read More


German court upholds WhatsApp-Facebook data transfer ban
But the court overturned the privacy regulator's order that the companies delete data they had already transferred
April 26, 2017
Read More


German Federal Intelligence Service violates laws, dodges supervision
The German Federal Intelligence Service (BND) has been illegally collecting data through mass surveillance tools, storing it in databases that should not exist, and has repeatedly prevented the Federal Commissioner for Data Protection and Freedom of Information (BfDI) from supervising their actions.
September 8, 2016
Read More


German law enforcement gets new hacking powers
On Thursday, the Bundestag has voted to accept a new amendment that will expand the German police's hacking powers.
June 26, 2017
Read More


Germans, Czechs served with banking malware through SMS
German and Czech Android users are getting served with a banking Trojan directly through text messages, warns malware researcher Bart Blaze.
February 28, 2017
Read More


Ghost Push Trojan still a major threat to most Android users
The Ghost Push Trojan (also known as Shedun) is still a considerable threat to Android users around the world.
October 18, 2016
Read More


GhostMail stops providing secure comms to individual users
Encrypted email, chat and storage service GhostMail will no longer provide its services to individual users. Instead, it will concentrate on the enterprise market.
August 02, 2016
Read More


GitLab plugs critical flaw in its code repository manager software
GitLab (the company) has pushed out security updates for both the Community Edition (CE) and Enterprise Edition (EE) of the GitLab software, fixing a critical security flaw in the "import/export project" feature.
November 4, 2016
Read More


Global biometrics market revenue to reach $15.1 billion by 2025
The biometrics market has reached a tipping point. Driven largely by the confluence of organizations' desires to better authenticate or identify users and users' distaste for knowledge-based systems (password and challenge questions), biometrics is working its way into consumer, industrial, and government systems at an increasing pace.
February 7, 2017
Read More


Global cloud security market to reach $13.93 billion by 2024
The cloud infrastructure has witnessed a significant growth in recent years and its popularity can be attributed to the on-demand services, scalability and flexibility, and the cost effective solutions it offers to organizations. the global cloud security market is expected to reach $13.93 billion by 2024, according to Grand View Research.
March 1, 2017
Read More


Global cyber security leaders to gather in Berlin
A series of reports over the summer have shown not only that cybercrime is more persistent than ever, but there are also more opportunities. the growth of technology, digitalisation, computer networks and the integrated nature of business, with its worldwide supply chains and customer relationships, has brought with it a whole range of new ways for cyber criminals to attack corporations and governments alike.
October 14, 2016
Read More


Global cyber security market: Competition forecast and opportunities
Increasing cyber attacks on the critical infrastructure has rendered worldwide security at risk. the prime motive behind these attacks is to gain access to financial information and retrieve sensitive information related to an organizations' operational strategies, government defense moves, etc.
August 23, 2016
Read More


Global data privacy laws: the #1 cross-border e-discovery challenge
In the year since the EU's rejection of Safe Harbor, there has been a spike in legal concern over cross-border data transfers, according to a survey by BDO Consulting.
January 23, 2017
Read More


Global geopolitical changes driving encryption adoption
Recent global geopolitical changes have made more people and organizations than ever worry about the privacy of their data, and consider increasing their use of encryption to ensure their data is kept safe.
February 17, 2017
Read More


Global mobile deep packet inspection market explodes
The global mobile deep packet inspection (DPI) market will grow at an impressive CAGR of almost 22% until 2020, according to Technavio.
August 26, 2016
Read More


Global network shares phishing attack intelligence in real-time
IRONSCALES, a multi-layered phishing mitigation solution that combines human intelligence with machine learning, today announced the launch of Federation, a product that will automatically and anonymously share phishing attack intelligence with organizations worldwide.
July 28, 2016
Read More


GlobalSign certificate revocation error leaves websites inaccessible
Test revocation causes browsers and systems to reject GlobalSign-issued certificates
October 14, 2016
Read More


Gmail gains new machine learning models to block phishing and spam messages
Google has just pushed a major security update to Gmail, which is supposed to block phishing, one of the most common ways to obtain sensitive information like passwords, credit card details or usernames.
May 31, 2017
Read More


Gmail will block JavaScript attachments, a common source of malware
In February, the .JS file extension will be added to a list of 31 file types that Gmail already blocks
January 26, 2017
Read More


GnuPG developers start new fundraising effort
Werner Koch and his team of GnuPG developers are asking for funding for the continued development of the popular free email and data encryption software.
June 7, 2017
Read More


Going to Black Hat? you don't want to miss the Arsenal!
Every August, more than 10,000 information security professionals from all over the world converge in Las Vegas to attend Black Hat USA. the event features innovative research, in-depth trainings, and a few special events.
August 03, 2016
Read More


Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide
Researchers finger digital marketing agency Rafotech
June 2, 2017
Read More


Google Abandons 'End-To-End' Email Encryption Project, Invites Community to Take It Over
Google announced that the "End-to-End" email browser extension project it started three years ago is no longer a "Google project," and that the community is invited to take it over because the project "has left the nest." the company also renamed the End-to-End project "E2EMail."
February 27, 2017
Read More


Google adds phishing protection to Gmail app on Android
Gmail users will now be protected from phishing attacks on their Android phones thanks to a new update from Google. the company is rolling out a new security feature similar to that found in the web version of Gmail, warning people when an email contains a suspicious link.
May 4, 2017
Read More


Google AdSense abused to distribute Android spyware
Svpeng Trojan incoming!
August 15, 2016
Read More


Google AdWords malware targeting Apple computers through Google Chrome search query
Security researchers over at Cylance have discovered a new strain of malware that attacks victims via Google AdWords to infect Apple macOS computers.
November 2, 2016
Read More


Google Allo now works seamlessly with Android Auto
Now you can use one of Google's least popular messaging apps to send messages while driving.
March 8, 2017
Read More


Google and Dutch Researchers Demonstrate Broken SHA-1 Web Security
Google this week announced that Shell Hashing Algorithm-1 (SHA-1) has been broken.
February 24, 2017
Read More


Google and Facebook scammed out of over $100 million
No matter how big you are, you are never safe on the Internet. There are many proofs of this statement but one of the latest is a case in which Google and Facebook were named as victims of a huge, multi-million scam. According to Fortune, the two technological giants lost over $100 million over the course of two years because of a well prepared phishing attack.
April 28, 2017
Read More


Google and partners announce Open Yolo - an API to help ditch your passwords
It's well known that passwords are oftentimes the weak links when it comes to security online and on our devices. That's why Google, in partnership with Dashlane and other password manager creators, is launching a new open source project, called Open Yolo, whose aim is to help you ditch your passwords on Android.
August 05, 2016
Read More


Google announces Security Key-Enforced Two-Step Verification for G Suite
Google announced a new option for companies that use its G Suite services (Gmail, Google Drive, etc), which will allow IT administrators to enforce the two-factor authentication based on U2F (Universal 2nd Factor) security keys.
February 2, 2017
Read More


Google brands malicious websites with 'repeat offender' warnings
If a site is caught cleaning up its act for a parole hearing only to turn around and start offending soon after, Google will give them 30 days in the penalty box.
November 9, 2016
Read More


Google Chrome impersonator Trojan doing rounds
If you're a Google Chrome user, and suddenly your browser looks a bit off and shows you pages that you would never visit ordinarily, you've probably been hit with the Mutabaha Trojan.
August 31, 2016
Read More


Google Chrome users targeted by tech support scammers
Google Chrome users, beware: tech support scammers are misusing helpful browser features to impersonate Microsoft and to bombard users users with pop-ups.
August 29, 2016
Read More


Google clashes with Microsoft over Windows flaw disclosure
Microsoft argues that Google isn't cooperating on vulnerability disclosure
November 1, 2016
Read More


Google Cloud Platform gets a range of security improvements
Google has announced a series of additions to its Cloud Platform infrastructure. These aim to boost overall security and ensure that a user or company's assets are protected.
March 10, 2017
Read More


Google cracks down on 'repeat offender' websites that continue to spread malware
Google is imposing a heavier punishment on websites hosting malware that have found a way to bypass its Safe Browsing initiative, which was built to prevent users from encountering malicious content online.
November 10, 2016
Read More


Google CTF 2017 announced: Test your skills!
Google has announced the 2017 edition of its Capture The Flag (CTF) competition.
June 5, 2017
Read More


Google demos how neural networks can encrypt communications
In an effort to demonstrate how AI could be used to boost encryption, researchers at Google taught two neural networks how to communicate with one another while keeping their conversation secret from a third.
November 1, 2016
Read More


Google details how it clamped down on massive phishing scam
The company shut down the attack, which masked itself as a Google Doc invitation, within an hour.
May 5, 2017
Read More


Google discloses unpatched IE flaw after Patch Tuesday delay
The flaw might lead to arbitrary code execution, researchers say
February 24, 2017
Read More


Google Docs phishing attack underscores OAuth security risks
One security researcher easily managed to replicate Wednesday's phishing attack
May 4, 2017
Read More


Google Docs Phishing Scam Stopped, But don't Let your Guard Down Yet
A couple days ago, some Google users reported an advanced phishing scam involving Google Docs. the scam starts by sharing a Google Doc with a Gmail users, which then took users to a real Google Doc page to select their account.
May 5, 2017
Read More


Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers
Even Adobe pushed its patch faster than Windows giant
October 30, 2016

Google Duo: Simple, encrypted, video calling app
Google Duo is a simple 1-to-1 video calling app available for Android and iOS. In order to use Google Duo all you need is your phone number, no separate account is necessary.
August 16, 2016
Read More


Google enacts stricter penalties on sites that continuously spread malware
Google has been protecting users against dangerous and harmful websites for many years by warning web surfers when they accidentally click on links that could lead them to sites that spread malware or attempt to phish for your private information.
November 9, 2016
Read More


Google fails to patch Chrome browser bug -- Microsoft Windows users at risk of scams
Many people use Google Chrome, and rightfully so. the cross-platform web browser works brilliantly, and is super-fast. Plus, the search-giant's browser is very secure too, right? not so fast...
November 9, 2016
Read More


Google floats prototype Key Transparency to tackle secure swap woes
Google has released an open-source technology dubbed Key Transparency, which is designed to offer an interoperable directory of public encryption keys.
January 13, 2017
Read More


Google found over 1,000 bugs in 47 open source projects
In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it's ready to integrate even more of them.
May 9, 2017
Read More


Google game teaches kids about online safety
Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder.
June 9, 2017
Read More


Google Infrastructure Security Design Overview
Google has a global scale technical infrastructure designed to provide security through the entire information processing lifecycle at Google. this infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.
January 16, 2017
Read More


Google Intros 'Protect your Election' Security Toolkit
It's easier than ever to spy on journalists, take down political websites, and otherwise use cyber attacks to help influence an election. now Google and Jigsaw have introduced the Protect your Election tool suite to help election-related organizations, politicians, and journalists defend themselves from those attacks.
March 21, 2017
Read More


Google is fighting with Symantec over encrypting the internet
Google, which has accused Symantec and its partners of misissuing tens of thousands of certificates for encrypted web connections, quietly announced Thursday that it's downgrading the level and length of trust Chrome will place in certificates issued by Symantec.
March 27, 2017
Read More


Google is winding up Gmail support for older Chrome versions
Chrome users that, for whatever reason, can't or don't want to update to the latest version of the browser will soon start seeing warnings when they access Gmail.
February 6, 2017
Read More


Google just disclosed a major Windows bug – and Microsoft isn't happy
Is 10 days enough time to build a patch?
October 30, 2016
Read More


Google just dodged a privacy lawsuit by scanning your emails a tiny bit slower
The company won't do ad scans until after a message hits your inbox
December 14, 2016
Read More


Google launches its own Root Certificate Authority
Google is known for slipping fingers in many pies, so it should not come as a surprise that it has opted for starting its own Root Certificate Authority.
January 30, 2017
Read More


Google mistakes the entire NHS for massive cyber-attacking botnet
Hospitals advised to use Bing instead
February 1, 2017
Read More


Google offers app to help companies assess their vendors' security
The app contains questions for assessing Web application security, infrastructure security, data center security and privacy
March 8, 2016
Read More


Google open sources vendor security review tool
Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture.
March 8, 2016
Read More


Google Outs Windows Vulnerability After Missed Deadline
Google disclosed a Windows vulnerability that could allow someone to collect sensitive information via Internet Explorer and other software. the bug was originally shared with Microsoft in November, and it's been publicly revealed now because Google's discloses threats 90 days after they were reported.
February 22, 2017
Read More


Google phishing attack was foretold by researchers--and it may have used their code
A potential threat from spoofing Google applications was cited in 2011.
May 5, 2017
Read More


Google plugs 19 holes in newest Android security update
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical.
March 8, 2016
Read More


Google plugs serious Nexus vulnerability in latest security update
January security bundle brings a fix for a 'high-severity vulnerability' that was uncovered in the Nexus 6 and 6P.
January 9, 2017
Read More


Google project has small name but tackles big security issue
Project Wycheproof, named after the smallest mountain in the world, lets developers quickly check their cryptographic libraries against a large number of known attacks.
December 19, 2016
Read More


Google Project Zero Finds Windows Vulnerabilty, "Worst in Recent Memory"
Google's Project Zero has found yet another critical Windows Vulnerability, this time going so far as to call it "Crazy Bad" in a lone tweet by Google security researcher Tavis Ormandy. Tavis went on to elaborate that the vulnerability "works against a default install, [you] don't need to be on the same LAN, and it's wormable."
May 8, 2017
Read More


Google Project Zero security researchers discover 'crazy bad' Windows exploit
Google's Project Zero identifies bugs and security flaws in commonly used software, and gives firms 90 days to patch them before going public. this is an approach which doesn't always go down well -- a case in point being when Google recently released details of a Windows bug after Microsoft failed to patch it in time.
May 8, 2017
Read More


Google publishes details of Windows bug after Microsoft misses 90-day Project Zero disclosure deadline
Google's Project Zero has proved controversial on several occasions already, with the search giant publicly revealing details of software bugs when companies fail to fix them. now the project has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made available for everyone to see -- and exploit.
February 20, 2017
Read More


Google publishes eight national security letters
Have you ever wondered what a national security letter (NSL) received by Google looks like? Well, wonder no more, as the Internet giant has published eight of them.
December 14, 2016
Read More


Google punishes deceptive 'repeat offender' sites
That is why the tech giant is instituting new rules for malicious websites that have previously been able to game Google's "Safe Browsing" system. Now, sites that clean up their act only to reimplement malicious code or software won't have it so easy.
November 10, 2016
Read More


Google pushed developers to fix security flaws in 275K Android apps
Over 90,000 developers acted based on alerts issued through the Google play App Security Improvement program
January 20, 2017
Read More


Google quietly changed its privacy policy, no longer promises to anonymize your personal information when selling ads
For years, researchers have discussed how the "anonymizing" various companies claim to perform on the data they gather is poor and can be easily reversed. Over the last few years, we've seen multiple companies respond to these problems by refusing to continue anonymizing data at all. Verizon kicked things off, but Vizio has gone down this route as well, and now we know Google has – or, at the very least, has reserved the right to do so.
October 22, 2016
Read More


Google Ramps Up Fight Against Deceptive Software Installations, Aims for 'Clean Software' Industry Standards
Google's Safe Browsing service, used by Chrome, Firefox, and Safari, generates 60 million monthly warnings to users about deceptive software installations. this is three times more than the number of warnings shown by the service for malware.
August 04, 2016
Read More


Google refuses to patch faulty login page that can be used to serve up malware
Google refuses to fix a vulnerability that can be found on its login page which can be exploited by attackers to serve up malware, according to Aidan Woods, a security researcher.
August 31, 2016
Read More


Google releases details, PoC exploit code for IE, Edge flaw
As were impatiently waiting for Microsoft to patch vulnerabilities that were scheduled to be fixed in February, Google has released details about a serious vulnerability in the Internet Explorer and Edge browsers.
February 27, 2017
Read More


Google reports "high-severity" bug in Edge/IE, no patch available
String of unpatched security flaws comes after February Patch Tuesday was canceled.
February 27, 2017
Read More


Google researcher uncovers another RCE in Microsoft Malware Protection Engine
Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which powers a number of the company's antivirus and antispyware software.
June 27, 2017
Read More


Google researchers help test cryptographic flaws
The new project provides more than 80 tests for common cryptographic attacks
December 20, 2016
Read More


Google reveals a Windows flaw that's being exploited by hackers, angering Microsoft
Microsoft argues that Google isn't cooperating on vulnerability disclosure
October 30, 2016
Read More


Google Reveals Actively Exploited Windows Kernel Vulnerability
Google disclosed two actively exploited vulnerabilities seven days after revealing them to the relevant vendors, which in this case are Adobe and Microsoft. Google said that Adobe has already fixed its bug, but that Microsoft hasn't released an advisory or fix yet.
October 30, 2016
Read More


Google reveals actively exploited Windows vulnerability
Redmond was given only ten days to fix the issue before Google went public with its notice.
October 30, 2016
Read More


Google reveals its servers all contain custom security silicon
Even the servers it colocates (!) says new doc detailing Alphabet sub's security secrets
February 3, 2017
Read More


Google reveals serious Windows 10 vulnerability just 10 days after telling Microsoft
Google's Threat Analysis Group has released details about a Windows 10 vulnerability, leaving millions of users at risk, as Microsoft is yet to patch it.
October 30, 2016
Read More


Google reveals yet another vulnerability in Microsoft's software, this time in Edge and IE
Google's Project Zero research team has actively been detecting vulnerabilities in Microsoft's software products for quite some time. back in November 2016, it revealed a "particularly serious" security flaw in Windows 10 just ten days after detailing it to Microsoft - for which it received lots of backlash. Just a few days ago, it disclosed yet another vulnerability in Windows, however, this time after its standard 90-day deadline had passed.
February 27, 2017
Read More


Google Safe Browsing delivers details to compromised website owners
The Google Search Console will now show tailored recommendations for dealing with security issues detected by Safe Browsing
September 7, 2016
Read More


Google Safe Browsing goes after repeat offenders
Google has had enough of sites that repeatedly endanger end users, either through malware, unwanted software, phishing or other social engineering and deceptive tactics.
November 9, 2016
Read More


Google security researcher reportedly discovers 'crazy bad' vulnerability in Windows
Google's security researchers regularly try to discover vulnerabilities in the company's own software products, as well as those developed by other firms, such as Microsoft and Apple. These efforts are part of Google's Project Zero initiative through which it informs other companies about the vulnerability present in their software products, allowing them 90 days to fix the issue, before details are publicly disclosed.
May 8, 2017
Read More


Google shifts on email encryption tool, leaving its fate unclear
Despite announcing it almost three years ago, Google hasn't officially put the tool on the Chrome Web Store.
February 27, 2017
Read More


Google to cough up $20m after Chrome rips off anti-malware patents
Actual residents of Texas Eastern District prevail
February 13, 2017
Read More


Google to sanction Symantec for misissuing security certificates
In a post on a developers' forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google's plan to start gradually distrust all existing Symantec-issued certificates, and push for their replacement with new, fully revalidated certificates that will be compliant to the current baseline requirements.
March 24, 2017
Read More


Google to untrust WoSign and StartCom certificates
Google Chrome will stop trusting digital certificates issued by the WoSign and StartCom certificate authorities after Oct. 21, 2016.
November 1, 2016
Read More


Google Tries to Advance IoT Security with Android Things
Someone might finally have found a way to make the Internet of Things (IoT) less of a threat. Google released a developer preview of Android Things, an Android-based platform, and updated Weave to make it easier for companies to produce and maintain IoT products. this could in turn make those connected gadgets--and therefore the internet as a whole--more secure than they have been in the past.
December 13, 2016
Read More


Google updates its site verification process to flag 'repeat offenders'
Google has decided to rework the way it classifies dangerous and harmful sites in an effort to better protect users from being infected by malware.
November 11, 2016
Read More


Google wants to help you manage your passwords
The search giant intends to use password managers to log you in to your Android apps, a process that could expand to other devices and operating systems.
August 05, 2016
Read More


Google wants to revamp public Wi-Fi networks, but what about security?
William Shakespeare once wrote, "the eyes are the windows to your soul," but if you ask savvy retailers, they might say it's guest Wi-Fi. Why? new Wi-Fi systems allow them to use powerful features like social media integration, SMS and email to gather key information about customers and connect with them long after they leave a brick and mortor location. While these features are good for both the business and its customers, they can also create challenges for small business owners who are already extremely busy.
October 10, 2016
Read More


Google warns journalists and professors: your account is under attack
A flurry of social media reports suggests a major hacking campaign has been uncovered.
November 23, 2016
Read More


Google warns of actively exploited Windows zero-day
Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild.
November 1, 2016
Read More


Google's Android hacking contest fails to attract exploits
The $200,000 bounty Google offered to hack its Android OS was not enough to tempt researchers.
March 31, 2017
Read More


Google's Data Handling Practices Force Company to Turn Over Foreigner's Data
Recently, a court said that Google must hand over the data of a number of its non-American users that was stored overseas. the company moved to quash the order, arguing that because the data was stored abroad, it doesn't have to comply with U.S. data requests. However, magistrate judge Laurel Beeler rejected Google's objections.
April 21, 2017
Read More


Google's plan to foil screen-hijacking malware in Android O
74% of ransomware, 57% of adware, and 14% of banker malware abuse a specific app permission to target nearly 40 percent of all Android users -- by overlaying screens, displaying fraudulent ads and phishing scams over apps.
May 10, 2017
Read More


Google's Project Zero reveals vulnerability in Internet Explorer and Microsoft Edge
Google's Project Zero has exposed another security flaw in Microsoft software – this time in Internet Explorer and Microsoft Edge. as reported by the Register, the flaw was first disclosed to Microsoft on November 25, but has now gone public after exceeding Project Zero's 90-day disclosure deadline without a patch.
February 27, 2017
Read More


Google's smart search for security
Google made waves this week with the launch of the much-hyped messaging app Allo. the app boasts some impressive features, including embedding Google Assistant into your conversations. "Smart Replies" learn from your behavior over time to offer up the type of replies that you'd typically give. the assistant can even analyze photos and help you make dinner reservations or buy movie tickets based on what's happening in your conversation, without ever leaving the app.
September 22, 2016
Read More


Google

Google's whack-a-mole with Android adware continues
Why can't Google put a stop to adware on their official Android app marketplace? The analysis by Trend Micro researchers of a Trojan Android ad library dubbed Xavier tells the story.
June 19, 2017
Read More


Google, Dropbox the latest US tech giants to sign up to the Privacy Shield
Queued up to self-certify
September 28, 2016
Read More


Google, Facebook Victims of $100M Phishing Scam
It's easier to con someone than to take whatever you want from them with brute force. That's why phishing scams, which rely on trickery instead of technical skill, can be so effective. Convincing someone at Google to pay you tens of millions of dollars is relatively easy compared to compromising the systems used to handle that money. and that's how someone managed to bilk roughly $100 million from Google and Facebook via email fraud.
April 28, 2017
Read More


Google, Microsoft bump bug bounties
Googles' rise is permanent, Microsoft wants you to give Office 365 a beating
March 6, 2017
Read More


Google, Microsoft increase bug bounties
Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products.
March 6, 2017
Read More


Gooligan Android malware used to breach a million Google accounts
Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts.
November 30, 2016
Read More


Gooligan worms its way into Android phones, compromises one million Google accounts
The malware uses your Google account to download and boost ratings of Google play apps.
November 30, 2016
Read More


Governments are behind on data encryption in the public cloud
A HyTrust survey of 59 government and military organizations found that nearly 20 percent of those respondents do not implement data security or encryption solutions in the public cloud.
December 6, 2016
Read More


GPG Sync: Internal GPG keys syncing tool for orgs
First Look Code has released GPG Sync, an open source tool for keeping a list of GPG keys used by members of an organization always updated, and always available to all of them.
October 19, 2016
Read More


GPS Act Aims to Stop Warrantless Smartphone Tracking Done with Cell-Site Simulators
Senators Ron Wyden, Rep. Jason Chaffetz, and Rep. John Conyers, Jr., introduced the Geolocation Privacy and Surveillance (GPS) Act to stop law enforcement from using cell-site simulators to track anyone they want without first obtaining a warrant.
February 16, 2017
Read More


Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars
Musk's lot better get on this
November 24, 2016
Read More


Great, now your monitor can be hacked too
You are all well aware that your computer, tablet, and smartphone can be hacked... but have you ever wondered if someone is trying to compromise your monitor?
August 08, 2016
Read More


Growing risk associated with mobile and IoT application security
Despite widespread concern about the security of mobile and Internet of Things applications, organizations are ill-prepared for the risks they pose, according to research conducted by the Ponemon Institute.
January 19, 2017
Read More


Growth rates of cryptographic keys and certificates
A new study conducted by Dimensional Research evaluated current and projected growth rates of cryptographic keys and digital certificates in the enterprise for 2016 and 2017. Study respondents included 505 IT professionals that manage these critical cryptographic assets in the U.S., U.K., France and Germany.
December 16, 2016
Read More


Guccifer 2.0, alleged Russian cyberspy, returns to deride U.S.
Guccifer 2.0 claimed he was behind the DNC hack back in June
January 13, 2017
Read More


Guidance for connected vehicle security: Attack vectors and impacts
The Cloud Security Alliance (CSA) released its first ever research and guidance report on connected vehicle security. Authored by the CSA's Internet of Things (IoT) Working Group, "Observations and Recommendations on Connected Vehicle Security' provides a comprehensive perspective on vehicle security connectivity design, possible attack vectors of concern, and recommendations for securing the connected vehicle environment.
May 26, 2017
Read More


Gugi banking Trojan outsmarts Android 6 security
A modification of the Gugi banking Trojan that can bypass Android 6 security features designed to block phishing and ransomware attacks. the modified Trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls and more.
September 7, 2016
Read More


Misc. - H

Hack a Nexus from afar, get $200,000
Google has issued a challenge to bug hunters around the world: find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices' phone number and email address, and you'll be handsomely rewarded.
September 15, 2016
Read More


Hack Attack on Dallas Emergency System Sets Off Every Warning Siren In the City
The city of Dallas is apologizing to residents for a hack attack that set off 156 of the city's emergency sirens late on Friday night, jolting folks awake and scaring the bejeezus out of people.
April 10, 2017
Read More


Hack brief: dangerous 'Fireball' adware infects a quarter billion PCs
Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it's an epidemic waiting to happen.
June 2, 2017
Read More


Hack In the Box announces keynotes for 2017 Amsterdam event
Hack In the Box announced an exciting line-up for its annual security conference taking place in Amsterdam on April 13th and 14th. Groundbreaking security research covering new exploit methodology and several zero-days, will be disclosed during the event. These disclosures affect a wide range of technologies from network and mobile security implementations, payment systems, to web browsers and more.
March 16, 2017
Read More


Hack of emergency siren system kept Dallas citizens up for hours
When 156 emergency sirens in Dallas started wailing around midnight last Friday, the city's 911 line was flooded with calls by panicked citizens who wanted to know what was going on, and whether the city was under attack.
April 10, 2017
Read More


Hack reveals data company Cellebrite works with everyone from US cops to Russia
Cellebrite unaware of "increased risk to customers as a result of this incident."
January 12, 2017
Read More


Hacked cheating site Ashley Madison will pay $1.6 million to FTC for breach
Commission settlement officially $17.5 million, but fine reduced due to inability to pay.
December 14, 2016
Read More


Hacker breached 60+ unis, govt agencies via SQL injection
A hacker tied to the November 2016 penetration of the US Election Assistance Commission and subsequent database sale has successfully targeted 60+ government agencies and universities by leveraging the same attack method: SQL injection.
February 16, 2017
Read More


Hacker breaks into Harvard student paper to troll Mark Zuckerberg
Ahead of Zuck's commencement speech for the class of 2017
May 25, 2017
Read More


Hacker Guccifer sentenced to 52 months in prison
Romanian hacker Guccifer, i.e Marcel Lehel Lazar, who unlawfully accessed the private online accounts of at least 100 Americans and caused the public release of this information on the Internet, was sentenced to a total of 52 months in prison for unauthorized access to a protected computer and aggravated identity theft.
September 2, 2016
Read More


Hacker Phineas Fisher arrested in Spain?
Has Phineas Fisher, the person (or group) behind the Gamma International and Hacking Team breaches and data leaks, been caught?
February 1, 2017
Read More


Hacker shows Reg how one leaked home address can lead to ruin
Just don't go on Facebook, people. You're giving yourself up to crims
July 20, 2016
Read More


Hacker takes out dark web hosting service using well-known exploit
Freedom Hosting II allegedly was hosting child pornography sites, according to hacker
February 6, 2017
Read More


HackerOne CEO: 'We're building the world's biggest security talent agency'
Marten Mickos is crowdsourcing security with a growing army of ethical hackers who can help your company if you're ready to adopt a new security mindset.
October 7, 2016
Read More


HackerOne offers bug bounty service for free to open-source projects
Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs
March 3, 2017
Read More


HackerOne offers bug bounty service for free to open-source projects
Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs
March 3, 2017
Read More


Hackers are seeking out company insiders on the black market
Researchers have noticed growing activity from online black market dealers trying to recruit company insiders for cyber crime
February 2, 2017
Read More


Hackers blackmail patients of cosmetic surgery clinic
Hackers have been trying to blackmail patients of a Lithuanian plastic surgery clinic, by threatening to publish their nude "before and after" photos online.
May 31, 2017
Read More


Hackers can abuse LTE protocols to knock phones off networks
Attacks on the global mobile interconnection network are still possible even with the new LTE Diameter protocol, researchers say
November 7, 2016
Read More


Hackers can easily take over cellphone towers, researchers found
Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations , i.e. the equipment that makes cellphone towers work.
August 24, 2016
Read More


Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio
Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.
May 23, 2017
Read More


Hackers changing tactics, techniques and procedures
Organizations need to conduct better penetration testing to combat continual changes in hackers' tactics, techniques and procedures (TTPs), according to NTT Security.
October 22, 2016
Read More


Hackers compromised Telegram accounts, identified 15 million users' phone numbers
Hackers have managed to compromise over a dozen Telegram accounts belonging to Iranian political activists and identify phone numbers tied to 15 million Iranian Telegram users, researchers Claudio Guarnieri and Collin Anderson claim.
August 03, 2016
Read More


Hackers cook god-mode remote exploits against Edge, VMware in world-first
PwnFest fells first tech giants -- Google Pixel, Adobe next in line
November 10, 2016
Read More


Hackers explain how they "owned' FlexiSpy
How did the hackers that go by the name Decepticons breach stalkerware manufacturer FlexiSpy?
April 26, 2017
Read More


Hackers exploit Apache Struts vulnerability to compromise corporate web servers
The vulnerability allows attackers to execute malicious code on servers without authentication
March 9, 2017
Read More


Hackers exploit Apache Struts vulnerability to compromise corporate web servers
The vulnerability allows attackers to execute malicious code on servers without authentication
March 9, 2017
Read More


Hackers extorted a cool $1 million from South Korean web hosting provider
Whether through ransomware, or simply by breaking into computer systems and exfiltrating and deleting the data found on them with other means, cyber extortionists are going for the big fish: businesses.
June 19, 2017
Read More


Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON
The results from this year's IoT hacking contest are in and it's not a pretty picture
September 13, 2016
Read More


Hackers had a chance to hamper voting by deleting records
In June, attackers managed to steal administrative login credentials from a county official in the U.S.
August 30, 2016
Read More


Hackers hosted tools on a Stanford University website for months
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result in the servers hosting phishing and scam pages, spam mailers, exploit kits, or malware.
June 1, 2017
Read More


Hackers release source code for a powerful DDoS app called Mirai
After doing heavy damage to KrebsOnSecurity and other web servers the creator of the Mirai botnet, a program designed to harness insecure IoT devices to run massive denial of service attacks, has apparently released the source code on Github.
October 10, 2016
Read More


Hackers seek company insiders on the black market
Researchers have noticed growing activity from online black market dealers trying to recruit company insiders for cybercrime
February 2, 2017
Read More


Hackers steal 1.6 million Clash of Kings forum accounts
The official forum for the popular mobile game Clash of Kings is the latest to fall victim to a cyberattack after a hacker broke through its defenses and managed to obtain the user data of around 1.6 million accounts.
July 26, 2016
Read More


Hackers stole technical trade secrets from German steelmaker
German-based ThyssenKrupp, one of the world's largest steel producers, has announced that it has been the target of a cyber attack.
December 9, 2016
Read More


Hackers who took control of PC microphones siphon >600 GB from 70 targets
Critical infrastructure, media, and scientists targeted by suspected nation-state.
February 20, 2017
Read More


Hacking group uses Google services to control malware
Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. the news was released by cybersecurity firm Forcepoint this week.
January 20, 2017
Read More


Hacking industrial robots in today's smart factories
It has been estimated that by 2018, approximately 1.3 million industrial robot units -- mechanical multi-axis "arms' used for automating various operations -- will be employed in factories across the world.
May 3, 2017
Read More


Hacking smart cities: Dangerous connections
Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets.
August 18, 2016
Read More


Hacking tools in Vault 7 data dump linked to prolific cyber espionage group
While security researchers and companies go through the collection of hacking tools contained in the data dump that the Shadow Brokers failed to sell, Symantec has tied hacking tools from WikiLeaks' Vault 7 documents to "Longhorn,' a cyber espionage group whose activity they have been following for years.
April 11, 2017
Read More


HandBrake malware attack led to theft of Panic apps' source code
Oregon-based software company Panic Inc. has announced that some of the source code for their offerings has been stolen, and they are being blackmailed by the attackers.
May 18, 2017
Read More


Half of EMEA CIOs participating in a digital ecosystem
CIOs in Europe, the Middle East and Africa (EMEA) are clearly engaging with the era of digital business, with 50 percent participating in a digital ecosystem and 65 percent contacting startups to acquire key digital technology capabilities and skills, according to Gartner's annual CIO survey.
November 9, 2016
Read More


Half of IT pros don't know how to improve their security posture
Mid-market enterprises have high confidence in their cybersecurity defenses, but they struggle to defend against malicious activity that has become more sophisticated and targeted, according to Arctic Wolf Networks.
January 30, 2017
Read More


Half of IT pros lack confidence in their company's cybersecurity strategies
Centrify asked IT professionals attending RSA Conference 2017 how their companies secure applications and infrastructure in the age of access, and their responses revealed that a startling number lacked c

