The MerchantStoreDirectoryAbout UsAdd-siteLink to Us

 

1,830 Internet Secuirty Issues Resources

Misc. - Numbers

0-days hitting Fedora and Ubuntu open desktops to a world of hurt
If your desktop runs a mainstream release of Linux, chances are you're vulnerable.
December 14, 2016
Read More


1Password Travel Mode protects passwords from border agents
1Password has created Travel Mode, a new feature that will allow users to protect their 1Password data from unwarranted searches when they travel.
May 24, 2017
Read More


2 handy yet hidden Chromebook security features
Chromebook security gets simpler with these ultra-useful but off-the-beaten-path options.
June 19, 2017
Read More


3 in 5 companies expect to be breached in 2017
New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.
May 18, 2017
Read More


3 sour notes interrupting security
Great musicians and instruments alone do not make beautiful music. It is the conductor who leads the orchestra and turns the collection of sounds into perfectly executed harmony. Likewise, security operations teams need more than just experienced professionals and best-of-breed tools -- they need orchestration.
March 23, 2017
Read More


4 charged, including Russian gov't agents, for massive Yahoo hack
Hackers targeted Yahoo accounts of officials for intelligence and financial gain, U.S. government says
March 15, 2017
Read More


4 vectors transforming the security software market
The security software market is undergoing a transformation due to four key developments, according to Gartner. The use of advanced analytics, expanded ecosystems, adoption of SaaS and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments.
May 31, 2017
Read More


5 incident response practices that keep enterprises from adapting to new threats
Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators -- hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them.
May 30, 2017
Read More


8 RCE, DoS holes in Microsoft Malware Protection Engine plugged
After the discovery and the fixing of a "crazy bad' remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote code execution or to denial of service.
May 30, 2017
Read More


8 tech dangers every novice can avoid with these tips
Read this to be smarter about buying and using tech devices.
January 11, 2017
Read More


12 tips for implementing secure business practices
Optiv Security shared a list of a dozen tips for implementing secure business practices during the 2016 holiday season. Security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year.
December 12, 2016
Read More


15 new ransomware decryption tools added to No More Ransom
Nine months after the launch of the No More Ransom (NMR) project, an ever-growing number of law enforcement and private partners have joined the initiative, allowing more victims of ransomware to get their files back without paying the criminals.
April 5, 2017
Read More


15 ways to empower students with open source tools
From learning basic digital literacy or expanding on those skills with fun projects, open source gives students the freedom to explore, tinker, and learn.
July 24, 2017
Read More


21% of websites still use insecure SHA-1 certificates
New research from Venafi Labs shows that 21 percent of the world's websites are still using certificates signed with the vulnerable Secure Hash Algorithm, SHA-1.
March 8, 2017
Read More


23% of security pros are blind to encrypted traffic threats
According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected.
April 6, 2017
Read More


25% of healthcare organizations using public cloud do not encrypt data
A HyTrust survey of 51 healthcare and biotech organizations found that 25 percent of those organizations using the public cloud do not encrypt their data.
February 20, 2017
Read More


35% of websites still using insecure SHA-1 certificates
35 percent of the world's websites are still using insecure SHA-1 certificates, according to Venafi. this is despite the fact that leading browser providers, such as Microsoft, Mozilla and Google, have publicly stated they will no longer trust sites that use SHA-1 from early 2017. by February 2017, Chrome, Firefox and Edge, will mark websites that still rely on certificates that use SHA-1 algorithms as insecure.
November 21, 2016
Read More


38% of consumers affected by ransomware pay up
Consumers are increasingly being targeted with ransomware, and many of them are paying up, according to Trustlook.
April 18, 2017
Read More


40 Asus RT routers open to attack through web interface vulnerabilities
If you own an Asus RT wireless router, and you haven't updated its firmware for a while, now is the time to do it.
May 11, 2017
Read More


45% of large British businesses sustained a successful ransomware attack
Over a third of British businesses (36 percent) are not very confident that efforts to completely eradicate a recent ransomware attack from work systems have been successful.
April 5, 2017
Read More


50+ Disney & Nickelodeon Apps Allegedly Snooping On Your Kids
Ever since the first 3-year-old became obsessed with whatever Tetris knockoff was on their cool aunt's Blackberry, mobile software developers have seen the potential for real gold in kid-targeted games and apps. But two of the biggest names in children's entertainment, Disney and Viacom, are each being accused of breaking child-specific privacy laws by allowing young users' data to be collected and mined.
August 8, 2017
Read More


54% of organizations have not advanced their GDPR compliance readiness
More than half of organizations have failed to begin any work on meeting minimum General Data Protection Regulation (GDPR) compliance, according to a study conducted by Vanson Bourne.
January 1, 2017
Read More


65% of social engineering attacks compromised employee credentials
Social engineering is having a notable impact on organizations across a range of industrial sectors in the US.
December 2, 2016
Read More


66% of US law firms reported a breach in 2016
The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments.
July 6, 2017
Read More


71 percent of SMBs are not prepared for cyber security risks
Small and medium sized businesses increasingly feel that they're vulnerable to cyber threats but most aren't prepared to meet them.
August 1, 2017
Read More


80 Sony IP camera models come with backdoors
80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more.
December 6, 2016
Read More


80% of digital publishers don't know how their web traffic is audited
The burden of proof is on publishers to defend their web traffic, yet 80 percent admit they don't have insight into how their traffic is audited, raising questions about which traffic is non-human traffic (NHT).
December 9, 2016
Read More


90% of consumers think security should be built into smart devices
90% of consumers polled from Brazil, China, Germany, India, UK and US believe it is important that a connected device has security built into the product, digital platform security firm Irdeto has found.
July 26, 2017
Read More


91% of phishing attacks are display name spoofs
GreatHorn analyzed more than 56 million emails from 91,500 corporate mailboxes from March to November 2016. the data found that display name spoofs are the clear phishing weapon of choice for cybercriminals.
February 1, 2017
Read More


93% of SOC managers unable to triage all potential threats
In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future.
December 13, 2016
Read More


132 compromised apps removed from Google Play
Google has recently removed 132 Android apps from Google play due to them containing hidden iFrames linking to malicious domains in their local HTML pages.
March 2, 2017
Read More


132 Google play apps tried to infect Android users with... Windows malware
Researchers suspect developers didn't intentionally spawn the malicious apps.
March 1, 2017
Read More


300+ Cisco switches affected by critical bug found in Vault 7 data dump
While combing through WikiLeaks' Vault 7 data dump, Cisco has unearthed a critical vulnerability affecting 300+ of its switches and one gateway that could be exploited to take over the devices.
March 19, 2017
Read More


751 domains hijacked to redirect visitors to exploit kit
An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting the Rig Exploit Kit and delivering the Neutrino Bot.
July 14, 2017
Read More


2017: a year to make security updates a priority
On a recent webinar, looking at the trends in the vulnerability landscape throughout 2016, Kasper Lindgaard, Director of Secunia Research @Flexera Software pointed to some of the trends which hadn't changed and that we do not expect to change as we enter 2017: the number of vulnerabilities continue to rise every year.
December 27, 2016
Read More


20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.
April 7, 2017
Read More


185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet.
March 9, 2017
Read More


270,000 customers affected in UK loan firm Wonga data breach
Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered in a data breach.
April 10, 2017
Read More


350,000 Twitter bot sleeper cell betrayed by love of Star Wars and Windows Phone
Computer researchers uncover yuuuge dormant army
January 20, 2017
Read More


500,000+ devices have dangerous apps installed
At Mobile World Congress 2017, connected cars, the future of smart homes and, of course, the newest handsets are top of the agenda. Intel Security's latest findings show consumers are being tempted by the efficiency and entertainment of such connected devices, revealing the average British person now spends 35% of their time at home online.
February 28, 2017
Read More


1 million Google accounts compromised by Android malware called Gooligan
86 apps available in third-party marketplaces can root 74 percent of Android phones.
November 30, 2016
Read More


1.9 million Bell Canada customer account details stolen, leaked
Anonymous hackers have stolen and leaked 1.9 million email addresses and some 1,700 names and active phone numbers of Bell Canada customers.
May 17, 2017
Read More


8 million GitHub profiles scraped, data found leaking online
Technology recruitment site GeekedIn has scraped 8 million GitHub profiles and left the information exposed in an unsecured MongoDB database. the backup of the database was downloaded by at least one third party, and it's likely being traded online.
November 18, 2016
Read More


17 million Zomato accounts for sale following breach
Popular restaurant search and discovery service Zomato has suffered a breach, and the attackers made off with 17 million user records.
May 18, 2017
Read More


200 million financial services records breached in 2016, 900% increase from 2015
The financial services industry was attacked more than any other industry in 2016 -- 65 percent more than the average organization across all industries, according to the IBM X-Force Research team.
May 2, 2017
Read More


1.37 billion data records compromised globally in 2016
Gemalto's Breach Level Index revealed that 1,792 data breaches led to 1.37 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.
March 28, 2017
Read More


6+ billion records exposed in data breaches in first half of 2017
There have been 2,227 publicly disclosed data compromise events since the beginning of the year through June 30th, according to Risk Based Security.
July 25, 2017
Read More


8.4 billion connected things will be in use worldwide in 2017
Gartner forecasts that 8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020. Total spending on endpoints and services will reach almost $2 trillion in 2017.
February 7, 2017
Read More


(IN)SECURE Magazine issue 54 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 54 has been released today.
June 27, 2017
Read More


(IN)SECURE Magazine issue 53 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 53 has been released today.
March 30, 2017
Read More


Misc. - A

A Day in the Life of a Chief Information Security Officer
Over the last couple of years, I've written and spoken regularly about the changing roles of the Chief Information Security Officer (CISO). And what better way to demonstrate the many skills the position requires -- from the technical to the managerial -- than journaling a day's work. A CISO has to be the strategic partner his or her company needs to manage risk. So for anyone who may be curious, here's what a day in the life of a CISO looks like.
August 15, 2017
Read More


A flaw in wireless networks lets hackers pretend to be you
There are calls and text messages coming from your phone number that you never made. Meet the "ghost telephonist."
July 27, 2017
Read More


A guide on how to prevent ransomware
Ransomware is fast becoming a major threat to computer systems in many organisations. It is an aggressive form of attack which criminals use to infect computers and block the victim from accessing their own data unless they pay a ransom. Ransomware is not a new threat but has become more widely used among criminals simply because it is highly profitable.
May 15, 2017
Read More


A Monster Solar Storm Could Cost the US $40 Billion Daily
Our planet is due to be hit with a powerful solar storm, an event that happens about once every hundred years. new research shows that losses from the ensuing blackouts could total $41.5 billion per day in the US alone, including nearly $7 billion lost in trade.
January 19, 2017
Read More


A new age of digital signatures is upon us
The increased adoption of digital signatures should not come as a surprise: many businesses are trying to digitalise their everyday processes, and digital signatures are both reliable and secure due to several features, and are increasingly easy to use.
March 14, 2017
Read More


A new approach is needed in the battle against cyber attacks
How do you search for something that's invisible? An increase in the sophistication of cyber attacks means that it takes an average of 146 days before a corporate hack is discovered. Modern breaches are a mix of chameleonic deception and clever automation, enabling malicious code to be concealed deep inside the corporate network. In the battle to fight cybercrime, discovering the undetectable is a challenge CISOs face every day. with this in mind, organisations must turn to new and innovative methods of discovery such as threat hunting, the process of proactively searching networks to detect and isolate sophisticated threats.
March 27, 2017
Read More


A new bug allows any website to crash a Windows Vista, 7, or 8 PC
A recently discovered bug could allow any website to crash your Windows Vista, 7, or 8 PC with a simple edit to image names, reminiscent of the similar 'c: concon' bug on Windows 95 and 98.
May 26, 2017
Read More


A new ransomware outbreak similar to WCry is shutting down computers worldwide
Like earlier ransomware worm, new attacks use potent exploit stolen from the NSA.
June 27, 2017
Read More


A step toward practical quantum encryption over free-space networks
Researchers have sent a quantum-secured message containing more than one bit of information per photon through the air above a city. The demonstration showed that it could one day be practical to use high-capacity, free-space quantum communication to create a highly secure link between ground-based networks and satellites, a requirement for creating a global quantum encryption network.
August 25, 2017
Read More


A third of employees say it's common to take corporate data with them when leaving a company
Today's workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data.
April 21, 2017
Read More


A UK business will spend more than £1m recovering from a data breach
A UK business would have to spend £1.1m on average to recover from a breach -- more than the global average of £1m.
July 17, 2017
Read More


A USB dongle can hijack all your Web accounts and router in 30 seconds, even if your computer is locked
A security researcher finds a gaping hole in automatic network connections made by plugging in a dongle.
November 21, 2016
Read More


A vigilante hacker may have built a computer worm to protect smart devices
Symantec has noticed the Hajime IoT malware leaving a message on the devices it infects
April 19, 2017
Read More


A WannaCry flaw could help some victims get files back
Since the WannaCry ransomware ripped through the internet late last week, infecting hundreds of thousands of machines and locking up critical systems from health care to transportation, cryptographers have searched for a cure. Finding a flaw in WannaCry's encryption scheme, after all, could decrypt all those systems without any ransom.
May 18, 2017
Read More


A Windows XP bug makes it possible to recover files encrypted by WannaCry
In an unusual turn of events, a Windows bug has been found to work in favor of victims instead of attackers, allowing WannaCry victims that run Windows XP to decrypt the files encrypted by the ransomware.
May 19, 2017
Read More


Accurate cross-browser fingerprinting is possible, researchers show
A group of researchers have come up with a browser fingerprinting technique that can allow interested parties to "identify" users across different browsers (on the same machine).
January 17, 2017
Read More


AccuWeather: Our app slurped your phone's location via Wi-Fi but we like totally didn't use it
Totally didn't use that info while totally rewriting its code
August 23, 2017
Read More


Acronis True Image Next Generation brings anti-ransomware, blockchain-based features
Acronis has unveiled Acronis True Image Next Generation, a new premium subscription option for Acronis True Image 2017.
January 19, 2017
Read More


Actively exploited Firefox, Tor Browser 0-day patched, update now!
Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users.
December 1, 2016
Read More


Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited by threat actors at this very moment.
March 30, 2017
Read More


Adaptive Research & Design Co.
data recovery from crashes, viruses, electrical surges, and sabotage, on hard and floppy drives under any operating system.
Provides a Service
Read More


Adobe Reader, Edge, Safari and Ubuntu fall in first day at Pwn2Own
The annual hacking contest has a prize pool of $1 million
March 16, 2017
Read More


Adobe quietly bundles data-collecting Chrome extension with latest Reader update
Chrome users who have installed the latest Adobe security updates have also been unknowingly saddled with a browser extension ("Adobe Acrobat") that can collect some of their operating environment data.
January 13, 2017
Read More


Adobe unveils cloud-based digital signature built on an open standard
With more than seven billion mobile devices in the world and cyber-threats at an all-time high, demand has surged for simple and secure ways to sign and manage documents on smartphones and tablets. at the same time, new electronic signature regulations, like eIDAS in the European Union, have paved the way for electronic signatures to be adopted globally.
February 22, 2017
Read More


Addressing pain points in governance, risk and compliance
In this day and age, it seems as though every business has some form of alphabet soup or acronym salad that shapes the decisions they make as it pertains to their information security programs. Between data privacy laws, regulations on the financial industry, calls for a healthcare focused cybersecurity framework, and regular updates to the PCI DSS, the ever-growing need for a well-established information security program is apparent.
February 27, 2017
Read More


Adoption of advanced technology continues quickly despite security gaps
93% will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year. 63% of those also believe their organisations are deploying these technologies ahead of having appropriate data security solutions in place, according to Thales.
March 16, 2017
Read More


Advanced Windows botnet spreads Mirai malware
Kaspersky Lab experts are analyzing the first Windows-based spreader for the Mirai malware as part of a concerted effort to close down Mirai botnets in the wild.
February 22, 2017
Read More


Advancing a standard format for vendors to disclose cybersecurity vulnerabilities
Technology providers and their customers are joining forces to advance a standard format for vendors to disclose cybersecurity vulnerabilities.
January 20, 2017
Read More


Advantages of quantum processing shown in head-to-head race
A prototype quantum processor repeatedly beat a traditional, classical processor in a race to solve a puzzle, figuring out a secret combination up to 100 times faster by using exotic physics to sort through data that was deliberately packed with errors.
May 12, 2017
Read More


Advantech fixes serious vulns in WebAccess HMI/SCADA software
Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible.
August 30, 2017
Read More


Adware API sends smartmobe data home to Chinese company
Google pulls 500 apps that used the Igexin SDK
August 23, 2017
Read More


AES-256 keys sniffed in seconds using €200 of kit a few inches away
Van Eck phreaking getting surprisingly cheap
June 23, 2017
Read More


After a data breach is disclosed, stock prices fall an average of 5%
Data security breaches can negatively impact an entire organization -- including sales, marketing and IT -- and have a significant negative impact on company finances and shareholder value, according to a new Ponemon research study.
May 16, 2017
Read More


After getting pwned and owned, Microsoft vows to fix Edge security
Microsoft is working to reduce the attack surface and restrict unauthorized access of its Edge browser.
March 27, 2017
Read More


After Massive Phishing Attack, Google Improves Gmail Security
Google announced that it has added a suite of new security features to Gmail. These additions will make it easier for the company to detect phishing attempts, fight malware that spreads via attachments, let businesses make sure internal data stays within their control, and warn users when they're visiting a suspicious website. The additions still won't be enough to keep you totally safe, but you're definitely more secure than before.
May 31, 2017
Read More


After MongoDB attack, ransomware groups hit exposed Elasticsearch clusters
Over 600 Elasticsearch instances had their data wiped and replaced with a ransom message
January 13, 2017
Read More


After phishing attacks, Chrome extensions push adware to millions
Compromised accounts push fraudulent extension updates to unsuspecting users.
August 3, 2017
Read More


After WannaCry chaos, ShadowBrokers threaten 'Data Dump of the Month' service, including Windows 10 exploits
News over the past week has been dominated by the fallout from the WannaCry ransomware. Now the hacking group that released the NSA's hacking tool kit into the wild has announced plans to start an exploit subscription service in June.
May 17, 2017
Read More


After WannaCry, ex-NSA director defends agencies holding exploits
There's not much more topical than cyber security right now. and who better to talk about it than former director of the NSA and ex-chief of the Central Security Service, general Keith Alexander?
May 16, 2017
Read More


After WannaCry, Microsoft amps up security updates
The tech giant releases several Windows XP patches to address vulnerabilities that are in heightened danger from cyberattacks by government organizations.
June 13, 2017
Read More


After WikiLeaks' CIA dump, China tells U.S. to stop spying
PRC Foreign Ministry denounces alleged hacking
March 9, 2017
Read More


After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
O2 confirms online thefts using stolen 2FA SMS codes
May 3, 2017
Read More


AI can increase corporate profitability by average of 38% by 2035
Businesses that successfully apply artificial intelligence (AI) could increase profitability by an average of 38 percent by 2035, according to Accenture. The introduction of AI could lead to an economic boost of US$14 trillion in additional gross value added (GVA) across 16 industries in 12 economies.
June 21, 2017
Read More


AI is key to speeding up threat detection and response
Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach.
August 14, 2017
Read More


AI SaaS application for cyber attack detection
PatternEx announced the first Artificial Intelligence SaaS application for cyber attack detection at RSA Conference 2017. PatternEx's flagship product, the PatternEx Threat Prediction Platform, is available as a SaaS application with a free trial period to selected customers.
February 17, 2017
Read More


AI technologies will be in almost every new software product by 2020
Market hype and growing interest in artificial intelligence (AI) are pushing established software vendors to introduce AI into their product strategy, creating considerable confusion in the process, according to Gartner. Analysts predict that by 2020, AI technologies will be virtually pervasive in almost every new software product and service.
July 18, 2017
Read More


AIG now Sells Cybersecurity Insurance that Covers Online Bullying, Extortion
Most big companies have some sort of insurance to cover their butts in a world where data breaches are an everyday occurrence, but now AIG is joining the ranks of insurers offering (wealthy) consumers coverage as a buffer against the threat of the internet.
April 3, 2017
Read More


AirDroid app opens millions of Android users to device compromise
Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through malicious updates.
December 2, 2016
Read More


AKBuilder: a builder for exploit-laden Word documents
One doesn't have to be a great coder to become a successful cybercriminal, as underground markets are filled with offerings that automate one or another step of an attack chain.
February 8, 2017
Read More


Al-Jazeera reportedly hit by systematic hacking attempts
Al-Jazeera, the Doha-based broadcaster owned by the ruling family of Qatar, says the websites and digital platforms of Al Jazeera Media Network, its parent company, "are undergoing systematic and continual hacking attempts."
June 9, 2017
Read More


Albuquerque police refuse to say if they have stingrays, so ACLU sues
"These devices are incredibly invasive and the government isn't being transparent."
July 10, 2017
Read More


AlienVault plug-in searches for stolen passwords on Dark Web
When it comes to password breaches on public sites like Adobe, LinkedIn and Yahoo!, there are some known knowns. For instance, there's a decent chance those credentials will end up for sale on a black market site on that mysterious part of the internet known as the "Dark Web."
August 8, 2017
Read More


AlienVault USM Anywhere: Security in the cloud, for the cloud
In this podcast recorded at RSA Conference 2017, Denny LeCompte, SVP, Products at AlienVault, talks about AlienVault USM Anywhere, a SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your cloud, hybrid cloud, and on-premises environments.
February 23, 2017
Read More


Alleged Kelihos botmaster indicted
36-year-old Pyotr Levashov was charged on Friday in the US with one count of causing intentional damage to a protected computer, one count of conspiracy, one count of accessing protected computers in furtherance of fraud, one count of wire fraud, one count of threatening to damage a protected computer, two counts of fraud in connection with email and one count of aggravated identity theft.
April 24, 2017
Read More


Almost 2 million Android devices could be infected with FalseGuide botnet malware
While there has been some effort invested by Android smartphone manufacturers to deliver Google's monthly security updates to at least some of their devices, the situation is far from being completely rectified. with Google recently admitting that half of active Android devices had not received a security update in 2016, it paints a worrying picture, particularly after major security vulnerabilities such as Stagefright being discovered in the OS.
April 27, 2017
Read More


Almost half of popular consumer websites have poor password requirements
Although other forms of authentication are gaining traction, the password is still the most common method of identifying yourself to websites. Levels of password security should therefore be an important consideration for online businesses, especially in eCommerce.
August 9, 2017
Read More


Already on probation, Symantec issues more illegit HTTPS certificates
At least 108 Symantec certificates threatened the integrity of the encrypted Web.
January 20, 2017
Read More


Amazon Chimes into video-conferencing: watch out Skype and Google
See this, Cisco?
February 14, 2017
Read More


Amazon launches DDoS protection service AWS Shield
Following the massive attack that took down the servers of the DNS service provider Dyn and a number of high profile websites including Netflix, Twitter, Spotify and Reddit last month, Amazon Web Services (AWS) has announced a new technology to protect sites against distributed denial of service (DDoS) attacks.
December 5, 2016
Read More


Amazon scammers hijack seller accounts, lure users with good deals
Amazon buyers are being targeted by clever scammers that either set up independent seller accounts or hijack those of already established, well-reputed sellers, then offer pricy items at unbeatable prices.
January 12, 2017
Read More


American Spies now Have Their Very Own Smartphone App
CHRIS RASMUSSEN is an evangelist, and his message is crowdsourcing. as a career analyst inside the National Geospatial-Intelligence Agency, Rasmussen's sermons have been limited to a closed top-secret community. But this week, he's going public with his most radical idea to date, in the form of a smartphone app for senior US intelligence officers.
April 4, 2017
Read More


Americans increasingly worry about online privacy and security
Americans are increasingly concerned about their online privacy and security, and apprehensive about increased government surveillance in the new presidential administration, the results of a recent survey by AnchorFree have revealed.
February 16, 2017
Read More


Amnesty International uncovers phishing campaign against human rights activists
Attacker targeted groups in Qatar, Nepal using extensive fake social media profile.
February 14, 2017
Read More


An Internet-connected fish tank let hackers into a casino's network
A high-tech, internet-connected fish tank in a North American casino has been used to exfiltrate data from the company's network. Smart drawing pads used in an architectural firm were part of a botnet used to mount DDoS attacks against websites around the world owned by entertainment companies, design companies, and government bodies.
July 27, 2017
Read More


An untold cost of ransomware: It will change how you operate
Ransomware is unfortunately an IT reality. with the complexity and frequency of attacks, there is a good chance you or someone you know has been impacted. Many victims attacked are tempted to just pay the ransom and be done with it; a strategy that is more widely-used than you might think. Even the FBI has admitted that sometimes paying the ransom is the way to go.
April 21, 2017
Read More


Analysis of 500 million passwords shows what you should avoid
A dump of over 550 million username and password combinations is currently being sold on underground forums, and eager crooks are paying for the privilege to test them out against many online services.
May 12, 2017
Read More


Analysis of new Shamoon infections
All of the initial analysis pointed to Shamoon emerging in the Middle East. this however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 Shamoon incidents had been reported from public to private sector.
January 26, 2017
Read More


Analyzing the latest wave of mega attacks
A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record-setting DDoS attacks caused by the Mirai botnet.
November 16, 2016
Read More


Analyzing phishing attacks against 500,000 mailboxes at 100 organizations
Phishing has evolved from a mere nuisance into a global epidemic in which organizations of all sizes and across all industries are being negatively impacted at high frequency.
May 31, 2017
Read More


Android adware infiltrates devices' firmware, Trend Micro apps
Dubbed Gmobi by Dr. Web researchers, the malware comes in the form of a software development kit (SDK), and has been found in several legitimate applications by well-known companies, as well as in firmware for nearly 40 mobile devices.
March 18, 2016
Read More


Android backdoor GhostCtrl can do many unusual things
There is no shortage of Android malware, but it's not often that one encounters an Android threat that can do as much as the GhostCtrl backdoor.
July 17, 2017
Read More


Android backdoor found sending personal information from US users to China
Mobile security firm Kryptowire has discovered a backdoor in several Android smartphones sold in the US. the company says that the firmware collected personal data about users without consent, and sent this private information on to Chinese firm Shanghai Adups Technology Company.
November 15, 2016
Read More


Android devices delivered to employees with pre-installed malware
A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees.
March 13, 2017
Read More


Android 'forensic' app pulled from Google Play after vulnerability report
Remote code execution threat via MITM attack, it is claimed
July 3, 2017
Read More


Android Forums resets passwords after hack
Only 2.5 per cent of userbase affected
March 23, 2017
Read More


Android malware attacks your router through your smartphone
A new strain of malware has been discovered, which was seen targeting Android devices in order to hack into routers to further spread malicious activity online.
January 4, 2017
Read More


Android malware HummingBad is back on Google Play
A common recommendation that Android users get for avoiding malware is to stick with Google play and not download any apps from other sources. Trouble is, as HummingBad proved early last year by penetrating the search giant's defenses, that advice is not exactly bullet-proof.
January 23, 2017
Read More


Android Oreo: What's new on the security front
On Monday, Google released the long-awaited Android 8.0 Oreo in an unveiling that coincided with the total solar eclipse visible in much of the US.
August 23, 2017
Read More


Android ransomware attacks have grown by 50% in just over a year
Ransomware targeting the Android operating system has grown by over 50% in just a year, as more consumers switch from their PCs to their smartphones, making the mobile OS ecosystem a more worthwhile target for cybercriminals.
February 22, 2017
Read More


Android Trojan SpyNote leaks on underground forums
Its free availability makes it likely that it will be used in attacks soon, researchers say
July 29, 2016
Read More


Android-rooting Gooligan malware infects 1 million devices
At an estimated rate of 13,000 smartphones a day
November 30, 2016
Read More


Android versus iOS: Which is more secure?
While all mobile devices have inherent security risks, Android has more vulnerabilities because of its inherent open-source nature, the slow pace with which users update the OS and a lack of proper app vetting.
August 7, 2017
Read More


Android's "Secure Enclave" / Private Content and Strong Encryption
Recent iterations of the Android OS have exposed more of the ARM Trusted Execution Environment or Secure Element, allowing you to use encryption that can be strongly tied to a piece of hardware. it's a subsystem where you can create strongly protected keys (symmetric and asymmetric), protected against extraction and rate limited (via user authentication) against brute force attacks, using them against streams of data to encrypt or decrypt securely.
December 23, 2016
Read More


Android, Debian & Ubuntu Top List of CVE Vulnerabilities In 2016
On a CVE basis for the number of distinct vulnerabilities, Android is ranked as having the most vulnerability of any piece of software for 2016 followed by Debian and Ubuntu Linux while coming in behind them is the Adobe Flash Player.
January 3, 2017
Read More


Another popular Chrome extension hijacked through phishing
Chris Pederick, the creator and maintainer of the Web Developer for Chrome extension, is the latest victim of attackers who hijack popular Chrome add-ons in order to push ads onto users.
August 3, 2017
Read More


Another Ukrainian software maker's site compromised to spread malware
The web server of Crystal Finance Millennium, a Ukraine-based accounting software firm, has been compromised and made to host different types of malware.
August 23, 2017
Read More


Anthem ready to pay $115 million to settle data breach lawsuit
US health insurer Anthem has agreed to pay $115 million to settle a class-action suit mounted in the wake of the massive data breach it suffered in late 2014/early 2015.
June 26, 2017
Read More


Anti-Phishing Working Group
Committed to wiping out Internet scams and fruad.
An Article
Read More


Anti-piracy tech firm Denuvo inadvertently leaks sensitive info
Denuvo Software Solutions has suffered an embarrassing and potentially damaging information leak.
February 6, 2017
Read More


Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday.
March 9, 2017
Read More


App developers aren't ready for iOS transport security requirements
Many iOS apps opt out of Apple's App Transport Security (ATS) feature or deliberately weaken it.
December 6, 2016
Read More


Apple deleted server supplier after finding infected firmware in servers
Report: Siri, internal development servers affected by fake firmware patch.
February 24, 2017
Read More


Apple issues security updates for macOS, iDevices
It's time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari.
May 16, 2017
Read More


Apple patches drive-by Wi-Fi flaw with emergency iOS patch
Less than a week after Apple pushed out iOS 10.3 comes an iOS emergency patch that all iDevice owners should implement as soon a possible.
April 4, 2017
Read More


Apple releases security patches for everything, update today!
On Monday, Apple released its latest batch of security patches for macOS, Safari, iOS, watchOS, tvOS, iTunes and iCloud for Windows.
January 24, 2017
Read More


Apple says it's working to fix security holes revealed by the WikiLeaks release of CIA documents
The leaks detail 14 different iOS exploits that the CIA could use to compromise Apple devices.
March 8, 2017
Read More


Apple's iCloud saved deleted browser records, security company finds
Moscow-based Elcomsoft noticed the issue when trying to extract records from iCloud accounts
February 9, 2017
Read More


Apple's malware problem is accelerating
For a long time, one of the most common reasons for buying an Apple computer over a Windows-based one was that the former was less susceptible to viruses and other malware. However, the perceived invulnerability of Macs to all manner of computer nasties may not have any grounding in reality -- or at least, not anymore.
January 19, 2017
Read More


Apple's new anti-tracking system will make Google and Facebook even more powerful
The brutal logic of online advertising
June 6, 2017
Read More


Apple, Windows tech support scams: US cracks down on fake security alerts
Don't call that toll-free number if you see what looks like a security alert in your browser.
May 15, 2017
Read More


Application security trends: What you need to know
Today at Infosecurity Europe 2017, High-Tech Bridge released a summary report on application security trends for Q1 -- Q2 2017.
June 6, 2017
Read More


Approaching security self-sufficiency
As part of my role as CSO, I'm extremely lucky to get to have conversations with CISOs, CTOs, and other technology leaders across industries. One of the things that has always struck me throughout my career is how, while there are certainly issues specific to each business, the vast majority of the challenges we face as defenders are the same.
December 14, 2016
Read More


AppSec teams facing resourcing issues that are making them vulnerable
A new Bugcrowd study of one hundred CISOs revealed that 94 percent are concerned about breaches in their publicly facing assets in the next 12 months, particularly within their applications.
February 2, 2017
Read More


Are businesses spending their money on the wrong IT security?
Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, issued in conjunction with analyst firm 451 Research.
January 27, 2017
Read More


Are enterprises ready for drones?
From package delivery to props in major sporting events, drones continue to play major roles in everyday life. But are enterprises prepared for the rise of the drones in their operations?
March 6, 2017
Read More


As Deadline Begins to Pass, WannaCry Falls Short of Six Figures
One week ago a global cyberattack dubbed "unprecedented' by Europol began infecting an estimated 200,000 of the world's computers, starting a seven-day countdown to the destruction of data if victims didn't pay a ransom.
May 19, 2017
Read More


As GDPR approaches, retail data breaches remain unacceptably high
Two in five retailers across the globe have experienced a data breach in the past year, according to Thales and 451 Research. The report reveals that 43 percent of retailers had experienced a data breach in the last year, with a third claiming more than one.
July 24, 2017
Read More


As GDPR deadline looms, time for compliance is running out
GDPR is a game-changing piece of data protection legislation that goes into effect on May 25, 2018.
May 26, 2017
Read More


As Microsoft touts Windows Insider for biz, let's take a look at W10's broken 2FA logins
For months now, the Windows 10 Anniversary Update has broken two-factor logins using certain smart cards — and Microsoft has refused to discuss it.
February 15, 2017
Read More


As UK govt calls for encryption backdoors, EU lawmakers propose a ban on them
As the UK gets hit by terror attacks one after the other, the government's cry for making sure terrorists and criminals can't find "safe spaces" online has become a constant.
June 19, 2017
Read More


Ashley Madison users blackmailed again
Criminals are still trying to shake down users of the Ashley Madison dating/cheating online service.
April 25, 2017
Read More


ASLR-security-busting JavaScript hack demo'd by university boffins
Amster-damn, that's a hell of a vulnerability to make browser bug exploitation easier
February 14, 2017
Read More


Assess, report and remediate security-related configuration issues
Qualys announced Security Configuration Assessment (SCA), a new add-on for Vulnerability Management (VM) that provides customers cloud-based tools to automate configuration assessment of global IT assets using the latest out-of-the-box Center for Internet Security (CIS) benchmarks.
June 13, 2017
Read More


ATM Black Box attacks: 27 arrested all over Europe
The efforts of a number of EU Member States and Norway, supported by Europol's European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), culminated in the arrest of 27 individuals linked with so-called ATM Black Box attacks across Europe.
May 18, 2017
Read More


Attack rates are increasing across the board
Finance and technology are the sectors most resilient to cyber intrusions, new research from Vectra Networks has found.
June 8, 2017
Read More


Attack types companies expect to encounter in 2017
What are the key attack types expected to cause the biggest security problems in 2017 and how successful will businesses be at defending against them?
February 16, 2017
Read More


Attackers are taking over NAS devices via SambaCry flaw
A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro researchers warn.
July 18, 2017
Read More


Attackers can steal smartphone users' PINs by tapping into data collected by mobile sensors
Researchers have demonstrated that a malicious website or app could work out smartphone users' PINs or passwords based just on the data collected by various motion sensors on modern mobile devices.
April 12, 2017
Read More


Attackers exploited Instagram API bug to access users' contact info
Instagram has confirmed that "one or more individuals obtained unlawful access to a number of high-profile Instagram users' contact information -- specifically email address and phone number -- by exploiting a bug in an Instagram API."
August 31, 2017
Read More


Attackers exploited SS7 flaws to empty Germans' bank accounts
Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks' two-factor authentication and drain their customers' bank accounts.
May 4, 2017
Read More


Attackers shift away from file-based techniques
Cyber attack methods are becoming more sophisticated in order to bypass traditional file-scanning protection systems according to a new study.
April 27, 2017
Read More


Attackers thrive in a fluid market, while bureaucracy constrains defenders
A new global report from Intel Security and the Center for Strategic and International Studies (CSIS) reveals three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles.
March 2, 2017
Read More


Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately leading to a RAT infection.
August 18, 2017
Read More


Attackers will target U.S. power systems
A hack on the Ukrainian power grid in late 2015 "blacked out more than 225,000 people," according to Claims Journal, which described this type of attack as a "nightmare scenario for top U.S. officials." they also reported that "U.S. Cyber Command chief Adm. Michael Rogers has previously warned that it's not a matter of if, but when attackers will also target U.S. power systems."
March 8, 2016
Read More


Attacks exploiting software vulnerabilities are on the rise
Attacks conducted with the help of exploits are among the most effective as they generally do not require any user interaction, and can deliver dangerous code without arousing user suspicion.
April 21, 2017
Read More


Attacks on manufacturing industry continue to rise
The frequency and sophistication of cyber attacks continues to rise globally according to research data in the Q2 Threat Intelligence Report released by NTT Security.
August 9, 2017
Read More


Attacks within the Dark Web
For six months, Trend Micro researchers operated a honeypot setup simulating several underground services on the Dark Web. The goal of their research was to see if those hidden services will be subjected to attacks.
May 31, 2017
Read More


Aukey Wireless Indoor Surveillance Camera review: Its performance doesn't measure up to the features
Aukey's first home security camera promises panoramic views and motion-triggered alerts, but suffers from hit-or-miss accuracy.
February 20, 2017
Read More


Australian police blame WannaCry for spoiling 8,000 traffic cam tickets
Australian police have had to suspend upward of 8,000 tickets for speeding and running red lights after learning the cameras that caught the acts had become infected with a virus. The Victoria, Australia police blamed the WannaCry virus, which spread through Windows computers last month, locking down systems and demanding a ransom be paid before they could be used again.
June 27, 2017
Read More


Autofill on Chrome and Safari can Give Hackers Access to your Credit Card Info
With a simple exploit, browsers like Chrome and Safari can be tricked into handing over your credit card information to hackers. and you wouldn't even realize it.
January 10, 2017
Read More


Automating PKI for the IoT platform
In this podcast recorded at RSA Conference 2017, Jeremy Rowley, Executive VP of Emerging Markets at DigiCert, talks about automating PKI for IoT platform and building scalable solutions for the IoT platform.
March 6, 2017
Read More


Automating the hunt for cyber attackers
In this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, talk about the use of artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to find hidden and unknown attackers before they do damage.
August 8, 2017
Read More


Avast finds over 5.3 million hackable smart devices in Spain
More than 150,000 of those vulnerable IoT devices were webcams, including 22,000 hackable baby monitors and webcams in Barcelona.
February 27, 2017
Read More


Average data breach cost declines 10% globally
The average cost of a data breach is $3.62 million globally, a 10 percent decline from 2016 results. This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study conducted by Ponemon Institute, these data breaches cost companies $141 per lost or stolen record on average.
June 21, 2017
Read More


AWS Macie is a security service based on machine learning
Amazon Web Services has launched a new machine learning service aimed at helping organizations protect their sensitive data in the cloud.
August 16, 2017
Read More


Azure AD Connect vulnerability allows attackers to reset admin passwords
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft warned on Tuesday.
June 29, 2017
Read More


Misc. - B

'Backdoor' in WhatsApp's end-to-end encryption leaves messages open to interception
Facebook has long-claimed that its WhatsApp messaging service is completely secure and messages cannot be intercepted thanks to its use of end-to-end encryption. But researchers have unearthed what they call a serious security flaw that makes it possible to read encrypted messages.
January 13, 2017
Read More


Backdoored Firefox extension checks Instagram for C&C info
Turla, an APT cyberespionage group that has been targeting corporations, intelligence and other government agencies for years, is using a malicious Firefox extension to backdoor targets' systems.
June 7, 2017
Read More


Bad bots attack 96% of websites with login pages
Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.
March 17, 2017
Read More


Bad news, fandroids: Mobile banking malware now encrypts files
First Faketoken stole credentials, now it holds data to ransom
December 20, 2016
Read More


BAE Systems sold cyber-surveillance tools to autocratic regimes
British multinational BAE Systems has sold sophisticated surveillance technology to many repressive governments in the Middle East and Africa, an investigation by BBC Arabic and Danish newspaper Dagbladet has revealed.
June 16, 2017
Read More


BankBot Trojan found lurking on Google Play
As predicted earlier this year, the leaking of the source code and instructions for creating a potent Android banking Trojan has resulted in a surge of malware based on it.
April 18, 2017
Read More


Banking trojan executes when targets hover over link in PowerPoint doc
Novel infection method doesn't require link to be clicked.
June 9, 2017
Read More


Banking trojan-slingers slip past Google Play's malware defences
BankBot nestled within allegedly 'fun' mobile game
August 23, 2017
Read More


Banks around the world hit with fileless malware
Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world.
February 8, 2017
Read More


Banks around the world targeted in watering hole attacks
The January attacks against Polish financial institutions through the booby-trapped site of the Polish Financial Supervision Authority are just one piece of a larger puzzle, elements of which are slowly coming to light.
February 14, 2017
Read More


Battling cyber security's human condition
There is no silver bullet when it comes to cyber security. Organizations with multi-million dollar IT budgets still make headlines for being successfully breached, and even government intelligence organizations can't keep their hacking tools secret despite having some of the strongest protections and strictest policies on the planet.
May 3, 2017
Read More


Be careful on Google Play
An often repeated piece of advice given to users of mobile devices says that they should stick to well-reputed, official app stores if they want to avoid malware.
April 21, 2017
Read More


BEC scams: How to avoid them and how to fight back
Phishing and spear-phishing emails are a constant threat to all users, but enterprises are positively inundated with them.
July 13, 2017
Read More


Beeps, roots and leaves: Car-controlling Android apps create theft risk
Haven't named and shamed car-makers though
February 20, 2017
Read More


Behavioural profiling: Spotting the signs of cyber attacks and misuse
Behavioural profiling is increasingly recognised as a new level of protection against cyber attacks and systems abuse, offering the potential to pick out new and unknown attacks, or to spot activities that may be missed. the basic premise is to establish a sense of how the system and its users behave, and provide a basis to protect against compromise by watching out for unwanted activities.
April 25, 2017
Read More


Berkeley boffins build better spear-phishing black-box bruiser
Machine learning and code to detect and alert attempts to extract passwords from staff
August 18, 2017
Read More


Beware the coffee shop: Mobile security threats lurk around every corner
40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office, according to a new report from iPass. Cafes and coffee shops were ranked the number one high-risk venue by 42 percent of respondents, from a list also including airports (30 percent), hotels (16 percent), exhibition centers (7 percent) and airplanes (4 percent).
May 23, 2017
Read More


Beware! Malware distributors are switching to less suspicious file types
Recent email-based malware distribution campaigns have used malicious LNK and SVG attachments instead of JavaScript.
February 6, 2017
Read More


Biggest limiting factors to universal adoption of connected devices
After surveying 250 respondents at CES 2017, the Open Connectivity Foundation (OCF) concluded that more than 60 percent of respondents consider standardization and interoperability when it comes to purchasing connected devices, cybersecurity concerns, and overall technological innovation in our society.
February 24, 2017
Read More


Bitglass announces integration with Trustwave Managed Security Services
Bitglass announced at RSA Conference 2017 new integration with the Trustwave Managed Detection service. this service has been enhanced to support events and additional threat intelligence from leading cloud access security broker (CASB) providers like Bitglass. this increased security visibility helps Trustwave detect cloud-based threats earlier by leveraging support for the latest CASB technologies.
February 16, 2017
Read More


BitSight: Outdated Operating Systems, Browsers Put Many Organizations At Risk
he easiest way to improve a device's security is to make sure it's using the latest version of its operating system, browser, and other software. Updates often patch known vulnerabilities or bolster an app's defenses. But a new report from BitSight, the self-described "standard in security ratings," shows that many organizations don't update the operating systems or browsers of the many devices they have to manage.
June 8, 2017
Read More


Black horse blacks out: Lloyds Bank website goes down
Company: we don't know what happened, couldn't tell you if we did
January 11, 2017
Read More


Bluetooth now supports mesh networking, ideally suited for building automation
The Bluetooth Special Interest Group (SIG) announced today that Bluetooth technology now supports mesh networking. The new mesh capability enables many-to-many (m:m) device communications and is optimized for creating large-scale device networks. It is ideally suited for building automation, sensor networks and other IoT solutions where tens, hundreds, or thousands of devices need to reliably and securely communicate with one another.
July 19, 2017
Read More


Bogus anti-WannaCry apps cropping up on Google Play
While the world is still battling the WannaCry ransomworm menace, fraudsters have decided to exploit the threat's visibility and users' confusion to make them install fake Android apps that supposedly protect against it.
May 25, 2017
Read More


Bondnet botnet goes after vulnerable Windows servers
A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, "earning' him around $1,000 per day.
May 4, 2017
Read More


Bored employees seen as biggest potential data security risk
Employees who become distracted at work are more likely to be the cause of human error and a potential security risk, according to a snapshot poll conducted by Centrify at Infosec Europe in London this week.
June 8, 2017
Read More