Half of US firms don't have cybersecurity insurance
A full 50 percent of US firms do not have cybersecurity insurance, despite the fact that 61 percent of US firms expect the volume of cyber breaches to increase in the next year.
June 1, 2017
Read More


Have you read Pokemon GO's Terms of Service? you might want to
As Pokemon Go becomes available in more and more countries, and is enthusiastically embraced by an increasingly larger number of users, we're witnessing a wide array of dangers that go hand in hand with playing it.
July 18, 2016
Read More


HDDCryptor ransomware uses open source tools to thoroughly own systems
HDDCryptor (aka Mamba) is a particularly destructive piece of ransomware that encrypts files in mounted drives and network shares, locks the computers' hard disk, and overwrites their boot disk MBR.
September 20, 2016
Read More


Heads Up: you May Need to Change your Passwords on Thousands of Sites
It's a rough day for users of, well, basically the entire internet: a major vulnerability in a huge web services company has been disclosed, and it means your personal data may have leaked into public view from a whole lot of places.
February 24, 2017
Read More


Healthcare breaches: is your data at rest or at risk?
Records of approximately 16.6 million Americans were exposed as a result of hacks, lost or stolen devices, unauthorized disclosure and more. Good news, however, is that the overall number of compromised records has declined for the second year in a row and early indications suggest that those numbers will continue to decline in 2017.
May 5, 2017
Read More


Healthcare cybersecurity market flooded with solutions
Hospitals face heightened concerns due to ubiquitous cyber-attacks that threaten the privacy and security of their data assets and enterprise IT systems. Theft of protected health information for sale on the black market for identity theft or financial fraud is bad enough, but hospitals also have the added and very significant concern of actual patient harm that could result from compromised IT systems.
August 08, 2016
Read More


Healthcare industry continues to struggle with software security
67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months.
May 30, 2017
Read More


Healthcare industry lacks basic security awareness among staff
SecurityScorecard released a comprehensive analysis exposing cybersecurity vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.
October 30, 2016
Read More


Healthcare IT professionals are overconfident
A Dimensional Research study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 101 participants from the healthcare sector.
December 14, 2016
Read More


Healthcare IT pros believe data is safer in the cloud
Healthcare IT professionals and executives believe overwhelmingly that when facing hardware malfunctions and environmental disasters, their organization's data is safer in the cloud than on premises, according to Evolve IP.
March 24, 2017
Read More


Healthcare organizations still complacent about cybersecurity
The rapid fire spread of the WannaCry ransomware, which infected thousands of organizations globally, is one of the most significant cyberattacks in recent digital history. The impact was particularly damaging to the healthcare sector, with the UK's National Health Service (NHS) being one of the first and most adversely affected victims, causing numerous patient services to be shut down, including emergency services.
May 19, 2017
Read More


Heaps of Windows 10 internal builds, private source code leak online
Unreleased 64-bit ARM versions, Server editions among dumped data
June 23, 2017
Read More


Here are some of the government gag orders Google gets
The web giant begins publishing now-unrestricted letters that let the FBI acquire information from companies about their customers.
December 13, 2016
Read More


'Here be dragons': Look past FUD to see the real security threats
It shouldn't come as a surprise that cybercrime is big business, and is growing at an exponential rate. In 2015, UK insurer Lloyd's of London estimated the cybercrime market at $400 Billion. Today, just two years later, the World Economic Forum estimates that same market to currently be $3 trillion.
April 17, 2017
Read More


Here's a new way to prevent cyberattacks on home devices
The Dojo is due out in April for $199
February 28, 2017
Read More


Here's a Snap-On Bluetooth Skimmer Spotted Out In the Wild
Have you ever wondered how a retailer can leave a Bluetooth skimmer on a payment card terminal in its stores for weeks at a time? Its harder to detect the devices than you might think, because crooks have their own places to shop for spare parts that snap right on a payment terminal and are hard to spot if you arent looking for them.
February 27, 2017
Read More


High-Tech Bridge and DenyAll partner to defend web applications and services
High-Tech Bridge, recently named Gartner Cool Vendor 2017, and DenyAll, a Rohde & Schwarz Cybersecurity company, joined the efforts to combat cybercrime and defend corporate web applications and web services.
June 6, 2017
Read More


High-Tech Bridge ImmuniWeb named Best Emerging Technology
Web and mobile application security testing services provider High-Tech Bridge has won the "Best Emerging Technology" category at the SC Awards Europe 2017. The company has also been named a Cool Vendor by Gartner.
June 8, 2017
Read More


High-Tech Bridge named a Cool Vendor by Gartner
High-Tech Bridge has been named a Cool Vendor in Gartner's May 2017 research "Cool Vendors in Security for Midsize Enterprise 2017" by Adam Hils.
June 5, 2017
Read More


High-Tech Bridge reinforces ImmuniWeb with IAST technology
Today at Infosecurity Europe 2017, High-Tech Bridge, a provider of web and mobile application security testing services and a Gartner Cool Vendor 2017, announced availability of its proprietary Interactive Application Security Testing (IAST) technology.
June 7, 2017
Read More


Highly lucrative Ransomware as a Service attacks poised to accelerate in 2017
Ransomware can be likened to global warming. it's been around for years, but it's now becoming an epidemic which needs serious attention.
December 19, 2016
Read More


Highest European CISO salaries set to reach €1 million
Chief Information Security Officers supervise information systems for their organization, and are in charge of coming up with, proposing, and implementing workable solution for minimizing security threats the organization faces.
May 23, 2017
Read More


Highest paying certifications, skills in demand revealed
Global Knowledge surveyed 14,000 IT and business professionals worldwide, and confirmed that individuals and organizations benefit from IT certification. Participants identified increased productivity and earning potential, fewer skills gaps and faster troubleshooting as benefits of certification.
April 5, 2017
Read More


Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in Windows user without knowing that user's password? He or she can perform the action if they have physical access to the target's machine, but also remotely via Remote Desktop Protocol (RDP).
March 19, 2017
Read More


Hiring a hacker: Why and how you should do it
The global cost of cybercrime could reach 4.9 trillion annually by 2021, according to a recent report from Cybersecurity Ventures. Cyber crime incidents continue to plague organizations globally, even as businesses pour money into boosting their security.
February 13, 2017
Read More


HoneyNet delivers deception technology for all sizes of enterprise
Data breaches can be hard to detect and are often missed by traditional cyber security approaches, allowing attackers to spend a long time inside a network.
November 14, 2016
Read More


How a dynamic range of authentication can open doors for trusted customers
In this podcast recorded at RSA Conference 2017, Michael Thelander, Director of Product Marketing at iovation, talks about lessons learned from bringing authentication technology out to customers and seeing what the demand looks like in the market.
February 22, 2017
Read More


How a few yellow dots burned the Intercept's NSA leaker
By providing copy of leak, Intercept likely accelerated ID of contractor.
June 6, 2017
Read More


How a security researcher is tackling IoT security testing
"A common misconception people in the industry have regarding my work as a security researcher is that I am sharing information that puts businesses at risk. and also, that I spend all day playing," says Deral Heiland, Research Lead at Rapid7.
September 2, 2016
Read More


How attackers exploit whitelists
If there is a technology or security measure that can help organizations protect their assets from attackers or malware, you can be sure that attackers will try to find a way to bypass it.
April 6, 2017
Read More


How can we build a secure IoT world?
We have almost daily proof that the Internet of Things, as it is now, is a minefield of security issues that are just waiting to be exploited.
March 1, 2017
Read More


How CIOs are shaping the future of work
IT leaders are poised to make radical changes in the workplace, but boardrooms are holding back progress by continuing to place too much emphasis on reducing costs and keeping the lights on, according to Fuze.
March 30, 2017
Read More


How cybersecurity mismanagement can destroy value
Cyber security remains a critical business challenge and a growing concern with a potentially devastating impact on company brands and bottom lines. Despite these damaging ramifications, many cybersecurity executives indicate that information protection may not be the strategic corporate imperative that it should be.
July 27, 2016
Read More


How do I protect my privacy online?
Digital security expert Tony Gambacorta answers your questions about security and privacy on Too Embarrassed to Ask.
April 14, 2017
Read More


How F5 is changing the Application Security Game
To address the need for application security in the digital transformation era, F5 is releasing a new host of products and services.
January 25, 2017
Read More


How fraudsters stole millions with the help of a legitimate online tool
Identity thieves have managed to steal $30 million from the US Internal Revenue Service by taking advantage of an online tool designed to help students fill out financial aid applications, IRS Commissioner John Koskinen told the Senate Finance Committee on Thursday.
April 11, 2017
Read More


How Google fought back against a crippling IoT-powered botnet and won
Behind the scenes defending KrebsOnSecurity against record-setting DDoS attacks.
February 2, 2017
Read More


How Google protects the Android kernel, and future plans
On Wednesday, Jeff Vander Stoep of Google's Android Security team took to the official Android Developers blog and shared some information about the defenses they have already implemented in Android, and some that they are currently working on.
July 28, 2016
Read More


How hackers made life hell for a CIA boss and other top US officials
Sex, lies, and social engineering: Inside the depraved world of Crackas with Attitude.
January 9, 2017
Read More


How hackers will exploit the Internet of Things in 2017
The Internet of Things (IoT) is now a major force in the weaponization of DDoS. In 2016, IoT botnets have fueled a number of attacks, including the largest-ever DDoS attack, and that role will only grow in the coming years.
November 14, 2016
Read More


How High-Tech Bridge uses machine learning
In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about the difference between artificial intelligence and machine learning, and illustrates how his company uses machine learning to reduce human time without impacting testing quality or liability.
July 3, 2017
Read More


How HTTPS Website Security is Making the Internet Safer from Snoopers
You may have noticed in your travels around the internet that your browser's address bar occasionally turns green and displays a padlock--that's HTTPS, or a secure version of the Hypertext Transfer Protocol, swinging into action. this little green padlock is becoming vitally important as more and more of your online security is eroded.
April 10, 2017
Read More


How identity and access management is critical in the digital transformation process
Digital transformation is a top priority and source of anxiety for enterprises, but the majority of IT decision makers have not completed technology deployments to address the initiatives that are critical to making the shift, according to Ping Identity.
October 14, 2016
Read More


How IDF soldiers' phones got turned into spying devices
for many months now, an unknown threat actor has been tricking servicemen in the Israel Defense Forces (IDF) into installing Android spyware. Israeli media says that the threat actor is likely Hamas, but Lookout researchers aren't so sure.
February 20, 2017
Read More


How IoT initiatives impact the IT infrastructure
Internet of Things (IoT) infrastructure spending is making inroads into enterprise IT budgets across a diverse set of industry verticals. Improved business offerings, IoT data management, and new networking elements are key to a successful IoT initiative within an enterprise, according to IDC.
February 27, 2017
Read More


How money-hungry data brokers erode privacy in China
A recent expose by Southern Metropolis Daily, a Chinese daily newspaper known for its investigative reporting, has revealed that random people with enough money at their disposal can easily discover potentially compromising information about practically anyone in China.
January 24, 2017
Read More


How much is your privacy worth?
How much is your privacy worth? Take for example your bank account number, sort code, name, and address. is it worth more than £25? Well I think that it is and as a result I will have to cancel my early retirement and forego the £25 promised to me.
October 7, 2016
Read More


How much law firms dedicate to data privacy and security
Vulnerabilities in law firms' data security present an unprecedented existential threat, while increasing corporate demand for legal expertise in information security, compliance and incident response provides an emerging revenue growth opportunity, according to ALM Intelligence.
October 18, 2016
Read More


How much of a risk is BYOD to network security?
We're all familiar with BYOD dangers: data breaches exploited because of a lack of proper security protocols and encryption on devices or missed operating system updates; data leakage as a result of device software not being regularly updated; malware on the device finding its way onto the corporate network. Then there are the tech savvy employees who try to bypass restrictions, or misuse Wi-Fi and the careless ones who lose these 'always-on' personal devices.
August 29, 2016
Read More


How people-based actions put critical data at risk
while 80 percent of respondents believe it's important to understand the behaviors of people as they interact with intellectual property and other critical business data, only 32 percent are able to do so effectively. Further, 78 percent believe understanding user intent is important, yet only 28 percent of those surveyed currently have this capability.
February 22, 2017
Read More


How police unmasked suspect accused of sending seizure-inducing tweet
Defendant's iCloud account contained "the exact" GIF used in the crime, cops say.
March 21, 2017
Read More


How ransomware is impacting companies in six major industries
BitSight analyzed the security ratings of nearly 20,000 companies to identify common forms of ransomware and to determine which industries (amongst Finance, Healthcare, Education, Energy/Utilities, Retail, and Government) are most likely to experience attacks.
September 22, 2016
Read More


How secure are banks and financial services firms?
Many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defense.
April 20, 2017
Read More


How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure?
April 27, 2017
Read More


How security collaboration will prove vital in 2017
The escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July's Democratic National Committee email leak and its ripple effect through American politics. the group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet's security.
November 22, 2016
Read More


How the CIA gained access to air-gapped computers
A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency's capability to infect air-gapped computers and networks via booby-trapped USB sticks.
June 23, 2017
Read More


How the CIA hacked wireless home routers
For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through them, documents leaked by WikiLeaks show.
June 16, 2017
Read More


How the CIA infects air-gapped networks
Sprawling "Brutal Kangaroo" spreads malware using booby-trapped USB drives.
June 22, 2017
Read More


How the digital revolution is transforming the US federal government
The digital revolution is dominating and transforming the work of the US federal government, and those federal agencies that develop a people first approach will stand out in an increasingly digital world that is delivering bigger and better citizen experiences, according to research from Accenture Federal Services.
September 2, 2016
Read More


How the EFF was pushed to rethink its Secure Messaging Scorecard
As good as the idea behind Electronic Frontier Foundation's Secure Messaging Scorecard is, its initial version left much to be desired.
August 11, 2016
Read More


How the Necurs botnet influences the stock market
After a three-months-long partial hiatus, the Necurs botnet is back to flinging spam emails left and right.
March 22, 2017
Read More


How to avoid vendor lock-in and get more flexibility
Traditionally, customers, and security teams have worked with a single major technology provider, like IBM or Symantec, to build out their entire security stack. Layers that include antivirus, DLP, VRM, malware detections, pen testing, application scanning and all aspects of enterprise cyber security protection. with one provider offering the entire toolset, organizations are not provided with a best-of-breed approach, and are instead forced to settle for portfolios with some above average and some below average solutions.
August 05, 2016
Read More


How to build a better SOC team
The security skills shortage is a very real issue. Cisco estimates that there are currently one million unfilled cyber security jobs worldwide, while a report from Frost & Sullivan predicts that by 2020, the number will be 1.5 million. The security industry is only growing -- and fast. IDC says it's on its way to becoming a $101 billion opportunity by 2020.
May 25, 2017
Read More


How to build your own VPN if you're (rightfully) wary of commercial options
While not perfect, either, cloud hosting providers have a better customer data record.
May 26, 2017
Read More


How to Check If Someone Else is Using your Social Media Accounts
If you've got a suspicion someone else has gained access to your social media accounts, it's not difficult to check–and it could mean you're able to apply a password change before any real damage happens. In fact, it's worth checking these options regularly just to be sure your Facebook and Twitter accounts are completely yours.
July 21, 2016
Read More


How to choose a perfect data control solution for your enterprise
Not long ago, people used to come to work and work off of a desktop computer, tied to the network. Today, they work on their mobile devices, physically untethered to it.
August 30, 2016
Read More


How to close your Yahoo account
In light of the recent massive Yahoo breach an the fact that Yahoo scanned incoming emails on behalf of US intelligence, many are opting to close their accounts to protect their privacy.
October 5, 2016
Read More


How to control your privacy in Chromebooks versus Windows 10
Both Chrome OS and Windows 10 help themselves to similar usage data by default, but in different ways.
September 6, 2016
Read More


How to create a safer shopping experience
The annual holiday season has arrived. the air grows crisp (at least in the Northern hemisphere), new, cool gadgets are released and cyberattacks, along with cologne ads, proliferate. Cyber threats aren't deterring shoppers though: the National Retail Federation expects online holiday sales to increase by 7 to 10 percent over last year, reaching as much as $117 billion. with e-commerce attacks in Q3 2016 increasing by 60 percent over the previous year, shopping hazards can hit from all sides. from phishing sites to online card skimming to compromised terminals in stores; even gifts themselves pose security risks. Still, there is much both consumers and retailers can do in order to make an all around safer shopping experience.
December 12, 2016
Read More


How to create an effective application security budget
Inadequately secured software ranks amongst the most significant root cause issues in cybersecurity. The frequency and severity of attacks on the application layer is greater than that at the network layer, yet research shows that network security receives double the budget. According to Ponemon Institute, 18 percent of IT security budgets are dedicated to application security, while 39 percent is allocated to network security.
July 4, 2017
Read More


How to eliminate insider threats
Insider threats are a major security problem
February 2, 2017
Read More


How to encrypt your Facebook messages with Secret Conversations
Facebook's new encrypted messaging feature, Secret Conversations, is now live for everyone on Android and iOS.
October 5, 2016
Read More


How to find, view, and delete everything the Amazon Echo and Google Home know about you
Take charge of your privacy so there are no surprises about how much information your digital assistant is holding onto.
January 20, 2017
Read More


How to generate app passwords for your Microsoft Account
Follow this guide to generate passwords for apps and services connected to your Microsoft Account which don't support two-factor authentication.
January 1, 2017
Read More


How to get past Windows Defender SmartScreen in Windows 10
The SmartScreen filter in Windows 10 can sometimes stop you from downloading the app you want. Here's how to get past it, and why sometimes you should think twice before doing so.
May 22, 2017
Read More


How to harmonize IT GRC controls in your environment
In this podcast recorded at RSA Conference 2017, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about about achieving uniform compliance in risk management through harmonized GRC.
March 19, 2017
Read More


How to hide your IP address (and why you should)
What is an IP address? and why should you hide it?
March 3, 2017
Read More


How to implement an EFSS ransomware recovery plan
Ransomware attacks are at an all-time high, and security experts warn it has become a matter of "when" not "if" your company will be breached. the number of victims has grown exponentially in 2016, spanning large enterprises to small businesses, across industries.
October 14, 2016
Read More


How to increase your DKIM key to 2048 bits for Google Apps
Checking the length of your DKIM key and generating a new, 2048-bit one could help prevent spoofing and spam. Here's the process for Google Apps admins.
August 24, 2016
Read More


How to install Advanced Intrusion Detection Environment on CentOS
For an added layer of security on your CentOS system, you should consider installing Advanced Intrusion Detection Environment. Find out why.
October 20, 2016
Read More


How to keep your data secure when you travel with your Mac, iPad, and iPhone
With increased demands for passwords and personal information at border crossings, take the right steps before you arrive.
June 19, 2017
Read More


How to leverage intelligent deception to detect cyber attacks
Perimeters are fading, and attackers find it easier and easier to penetrate organizational networks. Organizational networks today are chaotic, they're very dynamic, and this is a fertile ground for the attackers to blend in and take action.
February 21, 2017
Read More


How to migrate your passwords from LastPass to 1Password
EasyBCD developer NeoSmart Technologies has released LastPass to 1Password, a simple automated tool for converting exported LastPass CSV files to the 1PIF format used by 1Password.
May 29, 2017
Read More


How to minimize the risk and impact of identity fraud
The number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, according to Javelin Strategy & Research. they recommend that consumers work in partnership with institutions to help minimize their risk and impact of identity fraud.
February 3, 2017
Read More


How to password protect a PDF before sending it by email
Here's a quick way to do it, without spending a lot of money on expensive software.
December 5, 2016
Read More


How to prepare your company for cybersecurity threats
When the FBI announced the arrest of a Russian hacker in October, it was notable -- but maybe not for the reason you'd expect. Yevgeniy N., who was picked up in Prague, is implicated in the 2012 megabreach at LinkedIn. that cyberattack exposed the usernames and passwords of 117 million people, and led to a fire sale of login data on the open market. the size of the hack was extraordinary, but the arrest of its alleged perpetrator is astonishing not because of what authorities say he did, but because he was caught at all.
November 11, 2016
Read More


How to protect all of your accounts online
Web security has never been more important
March 21, 2017
Read More


How to protect your online conversations with Signal's end-to-end encryption
In a world of snoopers, end-to-end encryption is the only sensible path to take.
January 11, 2017
Read More


How to Protect Yourself from a Hospital Data Breach
You may never have considered whether your preferred hospital is one of the approximately 311 major teaching hospitals in the U.S., but according to a new study, the type of hospital you choose might affect your privacy.
April 4, 2017
Read More


How to prevent your data from being searched at the U.S. border
The best way to keep your data from being searched is to leave it behind.
May 8, 2017
Read More


How to protect your Google and Facebook accounts with a security key
The keys are a step up in account security, but is implementation letting them down?
May 9, 2017
Read More


How to quickly check that your home IoT devices are secure
Don't let your smart clock expose you to hackers. a web app from BullGuard can help.
January 12, 2017
Read More


How to recover an iCloud security code after you've been locked out
If you enter the wrong iCloud security code too many times, you'll get locked out. Here's how to reset it.
November 30, 2016
Read More


How to scam $750,000 out of Microsoft Office: Two-factor auth calls to premium-rate numbers
Gaming two-factor authentication systems with premium rate phone numbers can be very profitable -- or it was until the flaws got reported.
July 18, 2016
Read More


How to secure your Apple and iCloud accounts
Keep hackers at bay
April 13, 2017
Read More


How to secure your CMS without patching
Attackers are exploiting CMSes by reverse-engineering security patches before they can be applied. German coders see a way to stop them.
June 27, 2017
Read More


How to secure your digital transformation
Organizations are demanding and implementing new solutions that enable them to streamline operations, cultivate new business opportunities and provide better service to their customers.
May 22, 2017
Read More


How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever.
April 28, 2017
Read More


How to set up a manual threat intelligence lifecycle program
Threat intelligence is a popular topic in security circles these days. Many organizations are now using a threat feed that comes bundled with some other security product, such as McAfee's GTI or IBM's X-Force feeds. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. with many now hoping to take advantage of the large number of open source and free intelligence feeds available. some are even investing in commercial intelligence feeds.
December 27, 2016
Read More


How to Snoop-Proof Any Phone or Tablet
It's likely that you've got details of your whole life stored on your phone–the people you know, the banks you've used, the videos you've wasted hours watching–and you don't necessarily want that info getting out into the wider world. If you're keen to lock down your handset against unwelcome visitors, you need to take a few steps.
March 3, 2017
Read More


How to stay secure while staying connected on vacation
The wide availability of Wi-Fi networks can make it difficult to unplug and disconnect on vacation, but if consumers take that extra step and unplug they can experience a more secure trip.
June 7, 2017
Read More


How to steal money from Instagram, Google and Microsoft
Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated.
July 18, 2016
Read More


How to use HTTPS to improve web security
HTTP over Transport Layer Security, also know as https, can go a long way to improving the security and privacy on a website. When you see a site's URL with https://, that site exercises good care on its internal security to protect user data and against break-ins
June 12, 2017
Read More


How US, UK SMBs keep company passwords safe
AVG's Business division has asked 381 of their small-to-medium business customers in the US and UK sixteen questions about their password-protection policies and practices.
August 02, 2016
Read More


How will quantum computing impact security processes?
Quantum computers have the potential to perform calculations faster than ever possible before, inviting a significant rethink in how we approach cyber security.
November 23, 2016
Read More


How you might get hacked by a Chrome extension
Malware isn't just about native executables or rogue apps, not any more -- a malicious browser extension can cause almost as many problems on all your devices at once.
July 27, 2016
Read More


How your company needs to train workers in cybersecurity
Survey finds workers still violate security policies to remain productive
April 25, 2017
Read More


HTTPS and OpenVPN face new attack that can decrypt secret cookies
More than 600 sites found to be vulnerable to demanding exploit called Sweet32.
August 24, 2016
Read More


HTTPS Certificate Revocation is broken, and it's time for some new tools
Certificate Transparency and OCSP Must-Staple can't get here fast enough.
July 3, 2017
Read More


Hundreds of millions of cars can be easily unlocked by attackers
Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security conference in Austin, Texas.
August 11, 2016
Read More


Hybrid cloud storage use to double in next 12 months
The use of hybrid cloud storage will accelerate rapidly over the next 12 months, according to Cloudian. Across 400 organisations surveyed in the UK and USA, 28% already use hybrid cloud storage, with a further 40% planning to implement within the next year. Only 19% have no plans to adopt.
November 21, 2016
Read More


Hybrid IT is becoming a standard enterprise model
Dimension Data research of 1,500 IT decision makers from multiple vertical industries across the US, Europe, Asia-Pacific and South Africa, reveals that hybrid IT is becoming a standard enterprise model, but there's no single playbook to get there.
March 22, 2017
Read More


Hyundai app security blunder allowed crooks to 'steal victims' cars'
Remote locate, unlock, and start vehicles -- using a fixed encryption key... ouch
April 25, 2017
Read More


Misc. - I

IBM adds Qualys technology to its Managed Security Services portfolio
Qualys announced at RSA Conference 2017 an expanded partnership with IBM that will add Qualys continuous cloud-based IT security and compliance technology to its Managed Security Services (MSS) portfolio.
February 15, 2017
Read More


IBM unveils X-Force Red security testing group
At Black Hat USA 2016 in Las Vegas today, IBM Security announced the formation of IBM X-Force Red, a group of security professionals and ethical hackers whose goal is to help businesses discover vulnerabilities in their computer networks, hardware, and software applications before cybercriminals do.
August 02, 2016
Read More


IBM Watson to power cognitive security operations centers
At RSA Conference 2017, IBM Security announced Watson for Cyber Security, the industry's first augmented intelligence technology designed to power cognitive security operations centers (SOCs).
February 13, 2017
Read More


Icarus takes control of drones by impersonating their operators
Researcher Jonathan Andersson, a member of Trend Micro's TippingPoint DVLabs, has demonstrated how a specialized hardware module dubbed Icarus can be used to hijack a variety of widely-used hobbyist drones and make them do your bidding.
October 27, 2016
Read More


iCloud extortion racket nowhere near as epic as we thought it might be
But have your popcorn ready 2030 BST just in case
April 7, 2017
Read More


"iCloud Mail" phishing emails doing rounds
The latest email phishing campaign targeting Apple users is aimed at gathering as much information as possible from unfortunate victims.
Apr

ICS-CERT releases new tools for securing industrial control systems
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has published newer versions of two tools that can help administrators with securing industrial control systems: the Cyber Security Evaluation Tool (CSET), and a whitepaper on recommended practices for improving ICS cybersecurity with defense-in-depth strategies.
September 28, 2016
Read More


ICS-CERT warns of remotely exploitable power meter flaws
Two remotely exploitable vulnerabilities, one of which can lead to remote code execution, have been found in Schneider Electric's ION Power Meter products and FENIKS PRO Elnet Energy Meters.
September 16, 2016
Read More


Identity and personal data theft account for 64% of all data breaches
Data breaches increased 15% in the first six months of 2016 compared to the last six months of 2015, according to Gemalto.
September 20, 2016
Read More


Identity fraud hits record high
The number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, according to Javelin Strategy & Research. Their study found that despite the efforts of the industry, fraudsters successfully adapted to net two million more victims this year with the amount fraudsters took rising by nearly one billion dollars to $16 billion.
February 2, 2017
Read More


Identity-centric security: the killer app for digital transformation
Organizations are measuring the success of IT security beyond just breaches and compliance; they now are including business performance indicators that contribute directly to revenue growth, according to CA Technologies.
October 12, 2016
Read More


IEEE 802.3bz standard brings 2.5 and 5 Gb/s to existing cabling
The Ethernet Alliance hailed ratification of IEEE 802.3bz, Standard for Ethernet Amendment: Media Access Control Parameters, Physical Layers and Management Parameters for 2.5 Gb/s and 5 Gb/s Operation.
October 3, 2016
Read More


If you downloaded HandBrake for Mac, you could be infected with Proton RAT
A mirror download server of HandBrake, a popular open source video conversion app for Mac, has been compromised, and the legitimate app .dmg file switched with a Trojanized version containing the Proton RAT.
May 8, 2017
Read More


If you're going to San Francisco be sure to travel free with ransomware
The Muni public transport system in San Francisco has been hit by a major ransomware attack over the weekend that left the network having to give passengers free travel.
November 28, 2016
Read More


If you're not doing this with all your accounts, you're doing it wrong
If you're not using a password manager and two-step authentication, you're most likely doing things wrong.
April 13, 2017
Read More


Illegal Bitcoin exchange operator gets 66-month prison sentence
Anthony Murgio, the operator of the Coin.mx Bitcoin exchange, has been sentenced to 66 months in prison for processing over $10 million in illegal Bitcoin transactions. He has also been sentenced to three years of supervised release once his prison sentence is over.
June 28, 2017
Read More


iMessage Users Report Attempted Hacks
When it comes to trying to breach the data on iPhones, scammy text messages are apparently all the rage. In just the last year, we've had the text that could instantly crash an iPhone, and the flaw that allowed hackers to steal your saved passwords with a single text. Now, some Apple users are reporting another possible hack attempt, this time through their iMessage accounts.
October 19, 2016
Read More


Impatient users saddled with malicious copycats of popular Prisma app
If an iOS app gains extreme popularity but still does not come in a version for Android, it can be practically guaranteed that malware peddlers and scammers will take advantage of users' impatience, and offer fake, malicious versions of it on Google play and third-party Android apps stores.
August 03, 2016
Read More


Implant leaked by Shadow Brokers targets Juniper's NetScreen firewalls
Juniper Networks has become the latest company to acknowledge that one of the implants leaked by the Shadow Brokers targets some of their products.
August 23, 2016
Read More


Implantable medical devices can be hacked to harm patients
The way to a man's heart is through his pacemaker's security flaws, researchers say
December 1, 2016
Read More


Improve SecOps by making collaboration easier
There's one word that we've consistently been hearing from information security pundits year after year: Collaboration.
September 14, 2016
Read More


Improving business intelligence: the key catalyst is governance
While Business Intelligence (BI) is yielding important benefits for the vast majority of surveyed companies, most feel there is more to come, according to Qlik and Forbes Insights.
November 1, 2016
Read More


In 5 years AI may replace pros in tasks within medicine, law and IT
CIOs have a major role to play in preparing businesses for the impact that artificial intelligence (AI) will have on business strategy and human employment. Gartner predicts that by 2022, smart machines and robots may replace highly trained professionals in tasks within medicine, law and IT.
May 10, 2017
Read More


In 2017, the digital will get physical when machines start to lie
In a memorable scene from a 2014 episode of the series Homeland, the Vice President is murdered by hackers who tamper with his pacemaker. Despite this plot idea reportedly originating from the actions of a real vice president, in 2014 this still seemed just the stuff of fiction.
January 17, 2017
Read More


In limiting open source efforts, the government takes a costly gamble
The vast majority of companies are now realizing the value of open sourcing their software and almost all have done so for at least certain projects. These days Google, Facebook, Microsoft, Apple and almost every major company is releasing code to the open source community at a constant rate.
August 12, 2016
Read More


In the three years since IETF said pervasive monitoring is an attack, what's changed?
IETF Security director Stephen Farrell offers a report card on evolving defences
December 6, 2016
Read More


Incident response challenge: how to get out of Firefighter Mode
Organizations tend to have the mindset that their IT and security teams should play the role of First Responders on the scene of a security incident. they expect their IT and Security departments to be experts, possessing the ability to immediately respond and contain the incident and the expertise to expeditiously remediate and rid the environment of any active attacker.
August 16, 2016
Read More


Increasing number of financial institutions falling prey to cyber attacks
66.2 percent of financial organizations faced at least one cybersecurity attack in the last year, according to MetricStream Research.
November 9, 2016
Read More


Increasingly sophisticated attacks call for advanced protection tools
A new NTT Security report underscores the need for more advanced tools to protect organizations" data and networks from the evolving tactics, techniques and procedures (TTPs) used by cyber-attackers.
January 30, 2017
Read More


India pushes for Windows 10 discount following recent ransomware attacks
In light of the recent WannaCry and Petya ransomware attacks, India is pushing Microsoft to provide a one-time discount on Windows 10 so that its more than 50 million Windows users can upgrade to a more secure version.
June 30, 2017
Read More


Industrial robots are security weak link
Unsecure robots, linked to the internet, raise risk of cyberattack, study finds
May 9, 2017
Read More


Industry collaborates on automotive cybersecurity best practices
New technology has paved the way for extraordinary advancements in vehicle safety, emissions reduction, and fuel economy. Today's vehicles do more to keep drivers secure and connected than ever before. However, connected vehicles must be designed and manufactured with security in mind.
July 25, 2016
Read More


Industry reactions to the Verizon 2017 Data Breach Investigations Report
Nearly 2,000 breaches were analyzed in this year's Verizon 2017 Data Breach Investigations Report and more than 300 were espionage-related. Here are some of the comments Help Net Security received on the report.
April 28, 2017
Read More


Industry reactions: UK government cyber security strategy
Yesterday, the UK government announced a new £1.9bn cyber security strategy, which includes an increase in automated defences to combat malware and spam emails, investment to recruit 50 specialists to work on cybercrime at the NCA, the creation of a Cyber Security Research Institute, and an "innovation fund" for cyber security start-ups.
November 2, 2016
Read More


Infection Monkey: Test a network from an attacker's point of view
Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore's research group.
July 28, 2016
Read More


InfoArmor VigilanteATI: Threat intelligence from the Dark Web
InfoArmor has expanded its global customer base in the enterprise and SME/SMB sector with its award-winning VigilanteATI Advanced Threat Intelligence Platform and Investigative Services. These organizations are using VigilanteATI and VigilanteATI Accomplice to gain high value threat intelligence throughout the threat lifecycle.
February 13, 2017
Read More


InfoArmor: Operatively-sourced threat intelligence
In this podcast, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about this dark web operatively sourced intelligence firm that is really focused on dark web surveillance and sourcing of compromise and breach data through operative engagement.
June 19, 2017
Read More


Informatica uses behavioral analytics to spot and protect high risk data
With increasing amounts of sensitive data stored in the cloud and accessed on mobile devices, protecting that information presents a major challenge.
March 1, 2017
Read More