Bose accused of spying on end users, data mining their private records via headphone app
One of the major drawbacks to the Internet of Things ecosystem and "smart' devices more generally is the way both are treated as a gold mine for gathering information on end users, often without their knowledge or consent. Bose is the latest company to stand accused of such shenanigans in a lawsuit filed yesterday in federal district court.
April 19, 2017
Read More


Bose is spying on us, lawsuit alleges
The proposed class-action suit claims the audio company uses its wireless headphones and Bose Connect app to collect private data and sell it to third parties, report says.
April 19, 2017
Read More


Bracing for the Denial of Things
turn out the lights in any major city in the developed world, and you know what? it's not really all that dark. Unless you've managed to lock yourself in a broom closet (I won't ask) then chances are, while it may be dim, it won't actually be dark.
April 12, 2017
Read More


Brands increasingly targeted by false websites and phishing
DomainTools released the names of the top U.S.-based retail companies whose brands are frequently abused by criminals creating look-alike domains for phishing. the research surfaced multiple malicious domains each day spoofing Amazon, Apple, Gap, Nike, and Walmart.
May 3, 2017
Read More


Brave VMs to destroy themselves, any malware they find on HP's new laptop
1 like = 1 prayer for pre-baked Bromium virtualization tech
February 13, 2017
Read More


Breach analytics platform speeds up incident response
It's increasingly said by experts that data breaches are now a matter of when rather than if. Being able to respond quickly is therefore vital for companies to minimize damage and disruption.
February 13, 2017
Read More


Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts
Former gov.UK advisor Rohan Silva branded 'utterly clueless'
June 6, 2017
Read More


Breaking Down HBO's brutal month of hacks
They say April is the cruelest month, but HBO may beg to differ. The company kicked off August with an apparently massive breach of its servers, in which hackers pilfered everything from full episodes of unreleased shows to sensitive internal documents.
August 18, 2017
Read More


Breaking TLS: Good or bad for security?
As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network.
May 23, 2017
Read More


Brexit negotiations could be hit by DDoS attacks
Hackers could use DDoS to disrupt the Brexit negotiations for the UK's leaving the European Union, or use attacks as a distraction technique while they seek to steal confidential documents or data, according to new research.
July 27, 2017
Read More


BrickerBot bricked 2 million IoT devices, its author claims
The author of BrickerBot, which ॥uro;'bricks॥uro;' IoT devices by rewriting the flash storage space and wiping files, has emerged to explain that the malware first attempts to secure the units without damaging them.
April 24, 2017
Read More


Brit voucher biz's signup page blabbed families' details via URL tweak
Kids Pass tries to explain why it gave folks reporting the security hole the virtual middle finger
August 2, 2017
Read More


Brother and sister arrested for spying on Italian politicians for years
Two Italian siblings have been arrested on Monday and stand accused of having spied on Italian politicians, state institutions and law enforcement agencies, businesses and businesspeople, law firms, leaders of Italian masonic lodges, and Vatican officials for years.
January 12, 2017
Read More


Bruce Schneier: the US government is coming for your code, techies
Open source has won, but victory may be fleeting
February 14, 2017
Read More


Building a Framework for IoT Security Compliance
As more IoT devices are connected, the possibility of compromised security increases. That's why there's a need to establish best practices for security.
March 14, 2017
Read More


Building a strong cybersecurity program for the long haul
Patch Tuesday is approaching and there is a chance it might be a boring one. Hopefully, I didn't jinx things by saying that, but I think most of what we'll see is a bit of volume on the third-party side. Before we get into the forecast, though, let's talk about the recent roller coaster we've all been on.
June 12, 2017
Read More


Burglars can easily make Google Nest security cameras stop recording
Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range, a security researcher has found.
March 21, 2017
Read More


Bupa: Rogue staffer stole health insurance holders' personal deets
Names, phone numbers, emails released into the wild
July 13, 2017
Read More


Business and IT decision makers are aligned on key IT trends
Business decision makers' (BDMs) and IT decision makers' (ITDMs) understanding of current IT trends are much closer than they are generally perceived to be, according to a new Dell State of IT Trends 2016 global study.
July 29, 2016
Read More


Businesses deploy sensitive data to new environments without adequate security
According to a new report, 93 percent of enterprises will use sensitive data in advanced technology environments (such as cloud, SaaS, big data, IoT and container) this year.
March 16, 2017
Read More


Businesses don't know how to protect against DDoS attacks
A distributed denial of service or DDoS is a method used to deny access for legitimate users of an online service. This service could be an e-commerce website, a bank, a SaaS application, or any other type of network service. Some attacks even target VoIP infrastructure.
July 31, 2017
Read More


Businesses forget good security practices in DevOps environments
Many organizations don't enforce proper security measures in their DevOps environments, putting both the company and the product at risk. this is according to a new report by Venafi looking into security practices among DevOps adopters.
April 20, 2017
Read More


Businesses finally realize that cyber defenses must evolve
Cybersecurity is finally getting the attention it deserves -- it is only regrettable that this good news is the result of bad news: more numerous, complex, and damaging cyber attacks than ever before.
June 22, 2017
Read More


Businesses need to protect data, not just devices
As organizations embrace the digital transformation of their business, they are increasingly facing new security concerns. More companies are moving away from device-centric, platform-specific endpoint security technologies toward an approach that secures their applications and data everywhere.
July 29, 2016
Read More


Businesses overconfident about keeping attackers at bay
Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to Gemalto.
July 11, 2017
Read More


Businesses still confused about GDPR
European businesses are still unsure about GDPR — almost 78% of IT decision makers at more than 700 European companies either lacked understanding about the impact of the regulation on their organizations or were completely unaware of it. However, encryption, which is addressed by the GDPR, is desired by more than every third company in a new IDC survey.
March 1, 2017
Read More


By the end of March no one will remember that Microsoft missed a Patch Tuesday
Like the weather in Minnesota, the March Patch Forecast is unpredictable at best. be prepared for turbulent times interspersed with moments of calm.
March 13, 2017
Read More


BYOD: how to provide secure access to network resources
IT organizations have little or no choice when it comes to bring your Own Device (BYOD) programs. Employees want to access the network with their personally owned devices, and in today's landscape where employers compete for skilled employees, companies want to be known for giving employees the privilege of doing so.
December 6, 2016
Read More


Misc. - C

CA Technologies acquires Veracode for $614 million
CA Technologies has signed a definitive agreement to acquire Veracode for approximately $614 million in cash. the transaction is expected to close in the first quarter of fiscal year 2018, and is subject to customary closing conditions, including regulatory approvals.
March 7, 2017
Read More


Can Border Patrol Agents Search The Data Your Phone Stores In The Cloud?
While police must have a warrant to search someone's phone in the U.S. -- even after that person has been arrested -- what can law enforcement do with gadgets seized at the border? For one thing, U.S. Customs and Border Protection says its officers are limited to searching phone content that is saved directly to the device, and not on the cloud -- including social media.
July 13, 2017
Read More


Can Dell change endpoint security?
Traditional PC security is failing most companies, and a new approach is required if enterprises are to be protected. Can PC vendors like Dell dramatically improve endpoint security?
June 12, 2017
Read More


Can smartphone thieves be identified in seconds?
Ben-Gurion University of the Negev (BGU) researchers have developed a technique that identifies a smartphone thief or intruder in under 14 seconds.
February 8, 2017
Read More


Can the security community grow up?
As the times change, the security community needs to adapt.
August 17, 2017
Read More


Can you justify your security spend?
In this podcast recorded at RSA Conference 2017, Todd Bramblett, President of Nehemiah Security, talks about why cyber risk has become such a hot topic, the importance of IT operations and cybersecurity working together, as well as the AtomicEye RQ platform.
March 23, 2017
Read More


Can you trust your Android VPN client?
Do you trust your Android VPN client to keep your data secure and your online browsing private? Perhaps you shouldn't.
January 26, 2017
Read More


Can your company keep up with quickly-changing cyber security regulations?
Compliance with requirements and regulations is an ongoing challenge for businesses. In the cyber security space, the threat environment is constantly changing, and organizations have to meet some 500-600 different regulations and laws, as Internet of Things (IoT) devices proliferate and new, massive Distributed Denial of Service (DDoS) attacks are seen on a near-daily basis. as technology continues to evolve with such innovations as cloud computing and Big Data, security professionals are on a never-ending quest to stay up to speed on security controls and best practices.
December 23, 2016
Read More


Can your Netgear router be hijacked? Check now!
Yesterday, researcher Simon Kenin of Trustwave SpiderLabs released information about an authentication bypass flaw affecting a wide variety of Netgear routers, as well as PoC attack code for triggering it.
January 31, 2017
Read More


Canadian university scammed out of $11.8 million
MacEwan University in Edmonton, Alberta, is the latest confirmed victim of scammers.
September 1, 2017
Read More


Canary review: A sophisticated home-security system packed inside a camera
This cloud-based security system delivers features galore, but our in-depth review reveals its flaws.
July 18, 2017
Read More


Capsule8: Container-aware real-time threat protection
Despite massive adoption of Linux in the enterprise, there has been no world-class security offering for Linux infrastructure – until now.
March 2, 2017
Read More


Cardiff researchers get "250k to monitor Brexit hate crime on Twitter
Pre-crime snoops study spread of cruel chatter
February 9, 2017
Read More


Catapult Integrated Systems
is a premier systems integrator and commercial managed Internet services provider serving northern California since 1992.
Provides a Service
Read More


Centrify Identity Platform now secures Mac endpoints
Centrify announced enhancements to the Centrify Identity Platform that deliver local administrator password management for Macs and Mac application management and software distribution via turnkey integration with the Munki open source solution.
June 6, 2017
Read More


Centrify recognises EMEA channel achievements
Centrify has announced the winners of its EMEA Channel Programme Awards. The awards were presented at a ceremony held on 7th June 2017 at The Distillery, Portobello Road in London.
June 8, 2017
Read More


Cerber ransomware can now steal Bitcoin wallets, browser passwords
The infamous Cerber ransomware has received a new update, gaining an ability to steal browser passwords and Bitcoin credentials, aside from its usual job of encrypting a victim's files.
August 4, 2017
Read More


CERT updates insider threat guidebook
The CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University released the fifth edition of the Common Sense Guide to Mitigating Insider Threats. the guide describes 20 practices that organizations should implement across the enterprise to prevent and detect insider threats, as well as case studies of organizations that failed to do so.
February 10, 2017
Read More


CERT: HTTPS Interception Products Weaken Companies' Security
The United States Computer Emergency Readiness Team (CERT) issued a report in which it warned companies and other organizations against using HTTPS or TLS interception products. CERT said that such products often make those companies' communications less secure, because the products don't properly validate server connections and may use weaker cryptography.
March 16, 2017
Read More


Certs up! Apple and Google take certificates more seriously
As we near 2017, browsers start complaining more about rotten website security, but it's never been easier to assure yourself you're safe.
November 16, 2016
Read More


CeX Data Breach Affects 2 Million Gamers, Techies
CeX announced that the names, addresses, email addresses, and phone numbers of 2 million of its customers have been compromised. The company, which operates a secondhand marketplace for games and tech products, said it's still investigating the extent of the breach.
August 31, 2017
Read More


Cex: Customer Data Stolen, Up To 2 Million Users Possibly Affected
Affected customers have been emailed.
August 31, 2017
Read More


Charger mobile ransomware steals contacts and SMS messages
Check Point's mobile security researchers have discovered a new ransomware in Google Play, dubbed Charger.
January 24, 2017
Read More


Check Point says Fireball malware hit 250 million; Microsoft says no
Either way, Microsoft assures us that Windows 10 S would have been immune.
June 23, 2017
Read More


Check Point says Judy is "possibly the largest malware campaign found on Google Play"
After WannaCry's sizable impact on many Windows machines around the world, details have been revealed of a malware campaign targeting Android devices through the Google Play Store. The auto-clicking adware, named 'Judy', was discovered by the IT security firm, Check Point. It is estimated to have affected between 8.5 and 36.5 million users.
May 29, 2017
Read More


Chicago Public Schools: Greater Visibility of Software Assets is Reduci ng Cyber Security Risk
Chicago Public Schools employs 40,000 staff in hundreds of buildings across the Chicago area. as part of its commitment to expanding technology in classrooms and driving efficiency, the District needed to understand their application footprint across their increasingly diverse computing infrastructure.
January 31, 2017
Read More


China emerges as digital rights champion with new info privacy law
Well, sort of
April 11, 2017
Read More


China pays for Windows XP addiction as 'WannaCry' hits
1 in 5 PCs still run the ancient, obsolete OS, so infections come as no surprise
May 15, 2017
Read More


China reportedly prevents WhatsApp users from sending images and videos
Facebook's WhatsApp could easily go as one of the last of the mohicans in China, a country where messaging services that don't abide by the government's restrictive cybersecurity laws have been blocked partially or entirely.
July 18, 2017
Read More


Chinese government's latest crack against online anonymity
The Chinese government is dead-set on making it so that all online interactions can be tied to a specific user. The latest move towards this goal came on Friday, when the Cyberspace Administration of China (CAC) released an overview of the new rules that dictate that anonymous users can't post content online.
August 28, 2017
Read More


Chinese hackers go after third-party IT suppliers to steal data
The hacking group APT10 has been blamed for the global cyberespionage campaign
April 4, 2017
Read More


Chinese hackers ordered to pay $9 million over insider trading
Three Chinese citizens, who have obtained millions from illicit stock trades based on insider information they stole from two US law firms by hacking, have been ordered to give back the money (including money given to Hong's mother) and pay over $5 million in civil penalties.
May 11, 2017
Read More


Chrome bug triggered errors on websites using Symantec SSL certificates
The bug affected Chrome on all platforms, as well as the WebView component on Android
December 5, 2016
Read More


Chrome users on macOS to see more dangerous site warnings
MacOS users who use Chrome to surf the web are likely to see more security warnings in the coming days, as Google's Safe Browsing service will start flagging sites peddling potentially unwanted software.
March 2, 2017
Read More


Chrome web dev plugin with 1m+ users hijacked, crams ads into browsers
Toolmaker phished, Google account pwned, malicious code pushed out -- and now fixed
August 2, 2017
Read More


CIA's Windows XP to Windows 10 malware: WikiLeaks reveals Athena
WikiLeaks says the CIA's Athena malware can be used to spy on Windows XP through to Windows 10 computers.
May 22, 2017
Read More


CIOs increasingly focus on innovation
Two-thirds of organizations are adapting their technology strategies in the midst of global political and economic uncertainty, with 89 percent maintaining or ramping up investment in innovation, including in digital labor, and 52 percent investing in more nimble technology platforms, according to the 2017 Harvey Nash/KPMG CIO Survey.
May 24, 2017
Read More


Cisco and IBM Security announce services and threat intelligence collaboration
In a new agreement, Cisco and IBM Security will work closer together across products, services and threat intelligence for the benefit of customers.
May 31, 2017
Read More


Cisco gobbles up security cloud upstart Observable Networks
Switchzilla needs its five startups a day
July 13, 2017
Read More


Cisco patches leaked 0-day in 300+ of its switches
Cisco has plugged a critical security hole in over 300 of its switches, and is urging users to apply the patches as soon as possible because an exploit for it has been available for a month now.
May 10, 2017
Read More


Cisco Prime Home flaw allows hackers to reach into people's homes
Cisco has patched a critical authentication bypass vulnerability that could allow attackers to completely take over Cisco Prime Home installations, and through them mess with subscribers' home network and devices.
February 2, 2017
Read More


Cisco unveils LabVIEW code execution flaw that won't be patched
LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution.
August 30, 2017
Read More


Cisco WebEx extension opens Chrome users to drive-by malware attacks
Windows users who have the widely used Cisco WebEx extension installed on Chrome are in danger of getting silently hacked when visiting a malicious website.
January 24, 2017
Read More


CISOs must assess risks and identify the real security budget
Organizations spend an average of 5.6 percent of the overall IT budget on IT security and risk management, according to Gartner. However, IT security spending ranges from approximately 1 percent to 13 percent of the IT budget and is potentially a misleading indicator of program success, analysts said.
December 9, 2016
Read More


CISSP Planning Kit: your guide to CISSP certification and beyond
Studying for the CISSP exam can seem overwhelming, which is why (ISC)2 developed this quick guide. Download this planning kit for a CISSP overview, study tips, preview of how to maintain your certification, and more.
January 10, 2017
Read More


Citizens will share personal data with smart city programs by 2019
The rapid pace of technological and societal change has given government CIOs a new sense of urgency and a willingness to experiment with smart city and open data initiatives, according to Gartner. If managed effectively, this shift will position governments at the core of technological innovation in society.
December 20, 2016
Read More


CLDAP reflection attacks generate up to 24 Gbps of traffic
Akamai researchers Jose Arteaga and Wilber Majia have identified a new Connection-less Lightweight Directory Access Protocol (CLDAP) reflection and amplification method.
April 12, 2017
Read More


Clever spear-phishing emails hit employees involved in SEC filings
FireEye has flagged a sophisticated spear-phishing campaign hitting US-based businesses with emails purportedly coming from the US Securities and Exchange Commission (SEC).
March 8, 2017
Read More


Clickity-Clack: Researcher steals data via typing sounds through Skype conference calls
How often have you been on a conference call and heard someone's clicking keyboard in the background? If you're in a corporation, the answer is probably "daily." At Black Hat, Daniele Lain presented his research on taking those sounds and determining what exactly people are typing. This can be used to steal passwords, email messages, or instant messages without the victim even knowing it's being done.
July 28, 2017
Read More


Cloak & Dagger exploit: What you need to know
Should you be concerned about this new Android exploit called Cloak & Dagger? Here's what you need to know!
May 25, 2017
Read More


Cloud adoption hits all-time high, Microsoft and Google dominate
With continued growth in use of Office 365 and G Suite, overall cloud adoption has hit an all-time high, according to Bitglass. Fifty-nine percent of organizations worldwide now use one of these two apps, up from 48 percent in 2015.
November 16, 2016
Read More


Cloud DLP policy violations rise as Slack, HipChat, and similar services increase in popularity
Cloud DLP policy violations in collaboration services like Slack and HipChat are on the rise, accounting for nearly 10 percent of total violations this quarter, according to Netskope. These services have skyrocketed in popularity as methods of sharing and downloading data, emphasizing the need for enterprises to put policies in place to ensure this data is safe and secure.
June 14, 2017
Read More


Cloud IT infrastructure revenues grew 14.9% to $8 billion in 1Q17
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew 14.9% year over year in the first quarter of 2017 (1Q17), reaching $8 billion, according to IDC.
July 3, 2017
Read More


Cloud IT infrastructure spend grew to $32.6 billion in 2016
According to IDC, vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 9.2% year over year to $32.6 billion in 2016, with vendor revenue for the fourth quarter (4Q16) growing at 7.3% to $9.2 billion.
April 10, 2017
Read More


Cloud security broker Netskope raises $100m more led by Lightspeed and Accel
As enterprises continue to move more of their computing to the cloud, and across an ever-expanding range of devices from computers to phones and tablets and more, hackers continue to find ways to break into those systems -- resulting an unprecedented number of breaches globally. Now, one of the more prominent security startups fighting this has raised a significant round of funding to help tackle the issue head-on.
June 6, 2017
Read More


Cloud-based security services market to reach nearly $9 billion by 2020
Growth in worldwide cloud-based security services will remain strong, reaching $5.9 billion in 2017, up 21 percent from 2016, according to Gartner. Overall growth in the cloud-based security services market is above that of the total information security market. Gartner estimates the cloud-based security services market will reach close to $9 billion by 2020.
June 19, 2017
Read More


Cloud-based single sign-on means access and security everywhere
The cloud is now the standard of corporate organizational life. It is a standard practice for nearly every sector of every industry. So, there must be solutions available to help manage these cloud applications.
April 14, 2017
Read More


Cloudbleed: what you need to know and what you need to do
Cloudflare has had a sizeable data leak. Here's what that means for you.
February 24, 2017
Read More


Cloudflare Bug Leaks Passwords, API Keys and More
Cloudflare is a web optimization company and provides SSL encryption to millions of websites all around the internet. the company recently announced that a bug in its software that reared its head after an update has led to the leak of sensitive personal information by the company. the leak was first spied by Tavis Ormandy, who works or Google Project Zero security initiative on February 18.
February 24, 2017
Read More


CloudFlare Bug Put Sensitive Data at Risk
Cloudflare revealed that a memory leak in its parser made sensitive information, such as HTTP cookies or authentication tokens, publicly available. some of this private data was cached by search engines (Google, Yahoo, Bing, and others), but all have reportedly purged the info from their services.
February 24, 2017
Read More


CloudPets connected toys can be turned into remote surveillance devices
The CloudPets data breach saga continues, as Spiral Toys finally reported the breach to the California Attorney General's Office.
March 1, 2017
Read More


Cobalt hackers executed massive, synchronized ATM heists across Europe, Russia
A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. the group has been active since June 2016, and their latest attacks happened in July and August.
November 22, 2016
Read More


Comcast is the honey badger of ISPs -- injects pop-ups into browsers, doesn't give a fsck
Nothing to see here. Move along
November 23, 2016
Read More


Companies are losing ground against cyber threats
Businesses are struggling to keep pace against the rising level of cyber security threats, according to a new study.
August 15, 2017
Read More


Companies struggling to meet GDPR standards
A new survey conducted by Vanson Bourne asked IT leaders in the U.S., UK, Germany and France about their current data policies to see how well aligned they are with the EU General Data Protection Regulation (GDPR), which comes into force on May 25, 2018.
May 30, 2017
Read More


Compared to last month's Patch Tuesday, April will be a light drizzle
March saw a sizable release from Microsoft after a missed Patch Tuesday. Any way about it, April will be a lighter month than March. Windows 10 1703 has officially released to MSDN. Windows 10 1507 reaches end of service in May, so for those on the original release branch, now is the time. Start upgrading those systems still on 1507 to prevent not having security exposures.
April 10, 2017
Read More


Complete and continuous cloud infrastructure protection
In this podcast recorded at Black Hat USA 2017, Hari Srinivasan, Director of Product Management at Qualys, talks about the challenges involved in securing clouds, and explains how to gain complete visibility and security of your cloud infrastructure using Qualys CloudView.
August 29, 2017
Read More


CompTIA Cybersecurity Analyst certification to include behavioral analytics
CompTIA unveiled a vendor-neutral certification, CompTIA Cybersecurity Analyst (CSA+), that brings behavioral analytics to the forefront of assessing cyber threats.
February 20, 2017
Read More


Conan Exiles' Endowment Slider will not Appear In Console Versions
Missing members.
March 8, 2017
Read More


Congress Is Trying to Shore Up US Cyber Security
Remember how much digital ink we've spilled talking about how bad modern cyber security is? Well! Now Congress is actually (maybe!) going to do something about it.
August 4, 2017
Read More


Congressional Encryption Working Group says encryption backdoors are near unworkable
The Congressional Encryption Working Group (EWG) was set up in the wake of the Apple vs FBI case in which the FBI wanted to gain access to the encrypted contents of a shooter's iPhone. the group has just published its end-of-year report summarizing months of meetings, analysis and debate.
December 23, 2016
Read More


Connected devices and the future of payments
More than 80 percent of Americans have a strong interest in using connected devices to make purchases, with a keen eye toward security and data concerns, according to Visa and Pymnts.
June 9, 2017
Read More


Connected home solutions adoption remains limited
Adoption of newer connected home solutions is still at the early adopter phase, according to Gartner. the survey, of nearly 10,000 online respondents in the U.S., the U.K. and Australia during the second half of 2016, found that only about 10 percent of households currently have connected home solutions.
March 8, 2017
Read More


Connected homes and new hacking risks
Eight out of ten US consumers have a home data network and more than a third of them connect entertainment systems, gaming consoles and other smart devices to the Internet, increasing the risk of home cyber attacks, according to the Hartford Steam Boiler Inspection and Insurance Company (HSB).
January 27, 2017
Read More


Constant availability: Mission-critical business data challenges
In today's world, consumers expect businesses to be always-on, but 24/7/365 availability -- for both data and applications -- comes with specific information security challenges.
July 12, 2017
Read More


Consumers are still making basic security faux pas online
Security remains top of mind as over 70 per cent of consumers noted they always think about their security/privacy when shopping online, according to Centrify. Unfortunately, despite the changing attitudes towards security, some consumers are still making basic security faux pas online.
November 23, 2016
Read More


Consumers regularly share passcodes, creating compromising situations
Consumers keep more and more sensitive personal and professional information on their mobile phones, but most people remain alarmingly casual about adequately protecting that private content, according to Keepsafe.
December 14, 2016
Read More


Consumers want online retailers to provide two-factor authentication
In today's fast-paced world, one might think consumers value speed more than anything. In case of online banking, however, this is not the case. Instead, consumers would rather have more security than speed.
July 12, 2017
Read More


Consumers worried about privacy more than ever
84% of U.S. consumers expressed concern regarding the security of their personally identifiable information (PII) and 70% told IDC that their concern is greater today than just a few years ago.
January 25, 2017
Read More


Consumers worry more about cybercrime than physical crime
Consumers are more worried about cybercrime than physical world crime, according to Sophos. the survey polled 1,250 consumers in the US, UK, Germany, Austria and Switzerland.
December 14, 2016
Read More


Container Health Index: Red Hat's standard for trusted containers
Red Hat introduced the Container Health Index, which provides a comprehensive image detail of any enterprise container service. the index grades all of Red Hat's containerized products as well as the Red Hat base layer of containers from certified ISV partners, with Red Hat planning to certify containerized products from 20 ISVs within the next 90 days.
May 3, 2017
Read More


Container security: The seven biggest mistakes companies are making
As enterprises increase adoption of containers, they also risk increasing the number of mistakes they make with the technology. Given that many companies are still wrapping their heads around the potential of container technology and how to best leverage it, that stands to reason. With that said, however, companies must ensure that they are establishing a solid foundation for security as they continue to identify strategies and workloads that make sense on a container platform.
July 31, 2017
Read More


Cookies Are the Original Ransomware
The existence of ransomware--and probably 90 percent of all malware--can be blamed on the now-defunct Netscape, which invented the tracking cookie other browsers quickly adopted.
May 18, 2017
Read More


Corporate insiders sell secrets and access on dark web
Dark web marketplaces have witnessed an increase of employees offering insider traders, fraudsters and hackers information, help or outright access to their company's networks -- for a fee, of course.
February 2, 2017
Read More


Corporate Office 365 users hit with clever phishing attack
Corporate Office 365 users are being targeted by phishers using a clever new trick to bypass email filters and the default security protections of the Microsoft service.
December 14, 2016
Read More


Could an independent NGO solve the problem of cyber attack attribution?
Cyber attack attribution is a necessary prerequisite for holding actors accountable for malicious cyber activity, but is notoriously difficult to achieve. Perhaps it's time to create an independent, global organization that will investigate and publicly attribute major cyber attacks?
June 14, 2017
Read More


Could e-discovery pros fill the insatiable demand for cybersecurity talent?
When looking at the cybersecurity industry from a jobs perspective, there is no denying demand for talent far exceeds supply. In May of 2017, Cybersecurity Ventures estimated "there will be 3.5 million unfilled cybersecurity jobs by 2021." With so many lingering vacant job requisitions, who will step up with the skills and experience necessary to satiate the explosive need for cybersecurity talent in the United States?
July 14, 2017
Read More


Could this be you? Really Offensive Security Engineer sought by Facebook
'Here's your new password, champ -- GoF*!#Urs3lf'
December 6, 2016
Read More


Crappy hacker crew fingered for Bundestag snooping operation
CopyKittens persistent but easy to find, monitor and counter
July 25, 2017
Read More


Criminalization of DNS for phishing continues to advance
Cybercriminals have been shifting their tactics markedly, by registering more and more domain names, rather using web servers and domains they have hacked into. These "malicious domain registrations" accounted for half of all the domain names used for phishing in 2016, according to APWG.
June 28, 2017
Read More


Criminals Access Three's Upgrade Systems, Compromise Over 130,000 Accounts
The UK ISP, Three, announced that criminals used employee logins to access its phone upgrade system. they used this access to steal phones that were supposed to be sent as upgrades to customers, and personal information from more than 133,000 thousand accounts was compromised in the process.
November 18, 2016
Read More


Critical flaw opens Netgear routers to hijacking
Several Netgear router models can be easily hijacked by remote, unauthenticated attackers, CERT/CC has warned on Friday.
December 12, 2016
Read More


Critical Linux bug opens systems to compromise
Researchers from the Polytechnic University of Valencia have discovered a critical flaw that can allow attackers -- both local and remote -- to obtain root shell on affected Linux systems.
November 15, 2016
Read More


Critical RCE flaw in ATM security software found
Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions.
May 4, 2017
Read More


Critical Samba code execution hole plugged, patch ASAP!
The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
May 25, 2017
Read More


Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter
New IOActive research exposes critical security vulnerabilities found in the Segway miniPRO electric scooter.
July 19, 2017
Read More


Critical Xen hypervisor flaw endangers virtualized environments
The vulnerability allows attackers with access to a guest OS to read the host's memory
April 5, 2017
Read More


Cross-border action dismantles network of payment card fraudsters
A successful operation that took down an international criminal network of payment card fraudsters was carried out thanks to cross-border cooperation in Europe.
June 13, 2017
Read More


Crowdsourced security testing and bug bounties
In the past few years, the bug bounty economy has been growing steadily, with more organizations getting on board every day.
June 26, 2017
Read More


Custom code accounts for 93% of application vulnerabilities
Although third-party software libraries represent a majority of an application's code, they account for less than seven percent of application vulnerabilities.
July 25, 2017
Read More


Customer Records For Millions Of Verizon Subscribers Exposed
It's a day ending in the letter "Y," so we're not surprised that yet another breach of customer information is making the news: In the latest, a cyber security firm says information for at least 14 million Verizon residential and small business wireline customers was found on an unsecured web server, allowing anyone on the Internet to access it. Verizon says that figure was closer to six million customer records.
July 12, 2017
Read More


Cyber extortionists target North American companies
A group of financially motivated hackers is targeting networks and systems of North American companies, threatening to leak the stolen information and cripple the company by disrupting their networks if they don't pay a hefty ransom.
June 16, 2017
Read More


Cyber insecurity is pervasive, citizens feeling concerned and vulnerable
More than three-quarters of U.S. citizens (79 percent) are concerned about the privacy and security of their personal digital data, and 63 percent say they would feel more confident if the government agencies and service providers with which they interact had stronger data-privacy and security policies, according to an Accenture survey of nearly 3,500 U.S. citizens.
April 11, 2017
Read More


CyberArk: Windows 10 Vulnerable To Rootkits Via Intel's Processor Trace Functionality
CyberArk, a security company that specializes in stopping targeted attacks against other companies, has found a hooking technique that can bypass the Windows 10 "PatchGuard' kernel protection using hardware functionality found on Intel processors. The technique can be used to create persistent malware after a computer has already been infected.
June 23, 2017
Read More


Cybersecurity battleground shifting to Linux and web servers
Despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. This attack pattern demonstrates the urgent need for heightened security measures to protect Linux servers and Linux-dependent IoT devices, according to WatchGuard Technologies.
June 27, 2017
Read More


Cybersecurity trends: Fight against cybercrime shows both improvements and downsides
Trustwave released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases.
June 21, 2017
Read More


Cybersecurity: Industry concerns and suggestions for policy makers
The EU Agency for Network and Information security -- ENISA -- together with industry recently reached a common position on cybersecurity, that reflects the concerns of industry and provides a set of suggestions for policy makers.
May 23, 2017
Read More


Cybersecurity: to automate or not to automate?
There are seven vital automated IT security applications that will function as the stepping stones necessary to advance cybersecurity in the new world of artificial intelligence, according to ABI Research.
April 12, 2017
Read More


Cybersecurity: workforce gap to hit 1.8 million by 2022
The cybersecurity workforce gap is on pace to hit 1.8 million by 2022 -- a 20% increase since 2015. 68% of workers in North America believe this workforce shortage is due to a lack of qualified personnel.
June 9, 2017
Read More


CSOs reveal true cost of breaches
Over one-third of organizations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent, according to the Cisco 2017 Annual Cybersecurity Report (ACR).
February 1, 2017
Read More


Cyber attacks against UK businesses rising sharply
There has been a significant increase in the amount of cyber-attacks targeting UK's businesses in the second quarter of 2017, a new report has claimed
July 7, 2017
Read More


Cyber criminals targeting healthcare orgs' FTP servers
FBI's Cyber Division has sent out another notification to healthcare organizations, alerting them to the danger of cyber criminals using their FTP servers for various malicious purposes.
March 27, 2017
Read More


Cyber crooks' latest tricks for targeting Chrome users
Chrome users have lately been targeted with a few unusual malware delivery and scam attempts.
February 22, 2017
Read More


Cyber espionage topping the list of largest security concerns
20 percent of global organizations rank cyber espionage as the most serious threat to their business, with 26 percent struggling to keep up with the rapidly evolving threat landscape. In addition, one in five U.S. organizations have suffered a cyber espionage-related attack in the last year.
March 15, 2017
Read More


Cyber extortionists hold MySQL databases for ransom
Ransomware has become cyber crooks favorite attack methodology for hitting businesses, but not all cyber extortion attempts are effected with this particular type of malware.
February 27, 2017
Read More


Cyber insurance: what and why?
High-profile cyber-attacks are fast becoming the norm in modern society, with 2016 being arguably the worst year for major security breaches. National Crime Agency statistics released earlier in the year reinforced this, revealing how last year saw cybercrime overtake more traditional forms of crime in the UK for the first time.
March 19, 2017
Read More


Cyber News Rundown: Edition 2/3/17
 
February 3, 2017
Read More


Cyber risk in advanced manufacturing: how to be secure and resilient
Nearly half of surveyed manufacturing executives lack confidence their assets are protected from external threats, according to a new study from Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI).
November 17, 2016
Read More


Cyberattack suspected in Ukraine power outage
Ukraine's national power company investigates whether hacking caused blackout in Kiev
December 20, 2016
Read More


Cyberattacks against IoT devices tripled in 2016
It only takes one successful cyber-attack to seriously hurt a company, so it's shocking to see that UK businesses suffered, on average, almost 230,000 cyber-attacks in 2016.
January 11, 2017
Read More


Cybercrime can come in any shape or size, and not always the form you'd expect
Cyberespionage is now the most common type of attack seen in manufacturing, the public sector and now education, warns the Verizon 2017 Data Breach Investigations Report. Much of this is due to the high proliferation of propriety research, prototypes and confidential personal data, which are hot-ticket items for cybercriminals.
April 27, 2017
Read More


Cybereason unveils complete next-generation endpoint platform
Cybereason unveiled a new Endpoint Security Platform that includes next-generation antivirus (NGAV) functionality at RSA Conference 2017 in San Francisco. by integrating Cybereason's endpoint detection and response platform with classic and next-generation antivirus, enterprises can secure their environment against threats on a single agent for ease of deployment and management.
February 14, 2017
Read More


Cybersecurity analytics and operations: Need for automation and orchestration
New research from Enterprise Strategy Group (ESG) shows that when it comes to the evolution of Cybersecurity Analytics and Operations, 71% of respondent organizations find it more difficult today than it was two years ago due to the changing threat landscape, followed by volume of alerts and increased regulatory changes.
May 10, 2017
Read More


Cybersecurity today: Turning positive with new thinking and innovation
In this podcast recorded at RSA Conference 2017, Melanie Ensign, Co-Chair for WISP and Head of Security & Privacy Communications at Uber, and Ajay Arora, CEO and founder of Vera Security, talk about how information security is changing on several levels and how modern security teams are now looking at their responsibility in their companies as enabling new business opportunities.
March 19, 2017
Read More


Cybersecurity training management and skills assessment platform
No cost and open source cybersecurity massive open online course (MOOC) provider Cybrary announced the launch of its Teams training management and skills assessment platform at RSA Conference 2017.
February 14, 2017
Read More


Cyberspies tap free tools to build powerful malware framework
The Netrepser cyberespionage group managed to infect hundreds of computers belonging to government agencies and organizations
May 5, 2017
Read More


Misc. - D

Dailymotion urges users to reset passwords in wake of possible breach
Breach notification service LeakedSource has added information about over 87 million Dailymotion users to its search index.
December 6, 2016
Read More


Dangerous Android threat points to Italian spyware maker
A piece of Android spyware recently analyzed by researchers with the RedNaga Security team seemed to be yet another Hacking Team spying tool but, according to more recent revelations, another Italian company is its likely source.
November 16, 2016
Read More


Dark web fraud guides reveal potential threats to orgs
An in-depth look at content from more than 1,000 fraud guides available for sale on the dark web revealed that the majority of these guides are useless. Still, as many as 20 percent have the potential to cause financial harm to individuals and organizations by instructing readers how to exploit legitimate policies and processes or use malicious code against an organization's systems.
June 7, 2017
Read More


Dark web market Alpha Bay was shut down by law enforcement
Dark web black market Alpha Bay went offline on June 5, leaving users to wonder whether its operators did it and ran off with their money.
July 14, 2017
Read More


DARPA wants to create secure data-sharing tech
The agency seeks proposals that would secure shared data on handheld devices in remote areas
January 12, 2017
Read More


Dash invites researchers to hack their blockchain
Thousands of security researchers will be incentivized to identify critical software vulnerabilities within Dash's code and present them to the Dash Core Team for remediation. Commencing in August, Dash will employ a private bug bounty program through Bugcrowd, tapping into a curated, invite-only crowd to find Dash vulnerabilities, and then, in line with the rollout of Evolution, expand to a public program with over 60,000 registered security experts.
August 7, 2017
Read More


Dashlane teams with Intel to improve password protection
Security breaches have been one of the major themes of 2016, so going into the new year it's no surprise that companies are keen to try to make things more secure.
January 3, 2017
Read More


Data breach activity reaches all-time high
With over 1,200 breaches and over 3.4 billion records exposed, 2017 is already on pace to be yet another "worst year on record' for data breach activity, according to Risk Based Security.
May 23, 2017
Read More


Data breaches becoming more complex, pervasive and damaging
Data breaches are becoming more complex and are no longer confined to just the IT department, but are now affecting every department within an organization. Each breach leaves a lingering, if not lasting imprint on an enterprise, Verizon 2016 Data Breach Investigations Report (DBIR) shows.
February 17, 2017
Read More


Data breaches hit all-time record high, increase 40% in 2016
The number of U.S. data breaches tracked in 2016 hit an all-time record high of 1,093, according to a new report by the Identity Theft Resource Center (ITRC) and CyberScout. this represents a substantial hike of 40 percent over the near record high of 780 reported in 2015.
January 20, 2017
Read More


Data breaches: Playing by a new set of rules?
Tell me, what's your response when you hear that a company that was breached are now losing customers? I suppose it's at this point the word reasonable makes an appearance. Whether this is the regulator, or in fact data subjects whose personal data is now being packaged and sold to identity thieves.
March 16, 2017
Read More


Data Privacy day reminds digital citizens to better manage their privacy
Many consumers do not fully understand how their information is collected, used and stored by the devices, apps and websites they use every day.
January 16, 2017
Read More


Data Security
Seclore is an information rights management company which helps to protect documents and information by preserving enterprise rights management.
Provides a Service
Read More


Data security and mobile devices: how to make it work
There has been a lot of hype in the media about messaging tools. But recently, some of the headlines have taken a negative turn. Just last month, we read how a London-based banker was fired and fined more than £37,000 by the FCA for leaking confidential company data via WhatsApp. In this case, the employee stated that he simply wanted to 'impress' a friend. not all cyber fraud is a crime of 'boastfulness'.
May 2, 2017
Read More


Data security disruptions can have cascading negative impacts
Nine in 10 global cybersecurity and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017, according to AIG.
May 11, 2017
Read More


Data-centric IoT security for Hadoop Big Data environments
Hewlett Packard Enterprise (HPE) introduced today at RSA Conference 2017 HPE SecureData for Hadoop and IoT, designed to easily secure sensitive information that is generated and transmitted across Internet of Things (IoT) environments, with HPE Format-preserving Encryption (FPE).
February 15, 2017
Read More


DC police surveillance cameras were infected with ransomware before inauguration
Malware seized 70 percent of DC police DVRs a week before Trump's inauguration.
January 30, 2017
Read More


DDoS attacks increase by 28 percent in Q2 2017
DDoS attacks are seeing a major rise as hackers seek more diverse threats, according to new research.
August 23, 2017
Read More


DDoS attacks increasingly form blended attacks of more vulnerabilities
DDoS attacks increasingly formed blended attacks of four or more vulnerabilities over the course of the fourth quarter of 2016, with an intent to overload targeted monitoring, detection and logging systems, according to Nexusguard. Hybrid attacks were a common attack pattern against financial and government institutions.
February 9, 2017
Read More


DDoS Attacks Took Down Blizzard's Games, Online Services
Blizzard said on Sunday afternoon that performance issues with its games and the service formerly known as Battle.net were caused by distributed-denial of service (DDoS) attacks. The barrage caused login issues for many players, kicked some out of games they were already playing, and otherwise hindered efforts to enjoy a weekend afternoon in front of a computer screen. (With Blizzard's games, anyway.)
August 14, 2017
Read More


DDoS attacks via WordPress now come with encryption
Kaspersky Lab experts have noted an emerging trend -- a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend -- an attack exploiting vulnerabilities in WordPress via an encrypted channel.
December 14, 2016
Read More


DDoS attacks: $100,000 per hour is at risk during peak revenue generation periods
Neustar and Harris Interactive conducted global, independent research of 1,010 directors, managers, CISOs, CSOs, CTOs, and other c-suite executives to find out how DDoS attacks affect their organizations and what measures are in place to counter these threats. the respondents span many industries, including technology, financial services, retail, healthcare and energy.
May 2, 2017
Read More


DDoS protection quiz-based training course
The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection.
November 22, 2016
Read More


DDoS script kiddies are also... actual kiddies, Europol arrests reveal
Young 'uns hire tools to hit infrastructure, info systems
December 12, 2016
Read More


Deadlines for investigating and reporting data breaches
75% of organisations set fixed time limits for investigating potential security incidents, according to Balabit. However, 44% of respondents reported missing internal or external deadlines for investigating or reporting a breach in the last year, and 7% said a missed deadline had resulted in serious consequences.
December 19, 2016
Read More


Deception security doesn't have to be onerous or expensive
When talking about deception security, most infosec pros' mind turns to honeypots and decoy systems -- additional solutions that companies have to buy, deploy, and manage.
March 22, 2017
Read More


Decrypting DEF CON badge challenges
Every summer, tens of thousands of hackers and information security enthusiasts make a journey to the Last Vegas strip for the Black Hat and DEF CON security conferences. While most attendees spend their week watching briefings and visiting vendor booths, some choose to instead team up and tackle the different puzzle challenges that go on behind the scenes.
July 18, 2017
Read More


Decryption key for Apple iOS Secure Enclave Processor firmware revealed
A hacker that goes by the handle "xerub"has apparently figured out the decryption key for Apple's Secure Enclave Processor (SEP) firmware, and made it available online:
August 18, 2017
Read More


Defeating Magento security mechanisms: Attacks used in the real world
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches.
May 9, 2017
Read More


Defensive AI system implements strategies from the best analysts
Champion Technology Company, developer of DarkLight, an AI expert system for active cyber defense and trusted information sharing, today released their latest technology update with DarkLight 3.0.
July 27, 2017
Read More


Delayed breach notifications open door to regulatory fines
As more data breaches occur everyday and more data privacy regulations come into force, such as EU GDPR, organizations are beginning to make data governance and data protection more of a priority.
December 16, 2016
Read More


Dell open sources DCEPT, a honeypot tool for detecting network intrusions
Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody.
March 8, 2016
Read More


Despite tremendous growth, most IoT projects fail
60 percent of IoT initiatives stall at the Proof of Concept (PoC) stage and only 26 percent of companies have had an IoT initiative that they considered a complete success. Even worse: a third of all completed projects were not considered a success, according to Cisco.
May 24, 2017
Read More


Destination PWND: Safes, ATMs, phones all fall to Vegas hax0rs
The best of the rest from Black Hat and DEF CON
July 31, 2017
Read More


Detect and block Mac ransomware with Little Flocker
Windows ransomware may make all the headlines, but other platforms are vulnerable too. the first Mac ransomware was uncovered last year, and it's only a matter of time before the next one strikes.
February 20, 2017
Read More


Detect observation and evade theft of sensitive data
Jacob Torrey is an Advising Research Engineer at Assured Information Security, where he leads the Computer Architectures group. He has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture.
March 18, 2016
Read More


Detecting PLC malware in industrial control systems
How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems (ICS) detect it?
February 21, 2017
Read More


Deutsche Telekom confirms malware attack on its routers
German telecom giant Deutsche Telekom has confirmed that the connectivity problems some 900,000 of its customers experienced on Sunday are the result of a hack attempt.
November 28, 2016
Read More


Deutsche Telekom goes drone hunting
Drone popularity continues to rise rapidly as they become ever cheaper and more powerful. Easy availability and large payloads conspire to increase the potential for dangerous drone misuse -- everything from industrial espionage to drug and weapon smuggling to terrorist attacks.
December 1, 2016
Read More