Information security consulting market to reach $26.15 billion by 2021
According to a new report by MarketsandMarkets, the information security consulting market is estimated to grow from $16.12 billion in 2016 to $26.15 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.2%.
January 10, 2017
Read More


Infosec certification and the talent shortage crisis
As more enterprises aspire to create future workspaces and harness the benefits of a mobile workforce that leverages cloud platforms, there's a greater need to implement appropriate measures to secure data, infrastructures, applications, and users wherever they may reside.
January 23, 2017
Read More


Innovation and exploitation fuel DDoS attack landscape
Arbor Networks released its 12th Annual Worldwide Infrastructure Security Report offering direct insights from network and security professionals at global service providers, cloud/hosting and enterprise organizations.
January 25, 2017
Read More


Innovative techniques allow malvertising campaigns to run for years
A threat actor dubbed AdGholas has been mounting successful malvertising campaigns by using innovative targeting and obfuscation techniques, and has been infecting thousands of victims every day since 2015 -- and possibly even earlier.
August 1, 2016
Read More


Inside Android's source code... // TODO -- Finish file encryption later
Android 7.0's crypto sauce is 'half-baked' and Google promises to make it better, soon
November 28, 2016
Read More


Insider threats putting many financial services at risk
The majority of financial services are at risk of insider cyber threats because their mainframe environments have blind spots, according to Compuware.
June 7, 2017
Read More


Insider threat solution for rapid response to in-progress attacks
CyberArk announced at RSA Conference 2017 advanced insider threat detection capabilities available through the CyberArk Privileged Account Security Solution, to automatically detect and alert on high-risk privileged activity during user sessions and enable rapid response to in-progress attacks.
February 16, 2017
Read More


Insider threat versus inside threat: Redefining the term
The traditional meaning of an insider threat is when a current employee or contractor with authorized access to a secure network intentionally or accidently misuses it to carry out a malicious activity. this type of activity can include sabotage, theft, espionage, fraud, mishandling of data or physical devices, as well as using information to gain a competitive advantage.
February 21, 2017
Read More


Insufficient security measures still hinder cloud adoption
Security and privacy of data and systems in the cloud remains a top worry for 70% of IT professionals worldwide, up from 63% in 2015, according to a new Cloud Security Survey by Netwrix. the top three cloud security concerns in 2016 are unauthorized access (69%), malware (37%) and denial of service (DoS) attacks (34%).
November 16, 2016
Read More


Integrating threat intelligence with existing security technologies
70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights.
November 2, 2016
Read More


Integration Holds the Keys to the Castle
Talks of integration are often met with audible sighs of displeasure. it's a lot of work. you have to combine various platforms, software, and the list goes on. at Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.
March 6, 2017
Read More


Intel Crosswalk bug invalidates SSL protection
A bug in the Intel Crosswalk Project library for cross-platform mobile development can open users to man-in-the-middle attacks, researchers from Nightwatch Cybersecurity have found.
August 1, 2016
Read More


Intel is offering up to $30,000 for bugs in its hardware
Intel has become the latest tech company to launch a bug bounty program.
March 17, 2017
Read More


Intel Security launches new McAfee lineup harnessing the power of the cloud
As we use more devices to access the internet protecting all of them from the latest threats becomes something of a chore.
October 5, 2016
Read More


Intel Security officially becomes McAfee again
McAfee has begun operating as a new standalone company. the launch of McAfee marks the closing of the previously announced investment by TPG and Intel Corporation (INTC) to establish a pure-play cybersecurity company with access to significant capital, operational and technology resources.
April 4, 2017
Read More


Intel's CHIPSEC can detect CIA's OS X rootkit
As details about CIA's hacking capabilities and tools are, bit by bit, popping to the surface, companies are trying to offer users some piece of mind.
March 13, 2017
Read More


Intelligence data, security credentials found exposed in the Amazon cloud
A data cache containing highly sensitive US military data has inadvertently been exposed online, UpGuard cyber risk analyst Chris Vickery has discovered last week.
June 1, 2017
Read More


Interpol arrests Nigerian scam mastermind who stole $60 million
The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).
August 1, 2016
Read More


International operation targets customers of counter anti-virus and crypter services
Between 5 and 9 June, 6 suspects were arrested and 36 were interviewed during an internationally coordinated operation in 6 European countries. The targets are all suspected customers of a counter anti-virus platform and crypter service -- two cybercriminal tools used for testing and clouding of malware samples to prevent security software solutions from recognising them as malicious.
June 15, 2017
Read More


Internet crime: The continuing rise of the BEC scam
Through its website, the FBI's Internet Crime Complaint Center (IC3) accepts complaints about Internet-facilitated criminal activity, and forwards them to the appropriate law enforcement agencies (both in and outside the US) to investigate.
June 23, 2017
Read More


Internet freedom around the world keeps decreasing
For the sixth year in a row, Internet freedom is declining.
November 23, 2016
Read More


Internet-connected devices will always pose a risk, experts say
Hacked cameras, DVRs and other devices in the internet of things are making headlines. But improvements are possible, say cybersecurity experts.
November 10, 2016
Read More


Introducing security into software through APIs
Application programming interfaces (APIs) can make life easier for software developers, allowing them to concentrate on what they do best and preventing them from being forced to fiddle with things they know little about.
June 5, 2017
Read More


Investigating the supply on 17 underground hacker markets
Have you ever wondered what kind of malicious offerings can be found on dark web "hacker markets," who sells them and how widely they are available?
July 28, 2016
Read More


Investigation finds Facebook mods fail to remove illegal content such as extremist and child porn
That Facebook is fighting against a tide of objectionable and illegal content is well known. that the task of moderating such content is a difficult and unenviable one should come as news to no one.
April 13, 2017
Read More


IOActive offers offensive security approach to risk assessment
IOActive launched its Advisory Services practice, offering strategic security consulting that leverages IOActive's testing and research expertise to help customers better align their security programs with business objectives.
July 28, 2016
Read More


iOS device failures overtake Android for the first time
In the ongoing smartphone performance and reliability battle, Apple has lost its leading position to Android for the first time in the second quarter of 2016.
August 25, 2016
Read More


iOS spyware Pegasus has an equally

IoT adoption is driving the use of Platform as a Service
The widespread adoption of the Internet of Things (IoT) is driving platform as a service (PaaS) utilization. Gartner predicts that, by 2020, more than 50 percent of all new applications developed on PaaS will be IoT-centric, disrupting conventional architecture practices.
March 8, 2016
Read More


IoT and the resurgence of PKIs
With the digital revolution in full swing, security methods and models need to be re-evaluated to better address both the changing nature of enterprise architectures and processes.
March 17, 2017
Read More


IoT devices under attack: Amnesia hijacks, BrickerBot destroys
Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets. Security researchers have recently highlighted two of these threats coming after Linux- and BusyBox-based systems and devices.
April 10, 2017
Read More


IoT goods, software and digital services to be evaluated for privacy and security
Consumer Reports, a US non-profit group whose extensive reviews of consumer goods have helped the public make informed and better choices for many decades, has announced that it will start evaluating products and services for privacy and data security.
March 7, 2017
Read More


IoT malware starts showing destructive behavior
Researchers have observed attacks against IoT devices that wipe data from infected systems
April 7, 2017
Read More


IoT MSSPs market revenues to top $11 billion in 2021
Industrial applications are set to be the core focus for IoT Managed Security Service Providers (MSSPs) with ABI Research forecasting overall market revenues to increase fivefold and top $11 billion in 2021.
January 25, 2017
Read More


IoT security: Defending a young industry from attack
As the IoT industry matures, it's safe to say we're well past "early adopter" phase and seeing broader development and deployment. While the prospect of a more established and stable IoT environment is exciting, we're not there yet. what we are seeing is that the space is showing its youth, and along with it, its insecurities.
October 22, 2016
Read More


IoT Trust Framework: the foundation for future IoT certification programs
The Online Trust Alliance (OTA) released its updated IoT Trust Framework. Serving as a product development and risk assessment guide for developers, purchasers and retailers of Internet of things (IoT) devices, the Framework is the foundation for future IoT certification programs.
January 5, 2017
Read More


IoT Village uncovers 47 security vulnerabilities across 23 devices
New dangers in both home security and municipal power facilities were revealed as the results of the 2nd Annual IoT Village, held at DEF CON 24 in Las Vegas. More than 47 new vulnerabilities were discovered across 23 different devices from 21 brand name manufacturers.
September 16, 2016
Read More


IoT: a hacker's dream come true?
There's a lot more to the web than the cat-video-laden sites we normally see. In fact, according to most sources, the web that we can typically get to via our browser of choice represents only a small fraction of what's out there.
July 29, 2016
Read More


IoT-based DDoS attacks on the rise
Cybercriminal networks are increasingly taking advantage of lax Internet of Things device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners.
September 23, 2016
Read More


Iovation acquires LaunchKey, shows the future of authentication
Iovation, a provider of device-based solutions for authentication and fraud prevention, announced the acquisition of multifactor authentication company LaunchKey.
September 7, 2016
Read More


iPhone hack that threatened emergency 911 system lands teen in jail
18-year-old suspect characterizes it as a prank, but police aren't laughing.
October 28, 2016
Read More


iPhone, Mac owners: how to stymie hackers extorting Apple, threatening to wipe devices
Security expert spells out steps to take, just in case hacker claims are legit
March 22, 2017
Read More


IPVanish VPN unveils new app, security improvements
US-based IPVanish VPN, whose VPN network spans 40,000+ IPs on 500+ servers in 60+ countries, has recently pushed out a major new edition of its app.
October 22, 2016
Read More


Iranian hacker group knows who is on Telegram
Telegram encrypted messaging app leaked 15 million Iranian users' phone numbers
August 03, 2016
Read More


Iris scanning: a secure ID trend for smartphones?
The release of the Samsung Galaxy Note 7 sparked something positive -- iris scanning. ABI Research forecasts global shipments of smartphones equipped with iris scanners will reach almost 300 million in 2021.
September 23, 2016
Read More


Irregular application testing: App security in healthcare
Nearly half (45%) of NHS trusts scan for application vulnerabilities just once a year, with less only 8% doing so on a daily basis, according to Veracode. this potentially leaves them with outdated software and at an increased risk of a cyberattack, potentially exposing patient data to the wrong hands.
January 31, 2017
Read More


Is Europe ready for GDPR?
What impact will GDPR have on businesses across the UK, France, Belgium and Luxemburg? Vanson Bourne surveyed 625 IT decision makers in four countries and found that the UK is far behind when it comes to GDPR readiness.
June 15, 2017
Read More


Is healthcare industry's security spending focused on the wrong technologies?
global healthcare IT professionals are confronting a rapidly changing, challenging landscape, with 66% experiencing a data breach and 88% feeling vulnerable as a result. In response, 73% are increasing IT security spending to offset threats to data, according to Thales and 451 Research.
February 21, 2017
Read More


Is it time to call an MSSP? Five signs that it can't wait
Small and midsize businesses (SMBs) are fighting an uphill battle when it comes to managing their network security. According to a 2016 Ponemon study, 69 percent of SMBs don't have the adequate budget or in-house expertise to achieve a strong cyber security position. as a matter of fact, more than half of the study's SMB respondents experienced a data breach or cyber attack in the past year with an average cost of $879,582.
January 30, 2017
Read More


Is ransomware in decline or just evolving?
According to a new report from the Microsoft Malware Protection Center, the volume of ransomware being encountered is reducing.
February 16, 2017
Read More


Is remote access technology leaving you vulnerable?
Insider and third-party access are growing security threats facing organizations and enterprise IT systems, according to Bomgar.
May 10, 2017
Read More


Is security enabling or compromising productivity?
While most organizations fundamentally believe connecting people to the best technology is vital to business productivity, many struggle to achieve agility due to traditional on-premise security mindsets, according to an Okta survey of 300 IT and security professionals.
August 19, 2016
Read More


Is your business still HIPAA complaint after the 2016 federal changes?
The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) warned healthcare professionals and their business associates of its intention to launch a series of random HIPAA compliance audits throughout 2016. this announcement caused some panic among businesses unsure of their ability to pass a compliance review. Many organizations are unclear as to who's bound by HIPAA compliance standards and what aspects of their business will be evaluated during an audit.
July 26, 2016
Read More


Is your Windows 10 migration strategy leaving you vulnerable?
Despite enhanced security being a key driver in the move to Windows 10, many organizations are putting their security at risk with their choice of migration strategy, according to new research by 1E.
January 11, 2017
Read More


ISIS suspect charged with researching encryption, encrypting website
A man from Cardiff, Wales, has been charged with six terrorism-related charges, including one that involves actions that are not usually considered illegal: researching encryption software, publishing instructions on how to use it, and encrypting a website.
October 11, 2016
Read More


Israeli soldiers hit by Android malware from cyberespionage group
More than 100 soldiers from the Israel Defense Forces had their Android phones infected with malware by a cyberespionage group
February 16, 2017
Read More


Israeli soldiers hit in cyberespionage campaign using Android malware
More than 100 soldiers from the Israel Defense Forces had their Android phones infected with malware by a cyberespionage group
February 16, 2017
Read More


ISPs treat cyber security as a top priority
Better law enforcement training and coordination of cyber security and support for a government-backed awareness campaign are two key findings of an ISP survey by the Internet Services Providers' Association (ISPA).
September 7, 2016
Read More


Israeli Cyber Weapon Dealers Figured Out how to Hack Every iPhone
NSO Group, a company that sells hacking services to governments so they can spy on journalists and dissidents, exploited gaping security holes in iPhone software, according to a report byLookout Security and Citizen Lab. But don't worry: Apple just pushed a fix.
August 25, 2016
Read More


IT asset managers must be proactive with up-front risk mitigation strategies
Recent Iron Mountain research reveals the risks associated with licensing critical software applications, and why procurement professionals and IT asset managers must take protections to safeguard the software that is at the heart of their business operations.
September 20, 2016
Read More


It might be time to stop using antivirus
Update your software and OS regularly instead, practice skeptical computing.
January 27, 2017
Read More


IT professionals believe their data is safer in the cloud than on-premise
Nearly seven in 10 executives and over half of IT professionals revealed that they would prefer having a single cloud services provider handling their varied hosted deployments, according to Evolve IP.
June 13, 2017
Read More


IT pros spend too much time handling emergencies
A 1E survey of 1,014 IT professionals, who together manage more than 21 million endpoints globally, centered on unplanned activities -- how often they occur, what types are most common, and the time spent identifying and addressing issues.
March 28, 2017
Read More


IT security pros shouldn't try to 'prevent everything'
A new survey by Countercept by MWR InfoSecurity highlights all the frustrations IT security experts are experiencing as they're trying their best to protect their company's assets and employees.
July 18, 2016
Read More


IT service providers, many other orgs targeted in long-standing attack campaign
US-CERT has released an alert warning about a sophisticated attack campaign using multiple malware implants and targeting organizations in the IT, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing sectors.
April 28, 2017
Read More


IT teams struggle with digital transformation skills
New research conducted by Vanson Bourne aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.
April 28, 2017
Read More


It's 2017 and Windows PCs are being owned by EPS files, webpages
Get patching ASAP as exploits are being used in the wild -- and fix Adobe stuff, too
May 9, 2017
Read More


It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad
Get patching now
October 22, 2016
Read More


It's now 2017, and your Windows PC can still be pwned by a Word file
Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company
January 10, 2017
Read More


It's official: the FBI says car hacking is a real risk
With a public service announcement compiled jointly with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI has announced that it finally considers car hacking a real and present danger, and so should the general public and vehicle manufacturers.
March 18, 2016
Read More


It's the thought that counts: Illinois emits 'no location stalking' law
No phone tracking without asking for permission that you probably already granted
June 29, 2017
Read More


It's time for a common sense security framework
Privacy Rights Clearinghouse maintains a database of every data breach made public since 2005, and as the total number of records rapidly approaches one billion, board members, infosec leaders, and consumers are all asking the same question: Why does this keep happening?
June 5, 2017
Read More


It's time to replace firewalls in industrial network environments
Waterfall Security Solutions announced the expansion of its stronger-than-firewall solution portfolio for industrial control systems and critical infrastructure sites.
August 08, 2016
Read More


It's time to rethink using remote access VPNs for third-party access
No longer safely operating behind the traditional corporate perimeter, business productivity today depends on integrating external members of the extended enterprise into the work processes. this means giving access to critical business applications -- a risky aspect of doing business today, but necessary for most enterprises.
February 7, 2017
Read More


It's Windows 7 -- not Windows XP -- that's to blame for the spread of WannaCry ransomware
It's been a week since the WannaCrypt/WannaCry ransomware cyber attacks began, and the repercussions are still being felt. It became clear quite early on that the ransomware was hitting older Windows systems hard (Windows 10 wasn't affected), with a lot of talk focusing on the number of at-risk Windows XP systems still in service.
May 19, 2017
Read More


Misc. - J

JASK emerges from stealth with $12 million and an automated threat detection service
JASK is emerging from stealth today with $12 million in the bank and a machine learning technology that automates network monitoring and management for overtaxed security teams.
June 27, 2017
Read More


Java and Flash top list of most outdated programs on users' PCs
52% of the most popular PC applications, including Flash and Java, are out-of-date. People are exposing their PC and their personal data to risks, as malware targets older versions of software to exploit vulnerabilities.
March 23, 2017
Read More


Java and Python FTP attacks can punch holes through firewalls
Hackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls
February 21, 2017
Read More


Joomla users: Update immediately to kill severe SQLi vulnerability
Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found.
May 18, 2017
Read More


Joomla vulnerability can be exploited to hijack sites, so patch now!
If you're running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible -- or risk your site being hijacked.
December 14, 2016
Read More


Judge issues search warrant for anyone who Googled a victim's name in an entire US town
Court order casts wide net over 50,000 people
March 16, 2017
Read More


Judge paves the way for British hacker's extradition to US
The 31-year-old Lauri Love allegedly stole data from US government computers
September 16, 2016
Read More


Jupyter Notebook unwittingly opens huge server security hole
Jupyter Notebook has become a reliable tool for individuals to learn new programming languages, build proof-of-concept tools and analyze data.
January 26, 2017
Read More


Just a test? If only!
The DDoS attack against DNS provider Dyn finds our manager without a backup plan. That's painful, especially when the plan had been to test incident response soon.
October 30, 2016
Read More


Misc. - K

Kaspersky and ESET top the security charts
The way people access the internet is changing, with a shift towards portable devices, and that in turn has led to a shift in the software they use.
January 30, 2017
Read More


Kaspersky Lab launches public bug bounty program
Kaspersky Lab is asking researchers to look under the hood of two of its flagship security solutions and to report any bugs they might find.
August 02, 2016
Read More


Kaspersky Lab: 5 Travel Tips to Stay Safer
Kaspersky Lab, a global cybersecurity company, has studied the many tactics, methods and schemes of cybercriminals to understand how they work, and how the trick unsuspecting users. as we approach the year-end holiday season, Kaspersky Lab advises travelers to be wary while making financial transactions online.
January 16, 2017
Read More


Kaspersky launches cloud security for smaller businesses
Although there are many different security solutions on the market, smaller businesses often struggle to find a solution that's affordable and easy to implement.
September 2, 2016
Read More


Kaspersky Safe Browser iOS app sports M

Kazakhstan govt targeted journalists, political activists with spyware
Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and spyware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF).
August 05, 2016
Read More


Keep social engineering attacks from destroying your identity
Sometimes it takes a close call or bad experience to really hammer it home. the concept of identity theft is nothing new. to put it in perspective, my step-dad had his identity stolen, and didn't even know it. He was targeted by a social engineering attack and forked over several hundred dollars during the scam and didn't realize he was a victim until I sat down with him to help speed up his aging computer.
March 21, 2017
Read More


Key areas for risk managers in 2017 and beyond
A majority of banks and other financial institutions surveyed are not confident about their firms' effectiveness in managing cybersecurity and geopolitics, two of the biggest risks facing global businesses of all shapes and sizes, according to Deloitte Global's tenth survey of financial services risk managers.
March 6, 2017
Read More


Key causes of network outages and vulnerabilities
A new global study, conducted by Dimensional Research, surveyed 315 network professionals about their experiences with network outages, vulnerabilities and compliance.
November 15, 2016
Read More


Key elements for successfully prioritizing vulnerability remediation
New vulnerabilities are disclosed every day, amounting to thousands per year. Naturally, not all vulnerabilities are created equal.
August 23, 2016
Read More


Key to smart cybersecurity spending: Remove redundancies and strive for unification
Over the past two decades, the cybersecurity industry has been completely transformed. what was once seen as a somewhat niche field is now expected to reach a market valuation of $120 billion by the end of the year (according to research from Cybersecurity Ventures). And, that growth expected to further accelerate in the near future.
May 15, 2017
Read More


Key Transparency: a secure directory of public encryption keys
Google has released Key Transparency, an open source public directory meant to simplify the discovery of intended recipients' public encryption key.
January 17, 2017
Read More


Keyloggers: Beware this hidden threat
Common as dirt, recording every move you make.
June 28, 2017
Read More


Keys to attracting and retaining cybersecurity talent
Federal agencies need to invest strategically and heavily in their benefits strategy if they're going to successfully compete for cybersecurity talent, according to the Center for Cyber Safety and Education Global Information Security Workforce Study (GISWS).
May 11, 2017
Read More


Keys, tokens and too much trust found in container images
We are all aware of the risks introduced by good old third party code. Where would we be without it? Apparently not very far. It is estimated that between 30 to 70 percent of code comes from 3rd party applications. This is why we patch up old libraries and update open source packages.
June 16, 2017
Read More


Kids need to reclaim their data and security... especially at school
Another school year is now in full swing, which for many kids means reconnecting with friends and learning. It also means a start of another data collection cycle that is neither visible nor truly optional for the majority of the students.
September 21, 2016
Read More


Kimpton Hotels is investigating a possible payment card breach
It could be the latest major hotel chain to lose customer data to cybercriminals
July 26, 2016
Read More


Kingpin of IRS Scam that Made $225K/Day Arrested In India
Police in India say they've arrested the suspected kingpin behind a scammy call center operation that raked in $225,000 per day by pretending they were agents for the Internal Revenue Service.
April 10, 2017
Read More


Know your enemy: Defining the new taxonomy of malicious emails
Just as it is the default tool for most businesses, email's capacity for rapid, mass communication has made it a favourite instrument of criminals. as a result, malicious emails have become a common occurrence in most consumer and business inboxes.
April 27, 2017
Read More


Kremlin-linked hackers believed to be behind Mac spyware Xagent
iPhone backups can be slurped for Mother Russia, say researchers
February 15, 2017
Read More


Krypt.co scores a $1.2M seed round to simplify developer encryption key security
Krypt.co, a new security startup founded by two former MIT students and one of their professors, is launching today with a free product called Kryptonite, designed to help developers protect their private encryption keys, using an app on their smartphones.
June 5, 2017
Read More


Misc. - L

L0phtCrack 7 audits passwords up to 500 times faster
L0pht Holdings released a completely revamped L0phtCrack 7, which includes a new cracking engine which takes optimal advantage of multi-core CPUs and multi-core GPUs.
August 31, 2016
Read More


Lack of IoT security could be our downfall
Just as healthcare providers need PALS certification to keep up with new discoveries and advancements in medicine, individuals who work in IT need to become recertified with data security measures. One particular area in need of improved security protocols is the Internet of Things (IoT). IoT is quickly becoming more and more popular and therefore more and more vulnerable.
February 10, 2017
Read More


Lack of security patching leaves mobile users exposed
An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old. Six percent of devices run patches that are six or more months old.
March 24, 2017
Read More


Lack of security talent is a threat to corporate safety
Large businesses with a small amount of full-time security experts pay almost three times more to recover from a cyberattack than those businesses with in-house expertise, according to Kaspersky Lab.
August 18, 2016
Read More


Laptop-light GoCardless says customers' personal data may have been lifted
Burglary didn't compromise payment system or financial info
February 7, 2017
Read More


Largest US voter data leak shines light on many problems
If US citizens weren't convinced by now that they have long lost control of their data, the fact is more than obvious after a misconfigured database containing 198 million US voters was found leaking the information online.
June 21, 2017
Read More


LastPass Authenticator Now Easier To Use With Cloud Backup Feature
LastPass announced a new cloud backup feature for its LastPass Authenticator (not to be confused with the LastPass Password Manager), which should remove some of the hassle of changing or resetting phones for its users.
May 19, 2017
Read More


LastPass extensions can be made to cough up passwords, deliver malware
LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims' passwords or execute commands on their computer.
March 22, 2017
Read More


LastPass is working on fixing latest code execution bug
It's been an eventful couple of weeks for LastPass developers, as they've scrambled to fix a couple of serious flaws in the popular password manager's extensions, which would allow attackers to get at users' passwords and even execute code on the users' machines.
March 28, 2017
Read More


LastPass password manager fixes serious password leak vulnerabilities in Chrome, Firefox, Edge extensions
One of the flaws could have also allowed for malicious code execution on users' computers under certain conditions
March 22, 2017
Read More


LastPass scrambles to fix another major flaw -- once again spotted by Google's bugfinders
Ormandy sets snowflakes off over disclosure
March 27, 2017
Read More


LastPass zero-day can lead to account compromise
A zero-day flaw in the popular password manager LastPass can be triggered by users visiting a malicious site, allowing attackers to compromise the users's account and all the sensitive information in it.
July 27, 2016
Read More


Latest Windows 10 Insider build pulls the trigger on crappy SMB1
Redmond adds UI tweaks, more emojis and Edge enticements
June 22, 2017
Read More


Latest Windows zero-day exploited by DNC hackers
Due to Google's public release of information about an actively exploited Windows zero-day, Microsoft was forced to offer its own view of things and more information about the attack.
November 2, 2016
Read More


LaunchKey: Passwordless consumer authentication at scale
iovation announced its LaunchKey mobile multifactor authentication solution. It empowers global consumer brands to improve security and consumer experience by delivering a risk-aware alternative to passwords and two-factor authentication, at scale, via an easy-to-use mobile SaaS solution.
February 10, 2017
Read More


Law enforcement and IT security companies join forces to fight ransomware
Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab launched the No More Ransom initiative, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.
July 25, 2016
Read More


Law enforcement operation targets users of DDoS tools
From 5 to 9 December 2016, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of DDoS tools, leading to 34 arrests and 101 suspects interviewed and cautioned.
December 12, 2016
Read More


Leaked EXTRABACON exploit can work on newer Cisco ASA firewalls
EXTRABACON, one of the Equation Group exploits leaked by the Shadow Brokers, can be made to work on a wider range of Cisco Adaptive Security Appliance (ASA) firewalls than previously reported.
August 24, 2016
Read More


Leaked hacking tools can be tied to NSA's Equation Group
The batch of data released by the Shadow Brokers, an entity that claims to have hacked the Equation Group, contains attack tools that can be tied to the group.
August 17, 2016
Read More


Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8
Microsoft claims it has patched most of the exploited bugs
April 14, 2017
Read More


Leaked: Docs cataloguing CIA's frightening hacking capabilities
WikiLeaks has released 8,761 documents and files they claim originate from the US Central Intelligence Agency (CIA) — more specifically, from an "isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina."
March 7, 2017
Read More


Leaked: Personal info on 33+ million employees across the US
Personal and contact information on over 33 million employees of various US-based corporations and federal agencies like the Department of Defense has been leaked.
March 15, 2017
Read More


Leaked: Source code for Mirai IoT DDoS botnet
IoT-powered DDoS attacks are on the rise, and the situation is poised to become even worse now that the source code for the Mirai malware has been made public.
October 3, 2016
Read More


Leprechaun Software
develops VirusBUSTER, an anti-virus software that protects PCs from boot, program, macro, and email based viruses.
Provides Information
Read More


Lessons from the CIA Hacking Leak: how to Keep your Data Secure
Thousands of leaked secret Central Intelligence Agency documents showing how the group hacked into phones, computers and internet-connected televisions erupted Tuesday with the look of another bombshell expose of government spying run amok.
March 8, 2017
Read More


Like it or not, "cyber" is a shorthand for all things infosec
We have lost the cyber war. No, not that cyber war. Maybe war of words is a better way to put it. Whether we like it or not, cyber has become the default way for everyone else to talk about what we do.
March 27, 2017
Read More


Linksys Smart Wi-Fi routers full of flaws, but temporary fix is available
Over 20 models of Linksys Smart Wi-Fi routers have been found to have vulnerabilities that, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, change restricted settings, and inject and execute commands on the operating system of the router with root privileges.
April 20, 2017
Read More


Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks
Off-path attack means malicious hackers can be located anywhere on the Internet.
August 15, 2016
Read More


Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks
"Off-path" attack means hackers can be anywhere with no man-in-the-middle needed.
August 10, 2016
Read More


Linux kernel development: how fast it's going and who is doing it
The Linux Foundation analyzed the work done by over 13,500 developers over more than a decade, to provide insight into the Linux kernel development trends and methodologies used by thousands of different individuals collectively to create some of the most important software code on the planet.
August 23, 2016
Read More


Linux servers hit with FairWare ransomware -- or is it just a scam?
Users posting on Bleeping Computer's forums have alerted the world to a new threat targeting Linux server admins: the FairWare ransomware.
August 30, 2016
Read More


Linux vulnerability lets 'anyone in the world' hijack Internet traffic
Security researchers at the University of California, Riverside, have uncovered a major Linux vulnerability that enables hackers to hijack Internet traffic which, if exploited, can be used to intercept communications, launch targeted attacks, and lower Tor's anonymity. the vulnerability impacts iterations of the open-source kernel released in the past four years.
August 11, 2016
Read More


Linux/IRCTelnet creates new, powerful IoT DDoS botnet
Linux/IRCTelnet (new Aidra), a new piece of Linux malware targeting IoT devices and turning them into DDoS-capable bots, has been spotted and analyzed by one of the researchers who share their discoveries on the MalwareMustDie! blog.
November 2, 2016
Read More


Lip movement: Authentication through biometrics you can change
Choosing a unique, complex and long enough password that will still be easy to remember is a big challenge for most users, and most of them would happily opt for biometric authentication in a heartbeat.
March 16, 2017
Read More


Lithuanian arrested for $100 million BEC scams
Criminal charges were announced against Evaldas Rimasauskas for orchestrating a fraudulent business email compromise (BEC) scheme that induced two U.S.-based Internet companies to wire a total of over $100 million to bank accounts controlled by Rimasauskas. He was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.
March 22, 2017
Read More


Locky hidden in image file hitting Facebook, LinkedIn users
Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks.
November 24, 2016
Read More


Locky ransomware makes a comeback, courtesy of Necurs botnet
The Necurs botnet has, once again, begun pushing Locky ransomware on unsuspecting victims.
April 24, 2017
Read More


Locky ransomware reportedly spreading on Facebook Messenger via JPG file
Very recently, it was reported that a piece of malware was spreading on Facebook, which exploited an image file to install malware. Today, a security firm has discovered a similar trick, which again takes advantage of images in order to install the Locky ransomware.
November 24, 2016
Read More


LogiLube to offer ironclad security based on Waterfall's Unidirectional Security Gateway
Waterfall Security Solutions nnounced a collaboration with LogiLube to protect LogiLube's customers' industrial sites from online cyber attacks. by deploying Waterfall's Unidirectional Security Gateways, LogiLube's customers benefit from real-time, actionable and predictive analytics with protection from cyber risks due to Internet and cloud connections.
October 30, 2016
Read More


Login-stealing phishing sites conceal their evil with lots of hyphens in URL
Compromised domains target Android users with fake login pages for cloud services.
June 15, 2017
Read More


Logtrust debuts analytics solution for detecting threats in real-time
Logtrust announced at RSA Conference 2017 its Real-time Integrated Threat Analytics Solution Program.
February 15, 2017
Read More


Low-cost PoisonTap tool can compromise locked computers
A new attack tool devised by security researcher Samy Kamkar will leave you wishing you could take your computer with you everywhere you go.
November 17, 2016
Read More


Low-cost wireless keyboards open to keystroke sniffing and injection attacks
Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and payment card info users input through them.
July 26, 2016
Read More


Lure10: Exploiting Wi-Fi Sense to MITM wireless Windows devices
Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operati

Lyft customers face potential hack from recycled phone numbers
The problem involves Lyft's use of cell phone numbers to verify customers' identities.
October 22, 2016
Read More


Lyft customers face potential hack from recycled phone numbers
The problem involves Lyft's use of cell phone numbers to verify customers' identities.
October 25, 2016
Read More


Misc. - M

Machine learning in cybersecurity will boost big data, intelligence, and analytics spending
Cyber threats are an ever-present danger to global economies and are projected to surpass the trillion dollar mark in damages within the next year. as a result, the cybersecurity industry is investing heavily in machine learning in hopes of providing a more dynamic deterrent. ABI Research forecasts machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.
January 31, 2017
Read More


Machine learning in information security: Getting started
Machine learning (ML) technologies and solutions are expected to become a prominent feature of the information security landscape, as both attackers and defenders turn to artificial intelligence to achieve their goals.
March 7, 2017
Read More


macOS Sierra released, introduces auto unlock with Apple Watch
Apple released macOS Sierra, now available as a free update. the new OS brings Siri to the Mac, along with all-new capabilities designed specifically for use on the desktop. Features like Universal Clipboard, iCloud Desktop and Documents, Auto Unlock and Apple Pay on the web help your Mac work even better with other Apple devices.
September 21, 2016
Read More


Macro-based malware evolves to bypass traditional defenses
Macro-based malware is growing into full-featured malware capable of detecting and bypassing traditional security tools, Barkly researchers have discovered.
September 12, 2016
Read More


Magento-based online shops hit with self-healing malware
Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de Groot.
February 17, 2017
Read More


Mail.ru, Funcom gaming forums hacked, user databases stolen
Vulnerabilities in older versions of the popular vBulletin Internet forum software are being exploited left and right, and data of millions of forum users is being pilfered every day.
August 25, 2016
Read More


Major data breach strikes Cloudflare, change your passwords immediately
For years, Cloudflare has provided a variety of services, including content delivery, DNS, and protection from DDoS attacks. Its services are widely used by many different companies and websites, though it's also been criticized for serving as an enabler to online piracy, terrorist organizations (two of ISIS' three forums in 2015 were guarded by Cloudflare), and other malcontents.
February 24, 2017
Read More