DevOps skills gap: Do you have the necessary skills to succeed?
New research shows that software developers are not receiving the training they need to be successful as DevOps becomes the prevalent approach to building and operating digital products and services. In today's application-centric economy that gap could have real impact on the productivity of businesses in every industry, as well as on the security and quality of the software that underpins the digital economy.
August 17, 2017
Read More


DevSecOps: Build a bridge between fast and secure software development
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software. In fact, according to new research conducted by Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications.
June 15, 2017
Read More


DevSecOps: Building continuous security into IT and app infrastructures
In this podcast recorded at RSA Conference 2017, Chris Carlson, VP of Product Management, Cloud Agent Platform at Qualys, talks about DevSecOps.
March 9, 2017
Read More


DevSecOps: to drive the digital imperative
Dan Hushon, CSC's CTO, has identified six trends around the philosophy of DevSecOps that company leaders need to be thinking about to drive digital transformation.
December 13, 2016
Read More


DHS to enforce extra security checks instead of airplane carry-on laptop ban
Travelers from all over the world who plan to fly into the US will be subjected to more rigorous security checks before being allowed to board the plane, the Department of Homeland Security has decided. Still, they will be allowed to take their laptops in the passenger cabin.
June 29, 2017
Read More


Dial S for SQLi: Now skiddies can order web attacks via text message
Katyusha scanner targets web servers with instant chat
July 12, 2017
Read More


Did Tesco Bank attackers guess victims' payment card details?
A group of researchers from Newcastle University have discovered a practical and easy way for attackers to quickly guess individuals' Visa payment card info needed to perform fraudulent card-not-present transactions (e.g. when online shopping).
December 2, 2016
Read More


Differences in personal security behaviors of US and UK workers
Wombat surveyed more than 2,000 working adults -- 1,000 in the US and 1,000 in the UK -- about cyber security topics and best practices that are fundamental to network and data security, including mobile device habits and password security.
June 13, 2017
Read More


DigiCert to acquire Symantec's website security business
Under the terms of the agreement, Symantec will receive approximately $950 million in upfront cash proceeds and approximately a 30 percent stake in the common stock equity of the DigiCert business at the closing of the transaction.
August 3, 2017
Read More


Digital transformation and IoT to drive investment in IT operations management
The growth of digital business and the Internet of Things (IoT) is expected to drive large investment in IT operations management (ITOM) through 2020, according to Gartner. A primary driver for organizations moving to ITOM open-source software (OSS) is lower cost of ownership.
August 1, 2017
Read More


Digital transformation initiatives: what are you doing to get ahead?
Digital transformation initiatives are more successful when they have buy-in from across the business, according to Splunk.
May 12, 2017
Read More


Disconnect between investment and expected security improvements
Less than half of US firms will increase their investment in cybersecurity protection to match an expected rise in data breaches, according to a new survey conducted by Ovum. Yet just over half of executives surveyed believe their company will have stronger cybersecurity protection in a year.
May 25, 2017
Read More


Disturbing lack of cyber attack awareness among directors
Britain's top firms and charities urgently need to do more to protect themselves from online threats, according to new government research and a 'cyber health check'.
August 22, 2017
Read More


DLP APIs: The next frontier for Data Loss Prevention
According to the Breach Level Index, there have been 7,094,922,061 data records lost or stolen since 2013 with 4,417,760 records lost or stolen every day, 184,073 records every hour, 3,068 records every minute and 51 every second.
June 19, 2017
Read More


DMCA filing says hackers stole 'thousands' of internal HBO docs -- but company denies emails taken
The hack of HBO isn't limited to a handful of Game of Thrones episodes; a DMCA takedown notice issued on behalf of the company says hackers stole 'thousands of Home Box Office (HBO) internal company documents.' And, as the notice indicates, the data is already in the wild.
August 2, 2017
Read More


DNSMessenger backdoor/RAT uses DNS queries to communicate with C&C server
How to make sure that your malware will be able to communicate with its C&C servers even if the infected machine sits behind a company firewall and traffic to and from the corporate network is regularly inspected? Pack the needed information into DNS traffic.
March 6, 2017
Read More


Do we live in a riskier world? C-suite and senior level experts weigh in
72 percent of global business leaders say they're operating in a riskier world, spurred by increasingly regulated industries, advanced technology and rapid digitalization, according to BDO USA.
June 30, 2017
Read More


Do you know which data compliance standards apply to your organization?
Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations.
December 1, 2016
Read More


Docs.com's "public by default" setting to blame for users publishing sensitive info?
The search option on Docs.com, Microsoft's publishing and file sharing service, has been temporarily disabled as it could be used to trawl published documents for sensitive user information (social security numbers, dates of birth, phone numbers, etc.).
March 27, 2017
Read More


Doctor Who-inspired proxy transmogrifies politically sensitive web to avoid gov censorship
Slitheen tool smuggles browsers into cyber-Tardis
April 21, 2017
Read More


DocuSign breached, stolen info used for targeted phishing campaign
Phishing emails impersonating electronic signature technology provider DocuSign are not an unusual sight, but the latest campaign has the added advantage of specifically targeting registered DocuSign users.
May 16, 2017
Read More


Does this look infected to you? Google launches a SAMBA app for Android
If you missed out on having all your files encrypted and the chance to send bitcoin to a bunch of misanthropes who have no plans on unencrypting those files after you do, then download this new app from Google Play! Then you can enable SMBv1 on all your other machines so your Android can share the virus amongst your other machines, perhaps you could even share this unforgettable experience with your friends and family.
July 10, 2017
Read More


Doing things right: Cloud and SecOps adoption
There is hardly an organization out there that isn't planning or hasn't already taken advantage of the cloud. And, according to Threat Stack CTO Sam Bisbee, there is hardly a technology-oriented organization anywhere on the small-business to-enterprise spectrum that isn't a good candidate for SecOps.
August 21, 2017
Read More


Dok Mac malware intercepts victims' web traffic, installs backdoor
A new piece of Mac malware, more insidious and dangerous that all those encountered before, has been flung at European users via fake (but relatively convincing) emails.
May 2, 2017
Read More


Don't forget to pack security for the journey to the cloud
When you move workloads to public cloud platforms, you offload many tasks on the cloud provider, but don't fall for the misconception that you're entirely off the hook with security.
March 29, 2017
Read More


Don't let cybercrime hold your innovation to ransom
When things break, our natural instinct is to look for someone to blame. Why? Because nothing happens by accident. It's either done on purpose, a casualty of neglect or lack of preparation. Trust me, as someone who has worked in the security industry for over 20 years, I've seen a lot of issues arise and nearly all of them are down to one of the above.
July 13, 2017
Read More


Don't take your hands off the wheel
Let me tell you a story. it's a story about my brother-in-law, whom, for the sake of decency, we'll call Steve.
February 6, 2017
Read More


Double Robotics Telepresence Robot can be hacked
Rapid7 researchers have discovered a number of vulnerabilities in the Double Robotics Telepresence Robot, the company's iPad-based telepresence device that looks a bit like a Segway.
March 14, 2017
Read More


DoubleAgent attack uses built-in Windows tool to hijack applications
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines.
March 22, 2017
Read More


Dow Jones customer data exposed due to cloud misconfiguration
US-based publishing and financial information firm Dow Jones & Company is the latest casualty of a cloud database misconfiguration error.
July 18, 2017
Read More


DreamHost smashed in DDoS attack: Who's to blame? Take a guess...
Is it the alt-right or anti-fascists? Most likely the latter
August 23, 2017
Read More


Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln
JavaScript smuggles malicious payload into PCs
November 29, 2016
Read More


Drone maker DJI launches bug bounty program
Chinese consumer drone maker DJI has announced that it's starting a bug bounty program and has invited researchers to discover and responsibly disclose issues that could affect the security of its software.
August 30, 2017
Read More


Drone-maker DJI's Go app contains naughty Javascript hot-patching framework
Apple has already smote JSPatch once this year
August 15, 2017
Read More


Duo Beyond Helps other Companies be as Secure as Google
Two years ago, Google published a paper describing a "zero-trust" security framework for its enterprise infrastructure that went beyond firewalls. Duo Security has taken that framework and packaged it into a complete security solution that it can now offer to its corporate customers that want to avoid data breaches seen at Sony and elsewhere.
February 8, 2017
Read More


Dynamically generated whitelists help stop hackers
Whitelists have traditionally been used as a way of limiting what users can do, but they're time consuming to maintain and keep up to date.
May 26, 2017
Read More


Misc. - E

Easy Solutions launches digital threat protection suite
Today at RSA Conference 2017 in San Francisco, Easy Solutions unveiled its Digital Threat Protection suite. the offering enables organizations with a proactive strategy against fraud by detecting and mitigating attacks aimed at stealing personal information of customers and employees.
February 13, 2017
Read More


eBook: Full Stack Web Performance
Full Stack Web Performance is written for anyone grappling with the challenges of performance in a DevOps environment. Whether you're a web developer, a DevOps engineer, an engineering manager or an architect, you'll glean something useful from this practical how-to by Tom Barker.
July 17, 2017
Read More


EFF offers legal advice to researchers at Black Hat, B-Sides and DEF CON
Not all security researchers have someone to talk to and ask specific advice about the legal challenges that they could be faced while doing their work.
July 13, 2017
Read More


EFF: Half of web traffic is now encrypted
Half of the web's traffic is now encrypted, according to a new report from the EFF released this week. the rights organization noted the milestone was attributable to a number of efforts, including recent moves from major tech companies to implement HTTPS on their own properties. Over the years, these efforts have included pushes from Facebook and Twitter, back in 2013 and 2012 respectively, as well as those from other sizable sites like Google, Wikipedia, Bing, Reddit and more.
February 22, 2017
Read More


EFF's latest privacy report criticizes Amazon and WhatsApp over policies that 'fall short'
The Electronic Frontier Foundation has published the latest edition of its "Who has your back" privacy report. This is the seventh report from the digital rights group, and this year it criticizes both WhatsApp and Amazon for having policies that "fall short of other similar technology companies."
July 11, 2017
Read More


Effective ICS cyber defense methods
Cyber defense risks are on the top of concern for every manager operating manufacturing and critical infrastructure. the solutions for protecting the Confidentiality, Integrity and Availability (C-I-A) of IT systems are widely understood and accepted by most organizations.
January 24, 2017
Read More


Egyptian civil society NGOs targeted with sophisticated phishing
In the last few months, a number of Egyptian civil society organizations, lawyers, journalists, and independent activists have been targeted with personalized and generic emails aimed at revealing their Gmail or Dropbox credentials to the attackers.
February 2, 2017
Read More


Electronic Frontier Foundation reveals its privacy and security wishlist for 2017
With the end of the year approaching, many people are looking back over 2016 and picking out the highlights. Others, however, are looking back to see what can be learned for 2017; this is exactly what digital rights group Electronic Frontier Foundation is doing.
December 20, 2016
Read More


Elegant 0-day unicorn underscores "serious concerns" about Linux security
Scriptless exploit bypasses state-of-the-art protections baked into the OS.
November 22, 2016
Read More


ElcomSoft Grabs 'Deleted' Safari History from iCloud
Before web browsers embraced private windows, clearing their history was something of a technological rite of passage. Embarrassing searches? Gone. Porn? Never heard of it. But now ElcomSoft has revealed that it's possible to retrieve deleted history from Apple's Safari browser from iCloud. Whoops.
February 9, 2017
Read More


Email and IoT security issues persist
New AT&T research shows many businesses are not effectively protecting their data. as more organizations adopt cloud architectures, traditional security protections aren't enough.
March 2, 2017
Read More


Email attacks exploit unpatched Microsoft Word vulnerability
Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
April 10, 2017
Read More


Email scammers swindle US State Supreme Court judge out of $1 milion
If often happens to less prominent individuals, but this time it happened to a US State Supreme Court judge: scammers have managed trick her into wiring the money meant for buying an apartment to a bank account under their control.
June 21, 2017
Read More


Email-based attacks exploit unpatched vulnerability in Microsoft Word
Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
April 10, 2017
Read More


Email-borne threats: Watch your inbox closely on Thursdays
Malicious email attachment message volume spikes more than 38% on Thursdays over the average weekday volume. Ransomware attackers in particular favor sending malicious messages Tuesday through Thursday. On the other hand, Wednesday is the peak day for banking Trojans. Point-of-sale (POS) campaigns are sent almost exclusively on Thursday and Friday, while keyloggers and backdoors favor Mondays.
June 8, 2017
Read More


Employee burnout: the biggest workplace challenge in 2017
The biggest threat to building an engaged workforce in 2017 is employee burnout. a new study by Kronos and Future Workplace found 95 percent of human resource leaders admit employee burnout is sabotaging workforce retention, yet there is no obvious solution on the horizon.
January 10, 2017
Read More


Employees rely largely on personally owned mobile devices in the workplace
Mobile device adoption in the workplace is not yet mature, found a recent survey from Gartner. Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs.
November 30, 2016
Read More


Employees' bad security habits put businesses in danger
Employees have poor security practices and use completely unsecured private devices for work, putting their organizations at huge risk of cyber-attacks, a new report by WinMagic says. After polling workers in the UK, the report says more than four in ten (42 percent) use private devices for work, accessing corporate data and e-mail accounts.
December 9, 2016
Read More


Employees increasingly allowed to move data onto personal mobile devices
Corporate data governance programs are difficult to establish and enforce. for the most part, these programs lack the necessary people, processes and technology to effectively fend off security threats, data breaches, regulatory fines and lawsuits.
April 28, 2017
Read More


Employees working while on holiday open orgs to security risks
Many workers will feel the need to check-up on work emails while they are away from the office and enjoying a well-earned vacation. Unfortunately, by doing that, they can open organizations to many security risks.
July 27, 2017
Read More


Employment scams target recent college grads
As if the job market isn't hard enough to break into, rising seniors and recent college graduates are employment scam targets. In January, the FBI issued a warning that employment scams targeting college students are still alive and well.
March 7, 2017
Read More


Enable self-healing endpoint security with Application Persistence
In this podcast recorded at RSA Conference 2017, Richard Henderson, Global Security Strategist at Absolute Software, and Todd Wakerley, SVP of Product Development at Absolute Software, talk about Application Persistence.
March 7, 2017
Read More


Encrypt all the webpages: Let's Encrypt to offer wildcard certificates for free
Upgrade will allow even more webpages to be protected by HTTPS.
July 6, 2017
Read More


Encrypted messaging app Confide suffers from many security issues
Confide, the encrypted instant messaging application with a self-destructing messaging system that has become popular with White House staffers, is not so secure after all.
March 8, 2017
Read More


Encrypted webmail service Lavabit relaunched
Lavabit, the secure encrypted webmail service used by Edward Snowden, is back online.
January 23, 2017
Read More


Encryption ransomware hits record levels
The amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 up from 92 percent in Q1.
November 18, 2016
Read More


End the air gapping myth in critical infrastructure security
In an environment where we're seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections.
December 14, 2016
Read More


End-to-end email encryption with no central point of attack
A seamless, easy-to-use, and secure end-to-end encrypted business collaboration tool with no central point of attack is a holy grail for every business, and Boston-based security company PreVeil believes they have the right solution on hand.
June 15, 2017
Read More


Endpoint security is only one piece of the puzzle
Like many of you, I attended RSAC in February. Wading through the crowd of more than 43,000 people, I was interested to see how many new and improved endpoint security solutions were being touted by big-name vendors and newcomers alike.
March 21, 2017
Read More


Endpoint Protector 5: Responsive interface and updated eDiscovery module
CoSoSys released Endpoint Protector 5 with updates on the management console which has been redesigned for a modern, user-friendly and responsive experience.
June 6, 2017
Read More


Enhanced security facilitates your safe move to the cloud
If you haven't moved at least some of your data to the cloud, you will. it's inevitable at this point. Even the most highly secured organizations have some of their data on the cloud.
January 3, 2017
Read More


ENISA says crypto backdoors are a bad idea
"History has shown that technology beats legislation, and criminals are best placed to capitalise on this opportunity," the European Network and Information Security Agency (ENISA) noted in a recently released opinion paper on encryption.
December 14, 2016
Read More


Enterprise endpoint security: Millions of devices still running outdated systems
Duo Security analyzed the security health of 4.6 million endpoint devices, including 3.5 million mobile phones across multiple industries and geographic regions.
June 5, 2017
Read More


Enterprise security culture: Why you need it, and how to create it
Security awareness is a term that most information security professionals are familiar with -- security culture a little less so.
August 14, 2017
Read More


Enterprises face 3,680 potential phishing emails each week
GreatHorn analyzed more than 3.5 terabytes of data -- over 373 million corporate emails -- to gain insights into the sheer volume of email threats facing enterprises and the role of automated tools in helping them keep up with that challenge.
July 13, 2017
Read More


EPIC Complains To FTC About Google's Credit Card Tracking
You know Google tracks your online activities; did you know it also collects information about what you do offline? The Electronic Privacy Information Center (EPIC) has complained to the FTC about Google tracking in-store purchases and connecting that data to online actions.
July 31, 2017
Read More


Equipment already in space can be adapted for extremely secure data encryption
In a new study, researchers from the Max Planck Institute in Erlangen, demonstrate ground-based measurements of quantum states sent by a laser aboard a satellite 38,000 kilometers above Earth. This is the first time that quantum states have been measured so carefully from so far away.
June 19, 2017
Read More


ESET antivirus opens Macs to remote code execution
Like any other software, security software is sure to have some vulnerabilities that can be exploited by attackers.
February 28, 2017
Read More


Eternal Blues: A free EternalBlue vulnerability scanner
It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install -- on all their systems -- the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits.
June 30, 2017
Read More


EternalBlue vulnerability scanner statistics reveal there are exposed hosts worldwide
After the recent massive WannaCry ransomware campaign, Elad Erez, Director of Innovation at Imperva, was shocked at the number of systems that still sported the Microsoft Windows SMB Server vulnerabilities that made the attack possible.
July 12, 2017
Read More


EU says UK surveillance laws are illegal and not 'justified within a democratic society'
But whether or not the ruling will stick once the UK leaves the EU isn't clear
December 21, 2016
Read More


EU wants to increase privacy in WhatsApp, Gmail and iMessage by preventing unwanted tracking
Facebook, Apple and Google face a drop in ad revenue if EU proposals to apply the same rules to online messaging services that currently apply to telecoms companies go through. In a nutshell, the proposals suggest that the likes of WhatsApp, Gmail and iMessage should ask for explicit user permission to allow tracking with a view to delivering targeted ads.
January 10, 2017
Read More


European businesses not seeking help from the security industry ahead of GDPR
European research by PAC and Reliance acsn has outlined the challenges and concerns that security professionals across Europe are facing and how they approach the serious issue of outsourcing functions. One of the key findings of the report was that compliance and GDPR were not seen as important reasons for employing third party security firms, despite the need for detailed knowledge to comply with regulations.
May 4, 2017
Read More


European Commission chucks cash at UR -- the universal language of mind your own biz
Funding for French privacy browser -- and why not
June 27, 2017
Read More


European companies hit with highly customizable ransomware
Panda Security researchers have been following and analyzing ransomware attacks that have been targeting European business for a few months now, and have tied them to the same group.
April 3, 2017
Read More


European Institute for Computer Anti-Virus Research (EICAR)
leads task forces, organizes conferences, and publishes documents.
Provides Information
Read More


European Parliament Doubles Budget for 'Free' Software Audit and Bug Bounty Projects
The European Parliament approved a budget increase for auditing the open source software used by its institutions. the budget also covers a new bug bounty program, which is meant to encourage outside security researchers to report bugs in software that the European Union uses in its IT infrastructure.
December 1, 2016
Read More


European privacy advisor wants encryption without backdoors
"The confidentiality of online communications by individuals and businesses is essential for the functioning of modern societies and economies. the EU rules designed to protect privacy in electronic communications need to reflect the world that exists today," European Data Protection Supervisor (EDPS) Giovanni Buttarelli opined after reviewing a new proposal on the ePrivacy Directive.
July 29, 2016
Read More


Europol and GCA will fight cybercrime through the exchange of information
Europol and the Global Cyber Alliance (GCA) signed a Memorandum of Understanding (MoU) to cooperate on decreasing systemic cyber risk and improving internet security throughout Europe and beyond.
January 31, 2017
Read More


Europol terrorism investigations data found exposed online
700 pages of confidential dossiers, which included details about terrorism investigations in Europe, have been found exposed on the Internet by the reporters of Dutch TV documentary programme Zembla.
December 1, 2016
Read More


Evaluating artificial intelligence and machine learning-based systems for cyber security
All indicators suggest that 2017 is shaping up to be the year of artificial intelligence and machine learning technology for cyber security. As with most trends in our industry, the available protection solutions range from elegantly-designed platforms to clumsily-arranged offerings. The big problem is that many enterprise security teams cannot always tell the difference.
June 19, 2017
Read More


Even a cybersecurity firm can fall for a W-2 phishing scam
US Tax day (April 18) is quickly approaching, and scammers are hard at work to get what they can before the set tax season deadline.
March 19, 2017
Read More


Even the World's Largest Internet Companies Get Phished, Just Like your Grandma
If you've ever been duped by a phishing scam, you can feel a little less stupid about it today, because you've been joined in that sad club by Google and Facebook.
April 28, 2017
Read More


Event-driven architecture to become essential skill
Achieving broad competence in event-driven IT will be a top three priority for the majority of global enterprise CIOs by 2020, according to Gartner. Defining an event-centric digital business strategy will be key to delivering on the growth agenda that many CEOs see as their highest business priority.
July 12, 2017
Read More


Evernote employees will be able to read notes only if users allow it
Evernote has recently announced that, starting on January 23, 2017, Evernote users' unencrypted notes will be accessible to some Evernote employees.
December 16, 2016
Read More


Evolution of security operations from reactionary survival mode to forced sophistication
The most security-sensitive companies approach their job and their day with the default assumption that they have been hacked, and they set out to prove that important components of their environment are safe. Less security-sensitive companies approach each day with the assumption that they are clean, and start looking for breaches. Or, at least, that's Paul Farrell's experiences have taught him.
April 13, 2017
Read More


Ewind Android adware is actually a full-fledged Trojan
Palo Alto Networks researchers have analyzed a string of legitimate-looking Android apps and have discovered that the adware included in them has the potential to do much more than just show ads.
April 12, 2017
Read More


Executive spotlight: iovation's new Vice President of Product
Last week iovation announced that Dwayne Melancon was leaving Tripwire after 17 years and joining the company as the new Vice President of Product, so we decided to get in touch and see what are his future plans.
April 27, 2017
Read More