Major international crackdown on tech support scams
The FTC, along with federal, state and international law enforcement partners, announced Operation Tech Trap, a nationwide and international crackdown on tech support scams that trick consumers into believing their computers are infected with malware, and then charge them hundreds of dollars for unnecessary repairs.
May 15, 2017
Read More


Major international law enforcement operation targets airline ticket fraud
193 individuals suspected of traveling with airline tickets bought using stolen, compromised or fake credit card details have been detained in a major international law enforcement operation targeting airline fraud. 43 countries, 75 airlines and 8 online travel agencies were involved in this global operation which took place at 189 airports across the world from 10-15 October 2016.
October 19, 2016
Read More


Major update drops for popular Pwntools penetration showbag
Hackers chuffed
August 24, 2016
Read More


Majority of workers blindly open email attachments
The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. of these respondents, 44 percent open these email attachments consistently every time they receive one, leaving organizations vulnerable to data breaches sourced to malicious attachments.
May 4, 2017
Read More


Making HTTPS phishing sites easier to spot
For years, we taught users that a website's URL that includes https at its very beginning is a relatively good indicator of whether they can safely input sensitive information into it.
June 28, 2017
Read More


Making enterprise content management secure and scalable
Content is one of the most valuable commodities that any business owns. It's the key driver of customer interactions, the foundation of core business processes, and it helps shape senior-level decision-making. Yet enterprises are clearly challenged by the need to manage large volumes of content in multiple formats -- and to do so in a compliant and secure manner.
June 27, 2017
Read More


Making security everybody's business goes beyond strong passwords
One of my colleagues recently shared a story that unfortunately, is not an uncommon happening among line of business application owners. He was monitoring a high value application using standard monitoring tools. He knew who was logging in, when, from where, and other information most application owners have purview to as part of their daily jobs.
May 4, 2017
Read More


Making sense of threat intelligence data in your IT environment
Threat intelligence data has been growing at an exponential rate of 39% a month. Enterprise customers are looking at around 30,000 events going into their SIEM every second. Only a small percentage have the infrastructure able to handle that amount of data.
March 8, 2016
Read More


Malicious ads trigger drive-by download of persistent Android adware
UK and US Android users have been saddled with unwanted apps via malicious ads that executed a drive-by download attack.
June 8, 2017
Read More


Malicious JPEGs can compromise your iPhone
A vulnerability in the iOS CoreGraphics component allows attackers to compromise iDevices by tricking victims into viewing a maliciously crafted JPEG file.
October 27, 2016
Read More


Malicious online ads expose millions to possible hack
The attack campaign, called Stegano, has been spreading from malicious ads hosted by news websites
December 6, 2016
Read More


Malicious online ads expose millions to possible hack
The attack campaign, called Stegano, has been spreading from malicious ads hosted by news websites.
December 6, 2016
Read More


Malicious spam volume hits two year high
According to the Kaspersky Lab Spam and Phishing in Q3 report, the company's products blocked 73,066,751 attempts to attack users with malicious attachments. this is the largest amount of malicious spam since the beginning of 2014 and is a 37 percent increase compared to the previous quarter.
November 11, 2016
Read More


Malicious torrents management tool uncovered
InfoArmor researchers have uncovered Raum, a tool that is used by Eastern European organized crime group "Black Team" to deliver malware to users through malicious torrents.
September 21, 2016
Read More


Malvertising campaign compromises routers instead of computers
The DNSChanger exploit kit is back and more effective than ever, and is being used in a widespread malvertising attack whose goal is to compromise small/home office routers.
December 16, 2016
Read More


Malvertising campaign targets routers and every device connected to router
Researchers warned that cyber-savvy crooks are using a malvertising campaign that infects routers and Android devices. Any devices connected to an infected router will also be infected.
December 14, 2016
Read More


Malware backdoors still the biggest threat to enterprises
New data from cloud security specialist Netskope shows that companies are still struggling to prevent network breaches and protect themselves at all points of entry.
April 20, 2017
Read More


Malware can Enable Surveillance by Turning Headphones Into Microphones
Researchers at the Ben-Gurion University of the Negev in Israel revealed that malware can turn headphones into microphones.
November 23, 2016
Read More


Malware distributors switch to less suspicious file types
Recent email-based malware distribution campaigns have used malicious LNK and SVG attachments instead of JavaScript
February 6, 2017
Read More


Malware framework using legitimate utilities lobbed at government agencies
Bitdefender researchers have unearthed a previously unknown malware framework that, unlike those used by most APTs, contains many legitimate utilities.
May 5, 2017
Read More


Malware from Friday's DDoS attack continues to harass in short bursts
Mirai-powered botnets are found attacking new, seemingly random targets.
October 27, 2016
Read More


Malware from last week's DDoS attack continues to harass
Mirai-powered botnets are found attacking new, seemingly random targets
October 27, 2016
Read More


Malware hidden in digitally signed executables can bypass AV protection
Researchers have shown that it's possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code -- all without triggering AV solutions.
August 08, 2016
Read More


Malware Hunter: Find C&C servers for botnets
Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers.
May 3, 2017
Read More


Malware masquerading as an image spreads via Facebook
Malware spreading via Facebook has become a rare occurrence, but it does still occasionally crop up.
November 21, 2016
Read More


Malware posing as Siemens PLC software is hitting industrial environments
What kind of malware is hitting industrial control systems, and how worried should we and the operators of theses systems actually be?
March 23, 2017
Read More


Man hacked, blackmailed gold bullion trading firm
25-year-old Adam Penny hacked the systems of an unnamed gold bullion trading firm, and used the stolen information about gold deliveries to intercept them before they are delivered to the rightful owners.
September 13, 2016
Read More


Managed threat hunting service evicts adversaries from enterprise networks
Accenture and Endgame have created a threat hunting service for clients, and will be demonstrating how it works at Black Hat USA 2016.
August 02, 2016
Read More


Managing third-party risk: Dominant trends
One in five organizations has faced significant risk exposure due to a third party in the last 18 months. of those who shared loss data, 25% said that the loss impact was greater than $10 million.
March 21, 2017
Read More


Many hospitals transmit your health records unencrypted
Healthcare IT organizations often lack budget and personnel to address security needs
August 22, 2016
Read More


Many tech senior decision-makers don't understand encryption
Nearly a quarter of tech senior decision-makers in the UK don't fully understand encryption, according to PKWARE.
September 28, 2016
Read More


March Patch Tuesday closes record number of vulnerabilities
With no February Patch Tuesday, it was to be expected that Microsoft would fix a huge number of security issues in March. they didn't disappoint: 139 unique CVEs have been resolved.
March 15, 2017
Read More


Massive cybercrime infrastructure demolished
After more than four years of investigation, the Public Prosecutor's Office Verden and the Luneburg Police in cooperation with the US Attorney's Office for the Western District of Pennsylvania, the DOJ and the FBI, Europol and Eurojust, dismantled an international criminal infrastructure platform known as Avalanche.
December 2, 2016
Read More


Massive Global Cyberattack Shuts Down World's Biggest Shipping Company
Petya is the new WannaCry.
June 27, 2017
Read More


Massive Google Phishing Attack Highlights OAuth's Flaws
Google announced yesterday that Gmail for Android will soon warn you about potentially malicious emails. the company's timing couldn't have been more ironic, because on the same day, roughly 1 million people were affected by a phishing attack that stole information from their Google accounts.
May 4, 2017
Read More


Massive Oracle Critical Patch Update fixes 270 vulnerabilities
Oracle has released the first Critical Patch Update scheduled for 2017, and it's massive. It fixes 270 vulnerabilities across multiple products, and over 100 of them are remotely exploitable by unauthenticated attackers.
January 19, 2017
Read More


Massive ransomware campaign spreading around the world like wildfire
Organizations around the world have been hit with the Wana Decrypt0r (aka WannaCry) ransomware, in what seems to be the most massive ransomware delivery campaign to date.
May 12, 2017
Read More


Mastercard acquires NuData Security
Mastercard has entered into an agreement to acquire NuData Security, a technology company that helps businesses prevent online and mobile fraud using session and biometric indicators. Terms of the agreement were not disclosed.
March 30, 2017
Read More


Mastercard introduces cards that work with fingerprints instead of PINs
Mastercard has added fingerprint sensors to its payment cards, in an attempt to make face-to-face payments more convenient and more secure.
April 20, 2017
Read More


Maximizing MSP Profits with Cybersecurity Partnerships
Managed service providers are tasked with serving a broad range of markets, from construction to healthcare; accounting to legal; staffing firms to manufacturing; media and advertising to technology. But the day-to-day MSP challenges, even across so many diverse verticals, remain the same.
December 13, 2016
Read More


MBRFilter: Cisco open sources tool to protect the Master Boot Record
Cisco's Talos research team has open sourced MBRFilter, a tool that aims to prevent a system's Master Boot Record (MBR) getting overwritten by malware.
October 20, 2016
Read More


McAfee Virus Scan Enterprise opens Linux machines to remote attackers
Security researcher Andrew Fasano has discovered a multitude of vulnerabilities in McAfee Virus Scan Enterprise product for Linux -- vulnerabilities that can be chained together to achieve root access to the machine running the software, and ultimately execute malicious code on it.
December 13, 2016
Read More


Measuring IT security health with GreySpark
In this podcast recorded at Black Hat USA 2016, Brit Wanick, Vice President of Sales, FourV Sytems, talks about measuring IT security health with GreySpark.
September 6, 2016
Read More


Media-stealing Android app targets developers
Symantec researchers have unearthed another app on Google play that secretly steals photos and videos from victims' mobile devices.
July 28, 2016
Read More


Medical washer-disinfector appliance's web server open to attack
Here's a string of words that you probably never thought you'll hear: An Internet-connected washer-disinfector appliance by German manufacturer Miele sports a vulnerable embedded web server.
March 27, 2017
Read More


Meet Apache Spot, a new open source project for cybersecurity
The effort taps big data analytics and machine learning for advanced threat detection
September 28, 2016
Read More


Megaviral Meitu "beauty" app's data grab is anything but skin-deep
Android version seeks intrusive permissions, sends lots of data to servers in China.
January 20, 2017
Read More


Meitu photo retouching app may be invading your privacy
Have you heard about Meitu, the photo retouching mobile app that turns people into more cutesy or beautiful versions of themselves? Chances are that even if you don't know the app's name, you've already seen examples of the final product posted on a social network of your choice.
January 20, 2017
Read More


Meitu pleads complete innocence against spyware claims
You may have seen our story earlier today about the worrying permissions used by photo app Meitu -- and you have almost certainly seen the disturbing images created in the app and shared on Facebook. the company behind the app -- also called Meitu -- has jumped to defend itself, insisting there is nothing sinister going on.
January 20, 2017
Read More


Meitu's photo-effects app tracks users without disclosing enough
It's not malware, but the long-popular Chinese app's U.S. breakout moment was marred by a lack of disclosure and leftover code. Its maker promises to improve.
January 20, 2017
Read More


Men overboard! US Navy spills data on 134k sailors
In the Navy, we sink thanks to HPE! In the Navy, we leak data with much ease!
November 23, 2016
Read More


Merchants and financial institutions deal with escalating cyber attacks
Unsurprisingly, the Q3 2016 ThreatMetrix report shows a sharp increase in the number and complexity of cyber attacks. During what is traditionally a slow quarter, researchers analyzed nearly 5 billion transactions, and stopped approximately 130 million attacks in real time -- a 40 percen

Metasploit upgraded to sniff out IoT weakspots in corporate networks
Radio frequency testing probes for foreign bodies
March 22, 2017
Read More


Michigan State University database with 400,000 student and staff records breached
Michigan State University has announced on Friday that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by a unauthorised third party.
November 21, 2016
Read More


Michigan State University: yet another data breach, yet another story to forget
On Nov. 18 2016, Michigan State University (MSU) reported that a database - which contained approximately 400,000 records including names, social security numbers and MSU identification numbers of current and former students and employees - was targeted by hackers resulting in a data breach.
November 22, 2016
Read More


Micro Focus merger with HPE's Software Business Segment worth $8.8 billion
Micro Focus announced today its intent to merge with HPE's Software Business Segment in a transaction valued at approximately $8.8 billion. the merger is subject to customary closing conditions, including anti-trust clearances and shareholder approval and is expected to close in Q3 2017.
September 8, 2016
Read More


Microsoft and Google increase bug bounty payouts
Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.
March 6, 2017
Read More


Microsoft bug bounty: now it doubles cash to put more focus on Office 365 flaws
Microsoft wants security researchers to switch more of their efforts to core applications in Office 365.
March 6, 2017
Read More


Microsoft butts heads with Google over critical Windows vulnerability disclosure
Google and Microsoft are butting heads once again over the former's decision to disclose a critical vulnerability in Windows days after alerting Microsoft. Detailed on Google's security blog, the disclosure relates to a 0-day (meaning it hasn't been publicly described before) vulnerability that could allow privilege escalation.
November 1, 2016
Read More


Microsoft buys security-automation vendor Hexadite
Microsoft plans to beef up its Windows Defender Advanced Threat Protection service in Windows 10 with its purchase of Hexadite.
June 8, 2017
Read More


Microsoft changing how Security-Only Patch Supersedence Works this Month
Microsoft today announced a December change in its servicing model for older Windows environments after some customers got tripped up by the new patch model.
December 6, 2016
Read More


Microsoft Details Windows 10's Built-in Ransomware Protection
When WannaCry hit last month, Microsoft took the unusual step of patching all of its older operating systems to guard against the systemic threat the ransomware posed to infrastructure and critical facilities, like hospitals. The one OS that didn't require any patching was Windows 10. Now, Microsoft has released a report on how Windows 10 is designed to prevent ransomware attacks. While such techniques are always a race between black hats on one side and white hats on the other, it's an interesting look at how OS design has evolved over the years, and what an OS developer can do to help prevent them.
June 14, 2017
Read More


Microsoft ends Tuesday patches
Yesterday was a big day for Patch Tuesday. It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
September 14, 2016
Read More


Microsoft extends support for EMET, but its days are numbered
The days of EMET, Microsoft's Enhanced Mitigation Experience Toolkit for Windows, are numbered. Although, the company has listened to the customers' pleas, and is extending its end of life date to July 31, 2018 (it was previously scheduled for January 27, 2017).
November 4, 2016
Read More


Microsoft extends the Microsoft Edge Bounty Program
Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced.
June 22, 2017
Read More


Microsoft fixes another 'potentially extremely bad' vulnerability found by Google researcher
Google's Project Zero researcher Travis Ormandy seems to have a way with Windows exploits. Just three days after he revealed what he called a 'crazy bad vulnerability' in Windows earlier this month, he was back at it again with another critical exploit in Microsoft's Windows Defender.
May 29, 2017
Read More


Microsoft flips Google the bird after Windows kernel bug blurt
Security flaw will be fixed next week, says Redmond exec
November 1, 2016
Read More


Microsoft Ignite: Windows Defender Application Guard Coming to Windows Insiders for Testing
One of the new features/services announced during today's morning keynote at Microsoft Ignite is called Windows Defender Application Guard.
September 26, 2016
Read More


Microsoft is killing off SMBv1 in Windows 10 to thwart the likes of WannaCry
From the fall, Microsoft is disabling SMBv1 in Windows 10. With the release of Windows 10 Fall Creators Update (or Redstone 3 if you prefer), the protocol that was exploited by the WannaCry ransomware will be no more.
June 19, 2017
Read More


Microsoft is Ticked at Google for Publicizing a Windows Security Flaw
Google takes software security very, very seriously. So seriously, in fact, that they have no problem stepping on one of their main competitors' toes when they notice something that needs fixing.
November 1, 2016
Read More


Microsoft may offer a one-time discount on Windows 10 in India to curb ransomware threats
With two major ransomware outbreaks within a very short period, the need to upgrade from older, insecure versions of Windows to the latest version of the operating system has been realized by all. For most users in developing countries such as India, the pricing of the OS still remains an issue. However, the country's chief of cybersecurity has now revealed that Microsoft has agreed to give a one-time discount for Windows 10 upgrades in the country.
June 30, 2017
Read More


Microsoft not happy with Google's disclosure of Windows bug
The web giant says no fix or advisory has been issued even though it reported the flaw 10 days ago.
November 1, 2016
Read More


Microsoft Office vulnerabilities mean no .doc is safe
On the same day as a big Windows 10 update, Microsoft is patching an Office flaw that could let hackers take control of your machine.
April 11, 2017
Read More


Microsoft opens cybersecurity center to protect Mexicans
The Cybersecurity Engagement Center will bring together technology, experience and services to support government efforts against cybercrime while also helping companies and citizens to be more secure.
February 24, 2017
Read More


Microsoft patches 68 vulnerabilities in Windows, Office, Edge, and more
Two of the patched flaws are already being exploited and three have been publicly disclosed
November 9, 2016
Read More


Microsoft patches 68 vulnerabilities, two actively exploited ones
Two of the patched flaws are already being exploited and three have been publicly disclosed
November 9, 2016
Read More


Microsoft patches Windows flaw reported by Google
Microsoft has kept its promise and delivered a vulnerability patch for its Windows operating system, for a flaw, revealed by Google, which allowed attackers to gain full control of a targeted system.
November 10, 2016
Read More


Microsoft PatchGuard flaw could let hackers plant rootkits on x64 Windows 10 boxen
Redmond shrugs, says PC would already need to be thoroughly pwned
June 22, 2017
Read More


Microsoft plugs crazy bad bug with emergency patch
On Monday night, Microsoft released a critical out-of-band security update for the Microsoft Malware Protection Engine, to plug an easily exploitable bug that could allow remote attackers to compromise target Windows machines.
May 9, 2017
Read More


Microsoft pushes out patches for critical Flash Player vulnerabilities
Microsoft has skipped its February 2017 Patch Tuesday and postponed the release of those patches for March, but there are apparently security vulnerabilities that must be fixed now.
February 22, 2017
Read More


Microsoft pushes out critical Flash Player patches with one week delay
A critical Windows update released Tuesday fixes vulnerabilities in Flash Player
February 22, 2017
Read More


Microsoft releases five critical updates
Microsoft continued a trend of fewer updates than we are used to with only 9 bulletins (5 critical and 4 important) released this month. It stands to reason that Microsoft may have kept things simple so as not to over shadow the release of their Windows 10 Anniversary update.
August 10, 2016
Read More


Microsoft releases one of its biggest security updates this year
Half of the 14 security bulletins released Tuesday cover critical vulnerabilities
September 14, 2016
Read More


Microsoft releases Windows Ransomware Patch, Blasts NSA for Malware Stockpile
Microsoft on Friday released a security update for Windows XP that fixes an SMB v1 hole that has been recently used to spread ransomware via phishing attacks.
May 15, 2017
Read More


Microsoft responds to Google releasing security vulnerability, will patch it next week
Yesterday, we reported that Google released the details of a critical Windows 10 vulnerability just ten days after telling Microsoft about it. Microsoft responded today with a TechNet blog post that was written by none other than the Executive Vice President of the Windows and Devices Group, Terry Myerson.
November 1, 2016
Read More


Microsoft should be applauded for its response to the WannaCrypt crisis
I've certainly been highly critical of Microsoft in the past, particularly last year when the company began forcing Windows 10 on to users.
May 15, 2017
Read More


Microsoft signs agreement to acquire Hexadite
Microsoft signed agreement to acquire Hexadite to support ongoing investments in next-gen security innovation
June 8, 2017
Read More


Microsoft takes security to the Edge with Windows Defender Application Guard
With many cyber attacks now initiated through the browser, endpoint security is something all businesses need to take seriously.
September 26, 2016
Read More


Microsoft to governments: Stop hoarding vulnerabilities
Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about critical software vulnerabilities (and exploits for them).
May 15, 2017
Read More


Microsoft Touts Windows 10 'Creators Update' Ransomware Protections
Microsoft has published details about how the Windows 10 "creators update" (version 1703, released in April) provides protection against ransomware, including last month's infamous "WannaCrypt" (or "WannaCry") ransomware outbreak.
June 12, 2017
Read More


Microsoft turns two-factor authentication into one-factor by ditching password
As long as you can log in to your phone, you can log in to your Microsoft Account.
April 19, 2017
Read More


Microsoft unveils a bonanza of security capabilities
New features for Windows and Office 365 aim to help businesses with cybersecurity
February 10, 2017
Read More


Microsoft users can ditch password-based logins for phone sign-in 2FA
Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password.
April 20, 2017
Read More


Microsoft Warns of Windows Zero-Day Flaw Exploited by Russian Hackers
Microsoft on Tuesday confirmed that the allegedly Russian hacking group Strontium has launched a spear phishing campaign to exploit a recently discovered flaw in Windows 10.
November 2, 2016
Read More


Microsoft: 'No known ransomware works against Windows 10 S'
When WannaCry was running rampant on older versions of Windows -- Windows 7 being the most at risk -- Windows 10 was unaffected. According to Microsoft, "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack."
June 8, 2017
Read More


Microsoft: Russian hackers are exploiting Windows flaw exposed by Google
Microsoft says that a vulnerability in Windows made public by Google has been exploited by a hacking group with links to Russia. the group -- known variously as Strontium, Fancy Bear, and APT 28 -- has executed several spear phishing attacks, the company says.
November 2, 2016
Read More


Microsoft: Windows 10 will stop a ransomware epidemic when antivirus fails
Microsoft's latest argument for moving to Windows 10 is its built-in security features that can stop a ransomware infection from becoming an epidemic.
January 31, 2017
Read More


Microsoft's decision to retire security tool is myopic
Plan to end EMET support in mid-2018 comes under fire from security analyst
November 29, 2016
Read More


Microsoft's new Authenticator app lets you approve logins from an Apple Watch
Microsoft is overhauling its authenticator apps for Android and iOS next month, with new features and a refreshed user interface. While Microsoft has long supported two-factor authentication for multiple services on Android, the iOS app has always been restricted to Microsoft Azure. That's changing on August 15th, and the new apps for both iOS and Android will support two-factor codes from a variety of services.
July 25, 2016
Read More


Millions exposed to malvertising that hid attack code in banner pixels
Manipulated images are almost impossible to detect by the untrained eye.
December 6, 2016
Read More


Millions of Hijacked "Smart" Devices Already Aiding Criminals, Research Finds
Ever since "smart," connected devices began to form the internet of things a few years back, some experts have warned that we could be facing a future where your toaster, washing machine, and TV become part of a sophisticated botnet used to attack others. Well, those experts say, the future is now.
October 13, 2016
Read More


Millions of job seekers' info exposed via easily accessible database backups
A data leak has exposed sensitive information about millions of job seekers that used global recruitment firm Michael Page.
November 11, 2016
Read More


Millions of smart devices in Spain are vulnerable to attack
Avast revealed the findings of its research experiment into smart devices, including public and private webcam vulnerabilities in Spain, and, specifically, in Barcelona.
February 28, 2017
Read More


Minecraft players get scams instead of mods
Google has recently removed 87 fake Minecraft mods from Google Play, after being notified by researchers about their malicious nature.
March 23, 2017
Read More


MineMeld: the "Swiss army knife" of threat intelligence feeds
Palo Alto Networks has made publicly available MineMeld, an open source, community supported framework that can simply your consumption and sharing of threat intelligence
August 04, 2016
Read More


Mirai is the hydra of IoT security: Too many heads to cut off
Some botnets have been disbanded, but new uses continue to emerge
March 14, 2017
Read More


Mirai Linux Trojan corrals IoT devices into DDoS botnets
Mirai, a newly discovered and still poorly detected piece of Linux malware, is being used to rope IoT devices into DDoS botnets.
September 7, 2016
Read More


Mirai malware is infecting Sierra Wireless cellular network equipment
AirLink cellular gateway devices by Sierra Wireless are being infected by the infamous Mirai malware.
October 17, 2016
Read More


MITRE offers temporary solution to the CVE assignment problem
MITRE's short-term solution to the problem of slow CVE assignment is to set up an experimental system for issuing federated CVE IDs using a new format.
March 18, 2016
Read More


Mobile forensics firm Cellebrite confirms data breach
Israeli mobile forensics firm Cellebrite has announced that it has suffered a data breach following an unauthorized access to an external web server.
January 13, 2017
Read More


Mobile payment card cloning: Understanding the risks
Mobile contactless payments have grown exponentially and Host Card Emulation (HCE) -- the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware -- has also boosted the number of applications.
April 12, 2017
Read More


Mobile pros are addicted to Wi-Fi, connectivity impacts their choices
iPass surveyed more than 1,700 mobile professionals worldwide about their connectivity habits and preferences, highlighting the ever-increasing influence of Wi-Fi on our daily lives.
November 16, 2016


Mobile ransomware increases 200 percent
There's been a startling 200 percent increase in mobile ransomware detection in Q2, according to Quick Heal. this amounts to nearly 50 percent of the ransomware detected in all four quarters of 2015 combined.
September 2, 2016
Read More


Mobile security stripped bare: Why we need to start again
We're all familiar with the cartoon image of a character stopping a water leak by plugging a finger into the hole, only for another leak to start, needing another finger, and so on, until the character is soaked by a wave of water.
September 28, 2016
Read More


Mobile users actively spammed from compromised iCloud accounts
Spammers have been compromising North American Apple users' iCloud accounts, and using them to send spammy text messages to mobile users in China.
September 19, 2016
Read More


Mobile workers continually expose organizations to security risks
29 percent of organisations have already experienced either a data loss or breach as a direct result of mobile working, according to research conducted by Vanson Bourne. as many as 44 percent expect that mobile workers will expose their organisation to the risk of a data breach. Underlining this concern, 48 percent say employees are one of their biggest security risks.
March 15, 2017
Read More


Modern security programs: Artificial intelligence and machine learning
A new research report by Carbon Black aggregates insight from more than 400 interviews with leading cybersecurity researchers who discussed non-malware attacks, artificial intelligence (AI) and machine learning (ML), among other topics.
March 29, 2017
Read More


Modern threat landscape: Seismic shifts in motivation and focus
Cybercriminals revealed new levels of ambition in 2016 -- a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec's Internet Security Threat Report (ISTR), Volume 22.
April 27, 2017
Read More


Monitoring scanning activities that could lead to IoT compromises
IoT devices are ideal targets for attackers looking to build DDoS botnets because they have limited or non-existent security features.
February 8, 2017
Read More


More and more apps equipped with ultrasonic tracking capability
Researchers have found 234 Android applications that are constantly listening for ultrasonic beacons in the background, allowing companies to track users' current location or their habits -- without the users' knowledge.
May 3, 2017
Read More


More Android-powered devices found with Trojans in their firmware
Doctor Web researchers have discovered two types of downloader Trojans that have been incorporated in the firmware of a number of Android-powered devices.
December 13, 2016
Read More


More attacks, new technologies: Cybersecurity predictions for the year ahead
Every day, the cybersecurity landscape changes. Each new device connected to the network presents a new target for attackers that needs to be secured, and each new social media post creates new risks for phishing attacks or social engineering.
January 3, 2017
Read More


More fun in the sandbox: Experts praise security improvements to Edge
Time will tell if Microsoft's browser is less ez2pwn
March 30, 2017
Read More


More links between WannaCry and Lazarus group revealed
Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist.
May 23, 2017
Read More


More mobe malware creeps into Google play -- this time, ransomware
Charger seeks to drain bank accounts of unlucky 'droids
January 26, 2017
Read More


More people infected by recent WCry worm can unlock PCs without paying ransom
A tool released on Friday decrypts PCs running a fuller suite of Windows versions.
May 19, 2017
Read More


More than 840,000 Cisco devices are vulnerable to NSA-related exploit
The vulnerability could allow hackers to extract potentially sensitive information from devices' memory
September 21, 2016
Read More


More than a million people were affected by the Google Docs phishing attack
A small percentage of Gmail users -- which is still a lot of users -- were affected.
May 4, 2017
Read More


More than half of malware infected files in cloud apps are shared with others
The latest report on enterprise cloud usage and trends from cloud security specialist Netskope reveals that 55.9 percent of malware-infected files found in cloud apps are shared publicly.
September 8, 2016
Read More


More than half of UK enterprises hit by ransomware attacks
A multi-country study that surveyed 540 CIOs, CISOs and IT Directors from companies with an average of 5,400 staff across the UK, US, Canada, and Germany and found that nearly 40 percent of businesses have experienced a ransomware attack in the last year. of these victims, more than a third lost revenue and 20 percent had to stop business completely.
August 04, 2016
Read More


Most activity on the dark web is legal and mundane
Terbium Labs has conducted a data-driven, fact-based research report that looked to identify what's really taking place on the far corners of the Internet.
November 3, 2016
Read More


Most businesses don't inspect cloud services for malware
The growing use of cloud services and the lack of visibility into sensitive information in the cloud can result in more damaging or costly data breaches, according to the Ponemon Institute. the survey found that the majority of enterprises have not or do not know if they inspect their cloud services for malware.
October 13, 2016
Read More


Most businesses will not put off cloud adoption because of security concerns
Businesses are pressing ahead with their digital transformation plans, despite fears of being hit by a cyber attack or data protection regulations. This is according to a new independent research report from Advanced, which questioned over 500 senior executives in UK organisations about their attitudes to using the cloud as part of their digital transformation plans.
June 26, 2017
Read More


Most CISOs and CIOs need better resources to mitigate threats
Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, according to results from a new Ponemon Institute study.
July 19, 2016
Read More


Most companies falsely believe their Active Directory is secure
A majority of companies falsely believe their Active Directory (AD) is secure, according to a new survey conducted jointly by Skyport Systems and Redmond Magazine.
May 11, 2017
Read More


Most corporate finance leaders expect to change fraud-fighting strategies
Today's senior finance executives are battling record levels of fraud, in turn narrowing corporate focus and limiting resources that could otherwise be devoted to innovation, planning, budgeting and compliance.
June 16, 2017
Read More


Most employees use unsanctioned group chat tools
Employees are sharing sensitive company information using group chat tools that are not officially sanctioned for use, according to SpiderOak.
January 20, 2017
Read More


Most employees violate policies designed to prevent data breaches
Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers, according to CEB. to mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies.
November 2, 2016
Read More


Most Face Authentication Systems can be Bypassed by 3D Models of Facebook Photos; now What?
Face authentication systems have long had a problem with being tricked by still images. However, as the authentication systems became smarter, so did the mechanisms to fool them. Security researchers from the University of North Carolina discovered that 3D models of faces made from Facebook photos can bypass the majority of face authentication systems in use today, with up to 100% success rate if the photos are taken indoors.
August 23, 2016
Read More


Most Major Antivirus Programs Bypassed by the CIA, Shows WikiLeaks Document
WikiLeaks recently published thousands of documents that the organization said belongs to the CIA. Among them, there was a document that showed a list of antivirus and other security products that have been exploited and bypassed by the CIA.
March 8, 2017
Read More


Most organizations are unaware of daily malicious activity
A new DomainTools survey of more than 550 security analysts, IT managers, and executives revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network. More than one in four organizations have been breached in the past 12 months, while 23 percent aren't sure if they have been breached or not.
January 26, 2017
Read More


Most organizations believe their mainframe is more secure than other systems
While 78 percent of CIOs say their mainframe is more secure than other systems, 84 percent say they are still exposed to a significant risk of insider threats due to blind-spots in internal data access and controls.
June 7, 2017
Read More


Most organizations were victims of business email compromise in 2016
Nearly three quarters of corporate treasury and finance professionals said their companies were victims of payments fraud last year, according to the Association for Financial Professionals (AFP). this is the highest percentage since the survey debuted in 2005 and comes after a dramatic increase in 2015.
April 6, 2017
Read More


Most people would pay a ransom to get their data back
The high-profile WannaCry attack was the first time that 57% of US consumers were exposed to how ransomware works, the results of a recent Carbon Black survey have revealed.
May 26, 2017
Read More


Most security pros expect increasing attacks on Industrial Internet of Things
A new Dimensional Research survey looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.
March 13, 2017
Read More


Most unpatched Joomla sites compromised in latest wave of attacks
If you run a Joomla-based website and you haven't implemented the latest security release of the CMS, your site has been almost surely compromised.
October 30, 2016
Read More


Most would stop using digital payments if breached
88% of respondents to a survey conducted by Wakefield Research would stop using digital payments if they personally fell victim to cybercriminal activities as a result of a data breach.
October 20, 2016
Read More


Moving toward an intelligent hybrid security model
Cyber attacks aren't slowing down -- in fact, 76 percent of organizations have experienced a breach within the last two years. Enterprises of all sizes, across every industry, are challenged to respond to increasingly complex and severe attacks -- often only learning about the size, severity, and type of incident they're dealing with as their security teams work to stop them.
September 13, 2016
Read More


Moving towards compliance: GDPR issues and challenges
In this podcast, Mike McCandless, VP of Sales and Marketing for Apricorn, and Jon Fielding, Managing Director for Apricorn EMEA, discuss the European Union General Data Protection Regulation, otherwise known as GDPR, and look at some of the issues and challenges organizations will likely face whilst moving towards compliance.
June 6, 2017
Read More


Mozilla ports simplified private browsing app to Android
Less than a year since the release of Firefox Focus for iOS, Mozilla has ported the privacy-focused browser to Android.
June 21, 2017
Read More


Mr Chow plates up sticky ransomware
Global Chinese restaurant chain serves old recipe of Darkleech with exploit kit sauce
September 7, 2016
Read More


MS Office zero-day exploited in attacks -- no enabling of macros required!
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe -- not even those who use a fully patched Windows 10 machine.
April 10, 2017
Read More


MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability (CVE-2017-0199) publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking malware.
April 11, 2017
Read More


MSPs Won't Believe what Ransomware is up to Now...
Did we get you to click? That's how the bad guys get you, too. One little click on the wrong link and your clients' businesses could be up the proverbial creek.
December 21, 2016
Read More


MTV's Catfish wants to introduce people to their internet trolls in real life
MTV's Catfish: the TV Show, a morally questionable documentary series based on the infamous, morally questionable documentary film of the same name, usually seeks out romantic relationships between internet strangers from which to draw poignant and/or horrifying human drama.
April 24, 2017
Read More


Multi-layered phishing mitigation
In this podcast recorded at Black Hat USA 2016, Eyal Benishti, CEO at IRONSCALES, talks about their multi-layered phishing mitigation solution, which brings together human intelligence and machine learning in a way that allows automated phishing incident response.
August 12, 2016
Read More