Expert tips for managing your cloud data
Networking, governance issues are key
April 3, 2017
Read More


Explained: Apple iCloud kept 'deleted' browser histories for over a year
Cupertino giant quickly purged supposedly dead files when word got out
February 9, 2017
Read More


Exploit for Windows DoS zero-day published, patch out on Tuesday?
A zero-day bug affecting Windows 10, 8.1, Windows Server 2012 and 2016 can be exploited to crash a vulnerable system and possibly even to compromise it.
February 3, 2017
Read More


Exploit revealed for remote root access vulnerability affecting many router models
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers.
April 11, 2017
Read More


Exploitable gSOAP flaw exposes thousands of IoT devices to attack
Researchers have unearthed a serious vulnerability in gSOAP, an open source, third-party code library used by thousands of IoT by many different manufacturers.
July 19, 2017
Read More


Exploring data security in the legal sector and beyond
BitSight analyzed the Security Ratings of more than 20,000 organizations in six industries -- Finance, Legal, Healthcare, Retail, Government and Energy. the objective was to highlight quantifiable differences in security performance across industries from the past 12 months and identify areas of cybersecurity risks.
December 9, 2016
Read More


Exploring trends in automated crypto trading
Despite the risks, many traders continue to be attracted to cryptocurrency trading due to the earning potential it offers. Sasha Ivanov, CEO of Waves, explains that the crypto market is inefficient, opportunities for arbitrage exist between exchanges, and the market is very volatile and unregulated with a constantly shifting landscape.
January 1, 2017
Read More


Explosive global attack delivers destructive Petya ransomware
Less than two months after the disastrous, global WannaCry infestation, a variant of the Petya ransomware dubbed PetrWrap has started hitting companies in Ukraine, Russia and Europe.
June 27, 2017
Read More


Exposed Verizon customer data could be a shortcut for hijacking many online accounts
Chris Vickery, director of cyber risk research at UpGuard, has discovered more sensitive information exposed on an unprotected "bucket' on an Amazon AWS server. This time it includes -- among other things -- the names, phone numbers, and account PINs of some 14 million Verizon customers.
July 12, 2017
Read More


Extensive shift to hybrid infrastructure services is underway
The growth of cloud and industrialized services and the decline of traditional data center outsourcing (DCO) indicate a massive shift toward hybrid infrastructure services, according to Gartner.
April 7, 2017
Read More


EyePyramid clears the way for future malware attacks
Several weeks ago, the release of court documents revealed a long-standing cyber espionage campaign aimed at Italian politicians and businesspeople, law firms, state institutions and law enforcement agencies, and many others.
February 1, 2017
Read More


Misc. - F

F-Secure buys industrial control security firm
Also locks down automotive and aviation electronics
February 16, 2017
Read More


F-Secure buys Little Flocker to combat macOS ransomware
Little Flocker enforces low-level access control to files and other sensitive resources like the webcam and microphone
April 6, 2017
Read More


Facebook and GitHub test new account recovery option
Facebook and GitHub have partnered to provide GitHub users who employ two-factor authentication an easier way to recover access to their account in case they get locked out of it.
January 31, 2017
Read More


Facebook Becomes the Latest Major Company to Support U2F Security Keys
The Universal 2nd Factor (U2F) standard designed by the Fast Identity Online (FIDO) Alliance gained Facebook as another important supporter.
January 26, 2017
Read More


Facebook gets physical for safer logins
Facebook has been offering the two factor authentication login option for a while now, and is now trying to make its use easier than ever before.
January 27, 2017
Read More


Facebook gets serious about the big bucks in TV shows
Facebook doubles down on its big bet to create homemade TV shows.
February 9, 2017
Read More


Facebook is still figuring out how to tackle fake news
Facebook realizes that "fake news" is a problem, but is still a long way from figuring out how to solve it. at CODE Media today, Facebook VP of partnerships Dan Rose said combatting fake news is "something that's really important to us," but acknowledged that the company is "just getting started" and "there's a lot of work we can do."
February 14, 2017
Read More


Facebook malware allegedly spreading celebrity sex tapes through Chrome extension
A new spam campaign has recently been seen spreading on Facebook, which allegedly contains sex videos of celebrities. In reality, it leads unsuspecting users into downloading a malicious Chrome extension.
December 9, 2016
Read More


Facebook moderators can inspect private messages of users suspected of terror links
Pressured by European governments, Facebook, Twitter and Google are trying to tackle the extremist propaganda and recruitment on their social networks and sites.
June 30, 2017
Read More


Facebook turns Safety Check over to its users
The world's largest social network won't be deciding what events warrant a Safety Check. you will.
November 17, 2016
Read More


Facebook, Google ban fake news sources from their ad networks
Despite Mark Zuckerberg's dismissive attitude regarding the claim that Facebook had an inappropriate impact on the US elections, the company has moved to bar sources of fake news from its Facebook Audience Network ads.
November 15, 2016
Read More


Fake DVLA SMS tricking UK residents into sharing payment card info
SMS messages made to look like they are coming from the Driver and Vehicle Licensing Agency (DVLA) are being flung at UK residents, in an attempt to trick them into sharing sensitive information.
April 3, 2017
Read More


Fake executive social media accounts threaten enterprises
New research has uncovered numerous duplicative Twitter and LinkedIn accounts among Fortune 500 leaders, raising concerns about potential security vulnerabilities.
November 16, 2016
Read More


Fake LinkedIn emails phishing job seekers
Fake LinkedIn emails are hitting inboxes, trying to get recipients to hand over their CVs.
April 18, 2017
Read More


Fake news services and tools proliferate on online markets
Fake news is not a new concept, but the Internet -- and social media and networks in particular -- have made it infinitely easier for it to spread and reach its target audience.
June 15, 2017
Read More


Fake Pornhub apps are spreading online to lock you out of your Android device
Be careful about streaming some of those sexytime videos online on your smartphone-- your device might just end up getting locked up and held hostage, but certainly not of the kinky sort.
February 22, 2017
Read More


Fake SEO plugin backdoors WordPress installations
Administrators of WordPress sites, beware! a fake SEO plugin is being used by attackers to compromise WP installations.
April 3, 2017
Read More


FalseGuide malware infects millions of Android users via Google Play
Malware is something of a recurring problem for Android users, and it seems as though Google is fighting a never-ending battle to keep the blight out of the play Store. the latest large-scale batch to be discovered takes the form of adware known as FalseGuide.
April 26, 2017
Read More


Family dynamics in a connected world
A new global study by Intel Security aims to better comprehend how families' attitudes and habits are evolving as their homes and lifestyles become increasingly connected.
January 24, 2017
Read More


FBI allays some critics with first use of new mass-hacking warrant
Judge authorized order allowing US to change data in thousands of infected devices.
April 24, 2017
Read More


FBI didn't need warrant for stingray in attempted murder case, DOJ says
Prosecutors: "signals emitted from a phone are... not by their nature private."
July 12, 2017
Read More


FBI unmasks Tor-using suspected sextortionist
A California man that stands accused of sextortion, producing child pornography, and threats of mass violence has been identified by the FBI through the use of a so-called Network Investigative Technique (NIT) embedded in a video file.
August 9, 2017
Read More


FBI wants US businesses to stop using Kaspersky software
The FBI has admitted that it is actively discouraging businesses to not use security products from Kaspersky Lab.
August 25, 2017
Read More


FCC says its cybersecurity measures to prevent DDoS attacks must remain secret
The FCC has provided a few -- very few -- details of the steps it has taken to prevent attacks like the one that briefly took down its comment system in May. The agency has faced criticism over its secrecy regarding the event, and shows no sign of opening up; citing "the ongoing nature of the threats," to reveal its countermeasures would "undermine our system's security."
July 31, 2017
Read More


FCC says its specific plan to stop DDoS attacks must remain secret
Revealing technical details would "undermine our system security," FCC says.
July 31, 2017
Read More


FCC to halt rule that protects your private data from security breaches
FCC chair plans to halt security rule and set up vote to kill privacy regime.
February 24, 2017
Read More


FCC: We could tell you our cybersecurity plan... but we'd have to kill you
Despite Pai on face, US federal regulator keeps digging DDoS BS hole
August 2, 2017
Read More


FCC's claim that it was hit by DDoS should be investigated, lawmakers say
FCC hasn't shown proof that it was attacked, Democrats say in call for probe.
August 17, 2017
Read More


FDA urges patients to implement patch to secure their cardiac implants
Patients who have been implanted with pacemakers and defibrillators manufactured by US-based St. Jude Medical are urged to make sure that their Merlin@home Transmitter unit is plugged in and connected to the Merlin.net network, so that it can receive a critical security patch.
January 12, 2017
Read More


Featured talks at the upcoming Hack In the Box Security Conference
The 8th annual Hack In the Box Security Conference in Amsterdam will feature brand new 2 and 3-day hands-on technical trainings covering a wide variety of topics from Linux kernel exploitation techniques to advanced malware analysis and more.
January 9, 2017
Read More


Fighting attackers in the era of data jacking
In this podcast recorded at RSA Conference 2017, Zohar Alon, CEO at Dome9 Security, talks about how attackers can compromise systems with valuable data that are either on-prem or in the cloud, how they can monetize them, and what we as security vendors and security professionals can do in order to prevent them.
March 8, 2017
Read More


Fighting sophisticated phishing threats during the digital revolution
In this podcast recorded at RSA Conference 2017, Damien Hugoo, Director of Product Marketing at Easy Solutions, talks about what organizations can do in order to take a proactive approach in defending employees and users against phishing attacks.
March 2, 2017
Read More


Fileless attack framework was used in many recent attacks
In the last month or so, a number of security companies spotted attackers targeting a variety of organizations around the world with spear-phishing emails delivering PowerShell backdoors (some of them fileless), misusing legitimate utilities, and communicating with C&C servers through DNS traffic.
March 17, 2017
Read More


Fileless Powershell malware uses DNS as covert communication channel
DNSMessenger is a multistage threat written in Powershell that uses DNS for two-way communication with attackers
March 3, 2017
Read More


Final warning: Popular browsers will soon stop accepting SHA-1 certificates
Starting with Chrome 56, planned to be released to the wider public at the end of January 2017, Google will remove support for SHA-1 certificates. other browser makers plan to do the same.
November 17, 2016
Read More


Finally, enterprise-wide encryption strategies increase!
New research by the Ponemon Institute captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their most sensitive data.
April 14, 2017
Read More


Fine-tuning the SOX compliance process
The annual Sarbanes-Oxley (SOX) Compliance Survey released by Protiviti reveals a new set of challenges facing public companies amid their compliance efforts.
June 14, 2017
Read More


Fingbox: Network security and Wi-Fi troubleshooting
Fingbox allows you to secure and troubleshoot your home network. It plugs in to your existing router, alerting you when it senses anything out of the ordinary -- from new devices on your network, changes in your Internet performance, or unidentified devices that could be an unwelcome intruder.
November 24, 2016
Read More


Fireball malware infected 250 million computers worldwide
Check Point researchers discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, named Fireball, takes over target web browsers, turning them into zombies.
June 1, 2017
Read More


Firefox 0-day exploited in the wild to unmask Tor users
An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser users.
November 30, 2016
Read More


Firefox 51 starts flagging HTTP login pages as insecure
Mozilla has released Firefox 51 on Tuesday, and this latest stable version of the popular browser comes with many security fixes and improvements.
January 25, 2017
Read More


Firefox Focus: Private iOS browsing made easy
Mozilla has released Firefox Focus, an iOS app that lets you browse the Internet without having to worry who's tracking your online activity.
November 18, 2016
Read More


First post-quantum cryptography on a contactless security chip
Due to their computing power, quantum computers have the disruptive potential to break various currently used encryption algorithms. Infineon Technologies has successfully demonstrated the first post-quantum cryptography implementation on a commercially available contactless security chip, as used for electronic ID documents.
May 30, 2017
Read More


Five crucial ways to help keep a system safe from harm
We're living in an incredible age of technology, invention and innovation. It's hard to imagine that just a short time ago we couldn't order groceries for delivery from our phones, or ask into the air any question, to be answered immediately by a robot sitting on a countertop. "Okay, Google -- what do I have to do today?"
July 6, 2017
Read More


Five emerging technology trends essential to business success
People hold the power to shape and apply technology to create positive change, improve lives, and transform business and society, according to Accenture Technology Vision 2017, the annual technology report that predicts the most significant technology trends that people will apply to disrupt business over the next three years.
January 27, 2017
Read More


Five ways to prevent data leaks
The story still strikes fear into the hearts of IT departments: as many as 70 million credit- and debit card accounts were compromised in less than a month during the Target data breach.
February 13, 2017
Read More


Fix crap Internet of Things security, booms Internet daddy Cerf
Don't just fling unsecured open source OSes at world+dog, father of the Internet begs
March 21, 2017
Read More


Flashlight app on Google play delivered highly adaptable banking Trojan
A modified version of the Charger mobile ransomware has been downloaded from Google play by up to 5,000 users.
April 20, 2017
Read More


Flaws in Moodle CMS put thousands of e-learning websites at risk
The vulnerabilities could allow attackers to gain administrative privileges and execute malicious PHP code on web servers
March 21, 2017
Read More


Flaws in Moodle CMS put thousands of e-learning websites at risk
The vulnerabilities could allow attackers to gain administrative privileges and execute malicious PHP code on web servers
March 21, 2017
Read More


Flaws in web-connected, radiation-monitoring kit? What could go wrong?
Ripe target for ne'er-do-wells...
July 28, 2017
Read More


Florida court's schizophrenic rulings throw mobe passcode privacy into doubt
Jail for one, pass for so-called celebs in sex tape case
May 31, 2017
Read More


For timely vulnerability information, unofficial sources are a better bet
From over 12,500 disclosed Common Vulnerabilities and Exposures (CVEs), more than 75% were publicly reported online before they were published to the NIST's centralized National Vulnerability Database (NVD), Recorded Future researchers have found.
June 7, 2017
Read More


Forget about the malware, go after attackers' tactics, techniques and procedures
The cybercriminal's options for monetizing attacks has never been broader, less complex, or less risky, and attempts to detect intrusions by detecting the malware they use has never been more pointless, a study commissioned by Arbor Networks has revealed.
June 22, 2017
Read More


Former Expedia IT support worker gets prison time for hacking execs' emails, insider trading
A IT support technician formerly employed at Expedia offices in San Francisco was sentenced to 15 months in prison for securities fraud, plus three years supervised release.
April 26, 2017
Read More


Former Expedia IT support worker spied on company executives
A computer support technician formerly employed at Expedia offices in San Francisco pleaded guilty to securities fraud. Jonathan Ly, 28, admitted he used his position in tech support at Expedia to access emails of Expedia executives so that he could trade in Expedia stock and illegally profit from non-public information.
December 6, 2016
Read More


Former NSA techies raise $8m for their data governance startup
Immuta to free up data scientists in 'highly regulated' environments
February 16, 2017
Read More


Foscam IP cameras riddled with gaping security holes
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months ago, Foscam has still not fixed the issues.
June 8, 2017
Read More


Fostering a safe place for businesses to work in
It's no secret that in the past few years, business leaders have begun to realise the potential of digital transformation to give their organisation a competitive edge. Through driving productivity, empowering staff and creating engaging experiences for customers; investing in digital technology has become a number one priority for businesses looking to secure their place in our digital tomorrow.
June 22, 2017
Read More


Fraudsters accessed Three UK customer database with authorised credentials
Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three's status report on the investigation, the attackers were able to access the company's customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones.
November 18, 2016
Read More


Friction matters: Data security lessons from Snapchat and Google
In this podcast recorded at RSA Conference 2017, Grant Shirk and Veliz Perez, Head of Product Marketing and Product Marketing Manager at Vera respectively, talk about how the need to protect confidential data extends past the borders of your business.
February 28, 2017
Read More


FTC Awards $25,000 Prize To App Designed To Make Your Stuff's Security Suck Less
Your stuff may be increasingly "smart," but the security on it almost certainly isn't. If something of yours connects to the internet, it can be hacked -- leaving your private data vulnerable, and potentially sweeping your stuff into an international criminal botnet. Now, the FTC is awarding a cash prize to a developer who's designed an app to hopefully help you make your stuff more secure.
July 26, 2017
Read More


FTC goes after D-Link for shoddy security in routers, cameras
Security experts have been warning about the dangers of poorly secured IoT products.
January 5, 2017
Read More


FTC: D-Link Failed to Secure Routers, IP Cameras
The Federal Trade Commission (FTC) filed a complaint against D-Link saying the company failed to secure its routers and internet-connected cameras.
January 6, 2017
Read More


FTSE companies lack secure data collection methods
With less than a year remaining until the commencement of the GDPR, new research reveals that more than one-third of all public web pages of FTSE 30 companies capturing personally identifiable information (PII) are in danger of violating the regulation by doing so insecurely.
June 2, 2017
Read More


Misc. - G

Game Of Thrones Leaks Continue In Ongoing HBO Hack
Be wary of spoilers.
August 8, 2017
Read More


Game Of Thrones Reportedly Target Of Cyber Attack On HBO
Hackers are coming.
July 31, 2017
Read More


Gaming the system for a better experience
I play a lot of video games and one of the things I've noticed is that when you first start playing, the game often keeps you from venturing into places where you're likely to fail. Sometimes, this comes in the form of an obstacle you can't pass unless your character has achieved a higher level of ability, sometimes it's a guardian that won't let you into an area with tougher challenges, and so forth.
August 21, 2017
Read More


Gartner identifies top technologies for information security
Gartner highlighted the top technologies for information security and their implications for security organizations in 2017.
June 14, 2017
Read More


GDPR requirements: Five high-priority actions
The European General Data Protection Regulation (GDPR) will have a global impact when it goes into effect on May 25, 2018. Gartner predicts that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
May 3, 2017
Read More


Generational differences increase security risks
There are two major IT security risks that enterprises need to prepare for -- Millennials and the impending General Data Protection Regulation (GDPR).
April 6, 2017
Read More


German Android users bombarded with banking malware masquerading as legitimate apps
Fortinet researcher Kai Lu warns of a fake email app that is capable of stealing login credentials from 15 different mobile banking apps for German banks.
November 21, 2016
Read More


German consumer groups sue WhatsApp over privacy policy changes
The Federation of German Consumer Organizations wants WhatsApp to stop passing users' contact lists to its parent company, Facebook
January 30, 2017
Read More


German court upholds WhatsApp-Facebook data transfer ban
But the court overturned the privacy regulator's order that the companies delete data they had already transferred
April 26, 2017
Read More


German law enforcement gets new hacking powers
On Thursday, the Bundestag has voted to accept a new amendment that will expand the German police's hacking powers.
June 26, 2017
Read More


Germans, Czechs served with banking malware through SMS
German and Czech Android users are getting served with a banking Trojan directly through text messages, warns malware researcher Bart Blaze.
February 28, 2017
Read More


Getting a start on cyber threat hunting
In this age of advanced persistent threats, waiting for traditional threat management solutions like IDS and SIEM to flag incidents and threats is simply not enough anymore.
August 28, 2017
Read More


Getting the most out of your SIEM investment
Over the last 10-15 years, many organizations built Security Operations Centers (SOCs) on the backbone of security information and event management (SIEM) solutions. These systems capture all of an enterprise's data, logs and events in one place, and provide a rules-based system to flag suspicious events.
July 11, 2017
Read More


Global biometrics market revenue to reach $15.1 billion by 2025
The biometrics market has reached a tipping point. Driven largely by the confluence of organizations' desires to better authenticate or identify users and users' distaste for knowledge-based systems (password and challenge questions), biometrics is working its way into consumer, industrial, and government systems at an increasing pace.
February 7, 2017
Read More


Global cloud security market to reach $13.93 billion by 2024
The cloud infrastructure has witnessed a significant growth in recent years and its popularity can be attributed to the on-demand services, scalability and flexibility, and the cost effective solutions it offers to organizations. the global cloud security market is expected to reach $13.93 billion by 2024, according to Grand View Research.
March 1, 2017
Read More


Global cyber-attack could reportedly cost around $53 billion, or even worse
A massive global cyber-attack could bring around $53 billion in economic losses, making it on par with natural disasters like Hurricane Sandy and Katrina, according to a recent report.
July 17, 2017
Read More


Global data privacy laws: the #1 cross-border e-discovery challenge
In the year since the EU's rejection of Safe Harbor, there has been a spike in legal concern over cross-border data transfers, according to a survey by BDO Consulting.
January 23, 2017
Read More


Global DMARC adoption still slow, it's open season for phishers
92 percent of U.S. Fortune 500 companies have left their customers, partners and brand names vulnerable to domain name spoofing, one of the most common digital deception attack vectors, according to Agari.
August 23, 2017
Read More


Global geopolitical changes driving encryption adoption
Recent global geopolitical changes have made more people and organizations than ever worry about the privacy of their data, and consider increasing their use of encryption to ensure their data is kept safe.
February 17, 2017
Read More


Gmail gains new machine learning models to block phishing and spam messages
Google has just pushed a major security update to Gmail, which is supposed to block phishing, one of the most common ways to obtain sensitive information like passwords, credit card details or usernames.
May 31, 2017
Read More


Gmail will block JavaScript attachments, a common source of malware
In February, the .JS file extension will be added to a list of 31 file types that Gmail already blocks
January 26, 2017
Read More


GnuPG developers start new fundraising effort
Werner Koch and his team of GnuPG developers are asking for funding for the continued development of the popular free email and data encryption software.
June 7, 2017
Read More


Good news: Samsung's Tizen no longer worst code ever. Bad news: It's still pretty awful
TVs, phones, watches, you all get Sammy's bugs
July 12, 2017
Read More


Goodness gracious, great Chinese 'Fireball' malware infects 250m systems worldwide
Researchers finger digital marketing agency Rafotech
June 2, 2017
Read More


Google Abandons 'End-To-End' Email Encryption Project, Invites Community to Take It Over
Google announced that the "End-to-End" email browser extension project it started three years ago is no longer a "Google project," and that the community is invited to take it over because the project "has left the nest." the company also renamed the End-to-End project "E2EMail."
February 27, 2017
Read More


Google adds bolder warnings to lessen risk of unverified apps
The tech giant introduces more security protections in the wake of the Google Docs phishing scam in May.
July 18, 2017
Read More


Google adds phishing protection to Gmail app on Android
Gmail users will now be protected from phishing attacks on their Android phones thanks to a new update from Google. the company is rolling out a new security feature similar to that found in the web version of Gmail, warning people when an email contains a suspicious link.
May 4, 2017
Read More