Multiple security flaws found in mainstream robotic technologies
IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. the array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack.
March 2, 2017
Read More


My data, my problem
I haven't seen BlackHat, you know the movie featuring Chris Hemsworth? In fact the list of shows or movies I haven't seen (or in fact am unlikely to see) is growing as the world of 'hacking' becomes more in tune with popular culture. to be entirely honest this is not really a hardship, but one of the most frustrating elements of working in the field of information security is how difficult it is becoming to live your day to day life without accepting how organizations manage my data.
August 08, 2016
Read More


myLG: Open source command line network diagnostic tool
myLG (my Looking Glass) is an open source utility that combines the functions of different network probes into one network diagnostic tool. It comes as a single binary with no dependencies.
August 16, 2016
Read More


MySQL 0-day could lead to total system compromise
Researcher Dawid Golunski has discovered multiple severe vulnerabilities affecting the popular open source database MySQL and its forks (e.g. MariaDB, Percona).
September 12, 2016
Read More


MySQL zero-day exploit puts some servers at risk of hacking
The unpatched vulnerability can be exploited to gain root access to servers
September 12, 2016
Read More


Mystery deepens over Android spyware targeting Israeli soldiers
'Unlikely Hamas is responsible' — researchers
February 17, 2017
Read More


Misc. - N

Nagios Core 4.2.4 closes serious root privilege escalation bug
If you're using Nagios Core to monitor your systems, networks and infrastructure, and you have not updated to version 4.2.4, you better hop to it.
December 16, 2016
Read More


Navigating a way through the cloud
Private cloud is a compelling proposition for many businesses. with the help of server virtualisation, you can take your own infrastructure; make it 'cloud-like' and because it is local, fully control its performance.
November 9, 2016
Read More


Nearly 800,000 Brazzers users' credentials exposed
Account login credentials of nearly 800,000 Brazzers porn site users have been stolen in 2012, but the breach has only now come to light, after the data dump was obtained by breach monitoring site Vigilante.pw.
September 6, 2016
Read More


Nearly all WannaCry victims were running Windows 7
Roughly 98 percent of PCs hit by the ransomware attack were running Windows 7, says security firm Kaspersky Lab.
May 19, 2017
Read More


Nearly half of consumers have been cybercrime victims
45% of consumers have been a victim of some form of cybercrime – with 65% choosing not to report the incident to authorities. Research also found that one in six of these consumers have lost funds due to online fraud, with 20% losing in excess of $1,298.
October 28, 2016
Read More


Needle iOS security testing tool to be unveiled at Black Hat Arsenal
In a session at Black Hat USA 2016 on Wednesday, Marco Lancini, Security Consultant at MWR InfoSecurity, will demonstrate publicly for the first time a new iOS security testing tool.
August 1, 2016
Read More


Nemucod Ransomware Analysis
Today, we'll look at yet another variant in the massive crop of malware that takes users' files hostage: Nemucod ransomware.
August 16, 2016
Read More


Net Cease: Microsoft researchers unveil anti-reconnaissance tool
Microsoft researchers Itay Grady and Tal Be'ery have released Net Cease, a PowerShell script that prevents attackers who have already compromised an endpoint from getting information about other targets within the same corporate network.
October 18, 2016
Read More


Netflix 4K streaming comes to the PC–but it needs Kaby Lake CPU
You will also need latest version of Windows 10, Edge browser to get 4K video.
November 22, 2016
Read More


Netflix Phishing Attack Steals Credit Card Data, Personal Info
FireEye revealed that Netflix users in the United States were recently targeted by a phishing campaign.
January 9, 2017
Read More


Netflix US Twitter account hacked
Streaming steaming

Read More


Netgear pushes out beta firmware for vulnerable router models
Netgear has confirmed that eight of its router models are vulnerable to device hijacking due to a vulnerability that can be easily exploited by remote, unauthenticated attackers.
December 13, 2016
Read More


Netherlands reverts to hand-counted votes to quell security fears
Windows XP? SHA-1? USB sneakernet? what were they thinking? Or smoking?
February 2, 2017
Read More


Netskope expands its Threat Protection product to cover ransomware
Ransomware is increasingly big business and more than 43 percent of malware types are used to deliver it. It can also be unwittingly spread via the use of cloud services.
October 17, 2016
Read More


Network Management Systems are a 'treasure map' for hackers
Payroll printer, HR's server - wahey... jackpot!
September 7, 2016
Read More


Network management vulnerability exposes home cable modems to hacking
SNMP authentication bypass flaw could be used to hijack hundreds of thousands of cable modems from around the world.
April 28, 2017
Read More


Network security: a team sport for SMBs
The increased volume and frequency of cyberattacks has made information security an everyday issue of great importance, regardless of your geographical location, industry, language or culture. Soccer, often regarded as the world's most popular sport, is a similar universal phenomenon -- one that lends itself well as a lens to see how SMB teams can work together to mitigate security risks.
November 28, 2016
Read More


Network teams spend more time on data security amidst new threats
Enterprise network teams are expending more time and resources than ever before to battle security threats, according to Viavi Solutions, who surveyed 1,035 CIOs, IT directors, and network engineers around the world.
April 11, 2017
Read More


New AirDroid releases fix major security issues
Popular AirDroid remote management tool for Android can now be used without worrying about malicious updates and data theft, its developers claim.
December 12, 2016
Read More


New Android malware breaches over a million Google accounts
Researchers at cyber security company Check Point have uncovered a new malware variant that has breached more than a million accounts and is infecting over 13,000 Android devices a day.
November 30, 2016
Read More


New attack sounds death knell for widely used SHA-1 crypto hash function
SHA-1 is definitely, provenly dead, as a group of researchers from CWI Institute in Amsterdam and Google have demonstrated the first practical technique for generating a collision.
February 24, 2017
Read More


New attack steals SSNs, e-mail addresses, and more from HTTPS pages
Approach exploits how HTTPS responses are delivered over transmission control protocol.
August 03, 2016
Read More


New Browser Act would restore restrictions on sharing browsing history
Google and Facebook would face the same rules as Comcast and AT&T
May 19, 2017
Read More


New class of attacks affects all Android versions
Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users' Android devices.
May 26, 2017
Read More


New cloud attack takes full control of virtual machines with little effort
Existing crypto software "wholly unequipped" to counter Rowhammer attacks.
August 31, 2016
Read More


New code injection attack works on all Windows versions
Researchers from security outfit enSilo have uncovered a new code injection technique that can be leveraged against all Windows versions without triggering current security solutions.
October 28, 2016
Read More


New emoji are on the way, including airline pilot and rainbow flag
The list of hugely popular little drawings on your phone are going to expand again, making your life a little more colorful, one message at a time.
August 25, 2016
Read More


New FCC privacy rules protect broadband users
The Federal Communications Commission today adopted rules that require broadband ISPs to protect the privacy of their customers. the rules ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.
October 27, 2016
Read More


New Gmail anti-phishing features rely on machine learning
Google has announced several new security features and improvement of existing ones in order to protect Gmail users against phishing emails.
June 2, 2017
Read More


New Gmail phishing technique fools even tech-savvy users
An effective new phishing attack is hitting Gmail users and tricking many into inputing their credentials into a fake login page.
January 16, 2017
Read More


New Home Depot Data Leak Exposes Gap In Consumer Privacy Protection
Recently, Consumerist received an anonymous tip pointing to an internet address that hosted digital images of bathtubs, garage doors, kitchen countertops, contractors at work on various projects, and customers picking out and paying for products in a home-center store. the site also hosted 13 Excel spreadsheets of customer records, including the full names, phone numbers, mailing addresses and email addresses of approximately 8,000 people, as well as other information chronicling the apparent installation complaints of each customer.
April 27, 2017
Read More


New home router OS tackles firmware shortcomings
Router hardware has evolved and improved over the years, but its firmware remains stuck in the dark ages when it comes to security, network traffic visibility and control. Recognizing the inherent limitations in popular commercial routers, Untangle set about making a radical new OS for home routers based on its popular, broadly installed and easy-to-use NG Firewall product.
August 05, 2016
Read More


New Huddle release improves security and control
Business collaboration tools are increasingly essential in the enterprise, but they need to keep content secure, especially in professional services environments that handle sensitive client data.
August 23, 2016
Read More


New infosec products of the week​: June 30, 2017
Protection against the impacts of malware, ransomware and DNS data exfiltration
June 30, 2017
Read More


New infosec products of the week​: June 23, 2017
API Behavioral Security: Detecting and blocking attacks targeting API infrastructures
June 23, 2017
Read More


New infosec products of the week​: June 16, 2017
Uplevel Systems unveils managed VPN service infrastructure
June 16, 2017
Read More


New infosec products of the week​: June 9, 2017
Absolute expands its self-healing endpoint security and compliance solutions for Android devices
June 9, 2017
Read More


New infosec products of the week​: June 2, 2017
EclecticIQ Platform broadens scope of available cyber threat intelligence
June 2, 2017
Read More


New infosec products of the week​: May 26, 2017
Independent expert advice on Data Protection and GDPR
May 26, 2017
Read More


New infosec products of the week​: May 19, 2017
Delta is testing facial recognition technology
May 19, 2017
Read More


New infosec products of the week​: May 12, 2017
Versive Security Engine detects cyber campaigns automatically with AI
May 12, 2017
Read More


New infosec products of the week​: May 5, 2017
Inside threat detection and alerting from Code42
May 5, 2017
Read More


New infosec products of the week​: April 28, 2017
Cyberbit EDR uses adaptive behavioral analysis to detect fileless, signature-less attacks
April 28, 2017
Read More


New infosec products of the week​: April 21, 2017
ThreadFix integrates application security into DevOps pipelines
April 21, 2017
Read More


New infosec products of the week​: April 7, 2017
A rules engine that adapts to changing attack patterns
April 7, 2017
Read More


New infosec products of the week​: March 31, 2017
Waterfall Security, CNA Hardy and THB partner to create global industrial cyber proposition
March 31, 2017
Read More


New infosec products of the week​: March 24, 2017
Lookout expands mobile endpoint security solution
March 24, 2017
Read More


New infosec products of the week​: March 17, 2017
Capture, process, analyze data generated by IoT devices
March 17, 2017
Read More


New infosec products of the week​: March 3, 2017
Nehemiah Security's AtomicEye RQ quantifies the effects of cyber exploits
February 23, 2017
Read More


New infosec products of the week​: February 24, 2017
Security solutions for IoT automotive telematics
February 24, 2017
Read More


New infosec products of the week: February 10, 2017
Capsule8: Container-aware, real-time threat protection for Linux
February 10, 2017
Read More


New infosec products of the week?: February 3, 2017
New approach to continuous Docker container security
February 3, 2017
Read More


New infosec products of the week?: January 27, 2017
Prevent DNS-based data exfiltration and detect malware
January 27, 2017
Read More


New infosec products of the week?: January 20, 2017
Twistlock 1.7 comes with new runtime defense architecture
January 20, 2017
Read More


New infosec products of the week?: January 13, 2017
Denim Group enhances ThreadFix platform
January 13, 2017
Read More


New infosec products of the week?: December 16, 2016
Ixia enhances network assessment and monitoring platform
December 16, 2016
Read More


New infosec products of the week?: December 9, 2016
Thales releases advanced encryption solutions for secure docker containers
December 9, 2016
Read More


New infosec products of the week?: December 2, 2016
Trend Micro offers Deep Security as a Service on AWS Marketplace
December 2, 2016
Read More


New infosec products of the week?: November 25, 2016
Anomali STAXX: Easy way to subscribe to any STIX/TAXII feed
November 24, 2016
Read More


New infosec products of the week?: November 18, 2016
ThreatQuotient delivers threat intelligence platform for threat operations and management
November 18, 2016
Read More


New infosec products of the week?: November 11, 2016
Norton Mobile Security for Android boosts security and privacy protections
November 11, 2016
Read More


New infosec products of the week?: November 4, 2016
Cisco transforms endpoint security with AMP for Endpoints
November 4, 2016
Read More


New IoT malware targets 100,000 IP cameras via known flaw
The new malware emerged exploiting vulnerabilities that a researcher reported in March
May 9, 2017
Read More


New Mac malware linked to Russian hackers of US election
APT28, blamed for the hack of the Democratic Party, releases Xagent malware that can steal iPhone backups.
February 15, 2017
Read More


New malware campaign avoids detection to target major financial brands
Updated versions of the Gozi malware are being used in currently active campaigns targeting global financial brands according to threat intelligence experts buguroo Labs.
August 03, 2016
Read More


New Microsoft Edge vulnerability allows hackers to steal your cookie and password data
Security researcher Manuel Caballero has discovered a vulnerability in the code of Microsoft's default browser for Windows 10, that can allow the theft of password and cookie data from your computer, giving unauthorized access to sites such as Facebook and Twitter.
May 12, 2017
Read More


New minimum code signing requirements for use by all CAs
The Certificate Authority Security Council, an advocacy group committed to the advancement web security, announced the Code Signing Working Group has released new Minimum Requirements for Code Signing for use by all Certificate Authorities.
December 12, 2016
Read More


New platform detects and blocks attacks using behavior patterns
Traditional security solutions rely on detecting an attack based on existing information, which allows zero-day threats to slip through the net.
January 12, 2017
Read More


New PowerPoint malware delivery technique tested by spammers
A spam run detected by several security companies has attempted to deliver malware through an innovative technique: a link in a PowerPoint slideshow.
June 9, 2017
Read More


New Samsung security camera hacks show yet again why it's important to have a good firewall
The saga of hacks made on Samsung's popular SmartCam security cameras are a perfect illustration of why your network defense must start with a well-managed firewall. It has become impossible to rely on IoT device makers to create completely secure devices, and unworkable to have to keep them all up to date even when patches are provided. So while the history of these hacks isn't unique, it does provide a good case study.
January 19, 2017
Read More


New security concerns due to business complexities
It is estimated that in 2016, more than $94 billion will be invested in security solutions, per industry analyst forecasts, yet nearly half of organizations report having had a breach -- either internal or external -- in the last twelve months.
January 10, 2017
Read More


New Security Flaw Discovered In Intel Haswell Chips that Could Affect Cloud Services
According to researchers at the University of California, Intel's Haswell chips might suffer for a serious security flaw that allows attackers to bypass Address Space Layout Randomization. ASLR is responsible for protecting the system from buffer overflow attacks.
October 20, 2016
Read More


New sheriffs in town: No More Ransom
A couple of months ago, Intel Security, Kaspersky Lab, Dutch National Police and Europol announced the No More Ransom initiative.
December 14, 2016
Read More


New skimmers fit right on top of chip and PIN credit card scanners
As usual Mr. Krebs has some great images of a credit card skimmer found in the wild. this model uses Samsung phone parts and lays right over the Ingenico card scanners you've probably seen in stores. the interesting thing is that these scanners also support chip and PIN technology but, as evidenced by the photo, it looks like the retailer disabled it essentially sending the scanner back into the 1970s and allowed the skimmer unfettered access.
March 2, 2017
Read More


New software adds secure authentication to any enterprise application
Increased numbers of phishing and other cyber attacks are putting companies under greater pressure to secure their applications.
May 23, 2017
Read More


New solution uses machine learning to protect against botnet attacks
The Mirai botnet is thought to have affected more than 1.5 million smart devices over the past few months.
January 4, 2017
Read More


New tech support scam borrows ransomware tricks
You've probably heard about tech support scams and ransomware attacks separately, but there's a new breed of malware that includes elements of both. the latest breed of support scam substitutes a human "support rep" in place of a ransomware bitcoin payment. the current examples don't seem to employ encryption, but they might be just as effective at extracting money from victims thanks to the seemingly helpful person on the other end of the phone.
February 24, 2017
Read More


New vulnerabilities affect over 900 million Android devices, enable complete control of devices
Check Point researchers have announced four new vulnerabilities that affect over 900 million Android smartphones and tablets at DEF CON in Las Vegas.
August 08, 2016
Read More


New WannaCry variant being monitored, DHS official says
U.S. doesn't have many victims of ransomware outbreak; those hit aren't seeing significant problems
May 15, 2017
Read More


New wave of targeted attacks focus on industrial organizations
Kaspersky Lab researchers discovered a new wave of targeted attacks against the industrial and engineering sectors in 30 countries around the world. Dubbed Operation Ghoul, these cybercriminals

New year, new patches: a look back and what to expect in the future
As to be expected when ringing in a new year, there are predictions galore flooding social media and that includes the cybersecurity space. Predications are more than just possibilities when it comes to landscape we now know as IoT-based on the trends that ushered out 2016.
January 9, 2017
Read More


New year's resolution for IoT vendors: Start treating LANs as hostile
The prevalence of insecure default configurations for embedded devices suggests that vendors don't account for LAN-based threats
December 29, 2016
Read More


New year's resolution for IoT vendors: Treat LANs as hostile
The prevalence of insecure default configurations for embedded devices suggests that vendors don't account for LAN-based threats
December 29, 2016
Read More


New York's cyber security regulations aren't perfect, but other states should pay attention to them
The new rules, which go into effect March 1, call for banks and insurers to scrutinize security at third-party vendors that provide them goods and services.
February 28, 2017
Read More


Newest iPhone Update Fixes Major Security Flaw
Today, Apple released a software update addressing a number of major security vulnerabilities that, in the last week, have reportedly allowed hackers full access to the contents of a target's iPhone.
August 25, 2016
Read More


Newest iPhone Update Fixes Major Security Flaw
Today, Apple released a software update addressing a number of major security vulnerabilities that, in the last week, have reportedly allowed hackers full access to the contents of a target's iPhone.
August 25, 2016
Read More


Newly discovered router flaw being hammered by in-the-wild attacks
Researchers detect barrage of exploits targeting potentially millions of devices.
November 28, 2016
Read More


Newly leaked documents show low-level CIA Mac and iPhone hacks
For years, the agency has known of implants for iPhones and low-level rootkits for MacBooks.
March 23, 2017
Read More


Next level red teaming: Working behind enemy lines
The term "hacker" calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon.
December 1, 2016
Read More


NHS trusts 'complacent' on cloud app security risks
Do we block unsanctioned ones? Well half of us think we do...
September 30, 2016
Read More


NICE framework: Resource for a strong cybersecurity workforce
The U.S. Commerce Department's National Institute of Standards and Technology (NIST) released a resource that will help U.S. employers more effectively identify, recruit, develop and maintain cybersecurity talent.
November 4, 2016
Read More


Nigerian scammers: Then and now
The image that the expression "Nigerian scammer" conjures up in most people's heads is still that of the confidence man behind the keyboard, convincing victims that they have the opportunity to get a hefty sum of money if they only send some first, or pretending to be a man or woman in love with the victim and needing money to get out of some difficulty or another.
November 4, 2016
Read More


Nintendo offers up to $20,000 for bug info
Video game giant Nintendo has set up a bug bounty program through HackerOne's platform, and is asking researchers to find and flag vulnerabilities in the Nintendo 3DS family of handheld game systems.
December 6, 2016
Read More


Nishang: Using PowerShell for penetration testing
Nishang is a framework, and a collection of scripts and payloads which enables PowerShell usage for offensive security, penetration testing and red teaming.
August 1, 2016
Read More


Nmap 7.50 released: New NSE scripts, 300+ fingerprints, new Npcap
Nmap 7.50 is the first big release since last December and has hundreds of improvements.
June 14, 2017
Read More


No more guilt about your lack of innovation in administrative IT
Helpdesks are mired in mundane tasks that are repeated every day -- password resets, user account access and account creations, just to name a few. Manual tasks that really don't have to be; tasks that should, and can be, automated. Just maintain the status quo, though, as many organizational leaders feel this is often the best way to keep things done. Are you guilty of this? on occasion, I am as well.
October 10, 2016
Read More


No, Windows XP didn't fuel WannaCry
Scratch that idea, says Kaspersky, after mining attack detection data from PCs running its security software
May 22, 2017
Read More


Node.js Foundation to oversee the Node.js Security Project
The Node.js Security Project will become a part of the Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform.
December 1, 2016
Read More


NordVPN's impressive features, lack of user logs make it a top VPN option
NordVPN is one of the best virtual private network (VPN) providers out there, due to its lack of user logs, plenty of servers, and P2P connectivity.
May 10, 2017
Read More


Not all threat intelligence is created equal
In this podcast recorded at RSA Conference 2017, John Czupak, CEO at ThreatQuotient, and Jonathan Couch, Senior VP of Strategy at ThreatQuotient, talk about what's important to know about the difference between threat intel versus threat intelligence platforms, how threat intelligence changed over the past few years, and much more.
February 27, 2017
Read More


NotPetya attacker can't provide decryption keys, researchers warn
While defenders and security researchers are sifting artefacts that could help prevent new NotPetya ransomware attacks and perhaps point to the identity of the attacker, the victims are trying to recover their systems.
June 29, 2017
Read More


NotPetya outbreak: What we know so far
Tuesday's ransomware outbreak hit many businesses and government entities around the world, but by far the most numerous victims are located in Ukraine.
June 28, 2017
Read More


NoTrove threat actor delivering millions of scam ads
Researchers at RiskIQ have identified NoTrove, a threat actor that is delivering millions of scam ads that threaten consumers and further undermine the digital advertising industry. NoTrove was so effective that one of his pages ranked as one of the internet's most visited pages for one day.
April 26, 2017
Read More


NSA backdoor detected on >55,000 Windows boxes can now be remotely removed
Microsoft dismisses DoublePulsar infection estimates, but otherwise remains silent.
April 25, 2017
Read More


NSA's alleged leaker got tripped up by a secret printer feature
The Department of Justice is charging Reality Winner with leaking a classified NSA report -- investigators just had to follow the hidden prints.
June 6, 2017
Read More


NSA-Derived Ransomware is So Serious, Microsoft is Patching Windows XP
Last week, we discussed the appearance of a new type of ransomware and the havoc it has wreaked across the internet. WannaCrypt (also known as Wanna, Wannacry, or Wcry) uses NSA-derived exploits and has hit tens of thousands of systems worldwide. Infections have spread across the globe and included institutions in Spain, the UK, China, Russia, and the United States.
May 15, 2017
Read More


NTT Security: Delivering cyber resilience
In this podcast recorded at RSA Conference 2017, Garry Sidaway, SVP of Security Strategy & Alliances for NTT Security, talks about the formation of NTT Security and how they deliver cyber resilience by enabling organizations to build high-performing and effective security.
February 21, 2017
Read More


Nuh-uh, Google, you will hand over emails stored on foreign servers, says US judge
If you can access them in California, so can the Feds
April 20, 2017
Read More


Number of compromised records up 566% in 2016
The number of records compromised grew a historic 566 percent in 2016 from 600 million to more than 4 billion.
March 30, 2017
Read More


Number of disclosed vulnerabilities reaches all time high in 2016
A new report shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. the 15,000 vulnerabilities cataloged during 2016 by Risk Based Security eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by more than 6,500.
February 6, 2017
Read More


Number of HTTPS phishing sites triples
When, in January 2017, Mozilla and Google made Firefox and Chrome flag HTTP login pages as insecure, the intent was to make phishing pages easier to recognize, as well as push more website owners towards deploying HTTPS.
May 19, 2017
Read More


Number of vulnerable enterprises at five year record high
Enterprises across the globe are refreshing their network equipment earlier in its lifecycle in a move to embrace workplace mobility, Internet of Things, and software-defined networking strategies. In addition, their equipment refresh is more strategic, with architectural vision in mind.
November 10, 2016
Read More


Misc. - O

October Patch Tuesday: Changes, urgent updates and what's coming next
The leaves aren't the only things changing this October. Patch Tuesday is here and with it comes some interesting updates from big names in the software space. this month, Microsoft implemented Servicing Model changes, Adobe changed distribution of Adobe Flash and announced this will be the last month of updates for the ESR branch of Flash Player, and in the next week or so, Oracle will reveal its Quarterly Critical Patch Update.
October 12, 2016
Read More


Of machines and men: AI and the future of cybersecurity
For many in the cybersecurity community, 'Ghost in the Shell', both in its source material and recent film adaptation, is an inventive representation of where the sector is heading. we still have a way to go, but the foundations are in place for the melding of human and machine.
April 13, 2017
Read More


Off-the-shelf BYOD systems bring privacy and security risks
When companies allow staff to use their own systems to access corporate data, the devices used can often be outside of IT department control.
March 18, 2016
Read More


Offer of nude celeb photos turns Twitter users into spammers
If not careful, Twitter users who are dead set on seeing nude photos of WWE star Paige will end up on marketers" spam lists and with their own Twitter account pushing out messages leading other users to the same scam they fell for.
March 21, 2017
Read More


Oil and gas companies' cybersecurity strategies are evolving
Lacking enterprise-wide cyber analytics technology to monitor for cyberattacks, most oil and gas companies are not fully aware of when or even how cyberattacks might affect them, according to new research from Accenture.
April 7, 2017
Read More


Okta partners with Google to secure cloud identities
Google Apps will use Okta as its preferred identity provider for enterprise customers
August 30, 2016
Read More


Old Windows PCs can stop WannaCry ransomware with new Microsoft patch
In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8.
May 15, 2017
Read More


One billion users affected in newly revealed Yahoo hack
Yahoo has revealed that it's been the victim of another hack and massive data breach that resulted in the compromise of information of a billion users!
December 14, 2016
Read More


One in five UK businesses suffered a cyber attack in the past year
One in five businesses have fallen victim to cyber attacks in the past year, according to the British Chambers of Commerce.
April 18, 2017
Read More


One in two users click on links from unknown senders
Researchers investigate user behavior when unknown messages are received online
August 29, 2016
Read More


One third of executives have blockchain on their mind
In a study among C-Suite executives seeking their perspective on blockchain, one third of almost 3,000 executives surveyed are using or considering blockchain in their business.
May 22, 2017
Read More


OneLogin breached, customers' Secure Notes compromised
San Francisco-based OneLogin, which offers single sign-on and identity management for cloud-based applications and claims 1400+ enterprise customers in 44 countries, has suffered a data breach.
August 31, 2016
Read More


OneLogin suffers data breach, again
OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious data breach.
June 1, 2017
Read More


Online banking customers remain extremely frustrated with passwords
A new survey by iovation and Aite Group, polled nearly 1,100 consumers across four generations who use online and/or mobile banking platforms to better understand their attitudes toward various authentication mechanisms used today.
March 22, 2017
Read More


Online card fraud up as thieves avoid more secure chip cards for in-store payments
Increasing use of biometrics may help protect online payments
February 3, 2017
Read More


Online credit card fraud up 20% Black Friday to Cyber Monday
Iovation released new data that shows card-not-present fraud increased significantly from Black Friday to Cyber Monday 2016 when compared to the same period in past years.
December 2, 2016
Read More


"Online fraudsters" preferred tools and techniques revealed
A new report by DataVisor Threat Labs has provided unprecedented insight into the behaviors and attack techniques of some of the world's largest online crime rings, and revealed their favorite tools and attack techniques for creating accounts and evading detection.
March 15, 2017
Read More


Only a third of sensitive data stored in cloud-based applications is encrypted
Despite the continued importance of cloud computing resources to organisations, companies are not adopting appropriate governance and security measures to protect sensitive data in the cloud, according to a new Ponemon Institute study that surveyed more than 3,400 IT and IT security practitioners worldwide.
July 26, 2016
Read More


Open Security Controller: Security service orchestration for multi-cloud environments
The Linux Foundation launched the Open Security Controller project, an open source project focused on centralizing security services orchestration for multi-cloud environments.
June 29, 2017
Read More


Open source hardware cryptographic module offered for $800
For a few years now, the CrypTech project has been working on designing an open source hardware cryptographic engine that could be used to secure core Internet infrastructure.
July 19, 2016
Read More


Open source jobs: Insights from European professionals
The 2016 Open Source Jobs Report released earlier this year by Dice and the Linux Foundation analyzed trends for open source careers and the motivations of professionals in the industry. Now, the data have been broken down to focus specifically on European open source professionals, and how they compare to their counterparts around the world.
October 7, 2016
Read More


OpenChain Project: best practices for an ecosystem of open source software compliance
Yesterday at LinuxCon in Berlin, the Linux Foundation announced that the OpenChain Project has established its first set of requirements and best practices for consistent free and open source software (FOSS) management processes in the open source software supply chain.
October 5, 2016
Read More


OpenVPN to get two separate security audits
VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN.
December 9, 2016
Read More


OpenYOLO API project set to enhance user security and make login easier
Google and online identity and password management company Dashlane are announcing the upcoming launch of a new, open-source API project to enhance user security.
August 04, 2016
Read More


Operators of decade-old Malware-as-a-Service outfit charged
As Crackas With Attitude hacker "Incursio" got handed a 2-year prison sentence for gaining unauthorized access to government computers and online accounts of a number of US government officials (including then-CIA Director John Brennan), his hacking colleagues are either awaiting sentencing in the US or prosecution by the UK Crown Prosecution Service.
July 6, 2017
Read More


Operatively-sourced threat intelligence: Using human awareness
In this podcast recorded at RSA Conference 2017, Mike Kirschner, Senior Vice President of Sales and Marketing, Advanced Threat Intelligence at InfoArmor, talks about the platforms that they've developed and the data sets that they have — everything from risk to network, to advanced intelligence type services
March 1, 2017
Read More


Oracle buys Dyn
Oracle today announced that it has signed an agreement to acquire Dyn, a cloud-based Internet Performance and DNS provider that monitors, controls, and optimizes Internet applications and cloud services.
November 21, 2016
Read More


Oracle fixes Struts and Shadow Brokers exploits in huge patch release
The quarterly Oracle patch update fixes almost 300 vulnerabilities
April 19, 2017
Read More


Oracle issues largest patch bundle ever, fixing 276 security flaws

July 20, 2016
Read More


Oracle splats 276 bugs with mammoth Critical Patch Update
In case you missed it, Oracle's July 2016 Critical Patch Update is out, and it's bigger than ever before.
July 20, 2016
Read More


Oracle-owned MICROS PoS systems vendor breached
MICROS, the point-of-sale payment systems vendor owned by Oracle, has suffered a data breach, and there are indicators that point to the infamous Carbanak (aka Anunak) cybercriminal gang being the culprit.
August 09, 2016
Read More


Oracle-owned point-of-sale service suffers from malware attack
Oracle confirms to Krebs that all MICROS customers have been asked to reset passwords.
August 08, 2016
Read More


Organization face security risks due to lack of skilled cyber security experts
According to a study conducted by Dimensional Research among 500 IT security professionals, only twenty-five percent were confident their organizations have the number of skilled cyber security experts needed to effectively detect and respond to a serious cyber security breach.
October 25, 2016
Read More


Organizations are intimidated by global privacy and data security regulations
While companies generally are aware of and intimidated by global privacy and data security regulations, they fail to properly understand and address necessary organizational changes to comply.
June 27, 2017
Read More


Organizations are not effectively dealing with open source security threats
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation (COSRI) analyzed 1,071 applications audited during 2016 and found both high levels of open source usage -- 96% of the apps contained open source -- and significant risk to open source security vulnerabilities -- more than 60% of the apps contained open source security vulnerabilities.
April 20, 2017
Read More


Organizations award hackers up to $900,000 a year in bug bounties
A new HackerOne report examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded.
June 28, 2017
Read More


Organizations hit with Petya ransomware with a twist
Various organizations are being targeted by cyber crooks leveraging the infamous Petya ransomware.
March 15, 2017
Read More


Organizations remain vulnerable to brute force attacks
Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.
March 19, 2017
Read More


Organizations sacrificing security for the speed of business
Organizations know how to improve security. However, due to pressures caused by the rate of business change, including the adoption of new technologies and applications, organizations are sacrificing security for the speed of business, according to the Ponemon Institute.
September 22, 2016
Read More


Organizations still unclear on cloud security responsibility
Vanson Bourne surveyed 1,300 IT decision makers from organizations using public cloud Infrastructure as a Service (IaaS) from the Americas, Europe, Middle East and Africa (EMEA), and from Asia Pacific (APAC).
June 23, 2017
Read More


Organizations still unprepared for malicious insiders
Organizations globally believe they are their own worst enemy when it comes to cybersecurity, with 45 percent saying they are ill-equipped to cope with the threat of malicious insiders and twice as many, 90 percent, calling malicious insiders a major threat to the organizations' security, according to Mimecast.
August 17, 2016
Read More


Organizations still vulnerable to brute force attacks
While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, according to Ixia.
March 19, 2017
Read More


Organized sextortion led four British men to suicide?
Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims.
November 30, 2016
Read More


OS analysis tool osquery finally available for Windows
Nearly two years after Facebook open sourced osquery, the social networking giant has made available an osquery developer kit for Windows, allowing security teams to build customized solutions for Windows networks.
September 28, 2016
Read More


Osram's intelligent home lighting system is riddled with flaws
"Intelligent" home lighting system Osram Lightify sports a number of security vulnerabilities, some of which could lead to compromise of the product and the users' home or office network, Rapid7 researcher Deral Heiland has found.
July 27, 2016
Read More


Our personal information is now currency and we should spend it morely wisely
We're all data-millionaires and should start acting like one.
December 20, 2016
Read More


Outdated operating systems triple the risk of a data breach
The recent WannaCry attack has highlighted the dangers of running out of date and un-patched systems.
June 8, 2017
Read More


Outdated programs main cause for security incidents
Did you update Flash on your PC? how about Java? According to cybersecurity firm Avast, you probably didn't -- and that's the number one cause of cybersecurity incidents.
March 28, 2017
Read More


Outdated systems and their link to data breaches
BitSight analyzed more than 35,000 companies from industries across the globe over the last year, to better understand the usage of outdated computer operating systems and Internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches. The data shows that there are large gaps in asset management programs across the globe.
June 9, 2017
Read More


Over 2.8 million cheap Android smartphones come with preinstalled backdoor
If you're using a cheap Android smartphone manufactured or sold by BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo, you are likely wide open to Man-in-the-Middle attacks that can result in your device being thoroughly compromised.
November 21, 2016
Read More


Over 300 new cyber threats pop up on underground markets each week
Approximately 305 new cyber threats are added each week on cybercrime markets and forums, mostly located on dark nets and the deep web.
August 10, 2016
Read More


Over 400,000 phishing sites have been observed each month during 2016
84 percent of phishing sites observed in 2016 existed for less than 24 hours, with an average life cycle of under 15 hours. the data collected by Webroot shows that today's phishing attacks have become increasingly sophisticated and carefully crafted in order to obtain sensitive information from specific organizations and people.
December 6, 2016
Read More


Over one-third of Americans have been hacked
Two-thirds of Americans believe themselves to be tech savvy, although their actions with regard to online security indicate otherwise -- with millennials being the worst offenders, according to Arbor Networks.
October 26, 2016
Read More


Over-reliance on one defensive layer leads to ransomware attacks: prepare early, check often
Since its first appearance more than 20 years ago, ransomware has become one of the most discussed cyber threats -- affecting companies of all sizes, across all industries.
May 12, 2017
Read More


Overconfidence is putting organizations at higher risk for attacks
In the past twelve months, roughly one in three targeted attacks resulted in an actual security breach, which equates to two to three effective attacks per month for the average company, according to Accenture. Still, a majority of security executives (75 percent) surveyed are confident in their ability to protect their enterprises from cyberattacks.
November 3, 2016
Read More


Overreliance on perimeter-based defense creates opportunities for attackers
RSA has announced the results of research that demonstrates organizations in Asia Pacific & Japan (APJ) investing in detection and response technologies are better poised to defend against today's advanced threats, in comparison to those primarily utilizing perimeter-based solutions.
July 21, 2016
Read More


Misc. - P

Packet Analytics
Net/FSE, Packet Analytics' network data search engine, puts the power of real time searches over terabytes of NetFlow data in the hands of security analysts. Employing sophisticated algorithms, Net/FSE reduces exposure to significant business risk by enabling security specialists to quickly and determine the extent of a network alert.
Provides a Service
Read More


PacketTotal: Free online tool for analyzing packet captures
PacketTotal is a free tool for analyzing packet captures that has recently been offered to the infosec community.
February 13, 2017
Read More


Password manager LastPass now works on all your devices for free
Now you can get LastPass on your computer and your phone without paying $12 per year.
November 2, 2016
Read More


Password managers may not be as secure as you think
Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords -- that would normally be virtually impossible for the average person to memorize (or for someone to crack) -- and the user only has to remember a master password -- that encrypts them -- to access those credentials.
March 3, 2017
Read More


Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated.
June 23, 2017
Read More


Passwords, biometrics and multi-factor verification: what businesses need to know
Verifying identity is a double headache for small businesses.
August 22, 2016
Read More


Patch and security management take 8 hours per month for most companies
Shavlik and AppSense used VMworld Europe 2016 to collect data from frontline experts, and to highlight patch management and security concerns in corporations.
January 17, 2017
Read More


Patch Critical: new Vulnerability on Microsoft Windows Operating Systems Found by Secunia Research
The edition of Microsoft Patch Tuesday released yesterday brought a highly critical vulnerability found and described by Hossein Lotfi from Secunia Research at Flexera Software. the vulnerability is in a core component of all supported versions of Microsoft Windows operating systems, the so-called Unicode Scripts Processor that is enclosed in the operating system.
December 14, 2016
Read More


Patch to fix Intel-based PCs with enterprise bug rolls out this week
Intel is also offering a tool to help IT administrators discover machines built with the vulnerability
May 8, 2017
Read More


Pawn Storm raced to pop many targets before Windows zero-day patch release
As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking group.
November 9, 2016
Read More


PayPal's better way to count authentication failures
Websites use the baseball rule to thwart authentication thieves: Three strikes and you're out. PayPal argues that there's a better way, one that customizes the rules to the user.
August 05, 2016
Read More


PC Monitor Hack, Hackers Could Spy on you Through your Display
When we talk about PC security we usually stress about the operating system or the hardware running the OS. we have talked about plenty of security concerns and potential threats concerning smartphones as well as PCs. Here is something rather odd. this is a PC monitor hack that allows hackers to spy on people through their displays. Unfortunately, this can impact plenty of people so it is better to know about this than to be sorry later on.
August 09, 2016
Read More


PCI Council wants more robust security controls for payment devices
The PCI Council has updated its payment device standard to enable stronger protections for cardholder data, which includes the PIN and the cardholder data (on magnetic stripe or the chip of an EMV card) stored on the card or on a mobile device.
September 12, 2016
Read More


PCI SSC publishes best practices for securing e-commerce
Exponential online sales growth paired with the EMV chip migration in the US makes e-commerce payment security for merchants more important than ever before. as EMV chip technology continues to reduce face-to-face credit card fraud, the shift to e-commerce security becomes increasingly important to businesses large and small.
February 2, 2017
Read More


Peace in our time! Symantec says it can end Google cert spat
It's basically a promise to do better and not mess things up
April 27, 2017
Read More


People are still the biggest security threat to any organization
Despite an increase in spending and investment in deterrence tactics and detection tools, insider threats continue to cause harm to all types of organizations.
March 31, 2017
Read More


Perception and reality: The role of AI and automated cyber defenses
Executives in the U.S. and Europe now place broad trust in artificial intelligence (AI) and machine learning systems, designed to protect organizations from more dynamic pernicious cyber threats, according to Radware.
June 16, 2017
Read More


Personal data of 550,000 Red Cross blood donors breached
The leak in Australia happened because a file was left unsecured by a third party provider
October 28, 2016
Read More


Personal info on more than 58 million people spills onto the web from data slurp biz
Modern Business Solutions keeping quiet
October 13, 2016
Read More


'Petya' ransomware: Everything you need to know
There's another massive ransomware attack sweeping across the world. If you're dual-booting your Mac, here's what you need to know to stay safe.
June 28, 2017
Read More


Phishers are impersonating major UK banks on Twitter
Customers of UK banks are being targeted by phishers impersonating the banks' customer support account on Twitter, Proofpoint warns.
October 28, 2016
Read More


Phishers new social engineering trick: PDF attachments with malicious links
It is -- or it should be -- a well known fact that attackers occasionally email potential victims with PDF attachments containing malware or exploit code.
January 27, 2017
Read More


Phishers offer WoW players free in-game pets
Avid World of Warcraft players are being targeted with phishing emails seemingly coming from Blizzard Entertainment, the video game developer behind the popular multiplayer role-playing game, warns Malwarebytes' Chris Boyd.
March 29, 2017
Read More


Phishing attacks responsible for three-quarters of all malware
With phishing now widely used as a mechanism for distributing ransomware, a new NTT Security reveals that 77% of all detected ransomware globally was in four main sectors -- business & professional services (28%), government (19%), health care (15%) and retail (15%).
April 25, 2017
Read More


Phishing attacks using internationalized domains are hard to block
Chrome and Firefox developers attempt to find a balance between showing internationalized domain names and protecting users from phishing
April 21, 2017
Read More


Phishing through homographs: Letters that look alike but lead you astray in some browsers
An old, unsolved problem with non-Roman characters in domain names raises it head again, but you can deter it.
May 29, 2017
Read More


Phishing trends: Who is targeted and why
The business model of phishing has evolved. the bad guys have found ways to multiply their profits at the expense of organizations they aren't even attacking directly, according to PhishLabs.
February 8, 2017
Read More


PhishTank
Out of the Net, into the Tank.
Provides a Service
Read More


Photo gallery: Black Hat USA 2016 Arsenal
Black Hat USA 2016 is underway at Las Vegas, and here are a few photos from the Arsenal, where the open source community demonstrates tools they develop and use in their daily professions.
August 04, 2016
Read More


Photo gallery: Infosecurity Europe 2017 Expo
Infosecurity Europe 2017 is underway at Olympia London in London. Here are a few photos from the expo floor.
June 7, 2017
Read More


Photo gallery: Infosecurity Europe 2017 Expo, part 2
Infosecurity Europe 2017 is underway at Olympia London in London. Here are a few photos from the expo floor.
June 7, 2017
Read More


Photos: HITBSecConf Amsterdam 2017
The always exciting Hack In the Box conference took place last week in Amsterdam. Groundbreaking security research was disclosed during the event, which also featured a free and open CommSec (community + security) track of talks, along with an exhibition area dedicated to all things hacker and maker.
April 18, 2017
Read More


Photos: IoT Solutions World Congress Barcelona 2016
This week, the world's leading industrial Internet companies and experts gathered at the Fira de Barcelona for the IoT Solutions World Congress (IoTSWC) in order to showcase solutions for industries across different sectors.
October 28, 2016
Read More


Photos: RSA Conference 2017 Expo, part 1

February 15, 2017
Read More


Photos: RSA Conference 2017 Expo, part 2
RSA Conference 2017 is underway at the Moscone Center in San Francisco.
February 16, 2017
Read More


Photos: RSA Conference 2017, Early Stage Expo
RSA Conference 2017 is underway at the Moscone Center in San Francisco.
February 15, 2017
Read More


Physical RAM attack can root Android and possibly other devices
Attackers can reliably flip bits in physical memory cells to compromise mobile devices and computers
October 22, 2016
Read More


Picky ransomware targets specific subset of would-be Netflix users
Aspiring Netflix users who don't want to actually pay for the popular video on demand service are being targeted with a new type of ransomware.
January 30, 2017
Read More


Ping Identity partners with Microsoft to deliver secure application access
Many large enterprises use Azure Active Directory (Azure AD) as their identity platform for managing users and providing secure access to thousands of cloud SaaS and on-premises applications.
September 14, 2016
Read More


Playing the blame game: Breaking down cybersecurity attribution
Attributing the adversary behind a cyber attack ranks as perhaps the hardest challenge in all of cyber security, well beyond securing networks from intrusions, for the simple reason that bits are simply bits and do not belong to any single person. In other words, I can flawlessly copy any digital content including malware and other attack exploits and re-use it without leaving behind my personal fingerprints.
December 19, 2016
Read More


PlayStation Network Hacking hits UK Gamers; Accounts Compromised
After the recent DDoS attack it seems that PlayStation Network hacking has been on the rise with gamers in the UK being affected worst of all. Users have reported that their accounts are being compromised and that there are transactions being made illegaly.
November 9, 2016
Read More or watch Video


Poachers are trying to hack animal tracking systems
Animal tracking through electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers, hunters, animal-persecution groups and people interested in seeing and interacting with the animals — all to the detriment of our animal brethren.
March 6, 2017
Read More


Point-of-sale data breaches have now reached the cloud
Lightspeed's cloud-based point-of-sale system, with 38,000 clients, has suffered a break-in
September 2, 2016
Read More


Police dismantle organised crime network suspected of online payment scams
The Polish National Police, working in close cooperation with its law enforcement counterparts in Croatia, Germany, Romania and Sweden, alongside Europol's European Cybercrime Centre (EC3), have smashed a Polish organised crime network suspected of online payment scams and money laundering.
June 5, 2017
Read More


Police watchdog investigates illegal outsourced Indian hackers scandal
Will the whistleblower please identify himself, asks IPCC
May 11, 2017
Read More


Polyglot ransomware decryption tool released
Kaspersky Lab experts have released a Polyglot ransomware decryption tool, which enables users who have suffered from this ransomware, also known as MarsJoke, to restore their files.
October 4, 2016
Read More


Pompeo sworn in as CIA chief amid opposition from surveillance critics
Pompeo was sworn in by Vice President Mike Pence after Senate confirmation
January 24, 2017
Read More


Poor endpoint security can cost you millions in detection, response, and wasted time
A new study reveals organizations are wasting an average of $6 million on the time to detect and contain insecure endpoints, among other staggering findings that show endpoint threats are a growing concern, companies are not efficiently protecting their proprietary data, and the cost and complexity of reducing endpoint risks are at an all-time high.
June 13, 2017
Read More


Popular smart toys violate children's privacy rights?
My Friend Cayla and i-Que, two extremely popular "smart" toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children's) rights to security and privacy, researchers have found.
December 6, 2016
Read More


Post-pumpkin Patch Tuesday: What's in store for November
There has been a lot of activity since October's Patch Tuesday. During that short period of time, Oracle released its quarterly CPU, including an update for Java JRE; Adobe resolved a zero-day in Flash Player; a security researcher identified a new form of attack called Atombombing, and there has been some rising discussion around the Server 2016 servicing model.
November 3, 2016
Read More


Powerful Android RAT impersonates Netflix app
Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. the latest example of this is the fake Netflix app spotted by Zscaler researchers.
January 26, 2017
Read More


Predictive breach-risk platform helps enterprises stay secure
Companies face the possibility of security breaches from many different sources, which means they must constantly react to new threats.
June 6, 2017
Read More


Preparing for new EU cybersecurity rules and regulations
Recently, the European Parliament signed off on its first ever set of cybersecurity rules. the Network and Information Security (NIS) Directive spells the end of more than three years of political bickering and requires critical national infrastructure operators, such as banks, healthcare, transportation, energy and digital service providers, to ramp up their security measures and report major data breaches.
July 21, 2016
Read More


Pressures security professionals face have become more personal
While 53% of security professionals report increased pressure in trying to secure their organization, there has been a shift in the source of this stress, according to Trustwave. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year.
April 13, 2017
Read More


Privacy activist wants to unveil lawmakers' browser histories
GoFundMe campaign focused on fighting back at Internet privacy changes
March 30, 2017
Read More


Privacy awareness checklist for GDPR readiness
A little more than a year out from its effective date of May 25, 2018, the General Data Protection Regulation (GDPR) is undoubtedly on the minds of many of privacy professionals whose organizations handle the data of EU citizens.
May 15, 2017
Read More


Privacy by Design: what it is and where to build it
People tend to think about privacy in terms of the individual, but it is also critically important for the proper functioning of any business organization. this is being made increasingly relevant by the recent rise of personalization initiatives that rely on user data to recommend the right products or services to customers.
March 18, 2016
Read More


Privacy expectations and the unfortunate reality
A recent survey that polled 5,710 Americans on private browsing (aka "Privacy Mode", aka "Incognito Mode") revealed that 46 percent of them have used the option at least once, and 32.9 percent of those use it daily.
January 31, 2017
Read More


Privacy groups say FBI hacking operation went too far
The FBI used malware to hack 8,700 computers in 120 countries in a child pornography probe
February 10, 2017
Read More


Privacy problems on the Web: Even your device's battery life can be used to track you
Your remaining battery power may reveal your location, Firefox clamps down on Flash, and your fingerprints are all over the net.
August 29, 2016
Read More


Privacy warning: Meitu photo app is spyware sharing your phone's data
There has been a sudden craze for freaky-looking photos created using the Chinese app Meitu. the images the app creates are either cutesy or horrific, depending on your point of view, but it's what's going on in the background that has people concerned.
January 20, 2017
Read More


Privacy, security concerns grow for wearables
While Google Glass was not the success Google wanted it to be, there is no doubt that the wearable camera market is growing.
June 19, 2017
Read More


Privileged user abuse and the insider threat
Although insider leaks and attacks continue to multiply, a Ponemon Institute study found that 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities with 91 percent predicting the risk of insider threats will continue to grow or stay the same.
August 24, 2016
Read More


Product security: not just bells and whistles
Security must be considered in every aspect of the product life cycle, from the initial drawings on a whiteboard through the first and all subsequent development cycles.
October 19, 2016
Read More


Products highlighted by recent infosec awards
Bitglass was named by Cyber Defense Magazine the winner of the Hot Company award in the Cloud Security Solutions category.
February 17, 2017
Read More


Programmer arrested for hacking Linux Kernel Organization
A South Florida-based computer programmer made an appearance in the Southern District of Florida yesterday after being arrested Sunday on charges of hacking into computers operated by the Linux Kernel Organization and the Linux Foundation.
September 2, 2016
Read More


Proliferation of vulnerable open source components creates growing risk
The continued and persistent use of components in software development is creating systemic risk in our digital infrastructure.
October 19, 2016
Read More


Proposed cyber security requirements for New York State seem to be more of the same
This month, New York State Governor Andrew Cuomo announced proposed regulation that requires banks, insurance companies, and other financial services institutions regulated by the NY State Department of Financial Services to comply with a set of requirements designed to strengthen the security posture of those organizations and their customers' information.
October 3, 2016
Read More


Protect your privacy with SafeErase Professional 11
O&O Software has released the latest version of its commercial secure-deleting privacy protector, SafeErase Professional 11.
November 16, 2016
Read More


Protecting Against Emerging Ransomware
While ransomware has become a buzzword for some, cyber criminals have made it a lucrative business and one which they are constantly evolving. Each day, the Webroot BrightCloud® Threat Intelligence Platform monitors, classifies and scores 95% of the internet to discover 6,000 phishing sites and 80,000 variants of malware and PUAs.
September 21, 2016
Read More


Protecting against man in the browser attacks
The web-enabled generation has become increasingly reliant on technology for everyday activities. Cloud services, social networks, web extensions, plug-ins and online games, are all growing in popularity and as such, are replacing desktop applications. this heightened use of mobile web-browsers has opened the back door to cybercriminals, who now have new channels to implement browser-based attacks, spread malware and maximize infection campaigns.
December 22, 2016
Read More


Protecting data isn't optional: what frustrates CIOs and CISOs?
In this podcast recorded at RSA Conference 2017, Chris Drake, CEO at Armor, talks about the frustration that he sees in the cybersecurity industry as he continues to meet CIOs and CISOs in the field.
March 6, 2017
Read More


Protecting hybrid apps from attackers [Q&A]
In order to speed up development times and roll out their apps across multiple platforms without the need to create entirely new code, companies are increasingly turning to hybrid apps. The problem is that these rely on HTML and JavaScript code which is relatively easy to reverse engineer.
July 4, 2017
Read More


Protecting smart hospitals: a few recommendations
The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats.
November 28, 2016
Read More


Protecting your cloud from ransomware
For enterprises that use the cloud, the key to being protected starts with understanding the layers that make up the components of their cloud stack. These different layers create multiple potential targets, and for the informed, they each represent a piece of the cloud environment that can be secured against potential threats.
May 22, 2017
Read More


Proxy authentication flaw can be exploited to crack HTTPS protection
Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM attackers to effectively hijack HTTPS sessions, security researcher Jerry Decime has discovered.
August 16, 2016
Read More


Public cloud services market to grow to $208.6 billion in 2016
The worldwide public cloud services market is projected to grow 17.2 percent in 2016 to total $208.6 billion, up from $178 billion in 2015, according to Gartner, Inc. the highest growth will come from cloud system infrastructure services (IaaS), which is projected to grow 42.8 percent in 2016.
September 19, 2016
Read More


Public cloud services spending to reach $122.5 billion in 2017
Worldwide spending on public cloud services and infrastructure will reach $122.5 billion in 2017, an increase of 24.4% over 2016. Over the 2015-2020 forecast period, overall public cloud spending will experience a 21.5% compound annual growth rate (CAGR) — nearly seven times the rate of overall IT spending growth. by 2020, IDC forecasts public cloud spending will reach $203.4 billion worldwide.
February 21, 2017
Read More


Public safety threat: Cyber attacks targeting smart city services
A new survey conducted by Dimensional Research assessed cyber security challenges associated with smart city technologies. Survey respondents included over 200 IT professionals working for state and local governments.
September 23, 2016
Read More


Public Wi-Fi: Users' habits and perceptions of risk
A new Xirrus survey highlights users' habits and perceptions of risk when connecting to public Wi-Fi. the survey polled more than 2,000 business users, including executives and IT professionals, and found that while 91 percent of respondents do not believe public Wi-Fi is secure, 89 percent use it anyway.
October 19, 2016
Read More


Purism Laptops to Use 'Heads' Firmware to Protect Against Rootkits, Tampering
Purism, a startup that builds laptops with a focus on privacy and security, announced that Trammell Hudson, an infosec researcher known for creating the "Thunderstrike' exploits against Macs, will collaborate with the company to integrate his own "Heads' firmware project into Purism laptops to increase their anti-tampering security.
April 12, 2017
Read More


Pwn2Own contest highlights renewed hacker focus on kernel issues
All Pwn2Own exploits this year achieved privilege escalation, mostly through OS kernel flaws
March 18, 2016
Read More


Pwn2Own contest highlights renewed hacker focus on kernel issues
All Pwn2Own exploits this year achieved privilege escalation, mostly through OS kernel flaws
March 18, 2016
Read More


Pwn2Own hacking contest ends with two virtual machine escapes
Two teams of researchers chain multiple vulnerabilities together to escape from a guest OS running inside a VMware Workstation virtual machine
March 19, 2017
Read More


Pwnd Android conference phone exposes risk of spies in the boardroom
Researchers could listen in on meetings and plant backdoors
February 15, 2017
Read More


Pwnie Express open sources IoT and Bluetooth security tools
Pwnie Express announced the availability of open sourced versions of its Blue Hydra and Android build system software. the release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices.
July 29, 2016
Read More


Misc. - Q

QNAP NAS devices open to remote command execution
If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don't want it to fall prey to attackers.
April 7, 2017
Read More


Qualys and Bugcrowd bring automation, crowdsourcing to web app security
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
February 14, 2017
Read More


Qualys app for IBM QRadar offers critical insight into key vulnerability metrics
At RSA Conference 2017, Qualys launched a new Qualys App for the IBM QRadar Security Intelligence Platform, which allows customers to visualize their network IT assets and vulnerabilities in real-time, and helps teams produce continuous vulnerability and risk metrics from a data analytics perspective.
February 16, 2017
Read More


Qualys at RSA Conference: Implementing innovation
There will be no lack of interesting content from Qualys at this year's RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations.
February 10, 2017
Read More


Qualys brings web application security automation to a new level
At RSA Conference 2017, Qualys announced new functionality in its web application security offerings, including scalable fast scanning, detection and patching of websites, mobile applications and Application Programming Interfaces (APIs) in one unified platform.
February 13, 2017
Read More


Qualys Cloud Platform offers two new disruptive services
Qualys announced a major expansion of its Qu

Qualys Container Security: Discover, track, and secure containers
Qualys announced a new solution that extends its single-pane visibility and continuous security to the new and growing virtualization environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
June 12, 2017
Read More


Qualys enables customers to efficiently comply with key GDPR elements
Qualys now offers customers purpose-built content, workflows and reporting in its cloud platform to provide them with continuous IT asset visibility, data collection and risk evaluation for compliance with the EU General Data Protection Regulation (GDPR). It also helps customers with ongoing protection of personal data across global IT environments and third parties.
June 6, 2017
Read More


Qualys expands cloud-based offering for security consultants
Qualys unveiled two new packages in its Qualys Consultant suite for independent consultants, auditors and security firms. with these new packages, this suite now offers multiple comprehensive security assessment tools in a centralized console, allowing consultants to consolidate their current toolsets and eliminate time spent manually installing, managing, and administering them.
September 23, 2016
Read More


Qualys helps federal agencies address requirements of White House EO on cybersecurity
The FedRAMP-certified Qualys Cloud Platform now supports the requirements laid out in the 2017 White House Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
June 14, 2017
Read More


Quickly audit and adjust SSH server configurations with SSH-audit
SSH-audit is a standalone open source tool for auditing and fixing SSH server configurations. It has no dependencies and will run wherever Python is available.
October 14, 2016
Read More


QRLJacking: a new attack vector for hijacking online accounts
We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use.
August 1, 2016
Read More


Misc. - R

Rambler.ru hack: Passwords of nearly 100 million users exposed
A new data leak -- confirmed to be legitimate by LeakedSource and added to its searchable online database -- affects nearly 100 million users of Rambler.ru, one of the biggest Russian web portals.
September 6, 2016
Read More


Ramnit Trojan rides again, targets customers of six major UK banks
The infamous Ramnit Trojan is on the prowl again, and this time it targets personal banking customers of six unnamed UK banks.
August 26, 2016
Read More


Ransoc browser locker/ransomware blackmails victims
An unusual combination of browser locker and ransomware, dubbed Ransoc by researchers, is targeting users who visit adult sites.
November 17, 2016
Read More


RansomFree protection software gets key upgrades
Today, at RSA Conference 2017 in San Francisco, Cybereason launched the latest version of RansomFree, the free, anti-ransomware protection software, which works on PCs running Windows 7, 8 and 10, Windows 2010 R2 and Windows 2008 R2.
February 13, 2017
Read More


Ransomware attacks growing rapidly, organizations are struggling
The percentage of ransomware attacks increased from 5.5%, to 10.5% of all recognized malware attacks from July to December 2016, according to Check Point.
February 22, 2017
Read More


Ransomware becomes biggest security threat on Android
Android users, beware. Ransomware for your favorite mobile operating system is picking up -- it's now the main threat in the US, UK, Germany, Denmark and Australia, in the first half of 2016.
October 7, 2016
Read More


Ransomware disrupts Washington DC's CCTV system
Ransomware attacks target various types of systems and businesses and are unlikely to stop
January 30, 2017
Read More


Ransomware families and volume of attacks continue to rise
Both the number of variants of ransomware and volume of malware attacks were on the rise in August, according to Check Point.
September 20, 2016
Read More


Ransomware hits San Francisco's transport system, users get free rides
The computer systems of the San Francisco Municipal Transportation Agency have been hit with ransomware on Friday. the infection apparently still persists on some of the systems, but others have already been cleaned and restored.
November 28, 2016
Read More


Ransomware locks up San Francisco public transportation ticket machines
Some systems now restored; attacker demanded $73,000.
November 28, 2016
Read More


Ransomware spiked 752% in new families
2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises.
March 2, 2017
Read More


Ransomware Strike Game: Classic shooter reinvented
Today you have a chance to kill the ugly ransomware creature with a gun. Netwrix presents its Ransomware Strike Game, a cyber-security version of the classic shooter.
March 23, 2017
Read More


Ransomware success creates apathy towards traditional antivirus software
In the last 12 months, 48 percent of organizations across the globe have fallen victim to a ransomware campaign, with 80 percent indicating that they've suffered from three or more attacks, according to a global survey conducted by Vanson Bourne.
November 21, 2016
Read More


Ransomware takes a nasty turn
Another open source database has been targeted for attack. Only this time, paying the ransom isn't even an option. Instead, the perpetrators just destroy the database, sometimes leaving a nasty message before moving on. this makes these attacks a very odd subcategory of "ransomware."
January 19, 2017
Read More


Ransomware usage explodes, as app, browser and plug-in vulnerabilities increase
Bromium conducted research on cyber attacks and threats affecting enterprise security over the last six months. the good news is while the number of vulnerabilities is steadily increasing, not all exploitable vulnerabilities are actually exploited. the bad news is, criminals are working harder to get protected data. as a result, there's been an uptick in recent high-profile data breaches and ransomware attacks.
September 14, 2016
Read More


Ransomware: a Modern Threat to Public Safety
Ransomware authors are pivoting their attacks from individuals to government entities and health care institutions, causing a threat to public safety. Traditionally, crypto ransomware targeted individuals and encrypted their personal data and files as a form of extortion for hundreds of dollars. Ransomware has evolved to target businesses and government agencies for much larger financial gains.
March 28, 2017
Read More


Ransomworm: The birth of a monster
The last few weeks have seen two substantial attacks: one massive phishing attack that leveraged Google Apps and which tricked recipients to give OAuth access to their email accounts, and a large-scale ransomware attack that blanketed almost 100 countries a week later.
May 17, 2017
Read More


Ransomware/RAT combo searches for solvent businesses
The latest version of the Shade ransomware comes with a stealthy remote access Trojan, likely used to better gauge the amount of money the criminals can demand from the victims.
August 12, 2016
Read More


RawPOS malware has new data-grabbing capabilities
RawPOS continues to evolve, and has recently been equipped with the capability to steal data contained in the victims' driver's license's 2-dimensional barcode.
April 21, 2017
Read More


RDP Attacks: what you Need to Know and how to Protect Yourself
For many years now, Microsoft has offered a system with Windows that allows you to take control of another machine. this has been invaluable for system admins that need to control servers and other Windows machines, without having to run around from office to office or site to site.
November 23, 2016
Read More


Reactions to the KeRanger ransomware for Macs
Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. the malware, dubbed KeRanger, has been found bundled into the Mac version of the open source Transmission BitTorrent client, and made available for download on the Transmission developers' official website.
March 8, 2016
Read More


Ready or not, IoT third party risks are here
A new survey conducted by The Ponemon Institute uncovered a high rate of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.
June 1, 2017
Read More


Ready, set, race to the IoT hub
Battle lines are being drawn. Armies are being marshaled. Territory is being eyed and strategies drawn up with military precision. But this war is about to be fought in your home and the giants squaring up to fight for supremacy are already household names -- Google and Amazon.
May 17, 2017
Read More


Real damage done by malicious, careless and compromised insiders
A recent OnePoll survey has revealed some surprising results regarding malicious insiders. 36 percent of surveyed companies experienced security incidents involving malicious employees in the past twelve months, and one in fifty employees is believed to be a malicious insider.
September 16, 2016
Read More


Real-time network health management: Closing the gap between known and unknown threats
2016 was yet another record year for cyber security threats. as of July 2016, there were 522 reported breaches, exposing more than 13 million records, according to the Identity Theft Resource Center. These cyber-attacks reach across multiple industry verticals impacting business from Fortune 500 to SMBs.
January 24, 2017
Read More


Recalls May Become the Norm for IoT Devices If Security Doesn't Improve Significantly
Hangzhou Xiongmai, a Chinese company that sells components for surveillance cameras and other gadgets in the U.S., issued a recall for its devices. the company's cameras were found to be part of the large botnet that engaged in a massive DDoS attack against Dyn's DNS service on Friday, which caused many major websites such as Twitter, Reddit, CNN, and others, to be inaccessible to users.
October 22, 2016
Read More


Recommendations to help the security of ICS-SCADA systems
The use of long-range communication networks, and specially the Internet, has revolutionised ICS-SCADA systems and architectures. the use of network communication in these systems has proven to be an effective way of gaining a means for remotely operating and maintaining these infrastructures in real-time.
February 3, 2017
Read More


Record wave of phishing comes to an ebb in autumn 2016
The Anti-Phishing Working Group reports that the year's record wave of phishing subsided in the autumn. According to the APWG's new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter – a decline of 25 percent.
January 1, 2017
Read More


Record-breaking DDoS reportedly delivered by >145k hacked cameras
Once unthinkable, 1 terabit attacks may soon be the new normal.
September 26, 2016
Read More


Redefining the role of security in software development
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. the rapid adoption of DevOps is testimony to this shift, with agile development no longer making the grade for many companies.
January 16, 2017
Read More


Reinventing software patching, curing big security holes
Today's security updates are too big, too risky and too late. It is common for enterprises to thoroughly test security updates and install them several months after they have been released, which leaves them open to inexpensive attacks.
March 13, 2017
Read More


Regional regulatory compliance trends: Strategies and implications
In this podcast, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about regulatory compliance trends that across a variety of different regions in the world, as well as strategies for dealing with them.
June 19, 2017
Read More


Released: 1Password Teams for Windows
AgileBits, the company behind popular password manager 1Password, has finally released 1Password Teams for Windows (6.0).
October 17, 2016
Read More


Remote access options for unidirectionally protected networks
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about remote access options for unidirectionally protected networks.
December 6, 2016
Read More


Remote attackers can force Samsung Galaxy devices into never-ending reboot loop
A single SMS can force Samsung Galaxy devices into a crash and reboot loop, and leave the owner with no other option than to reset it to factory settings and lose all data stored on it.
January 27, 2017
Read More


Remote Butler attack: APT groups' dream come true
Microsoft security researchers have come up with an extension of the "Evil Maid" attack that allows attackers to bypass local Windows authentication to defeat full disk encryption: "Remote Butler".
August 08, 2016
Read More


Remote credential rotation for distributed environments
At RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution.
February 15, 2017
Read More


Remove Windows Script Hosting
completely from your system.
Provides Information
Read More


Rep. Ted Lieu Calls on FCC to Expedite SS7 Investigation After Alleged Russian Hacking
U.S. Representative Ted W. Lieu, from the 33rd District of California, called on the FCC to expedite the investigation it started on the Signaling System Seven (SS7) earlier this this April. the call comes after recent reports of alleged Russian hacking of members of the U.S. Congress.
August 25, 2016
Read More


Repercussions of the massive Yahoo breach
Yahoo has announced on Thursday that they have suffered a breach and that account information of at least half a billion users has been exfiltrated from the company's network in late 2014.
September 23, 2016
Read More


Report: Backdoor access in the Blu R1 HD and other phones sent data to China
The spyware impacted some prepaid and international models, but Blu says that a software fix has patched the privacy breach.
November 15, 2016
Read More


Reposify: An IoT search engine that you can integrate into your products
With the unstoppable rise of the Internet of Things, and the still inevitable reality of their fundamental insecurity, knowing where, what and how secure they are is crucial for everybody.
October 10, 2016
Read More


Research: 2016 Netwrix Cloud Security Report
Security and privacy of data and systems in the cloud remains a top worry for 70% of IT professionals worldwide, up from 63% in 2015, according to a new Cloud Security Survey by Netwrix.
November 21, 2016
Read More


Researchers bypass ASLR by exploiting flaw in Intel chip
Researchers have found a design flaw in the branch predictor, a component of Intel's Haswell processor, and have exploited it to bypass ASLR (Address Space Layout Randomization).
October 19, 2016
Read More


Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of major operating systems and browsers by exploiting a common feature of computer microprocessors.
February 15, 2017
Read More


Researchers demonstrate ransomware for industrial control systems
We've witnessed ransomware targeting Windows and Linux systems and Macs, Android devices, smart TVs, and even a ransomware scheme targeting iPhone users (though not effected through malware).
February 14, 2017
Read More


Researchers design a chip that checks for sabotage
With the outsourcing of microchip design and fabrication a worldwide, $350 billion business, bad actors along the supply chain have many opportunities to install malicious circuitry in chips. These Trojan horses look harmless but can allow attackers to sabotage healthcare devices; public infrastructure; and financial, military, or government electronics.
August 24, 2016
Read More


Researchers discover 110 snooping Tor nodes
In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network.
July 25, 2016
Read More


Researchers identify domain-level service credential exploit
CyberArk Labs unveiled new research detailing what it considers to be a significant risk across all Windows endpoints, including those on Windows 10 with Credential Guard enabled. the exploit could allow cyber attackers to harvest encrypted service credentials from the registry and inject them into a new malicious service to achieve lateral movement and full domain compromise.
November 17, 2016
Read More


Researchers pinpoint best times for delivering security messages
When is the best time to deliver a security message?
August 19, 2016
Read More


Researchers predict upsurge of Android banking malware
Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it.
January 23, 2017
Read More