Google Allo now works seamlessly with Android Auto
Now you can use one of Google's least popular messaging apps to send messages while driving.
March 8, 2017
Read More


Google and Dutch Researchers Demonstrate Broken SHA-1 Web Security
Google this week announced that Shell Hashing Algorithm-1 (SHA-1) has been broken.
February 24, 2017
Read More


Google and Facebook scammed out of over $100 million
No matter how big you are, you are never safe on the Internet. There are many proofs of this statement but one of the latest is a case in which Google and Facebook were named as victims of a huge, multi-million scam. According to Fortune, the two technological giants lost over $100 million over the course of two years because of a well prepared phishing attack.
April 28, 2017
Read More


Google announces Security Key-Enforced Two-Step Verification for G Suite
Google announced a new option for companies that use its G Suite services (Gmail, Google Drive, etc), which will allow IT administrators to enforce the two-factor authentication based on U2F (Universal 2nd Factor) security keys.
February 2, 2017
Read More


Google Chrome remote code execution flaw detailed, PoC released
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome.
August 17, 2017
Read More


Google Chrome's HTTPS ban-hammer drops on WoSign, StartCom in two months
Substandard certs, already in partial exile, soon to be shunned completely
July 7, 2017
Read More


Google Cloud Platform gets a range of security improvements
Google has announced a series of additions to its Cloud Platform infrastructure. These aim to boost overall security and ensure that a user or company's assets are protected.
March 10, 2017
Read More


Google CTF 2017 announced: Test your skills!
Google has announced the 2017 edition of its Capture The Flag (CTF) competition.
June 5, 2017
Read More


Google details how it clamped down on massive phishing scam
The company shut down the attack, which masked itself as a Google Doc invitation, within an hour.
May 5, 2017
Read More


Google discloses unpatched IE flaw after Patch Tuesday delay
The flaw might lead to arbitrary code execution, researchers say
February 24, 2017
Read More


Google Docs phishing attack underscores OAuth security risks
One security researcher easily managed to replicate Wednesday's phishing attack
May 4, 2017
Read More


Google Docs Phishing Scam Stopped, But don't Let your Guard Down Yet
A couple days ago, some Google users reported an advanced phishing scam involving Google Docs. the scam starts by sharing a Google Doc with a Gmail users, which then took users to a real Google Doc page to select their account.
May 5, 2017
Read More


Google floats prototype Key Transparency to tackle secure swap woes
Google has released an open-source technology dubbed Key Transparency, which is designed to offer an interoperable directory of public encryption keys.
January 13, 2017
Read More


Google found over 1,000 bugs in 47 open source projects
In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it's ready to integrate even more of them.
May 9, 2017
Read More


Google G-Suite spotted erecting stiff member vetting tool
App verification signage aims to give phishing the finger
July 18, 2017
Read More


Google game teaches kids about online safety
Talking to kids about online safety is a difficult undertaking for many adults, and making the lessons stick is even harder.
June 9, 2017
Read More


Google Groups misconfiguration leads to sensitive data leaks
If your employees are using Google Groups to discuss issues and ideas, you might want to check whether the sharing setting for these groups is set to "Private".
July 25, 2017
Read More


Google Infrastructure Security Design Overview
Google has a global scale technical infrastructure designed to provide security through the entire information processing lifecycle at Google. this infrastructure provides secure deployment of services, secure storage of data with end user privacy safeguards, secure communications between services, secure and private communication with customers over the internet, and safe operation by administrators.
January 16, 2017
Read More


Google Intros 'Protect your Election' Security Toolkit
It's easier than ever to spy on journalists, take down political websites, and otherwise use cyber attacks to help influence an election. now Google and Jigsaw have introduced the Protect your Election tool suite to help election-related organizations, politicians, and journalists defend themselves from those attacks.
March 21, 2017
Read More


Google Intros Unverified App Warnings To Make Up For OAuth's Flaws
Google announced that it will soon warn users when unverified apps request access to their accounts. This change, like other improvements the company has made in recent months, is likely a continued response to the mass phishing attack that affected roughly 1 million people in May.
July 18, 2017
Read More


Google introduces new protections to prevent app-based account compromise
Google has implemented new protections that should considerably reduce the risk of potentially malicious apps gaining control of users' Google account.
July 19, 2017
Read More


Google is fighting with Symantec over encrypting the internet
Google, which has accused Symantec and its partners of misissuing tens of thousands of certificates for encrypted web connections, quietly announced Thursday that it's downgrading the level and length of trust Chrome will place in certificates issued by Symantec.
March 27, 2017
Read More


Google is winding up Gmail support for older Chrome versions
Chrome users that, for whatever reason, can't or don't want to update to the latest version of the browser will soon start seeing warnings when they access Gmail.
February 6, 2017
Read More


Google just dodged a privacy lawsuit by scanning your emails a tiny bit slower
The company won't do ad scans until after a message hits your inbox
December 14, 2016
Read More


Google launches its own Root Certificate Authority
Google is known for slipping fingers in many pies, so it should not come as a surprise that it has opted for starting its own Root Certificate Authority.
January 30, 2017
Read More


Google launches new security features to protect users from unverified apps
Google has been steadily adding new security features for its G Suite users over the course of the last few months, including new anti-phishing tools and OAuth apps whitelisting, as well as an enhanced app review process. Today, it's adding another layer on top of this with the launch of a new "unverified app" screen for new web applications and Apps Scripts.
July 18, 2017
Read More


Google mistakes the entire NHS for massive cyber-attacking botnet
Hospitals advised to use Bing instead
February 1, 2017
Read More


Google offers app to help companies assess their vendors' security
The app contains questions for assessing Web application security, infrastructure security, data center security and privacy
March 8, 2016
Read More


Google open sources vendor security review tool
Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture.
March 8, 2016
Read More


Google Outs Windows Vulnerability After Missed Deadline
Google disclosed a Windows vulnerability that could allow someone to collect sensitive information via Internet Explorer and other software. the bug was originally shared with Microsoft in November, and it's been publicly revealed now because Google's discloses threats 90 days after they were reported.
February 22, 2017
Read More


Google phishing attack was foretold by researchers--and it may have used their code
A potential threat from spoofing Google applications was cited in 2011.
May 5, 2017
Read More


Google Play Protect scans for malicious apps
By now, many Android users that have the Google Play Store app on their devices should be able to find Google Play Protect in it.
July 24, 2017
Read More


Google plugs 19 holes in newest Android security update
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical.
March 8, 2016
Read More


Google plugs serious Nexus vulnerability in latest security update
January security bundle brings a fix for a 'high-severity vulnerability' that was uncovered in the Nexus 6 and 6P.
January 9, 2017
Read More


Google project has small name but tackles big security issue
Project Wycheproof, named after the smallest mountain in the world, lets developers quickly check their cryptographic libraries against a large number of known attacks.
December 19, 2016
Read More


Google Project Zero Finds Windows Vulnerabilty, "Worst in Recent Memory"
Google's Project Zero has found yet another critical Windows Vulnerability, this time going so far as to call it "Crazy Bad" in a lone tweet by Google security researcher Tavis Ormandy. Tavis went on to elaborate that the vulnerability "works against a default install, [you] don't need to be on the same LAN, and it's wormable."
May 8, 2017
Read More


Google Project Zero security researchers discover 'crazy bad' Windows exploit
Google's Project Zero identifies bugs and security flaws in commonly used software, and gives firms 90 days to patch them before going public. this is an approach which doesn't always go down well -- a case in point being when Google recently released details of a Windows bug after Microsoft failed to patch it in time.
May 8, 2017
Read More


Google publishes details of Windows bug after Microsoft misses 90-day Project Zero disclosure deadline
Google's Project Zero has proved controversial on several occasions already, with the search giant publicly revealing details of software bugs when companies fail to fix them. now the project has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made available for everyone to see -- and exploit.
February 20, 2017
Read More


Google publishes eight national security letters
Have you ever wondered what a national security letter (NSL) received by Google looks like? Well, wonder no more, as the Internet giant has published eight of them.
December 14, 2016
Read More


Google pulls 500+ backdoored apps from Google Play
Security researchers have identified over 500 apps on Google Play containing an advertising software development kit (SDK) called Igexin, which allowed covert download of spying plugins.
August 23, 2017
Read More


Google pushed developers to fix security flaws in 275K Android apps
Over 90,000 developers acted based on alerts issued through the Google play App Security Improvement program
January 20, 2017
Read More


Google releases details, PoC exploit code for IE, Edge flaw
As were impatiently waiting for Microsoft to patch vulnerabilities that were scheduled to be fixed in February, Google has released details about a serious vulnerability in the Internet Explorer and Edge browsers.
February 27, 2017
Read More


Google reports "high-severity" bug in Edge/IE, no patch available
String of unpatched security flaws comes after February Patch Tuesday was canceled.
February 27, 2017
Read More


Google researcher uncovers another RCE in Microsoft Malware Protection Engine
Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which powers a number of the company's antivirus and antispyware software.
June 27, 2017
Read More


Google researchers help test cryptographic flaws
The new project provides more than 80 tests for common cryptographic attacks
December 20, 2016
Read More


Google reveals its servers all contain custom security silicon
Even the servers it colocates (!) says new doc detailing Alphabet sub's security secrets
February 3, 2017
Read More


Google reveals yet another vulnerability in Microsoft's software, this time in Edge and IE
Google's Project Zero research team has actively been detecting vulnerabilities in Microsoft's software products for quite some time. back in November 2016, it revealed a "particularly serious" security flaw in Windows 10 just ten days after detailing it to Microsoft - for which it received lots of backlash. Just a few days ago, it disclosed yet another vulnerability in Windows, however, this time after its standard 90-day deadline had passed.
February 27, 2017
Read More


Google rewards student with $10,000 for reporting security flaw
Google has rewarded a high school student with $10,000 after he found a security flaw that could have been utilized by hackers to access and steal confidential data.
August 16, 2017
Read More


Google rolls out Play Protect security tool
Google is looking to take the fight against Android malware and harmful apps with the roll-out of its latest mobile security platform.
July 24, 2017
Read More


Google security researcher reportedly discovers 'crazy bad' vulnerability in Windows
Google's security researchers regularly try to discover vulnerabilities in the company's own software products, as well as those developed by other firms, such as Microsoft and Apple. These efforts are part of Google's Project Zero initiative through which it informs other companies about the vulnerability present in their software products, allowing them 90 days to fix the issue, before details are publicly disclosed.
May 8, 2017
Read More


Google shifts on email encryption tool, leaving its fate unclear
Despite announcing it almost three years ago, Google hasn't officially put the tool on the Chrome Web Store.
February 27, 2017
Read More


Google to cough up $20m after Chrome rips off anti-malware patents
Actual residents of Texas Eastern District prevail
February 13, 2017
Read More


Google to sanction Symantec for misissuing security certificates
In a post on a developers' forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google's plan to start gradually distrust all existing Symantec-issued certificates, and push for their replacement with new, fully revalidated certificates that will be compliant to the current baseline requirements.
March 24, 2017
Read More


Google Tries to Advance IoT Security with Android Things
Someone might finally have found a way to make the Internet of Things (IoT) less of a threat. Google released a developer preview of Android Things, an Android-based platform, and updated Weave to make it easier for companies to produce and maintain IoT products. this could in turn make those connected gadgets--and therefore the internet as a whole--more secure than they have been in the past.
December 13, 2016
Read More


Google updates its Container Engine with a focus on security
Google today announced the latest updates to its Google Container Engine, its service for running Kubernetes-based software containers in its cloud. Like with previous releases, this update brings the Container Engine, or GKE, as Google calls it (where the 'K' stands for Kubernetes), up to date with the latest updates from the Kubernetes project.
July 12, 2017
Read More


Google wants you to upgrade to (its) better two-factor authentication
Two-factor authentication is still the best way to keep yourself safe from password breaches, but some 2FAs are better than others.
July 14, 2017
Read More


Google warns journalists and professors: your account is under attack
A flurry of social media reports suggests a major hacking campaign has been uncovered.
November 23, 2016
Read More


Google's Android hacking contest fails to attract exploits
The $200,000 bounty Google offered to hack its Android OS was not enough to tempt researchers.
March 31, 2017
Read More


Google's Data Handling Practices Force Company to Turn Over Foreigner's Data
Recently, a court said that Google must hand over the data of a number of its non-American users that was stored overseas. the company moved to quash the order, arguing that because the data was stored abroad, it doesn't have to comply with U.S. data requests. However, magistrate judge Laurel Beeler rejected Google's objections.
April 21, 2017
Read More


Google's plan to foil screen-hijacking malware in Android O
74% of ransomware, 57% of adware, and 14% of banker malware abuse a specific app permission to target nearly 40 percent of all Android users -- by overlaying screens, displaying fraudulent ads and phishing scams over apps.
May 10, 2017
Read More


Google's Project Zero reveals vulnerability in Internet Explorer and Microsoft Edge
Google's Project Zero has exposed another security flaw in Microsoft software – this time in Internet Explorer and Microsoft Edge. as reported by the Register, the flaw was first disclosed to Microsoft on November 25, but has now gone public after exceeding Project Zero's 90-day disclosure deadline without a patch.
February 27, 2017
Read More


Google's whack-a-mole with Android adware continues
Why can't Google put a stop to adware on their official Android app marketplace? The analysis by Trend Micro researchers of a Trojan Android ad library dubbed Xavier tells the story.
June 19, 2017
Read More


Google, Facebook Victims of $100M Phishing Scam
It's easier to con someone than to take whatever you want from them with brute force. That's why phishing scams, which rely on trickery instead of technical skill, can be so effective. Convincing someone at Google to pay you tens of millions of dollars is relatively easy compared to compromising the systems used to handle that money. and that's how someone managed to bilk roughly $100 million from Google and Facebook via email fraud.
April 28, 2017
Read More


Google, Microsoft bump bug bounties
Googles' rise is permanent, Microsoft wants you to give Office 365 a beating
March 6, 2017
Read More


Google, Microsoft increase bug bounties
Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products.
March 6, 2017
Read More


Gooligan Android malware used to breach a million Google accounts
Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts.
November 30, 2016
Read More


Gooligan worms its way into Android phones, compromises one million Google accounts
The malware uses your Google account to download and boost ratings of Google play apps.
November 30, 2016
Read More


Governments are behind on data encryption in the public cloud
A HyTrust survey of 59 government and military organizations found that nearly 20 percent of those respondents do not implement data security or encryption solutions in the public cloud.
December 6, 2016
Read More


GPS Act Aims to Stop Warrantless Smartphone Tracking Done with Cell-Site Simulators
Senators Ron Wyden, Rep. Jason Chaffetz, and Rep. John Conyers, Jr., introduced the Geolocation Privacy and Surveillance (GPS) Act to stop law enforcement from using cell-site simulators to track anyone they want without first obtaining a warrant.
February 16, 2017
Read More


Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars
Musk's lot better get on this
November 24, 2016
Read More


Growing risk associated with mobile and IoT application security
Despite widespread concern about the security of mobile and Internet of Things applications, organizations are ill-prepared for the risks they pose, according to research conducted by the Ponemon Institute.
January 19, 2017
Read More


Growth rates of cryptographic keys and certificates
A new study conducted by Dimensional Research evaluated current and projected growth rates of cryptographic keys and digital certificates in the enterprise for 2016 and 2017. Study respondents included 505 IT professionals that manage these critical cryptographic assets in the U.S., U.K., France and Germany.
December 16, 2016
Read More


Guccifer 2.0, alleged Russian cyberspy, returns to deride U.S.
Guccifer 2.0 claimed he was behind the DNC hack back in June
January 13, 2017
Read More


Guidance for connected vehicle security: Attack vectors and impacts
The Cloud Security Alliance (CSA) released its first ever research and guidance report on connected vehicle security. Authored by the CSA's Internet of Things (IoT) Working Group, "Observations and Recommendations on Connected Vehicle Security' provides a comprehensive perspective on vehicle security connectivity design, possible attack vectors of concern, and recommendations for securing the connected vehicle environment.
May 26, 2017
Read More


Misc. - H

Hack Attack on Dallas Emergency System Sets Off Every Warning Siren In the City
The city of Dallas is apologizing to residents for a hack attack that set off 156 of the city's emergency sirens late on Friday night, jolting folks awake and scaring the bejeezus out of people.
April 10, 2017
Read More


Hack brief: dangerous 'Fireball' adware infects a quarter billion PCs
Adware that infects your computer to display pop-ups is an annoyance. But when it infects as many as one in five networks in the world, and hides the capability to do far more serious damage to its victims, it's an epidemic waiting to happen.
June 2, 2017
Read More


Hack brief: 'devil's ivy' vulnerability could afflict millions of IOT devices
The security woes of the internet of things stem from more than just connecting a bunch of cheap gadgets to a cruel and hacker-infested internet. Often dozens of different vendors run the same third-party code across an array of products. That means a single bug can impact a startling number of disparate devices. Or, as one security company's researchers recently found, a vulnerability in a single internet-connected security camera can expose a flaw that leaves thousands of different models of device at risk.
July 18, 2017
Read More


Hack In the Box announces keynotes for 2017 Amsterdam event
Hack In the Box announced an exciting line-up for its annual security conference taking place in Amsterdam on April 13th and 14th. Groundbreaking security research covering new exploit methodology and several zero-days, will be disclosed during the event. These disclosures affect a wide range of technologies from network and mobile security implementations, payment systems, to web browsers and more.
March 16, 2017
Read More


Hack of emergency siren system kept Dallas citizens up for hours
When 156 emergency sirens in Dallas started wailing around midnight last Friday, the city's 911 line was flooded with calls by panicked citizens who wanted to know what was going on, and whether the city was under attack.
April 10, 2017
Read More


Hack reveals data company Cellebrite works with everyone from US cops to Russia
Cellebrite unaware of "increased risk to customers as a result of this incident."
January 12, 2017
Read More


Hackable smart car wash systems can hurt people
Two years after researchers Billi Rios and Terry McCorkle first flagged serious vulnerabilities in automatic, smart car wash systems by US manufacturer PDQ, the company is finally acknowledging the danger.
July 28, 2017
Read More


Hacked cheating site Ashley Madison will pay $1.6 million to FTC for breach
Commission settlement officially $17.5 million, but fine reduced due to inability to pay.
December 14, 2016
Read More


Hacked HBO episodes and 'Game Of Thrones' script leak online
Hackers targeting HBO have allegedly posted episodes at least two series, as well as a script for next week's "Game Of Thrones."
July 31, 2017
Read More


Hacked robots can be a deadly insider threat
IOActive researchers have probed the security of a number of humanoid home and business robots as well industrial collaborative robots, and have found it seriously wanting.
August 22, 2017
Read More


Hacker breached 60+ unis, govt agencies via SQL injection
A hacker tied to the November 2016 penetration of the US Election Assistance Commission and subsequent database sale has successfully targeted 60+ government agencies and universities by leveraging the same attack method: SQL injection.
February 16, 2017
Read More


Hacker breaks into Harvard student paper to troll Mark Zuckerberg
Ahead of Zuck's commencement speech for the class of 2017
May 25, 2017
Read More


Hacker Claims To Be Holding HBO Data For Ransom
The saga around a recent hack attack at HBO just keeps getting deeper. Now, hackers that claim to have a whole lot of unreleased programming and potentially embarrassing internal documentation are saying they might not release it... if HBO pays them big bucks to stay quiet.
August 8, 2017
Read More


Hacker Phineas Fisher arrested in Spain?
Has Phineas Fisher, the person (or group) behind the Gamma International and Hacking Team breaches and data leaks, been caught?
February 1, 2017
Read More


Hacker takes out dark web hosting service using well-known exploit
Freedom Hosting II allegedly was hosting child pornography sites, according to hacker
February 6, 2017
Read More


HackerOne offers bug bounty service for free to open-source projects
Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs
March 3, 2017
Read More


HackerOne offers bug bounty service for free to open-source projects
Open-source projects will get free access to the professional version of the HackerOne platform to run their own security programs
March 3, 2017
Read More


Hackers allegedly tried to trick HBO with altered document
The hackers leaked a "Game of Thrones" script and said they had 1.5 terabytes of data left. One of those could be a lie.
August 9, 2017
Read More


Hackers are seeking out company insiders on the black market
Researchers have noticed growing activity from online black market dealers trying to recruit company insiders for cyber crime
February 2, 2017
Read More


Hackers blackmail patients of cosmetic surgery clinic
Hackers have been trying to blackmail patients of a Lithuanian plastic surgery clinic, by threatening to publish their nude "before and after" photos online.
May 31, 2017
Read More


Hackers Briefly Take Control Of Some HBO Twitter Accounts
It's been a rough few weeks for HBO: Not one, but two unreleased episodes of its hit show Game of Thrones have been leaked online ahead of schedule, and hackers are claiming to hold massive amounts of the company's data for ransom. And on Wednesday night, a group of hackers temporarily took over various HBO Twitter accounts.
August 17, 2017
Read More


Hackers can turn Amazon Echo into a covert listening device
New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality.
August 1, 2017
Read More


Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio
Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.
May 23, 2017
Read More


Hackers explain how they "owned' FlexiSpy
How did the hackers that go by the name Decepticons breach stalkerware manufacturer FlexiSpy?
April 26, 2017
Read More


Hackers exploit Apache Struts vulnerability to compromise corporate web servers
The vulnerability allows attackers to execute malicious code on servers without authentication
March 9, 2017
Read More


Hackers exploit Apache Struts vulnerability to compromise corporate web servers
The vulnerability allows attackers to execute malicious code on servers without authentication
March 9, 2017
Read More


Hackers exploited an Instagram bug to get celebrity phone numbers and email addresses
And it's probably how Selena Gomez got hacked
August 31, 2017
Read More


Hackers extorted a cool $1 million from South Korean web hosting provider
Whether through ransomware, or simply by breaking into computer systems and exfiltrating and deleting the data found on them with other means, cyber extortionists are going for the big fish: businesses.
June 19, 2017
Read More


Hackers hit Scottish Parliament with 'brute force cyber-attack'
IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.
August 15, 2017
Read More


Hackers hosted tools on a Stanford University website for months
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result in the servers hosting phishing and scam pages, spam mailers, exploit kits, or malware.
June 1, 2017
Read More


Hackers impersonate women online to get into target corporate networks
By all (online) accounts, Mia Ash was a pretty and successful photographer based in London, and she was looking for friendship and love on the Internet.
August 2, 2017
Read More


Hackers leak Game of Thrones S07E05 script summary and make ransom demand
The impact of the recent HBO hack continues to be felt. We've already seen scripts and spoilers leak online and now there's a new cache of leaks along with a ransom demand from those responsible.
August 8, 2017
Read More