Researchers reveal WiFi-based mobile password discovery attack
A group of researchers has come up with WindTalker, a new attack method for discovering users' passwords and PINs as they enter them into their smartphones.
November 14, 2016
Read MoreResearchers set to work on malware-detecting CPUs
Adding hardware protections to software ones in order to block the ever increasing onslaught of computer malware seems like a solid idea, and a group of researchers have just been given a $275,000 grant from the National Science Foundation to help them work on a possible solution: malware-detecting CPUs.
November 11, 2016
Read More


Researchers to present new software and hardware vulnerabilities at HITB Amsterdam
Users assume the underlying hardware and software system, mobile antivirus, password managers and encryption technology will protect them from malicious attacks on their communications. Upcoming research at the HITB Security Conference in Amsterdam suggests to think twice before trusting mobile security blindly and shows that security is not a final product, but rather a bumpy process.
March 28, 2017
Read More


Researchers Use Ambient Light Sensors to Steal Browser Data
Security researchers have discovered that ambient light sensors used in smartphones, laptops, and tablets can be used to steal browser data.
April 21, 2017
Read More


Researchers: Hackers could weaponize up to a billion monitors to spy on everyone
Most of the time when we talk about PC security, we talk about either the operating system or the hardware that it runs on. Security researchers tend to focus on these characteristics for obvious reasons, but it's always interesting to see what other research teams can do by targeting the hardware most of us don't consider part of the normal security chain.
August 08, 2016
Read More


Respect: Windows 10 security impresses hackers
Windows is a popular attack target for criminals and security researchers alike, but Microsoft has done a good job of making it harder to exploit security flaws in the OS.
August 15, 2016
Read More


Results of the rogue Access Point experiment at RSA Conference 2017
The security of open Wi-Fi hotspots has been a subject of great concern for years. But, would you believe that we were overwhelmingly successful using Wi-Fi attacks dating back twelve years on the RSA Conference show floor in San Francisco? Either we are really good at getting lucky with old tools, or there is a serious Wi-Fi security pandemic out there.
February 24, 2017
Read More


Retailers largely lack on-site security and IT expertise
A new Cybera survey of more than 50 retail professionals found that many retailers lack the necessary IT staff at the store level to ensure proper solution implementation and security.
January 19, 2017
Read More


Retailers overconfident in endpoint security
A new study conducted by Dimensional Research evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 100 participants from the retail sector.
November 7, 2016
Read More


Retina-X admits they have suffered a data breach
Retina-X Studios, the makers of several consumer-grade monitoring products, have finally announced that they have suffered a data breach.
May 2, 2017
Read More


Review: Advanced Persistent Security
Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world's most influential security professionals.
July 6, 2017
Read More


Review: Boxcryptor
Storing your data in the cloud comes with both positive and negative aspects. Boxcryptor is a solution that helps with this by encrypting your data on your device before it gets synchronized to the cloud storage provider of your choice.
September 20, 2016
Read More


Review: Cyber Guerilla
Jelle Van Haaster is an officer in the Royal Netherlands Army and has a background in legal, military, and technical defense matters.
August 11, 2016
Read More


Review: Data Breach Preparation and Response
Kevvie Fowler is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. He is a SANS lethal forensicator and sits on the SANS Advisory Board where he guides the direction of emerging security and forensics research.
March 31, 2017
Read More


Review: DNS Security
Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies.
January 25, 2017
Read More


Review: FourV Systems GreySpark
GreySpark is a solution for measuring and managing organizations' IT security risk. GreySpark ingests information security metadata from a large range of existing sensors, applies the risk model to the data, and presents it in a way that's helpful to risk and financial executives, as well as the IT people who need to drill down into details.
October 12, 2016
Read More


Review: is Decisions UserLock
According to a Rapid7 survey, 90% of organizations are worried about compromised credentials and around 60% say they cannot catch these types of attacks. French IT security company is Decisions tries to tackle this major problem with UserLock, a solution that provides access security and concurrent login control for corporate networks.
October 25, 2016
Read More


Review: iStorage datAshur Pro
Ages ago, I would encrypt these files with GPG and move them to a generic USB drive. After that I used the encrypted flash drives that needed a client software for accessing the secure data. Both of these options required software to work, whether a standalone encryption tool, device driver or a tied in application.
August 23, 2016
Read More


Review: iStorage diskAshur Pro SSD
The iStorage diskAshur Pro SSD is the hard drive for users with security on their mind. this USB 3.0 device comes in various storage capacities, ranging from 128GB to 1TB, and is certified and tested to NIST FIPS 140-2 Level 2 requirements. for accessing the data you'll need to go through a PIN input process and the stored files are secured with 256-bit XTS-AES encryption.
November 15, 2016
Read More


Review: Protecting Patient Information
Paul Cerrato has more than 30 years of experience working in healthcare and has written extensively on patient care, electronic health records, protected health information (PHI) security, practice management, and clinical decision support. He has served as Editor of InformationWeek Healthcare, Executive Editor of Contemporary OB/GYN, and Senior Editor RN Journal.
September 7, 2016
Read More


Review: the Internet of Risky Things
Professor Sean Smith is the Principal Investigator of the Dartmouth Trust Lab and Director of Dartmouth's Institute for Security, Technology, and Society. He investigates how to build trustworthy systems in the real world.
February 7, 2017
Read More


Review: Threat Forecasting
John Pirc is Director of Security Solutions for Forsythe Technology and an advisor to HP's CISO on Cyber Security.
October 17, 2016
Read More


Review: True Key for iOS
I've been using 1Password for years -- both their desktop and mobile products. Altough it works fine, I was curious to see what are the alternatives I can use on my iPhone. After some hits and misses, I've installed the True Key personal password manager, which is developed by Intel Security and offered for free.
July 28, 2016
Read More


Rewriting the rules on how to protect against evolving adversaries
Hackers are getting better at exploiting your organization's increasingly complex IT environment. Adversaries are using highly customized attack campaigns to infiltrate their targets and evade detection for long periods of time. In this podcast recorded at RSA Conference 2017, Yonatan Striem-Amit, CTO and co-founder of Cybereason, talks about how his company defends complex IT ecosystems.
February 28, 2017
Read More


Rights Groups Object To 'Secret' Warrants For Facebook Data
Access Now, the Electronic Frontier Foundation, and other rights groups have objected to the U.S. government's use of secret warrants to obtain Facebook user data as part of a not-so-secret investigation. The complaint arrived after Facebook "sent out a kind of bat signal," the EFF said, by asking the D.C. Court of Appeals to allow these groups to file amicus briefs in a case that involves fighting secret search warrants for user data.
July 5, 2017
Read More


Rio 2016: the world is watching, especially hackers
When each nation's best athletes compete at the Olympic Games, one city seemingly becomes the center of the universe. and while we look on closely–captivated by the event's grandeur and its participants' incredible skills–threat actors do the same, only for entirely different reasons.
July 18, 2016
Read More


Rise in cloud adoption, confusion about managing complex cloud environments
Today's enterprises are increasingly moving to the cloud to transform internal IT environments, but are struggling to manage the complexity, according to 451 Research and Embotics.
October 28, 2016
Read More


Rise of cyber attacks against the public sector
The use of information and communication technologies in the public sector, specifically online government services, is a key factor for being targeted by cybercriminals. Technological advances have made it possible to store personal data in digital format, a great benefit to users, but also a highly-prized target.
September 23, 2016
Read More


Rise of malicious apps leveraging UK brands
The number of malicious apps leveraging top UK brands has grown by 130% year on year. a new study examined mobile apps owned by or leveraging the brands of 45 top UK companies across five vertical sectors, to give a snapshot of the threats facing UK organisations and their customers from 2015 to today.
September 23, 2016
Read More


Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to every CISO.
July 3, 2017
Read More


Rising volume of attacks overpowers security teams
New research from IDC that shows organizations are constantly under attack and struggling to keep up. The research finds most organizations run time-consuming security investigations and often fail to effectively protect themselves.
June 1, 2017
Read More


Risk and the Pareto Principle: Applying the 80/20 rule to your risk management strategy
Enterprises these days are putting more resources into monitoring and managing business risk. and with good reason -- in light of a growing number of vulnerabilities and advanced threats, they're dealing with a more complex risk environment that also impacts their technology partners and other third parties.
August 30, 2016
Read More


Riskiest shopping malls for mobile devices
As the biggest shopping weekend of the year in the US approaches, Skycure is advising shoppers to beware of mobile threats while browsing in both physical and online stores.
November 18, 2016
Read More


Risky sites have never been easier to exploit
46% of the Internet's top 1 million web sites, as ranked by Alexa, are risky. this is largely due to vulnerable software running on web servers and on underlying ad network domains, according to Menlo Security.
December 14, 2016
Read More


Rollout of DMARC email security protocol needs to gain steam
Trust, from both customers and investors, is the most important currency for financial services companies. a breach of trust can break a bank, while maintaining trust leads to long-term success. at its core, financial services customers expect their banking institutions to protect their money and their information. and it starts with the most basic of 21st century communications -- email. So how are the globe's leading financial institutions doing?
April 3, 2017
Read More


RSA Conference 2016: the infosec glass house?
A couple of years late to the party, but I finally made it to San Francisco with a real sense of excitement to attend what was described to me as the "Super Bowl of the Security Industry." Working with the analogy, there certainly were plenty of cheerleaders waving their pompoms for companies all claiming to do threat intelligence, and of course let us not forget machine learning.
March 8, 2016
Read More


RSA Conference 2017 debuts education program
RSA Conference announced the debut of RSAC AdvancedU -- a new series of programs to educate and encourage more people to pursue a career in cybersecurity and also invigorate veterans with decades of experience -- at RSA Conference 2017, February 13-17, in San Francisco.
January 1, 2017
Read More


Rudimentary attacks pose the greatest risk to midsized organizations
Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organizations, according to eSentire.
May 8, 2017
Read More


Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. the standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities.
April 18, 2017
Read More


Russia shoves antitrust probe into Microsoft after Kaspersky gripes about Windows 10
The Russian Federal Antimonopoly Service (FAS) is investigating whether Microsoft abused its position in the market with Windows 10 -- after Moscow-based Kaspersky complained to the watchdog and EU regulators.
November 11, 2016
Read More


Russia threatening to ban Telegram encrypted messaging app
Roskomnadzor, Russia's communications regulator, is threatening to ban the use of popular encrypted messaging app Telegram.
June 26, 2017
Read More


Russia's bid for mobile self-sufficiency may be the saviour of Sailfish
Comrades: we present your official alternative to Android
December 6, 2016
Read More


Russian carding industry pioneer sentenced to 27 years in prison
32-year-old Roman Valeryevich Seleznev, aka Track2, has been handed the longest US hacking sentence to date: 27 years in prison.
April 24, 2017
Read More


Russian Hackers used Android malware to track Ukrainian artillery
More proof that you need to be extra careful downloading apps online.
December 22, 2016
Read More


Russian hackers using Instagram to mask malware links
Turla, a Russian hacking collective, was recently found to be using Instagram comments as a means of hiding links to its malware. Known for targeting governments in the past, the hacker group appears to be experimenting with familiar routes of infection, although targeting rather unfamiliar victims -- everyday citizens.
June 9, 2017
Read More


Russian government agents among those charged for massive Yahoo hack
Hackers targeted Yahoo accounts of officials for intelligence and financial gain, says US government
March 15, 2017
Read More


Misc. - S

Samba at Risk from Wormable Bug Similar to WannaCry: Present on Many NAS boxes
Samba, the open source implementation of the Windows CIFS file sharing protocol found on Linux and many home NAS-systems, now has its own version of a "WannaCry" grade bug ready to cause users grief. Like WannaCry, Sambas bug enables remote code execution and is totally wormable.
May 25, 2017
Read More


SAMRi10: Windows 10 hardening tool for thwarting network recon
Microsoft researchers Itai Grady and Tal Be'ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced "Samaritan").
December 1, 2016
Read More


Samsung Galaxy S8 iris scanner can be fooled with a printed photo
After demonstrating how easily Apple's Touch ID can be fooled with a user fingerprint photographed from a glass surface, Chaos Computer Club (CCC) hacker "Starbug' has proven that the iris recognition system in Samsung's Galaxy S8 smartphone can be fooled by using a printed photo of the user's eye(s).
May 24, 2017
Read More


Samsung Knox flaws open unpatched devices to compromise
Researchers from Viral Security Group have discovered three vulnerabilities in Samsung Knox, a security platform that allows users to maintain separate identities for work and personal use, and is built into some of the company's Android smartphones and tablets.
October 4, 2016
Read More


Samsung 'Secure Folder' Brings Enterprise-Class Security to Consumers
Samsung offered Galaxy S7 and S7 Edge owners a taste of enterprise-ready security with the new Secure Folder. this special folder will allow consumers to hide apps from their home screen, keep sensitive data separate from other information, and use an extra layer of security for everything it contains.
February 24, 2017
Read More


Samsung's Tizen is riddled with security flaws, amateurishly written
Researcher calls it the "worst code [he's] ever seen."
April 4, 2017
Read More


SAP closes critical vulnerability affecting TREX
SAP closed a critical vulnerability for an issue that was exposed for almost two years. the vulnerability (SAP Security Note 2419592) affects TREX, a SAP NetWeaver standalone search engine, which is deployed in over a dozen SAP products including SAP HANA.
April 12, 2017
Read More


SAP co-founder's VC firm leads $15M investment in Vera
Vera announced a $15 million strategic investment led by HP-Ventures, the venture capital firm founded by of SAP Chairman, Hasso Plattner. Drawing from its third fund of €150 million, HP-Ventures is joined by existing investors Battery Ventures, Sutter Hill Ventures, Clear Venture Partners, Amplify Partners and Leslie Ventures who all participated in this strategic financing.
May 10, 2017
Read More


Satan: a new ransomware-as-a-service
Ransomware as a Service (RaaS) has been growing steadily since it made its debut in 2015 with Tox. with the new Satan service, it's easier than ever. the idea is to use this web portal to contract threat actors to create new ransomware samples for distribution via the desired attack vector. this allows any potential cybercriminal, regardless of their skill or coding knowledge, to upgrade to an encrypting ransomware business model.
January 19, 2017
Read More


Say hello to Dvmap: The first Android malware with code injection
Trojan deletes root access to dodge detection
June 9, 2017
Read More


SCADA systems plagued by insecure development and slow patching
"Behind most modern conveniences, there exists a SCADA system somewhere that controls them,' Trend Micro researchers pointed out in a new report that delves in the heart of vulnerabilities affecting SCADA systems' Human Machine Interfaces (HMIs).
May 23, 2017
Read More


Scale, frequency and causes of certificate-related outages
Certificate-related outages negatively impact the reliability and

Scammers are blending W-2 phishing with wire fraud
During last year's run-up to the US Tax Day, scammers mercilessly targeted companies" payroll and human resources professionals, tricking them into handing over employees" W-2 forms.
February 3, 2017
Read More


Scan Ruby-based apps for security issues with Dawnscanner
Dawnscanner is an open source static analysis scanner designed to review the security of web applications written in Ruby.
October 12, 2016
Read More


Scareware scammers target iOS users
A bug in the way that Mobile Safari handles pop-up dialogs has been abused to scare iOS users into paying a "fine" in the form of an iTunes pre-paid card.
March 28, 2017
Read More


Scientists' sneaky smartphone software steals 3D printer designs
Creative but only semi-useful snooping hack
September 7, 2016
Read More


Script for remote DoublePulsar backdoor removal available
NSA's DoublePulsar backdoor can now be remotely uninstalled from any infected Windows machine, thanks to the updated detection script provided by security firm Countercept.
April 26, 2017
Read More


Seal the integrity of your logs with Waterfall BlackBox
Upon discovery of a cyberattack, forensic experts look inside the compromised network's various logs to locate and analyze tracks left by the attacker. Logs are the baseline information required for quality incident response and forensics. they consist of tracks and hints of the attack and the attacker.
November 30, 2016
Read More


Secretions on your phone reveal your secrets
Chemistry laughs at your strong passwords
November 15, 2016
Read More


Secunia Research: Users still running many vulnerable applications!
Flexera Software just released the Country Reports by Secunia Research for the 3rd quarter of 2016. the global view of the results show that PC users still run, on average 7.2% of software that is End-of-life.
November 10, 2016
Read More


Secure all the Things: AT&T, IBM, Others Form IoT Cybersecurity Alliance
Can the Internet of Things (IoT) shake its reputation of being a festering network of insecure devices? AT&T, IBM, Symantec, and other companies plan to find out with a new IoT Cybersecurity Alliance that will work together to "research and raise awareness of ways to better secure the IoT ecosystem."
February 9, 2017
Read More


Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
Microsoft quiet as researchers spot debug mode flaw that bypasses OS checks.
August 11, 2016
Read More


'Secure Boot'-Enabled Windows Devices May be Permanently Vulnerable Due to 'Golden Key' Backdoor, Say Researchers
Two security researchers, MY123 and Slipstream, uncovered multiple security vulnerabilities in Microsoft's Secure Boot policies on Windows 8, Windows 8.1, and Windows 10 devices. the flaws can now allow anyone to unlock devices that were supposed to load only the signed Windows operating system. Because Secure Boot can now be bypassed, it also means the devices are vulnerable to bootkit and rootkit types of malware, much like PCs were in the pre-Secure Boot era.
August 11, 2016
Read More


Secure messenger app Signal fought government and kept privacy promises
If you use the encrypted communication app Signal, then you trust its security, but now you will know Signal also keeps its privacy promises.
October 5, 2016
Read More


Secure messaging app Wickr opens core crypto protocol to review
Wickr, the San Francisco-based company that's behind the secure ephemeral messaging app of the same name, has published the core crypto protocol powering both the personal and the business versions of the app.
February 16, 2017
Read More


Secure operations automation: Close the gap between security and operations teams
A new voke survey of 318 participants from companies of varying sizes globally, focuses on the need to operationalize security through secure operations automation practices and solutions, and explores real-world insights about IT patch and compliance, automation, and operations security.
March 13, 2017
Read More


Secure OS Tails 3.0 Launches With Debian 9 Base, Redesigned Interface
Tails, the "read-only" Linux-based operating system that routes all internet traffic through the Tor anonymity network, has now reached version 3.0. The new release dropped 32-bit support to increase security and adopted the latest Tor Browser 7.0, and it also comes with a more polished desktop interface.
June 14, 2017
Read More


Secure websites brought to you by the letter S
What's so special about the letter S? it's one of the most frequently used letters in the English language, a regular sponsor of Sesame Street, and is so common that Vanna White automatically selects it for contestants during the Wheel of Fortune's final round.
December 16, 2016
Read More


SecureList
Kaspersky Lab presents Lab Matters, a series of webcasts that get right to the heart of some of the IT security industry's hottest topics. In the first program, two of the company's leading antimalware experts, Costin Raiu and Magnus Kalkuhl, will be giving viewers the complete lowdown on targeted attacks and discussing a host of other fascinating topics.
Provides Information
Read More


Securing applications in the public cloud
The security and auditing model of installing agents on virtual servers breaks down in the public cloud.
March 8, 2017
Read More


Securing document flow: Exploring exposure and risk
There is a widespread and growing need to improve security practices surrounding confidential documents in most organizations today, according to a new study by the BPI Network. In a global survey of managers and information workers, 6 out of every 10 respondents said they or someone they know have accidently sent out a document they shouldn't have.
March 16, 2017
Read More


Securing Enterprise Data with Windows Information Protection
Learn about Windows Information Protection. it's a new security feature in Windows 10, and this video will show you how administrators use it to protect organizational data on devices.
January 12, 2017
Read More


Securing information in the age of external collaboration
A new Enterprise Strategy Group (ESG) research study, which was completed by 200 senior IT and security professionals with influence over purchasing decisions, highlights the need for organizations to have the necessary technologies in place to ensure policies travel with sensitive data wherever and however it is shared.
September 14, 2016
Read More


Securing medical devices: Cybersecurity spending to triple by 2021
The medical IoT is set to transform healthcare through smart medical devices. However, their success is in jeopardy if cybersecurity concerns are not addressed immediately.
October 19, 2016
Read More


Securing the converged cloud: CSA Summit at RSA Conference 2017
The Cloud Security Alliance (CSA) announced the agenda for its annual CSA Summit 2017, a full-day event being held at the RSA Conference 2017 on Monday, February 13, 2017.
January 16, 2017
Read More


Securing workspaces in a hyperconnected digital era
Enterprises that fail to offer employees a flexible, autonomous, and creative work environment are at risk of not attracting and retaining next-generation talent, according to Dimension Data. Unfortunately, most workspaces are not ready for the cyber threats of tomorrow.
October 13, 2016
Read More


Security and the human factor: Creating a positive user experience
Despite the myriad of security solutions deployed, breaches are still happening. Even with the most robust security solutions it seems that we're failing with the fundamentals, with ever more sophisticated hacks infiltrating and bringing down networks or resulting in compromised data.
April 20, 2017
Read More


Security appliance market shows positive growth
The total security appliance market showed positive year-over-year growth in both vendor revenue and unit shipments for the second quarter of 2016, according to IDC. Worldwide vendor revenues in the second quarter increased 5.8% year over year to $2.75 billion, and shipments grew 15.2% year over year for a total of 659,305 units.
September 30, 2016
Read More


Security audit of Dovecot mailserver reveals good security practices
Dovecot -- a popular open source IMAP and POP3 server for Linux/UNIX-like systems -- is as secure as its developers claim it is. a security audit performed by German security outfit Cure 53 revealed only three minor security issues, and they've all already been fixed.
January 17, 2017
Read More


Security awareness is good, but good security culture is better
As an efficient mechanism to influence employee behavior, security culture is one of the most important, yet most overlooked, aspects of organizational security.
May 8, 2017
Read More


Security awareness training or no, users will keep clicking on dodgy links
There is no way to make humans never click on potentially dangerous links they receive, as the right combination of curiosity, context, and emotions will always beat security awareness training, says Zinaida Benenson, researcher and associate professor at the University of Erlangen-Nuremberg.
August 04, 2016
Read More


Security bods find Android phoning home. Home being China
Kryptowire uncovers firmware sending texts, contacts and everything else
November 15, 2016
Read More


Security budgets shifting from prevention to detection
According to industry estimates, enterprises have historically spent more than 75% of their infosec technology budgets on preventative technologies. According to a new survey conducted by Anderson Research, the portion of security budgets targeted for detection solutions increased substantially over 2015.
January 26, 2017
Read More


Security concerns still undermining mobile payments
Concerns about fraud and theft risks are inhibiting adoption of mobile wallets, but businesses underestimate the problem. the survey found more than half of consumers believe mobile wallets are less secure than cash–yet nearly 60 percent of executives say mobile money will build their business because it's safe.
October 7, 2016
Read More


Security Features on IoT Core
Security is a hot-button issue in the IoT space; IoT developers should be thinking about implementing hardware and software security features from the start of development. Windows 10 IoT Core provides several of these features to help protect your devices from network attacks as well as physical tampering.
June 26, 2017
Read More


Security for multirobot systems
Distributed planning, communication, and control algorithms for autonomous robots make up a major area of research in computer science. But in the literature on multirobot systems, security has gotten relatively short shrift.
March 17, 2017
Read More


Security Gaps Open the Door to Cyber-Criminals
Despite clear evidence of the huge price of external cyber-attacks, both in terms of mitigation costs and reputation, organizations continue to short-change this key security area. a new study from the Ponemon Institute, "Security Beyond the Traditional Perimeter," states that companies don't have enough staff or sufficient technology to keep up with external threats, and they are not doing enough monitoring of their environments.
August 24, 2016
Read More


Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel
Kaymera: building on shoulders of a giant, claim
January 12, 2017
Read More


Security holes in Confide messaging app, used by White House staffers, exposed user details
Despite its marketing, the app contained glaring problems with protecting user account information, according to security researchers.
March 8, 2017
Read More


Security improvements primary reason for Windows 10 migration
Migration to Windows 10 is expected to be faster than previous OS adoption, according to a survey by Gartner. the survey showed that 85 percent of enterprises will have started Windows 10 deployments by the end of 2017.
April 26, 2017
Read More


Security in the M&A process: Have you done your technical due diligence?
Company acquisitions are common in the cyber security market. Whether you are attempting to bolster your strategic position or looking to acquire the best talent, chances are if you're company is growing, you'll find yourself on a deal team at some point.
July 19, 2016
Read More


Security management outlook: Five trends to watch
Cybersecurity can't sit still. as we look ahead to what this year has in store for the security management landscape, organizations globally should be paying attention to five key trends.
January 23, 2017
Read More


Security orchestration and automation: Closing the gap in incident response
Companies in North America are poised to increase their reliance on security orchestration and automation for incident response (IR), according to Enterprise Strategy Group (ESG).
October 7, 2016
Read More


Security programs not keeping up with IoT threats
More than 90 percent of IT security professionals said that connected devices will be a major security issue this year. However, 66% aren't sure how many devices are in their environment, according to new research from Pwnie Express.
February 14, 2017
Read More


Security pros lack the necessary tools to thwart cyber attacks
A new study from the Ponemon Institute reveals that external cyber attacks cost enterprises $3.5 million a year and that the majority of security and IT professionals lack the necessary resources and infrastructure to deal with these attacks, despite the growing risks and costs associated with them.
July 19, 2016
Read More


Security researchers uncover new global cyber espionage campaign
There is a new, global cyber espionage campaign, and this one demonstrates a "new level of maturity." this is according to a new report by PwC and BAE, released after consultation with other cyber security experts, including the UK's National Cyber Security Center.
April 5, 2017
Read More


Security skills gap? what security skills gap?
After the year we've had, it shouldn't come as a surprise that cybersecurity skills are heavily in demand. Breaches, attacks and incidents have never been far from the headlines, so as boards and businesses pay closer attention, they're adjusting their hiring plans to ensure they're protected. But a new study from recruiter Indeed.com found severe cybersecurity shortages persist in every country.
February 13, 2017
Read More


Security skills need to be deep and wide to mitigate critical risks
Businesses recognize security as a growing imperative, but many remain on the defensive, fighting cyber threats with dated tactics and training, according to CompTIA.
April 25, 2017
Read More


Security software that uses 'code hooking' opens the door to hackers
The flaws allow hackers to easily bypass exploit mitigations in the OS and third-party apps
July 19, 2016
Read More


Security startup confessions: Attending industry events
Attending conferences and similar events typically involves a lot of meetings, sales pitches (both giving and receiving), and alcohol.
June 19, 2017
Read More


Security startup confessions: Customer breach disclosure
Balancing the needs of your company, your employees, and your customers requires making tough choices.
December 6, 2016
Read More


Security startup confessions: Hiring and firing
Building a great team is critical for any startup, and organizational culture matters in any organization, no matter the size or sector it operates in.
October 3, 2016
Read More


Security startup confessions: how to tackle outsourcing
Picking outsourcing partners can be a tricky thing.
August 11, 2016
Read More


Security startup confessions: Looking for investors
Running a startup is an amazing experience, and a lot like riding a roller coaster. the past couple of weeks at CTLRe are a good example of this thrilling ride, as we are preparing our first investment round.
November 4, 2016
Read More


Security still the biggest challenge in cloud management
CIOs are the C-suite executives most intensively advocating and driving migration of their organizations' IT resources to the cloud. a new Unisys study indicates that reducing costs and gaining faster access to computing capacity are the CIOs' primary motivations. In addition, securing the cloud is the respondents' primary management concern.
August 09, 2016
Read More


Security testing platform for app-aware infrastructures
At Black Hat USA 2016, Spirent Communications will be presenting CyberFlood, a security and performance testing platform suitable for complex testing scenarios.
August 03, 2016
Read More


Security-as-a-Service: how mid-market companies achieve network security
Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, according to a study conducted by 451 Research.
April 26, 2017
Read More


Security's blind spot: The long-term state of exception
It seems every major hack is accompanied by the pointing of fingers. And there are plenty of places to point them: the servers that weren't patched, the retailer who hadn't finished setting up an intrusion detection system, the high-ranking official who used his personal email to store secrets, the critical application with unfixed security holes because the programmers hadn't finished fixing them yet, the users of unapproved cloud or mobile applications for corporate data.
July 4, 2017
Read More


Self-healing endpoint security as a foundation for visibility
When it comes to persistent cyber threats, a majority of companies have resigned themselves to the fact they will be or are already infiltrated by an unknown adversary. It is impossible to stop well-funded, well-prepared and persistent adversaries 100 percent of the time.
February 8, 2017
Read More


Sensitive data on 198 million US voters exposed online
For at least two whole weeks, a database containing information on 198 million potential US voters -- more than half of the American population -- lay exposed on the internet, accessible to anyone who stumbled upon it while looking for unsecured assets.
June 19, 2017
Read More


Services disrupted at three UK hospitals due to virus attack
Computer systems of the Northern Lincolnshire and Goole NHS Foundation Trust have been hit by a "virus", and the HNS Trust reacted by shutting down the majority of them.
November 1, 2016
Read More


Setting up a Minimal, Yet Useful JavaScript Dev Environment
In an era of omnipresent frameworks, libraries and tooling, it may be hard to decide what tool to use and when.
November 22, 2016
Read More


Seven myths for hyperconverged integrated systems
As with many new technology trends, certain assumptions and hype emerge that can influence buyer behavior and lead to poor decisions. Gartner has identified seven of the most common flawed assumptions in the hyperconverged integrated systems (HCIS) market.
November 4, 2016
Read More


Several Marvel Twitter Pages Fall Victim to Same Group that Hacked Netflix's Account
On the same day that Netflix's U.S. Twitter account was briefly compromised, the group responsible for that attack is taking responsibility for hacking several Marvel social media pages as well.
December 21, 2016
Read More


Several high risk 0-day vulnerabilities affecting SAP HANA found
Onapsis discovered several high risk vulnerabilities affecting SAP HANA platforms. If exploited, these vulnerabilities would allow an attacker, whether inside or outside the organization, to take full control of the SAP HANA platform remotely, without the need of a username and password.
March 14, 2017
Read More


Severe vulnerability in Cisco's WebEx extension for Chrome leaves PCs open to easy attack
if you have the Cisco WebEx Chrome browser extension installed make sure you're running the latest version.
January 24, 2017
Read More


Shadow Brokers data dump reveals yet another NSA-Stuxnet link
When the Shadow Brokers dumped on Friday another batch of data allegedly stolen from the Equation Group, which has been linked to the NSA, security researchers dove right in.
April 18, 2017
Read More


Shadow Brokers say goodbye, leak a batch of Windows hacking tools
The Shadow Brokers, a group (?) of hackers that has made a big splash in August last year by leaking and offering for sale exploits supposedly stolen from the infamous Equation Group, has decided to call it quits , but not before offering a parting gift.
January 13, 2017
Read More


Shadow Brokers, digital attacks, and the escalation of geopolitical conflict
Last week's data dump by the Shadow Brokers has left many wondering how the US will respond. this is just the latest in a series of politically motivated data breaches often attributed to Russia, including last year's State Department and White House attacks, as well as this summer's intrusions on the DNC and DCCC. However, these must not be viewed in isolation, but as part of the larger, on-going escalation of tensions between the US and Russia.
August 23, 2016
Read More


Shadow IT intensifies cloud security risks
Lack of visibility into an organization's use of cloud providers can lead to unauthorized access to data, improper handling and storage of data and improper data removal. as a result, organizations are left highly exposed and vulnerable to a data breach, reveales a new Blancco Technology Group study.
October 13, 2016
Read More


ShadowPlex delivers cost-effective deception technology
Deception technology intended to catch out attackers by deploying decoys that mimic business systems is gaining in popularity. the market for deception is expected to exceed $2 billion by 2021.
April 20, 2017
Read More


SharePoint houses sensitive data, but organizations are not keeping it safe
A new report from the Ponemon Institute is focused on how organizations are keeping sensitive or confidential data safe in collaboration and file sharing environments such as SharePoint, Dropbox, and file sync and share applications.
May 8, 2017
Read More


Sharing passwords is a bad idea, yet people still do it
A lot of people like sharing their passwords with others, even though such actions put their data at risk -- and they know it. Those are the results of a new survey commissioned by password management firm LastPass, and conducted by RedShift Research.
March 8, 2016
Read More


Shark Ransomware-as-a-Service: a real threat, a scam, or both?
A new Ransomware-as-a-Service project has sprung up, and the "service providers" are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. the ransomware is called Shark.
August 16, 2016
Read More


Should cloud vendors cooperate with the government?
More than one in three IT pros believe cloud providers should turn over encrypted data to the government when asked, according to Bitglass and the Cloud Security Alliance (CSA).
August 12, 2016
Read More


Should Police Need a Warrant to Obtain your Cellphone Location Data?
On TV and in the movies, when the police want location information on a suspect's cellphone, the world-weary detectives just mosey into the office of a wireless company and bully/sweet-talk the receptionist into handing over this information by saying things like "
October 28, 2016
Read More


Should security vendors offer product guarantees?
A new Vanson Bourne survey of 500 businesses in the UK, US, France and Germany revealed that nine in ten companies want to see IT security vendors offer a guarantee on their products and services, and 85 per cent claim they would change providers if they could find an alternate IT security vendor who offers a guarantee.
December 14, 2016
Read More


Should you trust your security software?
The complaint that security is broken isn't new and even industry insiders are joining the chorus. Companies spent an estimated $75 billion last year on security products and yet cyber attacks and data breaches are still a common occurrence. Now, we're finding that security tools themselves have vulnerabilities that are putting organizations at risk.
September 21, 2016
Read More


Siemens RUGGEDCOM industrial communication devices vulnerable to remote attacks
All version of Siemens RUGGEDCOM ROX I VPN endpoints and firewall devices sport five vulnerabilities that can be exploited by attackers to perform actions with administrative privileges.
March 29, 2017
Read More


Signal fixes bug that lets attackers corrupt encrypted attachments
Signal may be the most trusted messaging app, but it's not perfect.
September 15, 2016
Read More


Signal Protocol's crypto core has no major flaws, researchers find
A group of computer science and cryptography professors and doctoral students has effected a security analysis of the secure messaging Signal Protocol -- specifically, of its Key Agreement and Double Ratchet multi-stage key exchange protocol (the effective cryptographic core).
November 9, 2016
Read More


Signal users can now make their messages disappear
Open Whisper Systems' Signal, the messaging app favoured by Edward Snowden and many other users who want and need to keep their communication safe and private, is now also offering the option of making messages disappear after recipients have had enough time to read them.
October 12, 2016
Read More


Significant decrease in Locky ransomware attacks
Locky ransomware attacks have dramatically decreased during December 2016, according to Check Point.
January 17, 2017
Read More


Similarities in partial fingerprints may trick biometric security systems
No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.
April 11, 2017
Read More


SimpleRisk: Enterprise risk management simplified
In this podcast recorded at Black Hat USA 2016, Josh Sokol, creator of SimpleRisk, talks about his risk management tool, which he presented at the Black Hat Arsenal.
August 31, 2016
Read More


Six best practices for managing cyber alerts
Security professionals know that the number of cyber alerts is growing at a frantic pace. Even a mid-sized company can face tens of thousands of alerts every month. as the 2011 Target breach demonstrated, failing to investigate alerts adequately and responding to them effectively can have serious consequences for a business as well as its customers.
January 31, 2017
Read More


Six key principles for efficient cyber investigations
Many organizations today are not equipped to defend against traditional cyberattacks, as demonstrated by the ever-increasing numbers of successful breaches reported daily -- the Privacy Rights Clearinghouse's latest number is 900,875,242 records breached in 5,165 attacks over the past decade -- and that's U.S. only.
November 23, 2016
Read More


Six tips for practicing safe social media
With Facebook now counting over 1.7 billion monthly users and LinkedIn another 467 million, it was only a matter of time until criminal hackers turned their attention to exploiting social media as an attack vector. the current attack is being waged to introduce ransomware into these environments. Dubbed "Imagegate", it's a clever way of sneaking malware into your environment.
December 9, 2016
Read More


Slack bug paved the way for a hack that can steal user access
The problem deals with the postMessage API the chat application uses to exchange data between browser windows
March 2, 2017
Read More


Slew of WP-based business sites compromised to lead to ransomware
If an approach works well, there is no reason to change tack, and the masters of the SoakSoak botnet are obviously of the same belief.
July 20, 2016
Read More


Smart cities face unique and escalating cyber threats
Ninety-eight percent of respondents to a survey conducted by Dimensional Research consider smart cities at risk for cyber attacks. Smart cities use IT solutions to manage a wide range of city services, including smart grids, transportation, surveillance cameras, wastewater treatment and more.
October 20, 2016
Read More


Smart city initiatives: Highly integrated and complex problems to solve
Every day, leaders of large cities grapple with knotty, complex problems like decaying public transportation infrastructures, aging utility lines, urban blight, neighborhoods that are vulnerable to the effects of climate change, and other multi-faceted socio-economic challenges.
October 28, 2016
Read More


Smart machines: is full automation desirable?
By 2020, smart machines will be a top five investment priority for more than 30 percent of CIOs, according to Gartner. with smart machines moving towards fully autonomous operation for the first time, balancing the need to exercise control versus the drive to realize benefits is crucial.
November 1, 2016
Read More


Smart TV hack embeds attack code into broadcast signal--no access required
Demo exploit is inexpensive, remote, scalable--and opens door to more advanced hacks.
March 31, 2017
Read More


Smart, safe data sharing will power the new economy
Companies need to accept tradeoffs to foster "digital trust" with employees if they want to gather the workplace data necessary to realize the full economic and competitive benefits of the Internet of Things (IoT) and the sharing economy, according to a new study by AIG.
January 5, 2017
Read More


SMB security: the evolving role of SaaS and IT outsourcing
SMBs need to bridge the gap between smaller IT security budgets and a shortage of expertise to face the very real and growing threat of cyber attacks, according to Kaspersky Lab.
October 22, 2016
Read More


SMBs risk data security by using free cloud storage
SMBs risk data security if they use free cloud storage, but nearly 25% still do, despite warnings from industry experts. In addition, new findings reveal that 11% of SMBs are storing banking information and 14% are storing medical records in free cloud storage, according to a survey of 293 SMBs by Clutch.
November 11, 2016
Read More


SMEs more prone, but still quite oblivious, to cyberattacks
Despite governments, organizations and brands intensifying their cybersecurity awareness campaigns in recent years, as well as several recent high-profile attacks and security breaches, it seems that many small and medium business owners still fail to realize the extent of risk for their companies from hacking, phishing, denial-of-service, and other types of common attacks.
November 30, 2016
Read More


Sn1per: Automated pentest recon scanner
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
August 18, 2016
Read More


Sneaky Gmail phishing attack fools with fake Google Docs app
Russian hackers resorted to a similar method to abuse the OAuth protocol to phish user accounts
May 4, 2017
Read More


So much for counter-phishing training: Half of people click anything sent to them
Even people who claimed to be aware of risks clicked out of curiosity.
August 31, 2016
Read More


SOC 2 + HITRUST: Evolving infosec demands in healthcare
Two-thirds of business associates are not fully prepared to meet the growing marketplace demands regarding controls for protecting healthcare information, such as patient records, according to a survey conducted by KPMG.
October 11, 2016
Read More


SOCs are maturing, but need more automation
Security operations centers (SOCs) are growing up, according to a new SANS survey. Respondents indicate the SOC's primary strengths are flexibility of response and response time, while their biggest weakness is lack of visibility into events.
May 9, 2017
Read More


Software development teams embrace DevSecOps automation
Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype.
March 22, 2017
Read More


Software security assurance: Everybody's invited
As more and more things in this world of ours run on software, software security assurance -- i.e. confidence that software is free from vulnerabilities (either intentional or not) and functions as intended -- is becoming more important than ever.
May 22, 2017
Read More


Soldiers bust massive click-farm that used 500k SIM cards, 100s of mobes to big up web tat
Cops pad up to Thai operation
June 14, 2017
Read More


Some password-manager apps that store data centrally get it right
You might be concerned from recent attacks that hosted secrets stored by 1Password and LastPass are at risk. the details say they're not.
April 18, 2017
Read More


Some Vine Users' Email Addresses, Phone Numbers Exposed
Like stumbling onto a bunch of Pitbull songs some ex put in your music library four years ago, the ghost of video-sharing platform Vine continues to haunt the internet. See, even though Vine is dead and gone, its cache of user information is not -- and now some of that data has apparently been leaked.
May 19, 2017
Read More


Sony, just let me dream about this Xperia X Compact leak
Like Hanukkah gifts, the DC cinematic universe, and No Man's Sky, sometimes the idea of something is far better than what's ultimately delivered to you. with that in mind, I would like to request that Sony cancel any plans to release an Xperia X Compact, which appears to have been leaked today by Evan Blass:
August 25, 2016
Read More


Sophisticated Mokes backdoor targets Mac users
A new malware targeting Macs has been discovered: the Mokes backdoor.
September 8, 2016
Read More


Sophisticated ransomware: new tactics to maximize profit
Organizations are unprepared for future strains of more sophisticated ransomware, according to the Cisco 2016 Midyear Cybersecurity Report. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate.
July 27, 2016
Read More


Sophos acquires Invincea
Sophos has agreed to acquire Invincea from its current shareholders for a cash consideration of $100 million with a $20 million earn-out. Sophos will retain the company™ office in Fairfax. Invincea CEO Anup Ghosh and COO Norm Laudermilch will join Sophos in key leadership positions.
February 8, 2017
Read More


Sophos Predicts Top 10 Cyber Security Trends for 2017
2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. the year also saw a rising tide of data breaches, from organizations big and small, and significant losses of people's personal information.
December 30, 2016
Read More


Sorry, iPhone fans -- only Fandroids get Barclays' tap-to-withdraw
It's only a test
November 23, 2016
Read More


Source Code for Mirai IoT Malware Released
Recently, source code for the Internet of Things (IoT) botnet malware, Mirai, was released on hack forums. this type of malware was used last month in an historic distributed-denial-of-service (DDoS) attack against KrebsOnSecurity, which was estimated to have sent 650 gigabits per second of traffic from unsecured routers, IP cameras, DVRs and more to shut down the domain.
October 10, 2016
Read More


South Korean banks threatened with DDoS attacks unless they pay $315,000
South Korean banks are being threatened with crippling DDoS attacks unless they pay $315,000 in bitcoin. The attackers threatening them identified themselves as the Armada Collective.
June 27, 2017
Read More


South Korean bitcoin exchange hacked, user accounts plundered
Bithumb, a South Korean bitcoin and ether exchange, has suffered a data breach that resulted in customer losses potentially reaching billions of South Korean won (currently, a billion won is equivalent to some 870,000 US dollars).
July 4, 2017
Read More


Spam is once again on the rise
Spam volume is back to mid-2010 heights, and Cis

Spectacular phishing attack pushes Google to improve defenses
The most recent Google-themed phishing attack shouldn't have come as a surprise, but it did -- and has affected around a million Gmail users.
May 8, 2017
Read More


Spoofing boarding pass QR codes with simple app
Przemek Jaroszewski, the head of Poland's CERT, says anyone can bypass the security of the automated entrances of airlines' airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes.
August 08, 2016
Read More


Spora ransomware could become the new Locky
A recent decrease of Locky ransomware infections has been tied with the lack of activity of the Necurs botnet, which is used to deliver the malware directly to potential victims' email accounts.
January 19, 2017
Read More


Spammers modify sites' core WordPress files for long-lasting compromise
In their quest to compromise WordPress installations and prevent site owners from discovering it and cleaning up the website, blackhat SEO spammers have turned to modifying core WordPress files.
August 17, 2016
Read More


SpyNote Android RAT builder has been leaked
A builder for the capable SpyNote Android RAT is being freely distributed on several underground hacker forums.
July 29, 2016
Read More


Spyware on a Chromebook
I think Chromebooks are great. they are cheap, fast laptops that can satisfy the computing needs of many users, if not for their primary computer, then as a secondary one.
January 25, 2017
Read More


SquirrelMail opens users to remote code execution
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered independently by two researchers.
April 25, 2017
Read More


SSD security challenges: Which data sanitization methods are effective?
In recent years, a growing number of data breaches have resulted from the improper data removal and insecure storage of drives. Organizations face a myriad of internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from solid state drives (SSDs), according to the Blancco Technology Group.
February 1, 2017
Read More


SSHowDowN Proxy attacks using IoT devices
Akamai's Threat Research team has identified a recent spate of SSHowDowN Proxy attacks whereby attackers are using Internet of Things (IoT) devices to remotely generate attack traffic by using a 12-year old vulnerability in OpenSSH.
October 13, 2016
Read More


Stack Clash bug could give root privileges to attackers on Unix, Linux systems
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to develop patches since May.
June 19, 2017
Read More


Stealthy DDoS attacks distract from more destructive security threats
The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions.
June 6, 2017
Read More


Stealing login credentials from locked computers in 30 seconds or less
Security researcher Rob Fuller has demonstrated a simple way for stealing login credentials from locked computers running Windows and Mac OS X.
September 8, 2016
Read More


Stealing Windows credentials using Google Chrome
Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the Internet was presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference in 2015.
May 15, 2017
Read More


Steps to developing secure IoT products
IoT is broad ranging, and the pace of change and innovation is fast. this makes identifying controls that can be applied against diverse IoT products difficult. Recently, much has been said regarding the need to secure the Internet of Things against a large number of attacks and a diverse pool of attackers.
October 10, 2016
Read More


Stethoscope spurs employees to implement better security practices
Every now and then, Netflix open sources some of the security tools created by its coders. the latest example of this is Stethoscope, a web application that collects information about users' devices and provides them with specific recommendations for securing them.
February 22, 2017
Read More


Stiller Research
We provide current anti-virus news, a list of myths regarding viruses, a virus information list and a list of in-the-wild viruses.
Provides Information
Read More


Stingray use lacks transparency and meaningful oversight
Cell-site simulators -- aka Stingrays, aka IMSI catchers -- are widely used by US law enforcement, usually without a warrant that such type of surveillance should require.
September 13, 2016
Read More


Stolen devices to blame for many breaches in the financial services sector
Bitglass performed an analysis of all breaches in the financial services sector since 2006, with data aggregated from public databases and government mandated disclosures. they found that leaks nearly doubled between 2014 and 2015, a growth trend on track to continue in 2016.
August 25, 2016
Read More


Stolen medical records available for sale from $0.03 per record
The development of the market for stolen data and related hacking skills indicate that the business of cybercrime in the healthcare sector is growing, according to Intel Security.
October 27, 2016
Read More


StoneDrill: new wiper targets Middle East, shows interest in Europe
Kaspersky Lab has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.
March 7, 2017
Read More


'Streaming Prevention' technology takes a new approach to stopping cyber attacks
Traditional security techniques can be effective in fending off cyber threats, but a new generation of non-malware attacks try to gain control of computers without downloading malicious software. Instead, they use trusted, native operating system tools, such as PowerShell, and exploit running applications, like browsers.
February 6, 2017
Read More


Students need better data security education
As students head back to university, a survey by Intel Security reveals that, in the UK at least, half of them are failing to protect their phones, tablets and laptops from online threats.
September 15, 2016
Read More


Students unaware about ransomware costs, impact
A new Webroot survey reveals a disconnect between what college students say they would pay to access personal data being held for ransom and the reality of actual ransomware payments. While students reported they would only pay around $50 to retrieve their personal data, typical ransomware payments actually range from $500 to $1,000.
September 16, 2016
Read More


Study Guide: Installing and Configuring Windows Server 2012
This Study Guide covers Microsoft's 70-410 "Installing and Configuring Windows Server 2012" exam. it's the first exam of three exams that make up the Microsoft Certified Solutions Associate (MCSA) certification.
October 22, 2016
Read More


Study shows 'BYOK' can unlock public cloud market for businesses
Bring your own key to the encryption kingdom
January 30, 2017
Read More


Study Suggests Network Traffic Can Help Stop Malware Attack
Before large malware attacks, systems need to be infected by the malware, where it can linger undetected for weeks or months. Until a sample of the malware is discovered, traditional anti-virus software cannot remove it, but researchers at Georgia Institute of Technology, with collaboration from EURECOM and the IMDEA Software Institute, have found a way to help catch malware before it is activated. The key is monitoring network traffic.
May 22, 2017
Read More


Study warns of human rights risks from censoring online terror content
Global Network Initiative said that internet companies should not be required to monitor third-party terror content
November 30, 2016
Read More


Study warns of human rights risks from censoring online terror content
Global Network Initiative said that internet companies should not be required to monitor third-party terror content
November 30, 2016
Read More


Study: One-Third of Websites Use Outdated, Insecure JavaScript Libraries
Websites are only as safe as their operators allow them to be. Researchers find vulnerabilities, and organizations release patches for them all the time. But it's up to site operators to install those patches to make sure their sites don't endanger visitors and, potentially, their personal information. Many don't, as Northeastern University discovered when it found that 37% of sites use outdated JavaScript libraries with at least one known vulnerability.
March 13, 2017
Read More


Submissions are open for RSA Conference Innovation Sandbox Contest 2017
The 12th annual Innovation Sandbox Contest at RSA Conference is now accepting submissions to name the "RSAC Most Innovative Startup 2017." Past winners include successful companies such as Sourcefire, Imperva, Waratek, and most recently Phantom.
November 7, 2016
Read More


Subverting protection into DDoS attacks
On average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches, according to Neustar.
August 17, 2016
Read More


Super Free Music Player is the latest malware on Google Play
Another day, another piece of malware lurking on Google Play, masquerading as a free and helpful app.
May 2, 2017
Read More


Super Malware Bros: Android Marcher Poses as 'Super Mario Run'
It's malware time. a cloud security company named Zscaler revealed that malicious software has been disguised as the Android version of Super Mario Run, which is currently restricted to iOS devices, to fool eager gamers into compromising their financial data by installing the Android Marcher Trojan.
January 6, 2017
Read More


Surge in polymorphic attacks and malicious Android apps
Users are over 20 percent less likely to encounter malware and other undesirable executable files than in 2015.
September 22, 2016
Read More


Surprise! another insecure web-connected CCTV cam needs fixing
Siemens firmware emits admin login details to anyone who asks nicely
November 21, 2016
Read More


Surveillance firm slashes staff after losing Facebook, Twitter data
ACLU called out Geofeedia for getting social media data and selling it to cops.
November 22, 2016
Read More


Sushi or pizza? Mac or Windows threat?
Fortinet researchers have made an unusual find: a malicious Word file that is meant to target both OS X and Windows users.
March 23, 2017
Read More


SWIFT systems of three Indian banks compromised to create fake trade documents
Since last year's revelation that attackers have compromised SWIFT software of Bangladesh's central bank and used it to perform fraudulent transfers worth tens of millions, news about similar attacks -- both successful and not -- have become a regular occurrence.
January 16, 2017
Read More


Swiss voters approve new surveillance law
On Sunday, the Swiss populace voted in support for a new surveillance law that will give the Federal Intelligence Service (FIS) wider electronic surveillance powers to prevent terrorist attacks.
September 23, 2016
Read More


Symantec Rejects Google's Certificate Plan, Promises to be Good from now On
Google recently announced that it would start progressively distrusting Symantec's existing certificates over a period of several Chrome releases. Symantec doesn't seem to like this plan, and it has instead proposed a number of alternative steps that it can take to improve its certificate validation process and prove that it's properly issuing certificates.
April 27, 2017
Read More


Symantec Responds to Google Distrusting Its Certificates
Google announced in March that its Chrome browser would gradually stop trusting certificates issued by Symantec because the company improperly issued 30,000 certificates over the last few years. Symantec responded today with a blog post saying it's met with Google to discuss the issue several times and that its customers have said the change would "cause significant business disruption and additional expense."
April 17, 2017
Read More


Symantec Security Updates
library of documents on computer viruses including the top ten list of most common viruses and new viruses to be on the alert for, as well as general virus Q&A.
Provides Information
Read More


Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice
Once you're through the web interface the email-to-printer address is easy to find
May 26, 2017
Read More


SysAdmin Magazine: best of 2016
In the last issue of SysAdmin Magazine you'll find the best articles of 2016. from data security to ransomware and cloud adoption -- the hottest topics of this year collected in one edition.
January 12, 2017
Read More


Sysadmin 'trashed old bosses' Oracle database with ticking logic bomb'
Always ensure the office laptop gets returned
April 14, 2017
Read More


Misc. - T

Target Will Pay $18.5M To 47 States To Close Investigations Into 2013 Data Breach
Just like those embarrassing Facebook photos of you with your ill-advised "Macklemore' hairdo, Target's massive 2013 data breach continues to haunt the retailer. Today, the company reached an agreement to pay $18.5 million to close the book on investigations by 47 states (and D.C.) into the month-long attack that exposed information for more than 60 million payment card accounts.
May 23, 2017
Read More


Targeted attack prevention in cloud email and messaging systems
The Threat Platform extends the capabilities of the company's cloud-native communication security platform, enabling organizations to tap into the threat data, machine-learning, and automated response framework that underpins GreatHorn's threat detection and response solutions for social engineering, phishing, and targeted attack prevention in cloud email and messaging systems.
February 14, 2017
Read More


Tax season security tips: Protect yourself from cybercrime
Between December 2016 and February 2017, IBM X-Force researchers saw a 6,000 percent increase in tax-related spam emails. the researchers see this increase and other factors as evidence that cybercriminals are not slowing down their attacks in the days leading up to Tax day 2017.
April 5, 2017
Read More


Tech giants say they didn't do Yahoo-style email spying
Yahoo's program may have been spying on hundreds of millions of users' accounts
October 5, 2016
Read More


Tech giants to Congress: Please change how NSA spies on people
Companies like Facebook, Google and Amazon band together in a push for internet surveillance reform.
May 26, 2017
Read More


Tech support scam piggybacks off Windows app crash alerts
A tech support scam application has recently been found online, which is programmed to pop-up every time an app in Windows crashes, prompting users to call a certain number to fix the problem.
March 17, 2017
Read More


Tech support scammers take advantage of two year old Google Chrome bug to freeze PCs
Back in July 2014, a bug in the Google Chrome browser was discovered that allows developers to push thousands, or even millions of URLs into the browser's history. the issue could cause PCs to slow down, as it will use a lot of resources on the computer. Google has been made aware of the problem, but decided to mark it as a low-level denial of service attack, and has since then delayed putting out a fix.
November 3, 2016
Read More


Tech support scammers use denial of service bug to hang victims
Process pig keeps eyes glued on fraudsters' phone number.
November 7, 2016
Read More


Tech support scammers use old bug to freeze browsers
Tech support scammers are exploiting a bug that maxes out users' CPU and memory capability and effectively freezes the browser and possibly the computer, in an attempt to convince users that they have been hit with malware.
November 7, 2016
Read More


Tech to help protect Final Four crowds
Video, social network and drone surveillance in arsenal; FBI sees no current credible threats
March 31, 2017
Read More


Teen quiz app Wishbone hacked, users' emails and phone numbers exposed
Check your kid's phone for this app, ASAP: Wishbone. this popular quiz app for kids, tweens and teens has been hacked, according to a report from Motherboard out this morning. the hack involved 2.2 million email addresses, as well as 287,000 phone numbers, many of which are from kids under the age of 18.
March 15, 2017
Read More


Tenable launches cloud-based vulnerability management
Increased adoption of virtualization, the cloud, and the accelerating use of web applications and short-lived assets like containers has led to changes in how and when companies need to assess vulnerabilities.
January 31, 2017
Read More


Telecrypt Decryptor foils ransomware's simple encryption method
The recently spotted Telecrypt ransomware can be thwarted: malware analyst Nathan Scott has created a tool that decrypts the encrypted files.
November 23, 2016
Read More


Telecrypt ransomware uses Telegram for command and control
Telecrypt, a newly spotted piece of crypto ransomware that uses Telegram's communication protocol to deliver the decryption key to the crooks, is targeting Russian-speaking users.
November 10, 2016
Read More


Tens of thousands WordPress sites defaced, SEO spam to follow
Attackers are actively exploiting the

Terabit-scale DDoS events are on the horizon
Corero Network Security has disclosed a new DDoS attack vector observed for the first time against its customers last week. the technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.
October 26, 2016
Read More


Tesco Bank hack shows that attackers continue to follow easy money
What happens when nearly 9,000 accounts at a financial institution experience fraudulent activity and clients have nearly £2.5 million stolen?
November 10, 2016
Read More


Testing times: can your crypto-code survive the Google gauntlet?
Mount Wycheproof pinpoints mistakes in software libraries
December 20, 2016
Read More


That Botnet-of-Things malware is getting a nasty makeover
Arbor Networks reports improved attacks being added; about 500k "old" bots still active.
October 27, 2016
Read More


The agile IT stack grows and becomes more complex
BigPanda's annual survey evaluated the current IT monitoring landscape, including a review of the most popular tools for monitoring, deployment, and ticketing/collaboration; the biggest challenges facing IT pros in the upcoming year; and insights into monitoring strategy satisfaction and performance.
February 23, 2017
Read More


The anti social network
Let's be honest. Our online world is judged on how others view us, or as the psychologist Caldini would put it social validation. Want to buy a product? Well how many people gave it five stars? I refuse to now try something new unless someone has been there before, took the time to review it, and then post it on a social network of some description.
February 10, 2017
Read More


The best VPN Services of 2017
What are the best Virtual Private Networks (VPNs)?
April 11, 2017
Read More


The biggest high-profile password blunders of 2016
Weak or reused passwords are one of the main causes of security breaches and nobody is immune from the problem.
December 13, 2016
Read More


The cautionary tale of WhatsApp slipping on strong default user security
The Electronic Frontier Foundation has dinged WhatsApp for making it hard for its users to start with the strongest privacy protections.
October 18, 2016
Read More


The changing data protection paradigm
It is impossible to keep data secure and free from alteration when you can't keep track of what you have, where it is and what its value is. So where to begin?
September 22, 2016
Read More


The CIA has lots of ways to hack your router
New WikiLeaks docs reveal how spies rewrote firmware in the supply chain
June 15, 2017
Read More


The cost of IoT hacks: Up to 13% of revenue for smaller firms
Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach, which can cost up to 13% of smaller companies' annual revenue, according to a new survey by Altman Vilandrie & Company.
June 5, 2017
Read More


The 'Could Have Been Worse' WannaCry Has Arrived
Reports are coming in from around the globe about a new ransomware that is spreading quickly. Maersk, and Ukraine's National Bank have both warned of cyber attacks. But it appears this new dog is using some old tricks. From what we know right now, this attack appears to be leveraging the same EternalBlue exploits that WannaCry leveraged to obtain its ability to spread within organizations and impact more endpoints with encrypted files and demands of Bitcoin ransom.
June 27, 2017
Read More


The current state of privileged access management practices
There's a widening gulf between organizations that adhere to best practices for privileged access management, according to BeyondTrust.
August 26, 2016
Read More


The cybersecurity gap between IT capabilities and business expectations
Deloitte has uncovered a shift in business priorities from "business performance" to "customers," with 57 percent of chief information officers choosing "customers" as their top priority, compared to only 45 percent last year. "Customer" remained the top priority for eight of the 10 industries represented in the survey.
November 11, 2016
Read More


The difference between IT security and ICS security
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about the difference between IT security and ICS security.
November 1, 2016
Read More


The difficult path to cyber resilience
Global organizations are more confident than ever that they can predict and resist a sophisticated cyber attack, but are falling short of investments and plans to recover from a breach in today's expanding threat landscape, according to EY.
December 19, 2016
Read More


The danger of unmanaged security service providers
The job of keeping networks safe from attack is growing more complex by the day. at the same time, demand for trained and experienced information security analysts is exceeding the supply. this combination of factors is leading to an almost inevitable result -- the outsourcing of day-to-day security operations to outside companies.
September 6, 2016
Read More


The dangers that come with buying pre-owned IoT devices
When you buy a second-hand connected car, can you be sure that it is not still not reachable by its former owner? Similarly, when you sell your own connected car, how can you be sure that it will not leak the personal information you fed it to the next owner?
February 20, 2017
Read More


The deception technology market is exploding
The global deception technology market is expected to generate a revenue of USD 1.33 billion by 2020, according to Technavio.
August 22, 2016
Read More


The decline of cyber resilience: Organizations unprepared to face attacks
Only 32 percent of IT and security professionals say their organisation has a high level of cyber resilience -- down slightly from 35 percent in 2015, according to a global study involving 2,400 security and IT professionals, conducted by the Ponemon Institute.
November 17, 2016
Read More


The digital world should mean a change in mindset on security for businesses
Businesses are often encouraged to take risks. These can fuel innovation, excite customers and set them apart from competitors. However, while many parts of a business may benefit from occasional risks, security is one area that businesses cannot afford to compromise.
November 2, 2016
Read More


The early IoT gets the worm
Five days after the start of World War I, Sir Edward Grey, British Foreign Secretary, remarked to a close friend, "The lights are going out all over Europe, we shall not see them lit again in our lifetime."
December 6, 2016
Read More


The economic impact of security incidents on critical information infrastructures
Cyber security incidents affecting CIIs (Critical Information Infrastructures) are considered nowadays global risks that can have significant negative impact for several countries or industries within the next 10 years. But the job of identifying the real impact produced proves to be quite a challenge.
August 12, 2016
Read More


The economics of ransomware revealed
70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data, according to IBM Security.
December 14, 2016
Read More


The emergence of new global cybercriminal attack patterns
The findings of a new Malwarebytes report illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone.
February 1, 2017
Read More


The evolution of BEC scams and ransomware
Trend Micro analyzed the trends in attacks and vulnerabilities seen throughout the first half of this year, and found a rise and impact of attacks, such as a 172 percent increase in ransomware and $3 billion in losses due to business email compromise (BEC) scams so far in 2016.
August 25, 2016
Read More


The evolution of cloud and mobile security
In this podcast recorded at RSA Conference 2017, Salim Hafid, Product Marketing Manager at Bitglass, talks about how organizations are dealing with BYOD, cloud security, and mobile security, and how these trends are affecting their businesses in a real fundamental way.
February 23, 2017
Read More


The evolution of data breach prevention practices
Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. a new SANS Institute survey looks at the preventive aspect of breaches -- and what security and IT practitioners actually are, or are not, implementing for prevention.
September 8, 2016
Read More


The failure of EU's regulation on cyber-surveillance tech exports
When in April 2016 the Italian Ministry of Economical Progress revoked Hacking Team's licence to export their Galileo remote control software outside of the EU, it seemed, at first glance, like a long overdue reaction to the many revelations that the company provides offensive intrusion and surveillance software to governments that don't have a good track record at respecting human rights.
February 27, 2017
Read More


The five most common social engineering attacks
However much technology you throw at protecting your organization's systems the weakest link is still the person sitting in front of the endpoint.
November 11, 2016
Read More


The gift that keeps giving away your data
if you unwrapped a shiny, new connected device this holiday season, it's likely that you're in the honeymoon stage, reaping many benefits from your new device. However, this story about a smart toy that is popping up on a variety of news sources makes you think twice about what happens after the initial "oohs" and "ahhs" subside.
January 13, 2017
Read More


The global decline of cybersecurity confidence
Tenable Network Security solicited insights from 700 security practitioners in nine countries and across seven industry verticals to calculate a global index score reflecting overall confidence that the world's cyber defenses are meeting expectations.
December 5, 2016
Read More


The group that hacked the DNC infiltrated Ukrainian artillery units
The group distributed a trojanized version of an Android app used by Ukrainian artillery personnel
December 22, 2016
Read More


The growing security risks in enterprise Windows environments [Q&A]
ManageEngine recently announced the results of its global Active Directory and Windows Server Security -- Trends and Practices Survey for 2016, which found that 70 percent of IT administrators across the globe agree that their Windows environments are not immune to malicious attacks.
September 12, 2016
Read More


The growing threat of ransomware: Lucrative, low-risk and easy to use
Recent headlines are testament to the growing popularity of ransomware attacks on businesses and consumers alike. In January, for example, Lincolnshire County Council saw its computer systems shut down for four days after it received demands for a £1 million ransom.
August 1, 2016
Read More


The hidden cost of the insider threat
Organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents -- with that spend surpassing $17 million annually in the most significant cases, according to the Ponemon Institute.
September 19, 2016
Read More


The HTTPS interception dilemma: Pros and cons
HTTPS is the bread-and-butter of online security. Strong cryptography that works on all devices without complicating things for users. Thanks to innovative projects like Let's Encrypt, adoption of HTTPS is rising steadily: in mid-2015 it was at 39%, now it's at 51% of HTTPS requests.
March 8, 2017
Read More


The journey from Microsoft Security Bulletin to Security Update Guides
For decades, the Microsoft Security Bulletins have provided IT administrators with a monthly list of vulnerabilities and accompanying patches. Much to the chagrin of the IT community, these Bulletins have been replaced by the Security Update Guides portal (SUG), which many administrators believe will be a lot more work for them, especially for patch management professionals who already have enough on their plate.
June 22, 2017
Read More


The impact of highly targeted attacks on modern organizations
In this podcast recorded at RSA Conference 2017, Lance Cottrell, Chief Scientist at Ntrepid, talks about the growing trend of targeted attacks, as well as strategies organizations need to consider as the breakdown of traditional security perimeter continues.
March 15, 2017
Read More


The impact of intelligent systems on IT teams
Fast track deployment of intelligent systems is well underway, according to Ipswitch. 88% of IT professionals saying their organisation has already invested in one or more intelligent solutions, from bots, through smart business applications, to full-blown expert systems.
October 11, 2016
Read More


The information security marketplace shift
In this podcast recorded at RSA Conference 2017, Garry Sidaway, SVP of Security Strategy & Alliances for NTT Security, talks about the shift in the marketplace, and how effective security controls enable the increasingly connected world and digital economy to overcome constantly changing security challenges.
March 17, 2017
Read More


The inner workings of the Cerber ransomware campaign
Check Point's research team has analysed the inner workings of Cerber, the world's biggest ransomware-as-a-service scheme.
August 17, 2016
Read More


The latest on the critical RCE Cisco WebEx extension vulnerability
Since Google bug hunter Tavis Ormandy revealed the existence of a remotely exploitable code execution flaw in the Cisco WebEx extension for Google Chrome last week, Cisco has pushed out several updates for it in quick succession.
January 30, 2017
Read More


The most common passwords of 2016
Despite having been predicted many times, the demise of the password as the preferred authentication method is still far off, as it's difficult to beat its ease of use.
January 16, 2017
Read More


The new age of quantum computing
Quantum encryption is the holy grail of truly secure communications. If and when quantum computing becomes a widespread reality, many public-key algorithms will become obsolete. this includes those whose security relies on one of three hard mathematical dilemmas: the integer factorization dilemma, the discrete logarithm dilemma or the elliptic-curve discrete logarithm dilemma.
November 17, 2016
Read More


The new CISO imperative: Solving the information management paradox
According to Cybersecurity Ventures' Cybersecurity Market Report, worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021. However, in the drive to become more cyber resilient in 2017, organizations are extending risk management that is traditionally based on parametric measures (i.e., data loss prevention and firewalls) towards information stewardship -- the proper identification, categorization and deletion of their own content, regardless of where it is saved.
December 13, 2016
Read More


The next frontier of cyber governance: Achieving resilience in the wake of NotPetya
Earlier this week, several European nations experienced a widespread ransomware attack. Major international giants, such as Merck, WPP, Rosneft, and AP Moller-Maersk, alongside financial institutions, banks, energy companies and more were affected, where users were locked out of computers. The focus of the attack was Europe, but it was also discovered that DLA Piper, a massive U.S. headquartered law firm, was hit by this new strain of ransomware.
June 29, 2017
Read More


The path to protecting health data: 10 steps to get started
The information in your medical records can be more valuable than your credit card numbers to a cybercriminal.
June 29, 2017
Read More


The power of Big Data for security, operations and DDoS protection
DDoS atacks are costly to your reputation and your bottom line. In this podcast recorded at RSA Conference 2017, Avi Freedman, CEO at Kentik, discusses how to recognize attacks quickly and accurately, then shut them down with situation-appropriate mitigation.
March 7, 2017
Read More


The privacy threat of IoT device traffic rate metadata
Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata.
May 22, 2017
Read More


The psychological reasons behind risky password practices
Despite high-profile, large-scale data breaches dominating the news cycle -- and repeated recommendations from experts to use strong passwords -- consumers have yet to adjust their own behavior when it comes to password reuse.
September 29, 2016
Read More


The rewards of advanced agile and DevOps adoption