Hackers Leak More Confidential Game of Thrones Files
The hackers who stole proprietary information from HBO are not done with the media giant yet. A fresh batch of leaks has surfaced online, revealing new Game of Thrones information, including a script for the upcoming fifth episode. The new leak also includes a letter that was previously sent to HBO which demanded a ransom payment.
August 8, 2017
Read More


Hackers seek company insiders on the black market
Researchers have noticed growing activity from online black market dealers trying to recruit company insiders for cybercrime
February 2, 2017
Read More


Hackers stole over $500,000 from Enigma cryptocurrency investors
Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.
August 22, 2017
Read More


Hackers stole technical trade secrets from German steelmaker
German-based ThyssenKrupp, one of the world's largest steel producers, has announced that it has been the target of a cyber attack.
December 9, 2016
Read More


Hackers take over HBO's social media accounts and publish '4th Wave HBO Leak'
The nightmare continues for HBO. After suffering a hack and then leaks of various shows including Game of Thrones, hackers have now struck at the network's social media accounts. The hacking group OurMine took control of the main HBO Twitter accounts, as well as those for various shows, including Game of Thrones.
August 17, 2017
Read More


Hackers who took control of PC microphones siphon >600 GB from 70 targets
Critical infrastructure, media, and scientists targeted by suspected nation-state.
February 20, 2017
Read More


Hacking group uses Google services to control malware
Carbanak, a powerful cyber-crime group, is using certain Google services as command and control for its malware and other malicious elements. the news was released by cybersecurity firm Forcepoint this week.
January 20, 2017
Read More


Hacking industrial robots in today's smart factories
It has been estimated that by 2018, approximately 1.3 million industrial robot units -- mechanical multi-axis "arms' used for automating various operations -- will be employed in factories across the world.
May 3, 2017
Read More


Hacking tools in Vault 7 data dump linked to prolific cyber espionage group
While security researchers and companies go through the collection of hacking tools contained in the data dump that the Shadow Brokers failed to sell, Symantec has tied hacking tools from WikiLeaks' Vault 7 documents to "Longhorn,' a cyber espionage group whose activity they have been following for years.
April 11, 2017
Read More


HandBrake malware attack led to theft of Panic apps' source code
Oregon-based software company Panic Inc. has announced that some of the source code for their offerings has been stolen, and they are being blackmailed by the attackers.
May 18, 2017
Read More


Half of IT pros don't know how to improve their security posture
Mid-market enterprises have high confidence in their cybersecurity defenses, but they struggle to defend against malicious activity that has become more sophisticated and targeted, according to Arctic Wolf Networks.
January 30, 2017
Read More


Half of US firms don't have cybersecurity insurance
A full 50 percent of US firms do not have cybersecurity insurance, despite the fact that 61 percent of US firms expect the volume of cyber breaches to increase in the next year.
June 1, 2017
Read More


Has healthcare misdiagnosed the cybersecurity problem?
Take a cursory look at the U.S. Department of Health and Human Services' (HHS) wall of data breach shame and you might be scratching your head: Why does the healthcare sector seem so disproportionately victimized by hackers and cybercriminals? Why do its defenses seem so much weaker than those of other industries?
August 7, 2017
Read More


Hash of the Titan: How Google bakes security all the way into silicon
Locking down servers and cloud with this itty-bitty chip
August 25, 2017
Read More


HBO Breach Continues: Exec Emails Leaked
HBO's email server may have been penetrated in a recent breach of the premium cable network.
August 8, 2017
Read More


HBO comments on reported game of thrones, ballers leak
Watch out for spoilers online.
July 31, 2017
Read More


HBO confirms "cyber incident"; new Game of Thrones script is among 1.5TB of stolen data
HBO has confirmed that it suffered a cyber attack, and it appears that a significant amount of data was compromised in the security breach.
July 31, 2017
Read More


HBO confirms hack that reportedly included script to upcoming GoT episode
Video for episodes of Ballers and Room 104 also reportedly stolen.
July 31, 2017
Read More


HBO got hacked and some Game of Thrones materials are bubbling up online
In a statement to Entertainment Weekly, HBO confirms that it was the target of a hack, though the company doesn't appear to be quite sure what the damage is yet.
July 31, 2017
Read More


HBO hack leads to Game of Thrones leak
HBO is the latest company to suffer a hack and subsequent leak of shows. Hackers are said to have breached the network's security and gained access to 1.5TB of data including Game of Thrones scripts and unaired episodes of shows.
July 31, 2017
Read More


HBO hacked, attackers leak GoT script and some episodes
HBO has become hackers' latest entertainment industry target: attackers have breached the company's servers, and they claim to have syphoned from them 1.5 terabytes of data.
August 1, 2017
Read More


HBO hackers demand money, leak more stolen data and GoT scripts
The hackers who've breached HBO and supposedly made off with 1.5TB of the company's data have released a second data dump.
August 8, 2017
Read More


HBO Hackers Demand Ransom For 1.5TB Of Data
The hackers who claim to have breached HBO's network want a bunch of Bitcoin in exchange for their silence. A video that appears to recreate a letter sent to HBO CEO Richard Plepler claims the hackers managed to steal 1.5TB of data after six months of trying to compromise the network. The video also outlines the hackers' demands and includes a list of the information the hackers purportedly stole as a result of the attack.
August 8, 2017
Read More


HBO hackers reportedly leak emails, demand money
Hackers release a month's worth of emails from an executive at the company, according to The Hollywood Reporter.
August 8, 2017
Read More


Heads Up: you May Need to Change your Passwords on Thousands of Sites
It's a rough day for users of, well, basically the entire internet: a major vulnerability in a huge web services company has been disclosed, and it means your personal data may have leaked into public view from a whole lot of places.
February 24, 2017
Read More


Healthcare breaches: is your data at rest or at risk?
Records of approximately 16.6 million Americans were exposed as a result of hacks, lost or stolen devices, unauthorized disclosure and more. Good news, however, is that the overall number of compromised records has declined for the second year in a row and early indications suggest that those numbers will continue to decline in 2017.
May 5, 2017
Read More


Healthcare industry continues to struggle with software security
67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months.
May 30, 2017
Read More


Healthcare IT professionals are overconfident
A Dimensional Research study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls, which must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from various industries, including 101 participants from the healthcare sector.
December 14, 2016
Read More


Healthcare IT pros believe data is safer in the cloud
Healthcare IT professionals and executives believe overwhelmingly that when facing hardware malfunctions and environmental disasters, their organization's data is safer in the cloud than on premises, according to Evolve IP.
March 24, 2017
Read More


Healthcare organizations still complacent about cybersecurity
The rapid fire spread of the WannaCry ransomware, which infected thousands of organizations globally, is one of the most significant cyberattacks in recent digital history. The impact was particularly damaging to the healthcare sector, with the UK's National Health Service (NHS) being one of the first and most adversely affected victims, causing numerous patient services to be shut down, including emergency services.
May 19, 2017
Read More


Heaps of Windows 10 internal builds, private source code leak online
Unreleased 64-bit ARM versions, Server editions among dumped data
June 23, 2017
Read More


Here are some of the government gag orders Google gets
The web giant begins publishing now-unrestricted letters that let the FBI acquire information from companies about their customers.
December 13, 2016
Read More


'Here be dragons': Look past FUD to see the real security threats
It shouldn't come as a surprise that cybercrime is big business, and is growing at an exponential rate. In 2015, UK insurer Lloyd's of London estimated the cybercrime market at $400 Billion. Today, just two years later, the World Economic Forum estimates that same market to currently be $3 trillion.
April 17, 2017
Read More


Here's A Gas Pump Skimmer That Texts Victims' Card Data To Crooks
For the crooks operating skimmers on gas pumps, ATMs, or retail credit card terminals, an important part of their business model is getting the data from the devices. One way around this problem is to integrate a SIM card and have the device send text messages with the freshest payment card numbers. For the first time, such a device was found inside a gas pump.
July 27, 2017
Read More


Here's a new way to prevent cyberattacks on home devices
The Dojo is due out in April for $199
February 28, 2017
Read More


Here's a Snap-On Bluetooth Skimmer Spotted Out In the Wild
Have you ever wondered how a retailer can leave a Bluetooth skimmer on a payment card terminal in its stores for weeks at a time? Its harder to detect the devices than you might think, because crooks have their own places to shop for spare parts that snap right on a payment terminal and are hard to spot if you arent looking for them.
February 27, 2017
Read More


Here's What You Need To Know About Hard Rock, Loews Hotels Hack Attacks
If you've stayed at a Hard Rock Hotel & Casino or Loews Hotel you'll want to keep an eye on your financial statements after the two lodging companies revealed they're the latest victims of a hack attack.
July 10, 2017
Read More


High-Tech Bridge and DenyAll partner to defend web applications and services
High-Tech Bridge, recently named Gartner Cool Vendor 2017, and DenyAll, a Rohde & Schwarz Cybersecurity company, joined the efforts to combat cybercrime and defend corporate web applications and web services.
June 6, 2017
Read More


High-Tech Bridge appears in three Gartner Hype Cycles 2017
High-Tech Bridge has been identified as a Sample Vendor in the July 2017 Gartner reports "Hype Cycle for Application Services, 2017", "Hype Cycle for Cloud Security, 2017" and "Hype Cycle for Midsize Enterprises, 2017". Their ImmuniWeb platform was named in the "Application Security as a Service category."
August 2, 2017
Read More


High-Tech Bridge ImmuniWeb named Best Emerging Technology
Web and mobile application security testing services provider High-Tech Bridge has won the "Best Emerging Technology" category at the SC Awards Europe 2017. The company has also been named a Cool Vendor by Gartner.
June 8, 2017
Read More


High-Tech Bridge named a Cool Vendor by Gartner
High-Tech Bridge has been named a Cool Vendor in Gartner's May 2017 research "Cool Vendors in Security for Midsize Enterprise 2017" by Adam Hils.
June 5, 2017
Read More


High-Tech Bridge reinforces ImmuniWeb with IAST technology
Today at Infosecurity Europe 2017, High-Tech Bridge, a provider of web and mobile application security testing services and a Gartner Cool Vendor 2017, announced availability of its proprietary Interactive Application Security Testing (IAST) technology.
June 7, 2017
Read More


Highly lucrative Ransomware as a Service attacks poised to accelerate in 2017
Ransomware can be likened to global warming. it's been around for years, but it's now becoming an epidemic which needs serious attention.
December 19, 2016
Read More


Highest European CISO salaries set to reach €1 million
Chief Information Security Officers supervise information systems for their organization, and are in charge of coming up with, proposing, and implementing workable solution for minimizing security threats the organization faces.
May 23, 2017
Read More


Highest paying certifications, skills in demand revealed
Global Knowledge surveyed 14,000 IT and business professionals worldwide, and confirmed that individuals and organizations benefit from IT certification. Participants identified increased productivity and earning potential, fewer skills gaps and faster troubleshooting as benefits of certification.
April 5, 2017
Read More


Hijacking Windows user sessions with built-in command line tools
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in Windows user without knowing that user's password? He or she can perform the action if they have physical access to the target's machine, but also remotely via Remote Desktop Protocol (RDP).
March 19, 2017
Read More


Hiring a hacker: Why and how you should do it
The global cost of cybercrime could reach 4.9 trillion annually by 2021, according to a recent report from Cybersecurity Ventures. Cyber crime incidents continue to plague organizations globally, even as businesses pour money into boosting their security.
February 13, 2017
Read More


Hotspot Shield VPN Reported to FTC For Alleged Privacy Breaches
Hotspot Shield VPN, a popular service that claims to enhance users' privacy while providing anonymity, has been reported to the Federal Trade Commission. The Center for Democracy & Technology has called for an investigation, claiming that the service logs user activity and employs third-party tracking mechanisms to deliver targeted advertising.
August 7, 2017
Read More


How a dynamic range of authentication can open doors for trusted customers
In this podcast recorded at RSA Conference 2017, Michael Thelander, Director of Product Marketing at iovation, talks about lessons learned from bringing authentication technology out to customers and seeing what the demand looks like in the market.
February 22, 2017
Read More


How a few yellow dots burned the Intercept's NSA leaker
By providing copy of leak, Intercept likely accelerated ID of contractor.
June 6, 2017
Read More


How a museum protects some of the world's finest pieces of art
After an internal audit revealed the limitations of Thyssen-Bornemisza Museum's existing (analog) camera surveillance system, as well as a server that has been installed all of twenty years ago and a lack of a redundant data storage system, Miguel Angel Molina, the museum's Security Manager, decided that the time has come for an upgrade.
July 11, 2017
Read More


How a port misconfiguration exposed critical infrastructure data
Much has already been said and written about the dangers of potential cyber attacks targeting the electric/power grid. And in Ukraine, they've already gone from theoretical scenarios to actual attacks.
August 9, 2017
Read More


How attackers exploit whitelists
If there is a technology or security measure that can help organizations protect their assets from attackers or malware, you can be sure that attackers will try to find a way to bypass it.
April 6, 2017
Read More


How can we build a secure IoT world?
We have almost daily proof that the Internet of Things, as it is now, is a minefield of security issues that are just waiting to be exploited.
March 1, 2017
Read More


How CIOs are shaping the future of work
IT leaders are poised to make radical changes in the workplace, but boardrooms are holding back progress by continuing to place too much emphasis on reducing costs and keeping the lights on, according to Fuze.
March 30, 2017
Read More


How do I protect my privacy online?
Digital security expert Tony Gambacorta answers your questions about security and privacy on Too Embarrassed to Ask.
April 14, 2017
Read More


How enterprise IT security conversations have changed
Deutsche Telecom is one of the world's largest telecom companies, and its corporate IT and cyber security arm T-Systems is one of the largest European IT services companies. Among its customers are big corporations such as Volkswagen, Daimler, Phillips, Airbus, and BP.
August 2, 2017
Read More


How F5 is changing the Application Security Game
To address the need for application security in the digital transformation era, F5 is releasing a new host of products and services.
January 25, 2017
Read More


How fraudsters stole millions with the help of a legitimate online tool
Identity thieves have managed to steal $30 million from the US Internal Revenue Service by taking advantage of an online tool designed to help students fill out financial aid applications, IRS Commissioner John Koskinen told the Senate Finance Committee on Thursday.
April 11, 2017
Read More


How Google fought back against a crippling IoT-powered botnet and won
Behind the scenes defending KrebsOnSecurity against record-setting DDoS attacks.
February 2, 2017
Read More


How hackers made life hell for a CIA boss and other top US officials
Sex, lies, and social engineering: Inside the depraved world of Crackas with Attitude.
January 9, 2017
Read More


How High-Tech Bridge uses machine learning
In this podcast, Ilia Kolochenko, CEO at High-Tech Bridge, talks about the difference between artificial intelligence and machine learning, and illustrates how his company uses machine learning to reduce human time without impacting testing quality or liability.
July 3, 2017
Read More


How HTTPS Website Security is Making the Internet Safer from Snoopers
You may have noticed in your travels around the internet that your browser's address bar occasionally turns green and displays a padlock--that's HTTPS, or a secure version of the Hypertext Transfer Protocol, swinging into action. this little green padlock is becoming vitally important as more and more of your online security is eroded.
April 10, 2017
Read More


How IDF soldiers' phones got turned into spying devices
for many months now, an unknown threat actor has been tricking servicemen in the Israel Defense Forces (IDF) into installing Android spyware. Israeli media says that the threat actor is likely Hamas, but Lookout researchers aren't so sure.
February 20, 2017
Read More


How IoT initiatives impact the IT infrastructure
Internet of Things (IoT) infrastructure spending is making inroads into enterprise IT budgets across a diverse set of industry verticals. Improved business offerings, IoT data management, and new networking elements are key to a successful IoT initiative within an enterprise, according to IDC.
February 27, 2017
Read More


How large would the financial losses get in case of a global cyber attack?
A global cyber-attack could be as expensive as a major natural disaster, a new report has claimed.
July 18, 2017
Read More


How Magecart attackers monetize stolen payment card info
The Magecart campaign, aimed at compromising online shops with malicious JavaScript code to collects payment card info, is still going strong, and researchers have pinpointed another way threat actors behind it monetize the stolen information.
July 12, 2017
Read More


How money-hungry data brokers erode privacy in China
A recent expose by Southern Metropolis Daily, a Chinese daily newspaper known for its investigative reporting, has revealed that random people with enough money at their disposal can easily discover potentially compromising information about practically anyone in China.
January 24, 2017
Read More


How people-based actions put critical data at risk
while 80 percent of respondents believe it's important to understand the behaviors of people as they interact with intellectual property and other critical business data, only 32 percent are able to do so effectively. Further, 78 percent believe understanding user intent is important, yet only 28 percent of those surveyed currently have this capability.
February 22, 2017
Read More


How police unmasked suspect accused of sending seizure-inducing tweet
Defendant's iCloud account contained "the exact" GIF used in the crime, cops say.
March 21, 2017
Read More


How prepared are businesses for cyber security threats?
Businesses are still failing to ensure they are protecting themselves effectively online, despite the growing number of damaging security threats, a new report from BT has claimed.
July 17, 2017
Read More


How secure are banks and financial services firms?
Many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defense.
April 20, 2017
Read More


How secure are mobile banking apps?
Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure?
April 27, 2017
Read More


How security collaboration will prove vital in 2017
The escalation of high-profile hacking and data dumps recently has underscored the increasing boldness of digital threat actors, culminating in July's Democratic National Committee email leak and its ripple effect through American politics. the group behind the hack and its attack patterns were known, and yet the attack was not thwarted, leaving many questions as to the overall state of the Internet's security.
November 22, 2016
Read More


How security pros look at encryption backdoors
The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors.
August 18, 2017
Read More


How tech giants rank at protecting your privacy
Adobe, Dropbox and Pinterest are among the companies doing the most to keep your personal info from the government, a privacy watchdog finds.
July 10, 2017
Read More


How the authentication landscape is changing [Q&A]
Recently there has been much talk of the death of the password and a switch to other forms of authentication, like biometrics, which are seen as more secure.
July 12, 2017
Read More


How the CIA gained access to air-gapped computers
A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency's capability to infect air-gapped computers and networks via booby-trapped USB sticks.
June 23, 2017
Read More


How the CIA hacked wireless home routers
For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through them, documents leaked by WikiLeaks show.
June 16, 2017
Read More


How the Necurs botnet influences the stock market
After a three-months-long partial hiatus, the Necurs botnet is back to flinging spam emails left and right.
March 22, 2017
Read More


How to automate your system administration tasks with Ansible
Sharpen your sysadmin and Linux skills and learn how to set up tooling to simplify administering multiple machines.
July 24, 2017
Read More


How to build a better SOC team
The security skills shortage is a very real issue. Cisco estimates that there are currently one million unfilled cyber security jobs worldwide, while a report from Frost & Sullivan predicts that by 2020, the number will be 1.5 million. The security industry is only growing -- and fast. IDC says it's on its way to becoming a $101 billion opportunity by 2020.
May 25, 2017
Read More


How to build your own VPN if you're (rightfully) wary of commercial options
While not perfect, either, cloud hosting providers have a better customer data record.
May 26, 2017
Read More


How to configure your Chromebook for ultimate security
Chrome OS is already tops at security, but with a few extra tweaks you can ensure the gates are even more secure.
August 15, 2017
Read More


How to create a safer shopping experience
The annual holiday season has arrived. the air grows crisp (at least in the Northern hemisphere), new, cool gadgets are released and cyberattacks, along with cologne ads, proliferate. Cyber threats aren't deterring shoppers though: the National Retail Federation expects online holiday sales to increase by 7 to 10 percent over last year, reaching as much as $117 billion. with e-commerce attacks in Q3 2016 increasing by 60 percent over the previous year, shopping hazards can hit from all sides. from phishing sites to online card skimming to compromised terminals in stores; even gifts themselves pose security risks. Still, there is much both consumers and retailers can do in order to make an all around safer shopping experience.
December 12, 2016
Read More


How to create an effective application security budget
Inadequately secured software ranks amongst the most significant root cause issues in cybersecurity. The frequency and severity of attacks on the application layer is greater than that at the network layer, yet research shows that network security receives double the budget. According to Ponemon Institute, 18 percent of IT security budgets are dedicated to application security, while 39 percent is allocated to network security.
July 4, 2017
Read More


How to eliminate insider threats
Insider threats are a major security problem
February 2, 2017
Read More


How to find, view, and delete everything the Amazon Echo and Google Home know about you
Take charge of your privacy so there are no surprises about how much information your digital assistant is holding onto.
January 20, 2017
Read More


How to generate app passwords for your Microsoft Account
Follow this guide to generate passwords for apps and services connected to your Microsoft Account which don't support two-factor authentication.
January 1, 2017
Read More


How to get past Windows Defender SmartScreen in Windows 10
The SmartScreen filter in Windows 10 can sometimes stop you from downloading the app you want. Here's how to get past it, and why sometimes you should think twice before doing so.
May 22, 2017
Read More


How to harmonize IT GRC controls in your environment
In this podcast recorded at RSA Conference 2017, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about about achieving uniform compliance in risk management through harmonized GRC.
March 19, 2017
Read More


How to hide your IP address (and why you should)
What is an IP address? and why should you hide it?
March 3, 2017
Read More


How to keep your data secure when you travel with your Mac, iPad, and iPhone
With increased demands for passwords and personal information at border crossings, take the right steps before you arrive.
June 19, 2017
Read More


How to leverage intelligent deception to detect cyber attacks
Perimeters are fading, and attackers find it easier and easier to penetrate organizational networks. Organizational networks today are chaotic, they're very dynamic, and this is a fertile ground for the attackers to blend in and take action.
February 21, 2017
Read More


How to live demo a web app with lousy internet
Squid HTTP proxy enables you to run a software demonstration, no matter how good or bad your internet connection.
July 24, 2017
Read More


How to migrate your passwords from LastPass to 1Password
EasyBCD developer NeoSmart Technologies has released LastPass to 1Password, a simple automated tool for converting exported LastPass CSV files to the 1PIF format used by 1Password.
May 29, 2017
Read More


How to minimize the risk and impact of identity fraud
The number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, according to Javelin Strategy & Research. they recommend that consumers work in partnership with institutions to help minimize their risk and impact of identity fraud.
February 3, 2017
Read More


How to password protect a PDF before sending it by email
Here's a quick way to do it, without spending a lot of money on expensive software.
December 5, 2016
Read More


How to protect all of your accounts online
Web security has never been more important
March 21, 2017
Read More


How to protect the power grid from low-budget cyberattacks
Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them.
July 28, 2017
Read More


How to protect your online conversations with Signal's end-to-end encryption
In a world of snoopers, end-to-end encryption is the only sensible path to take.
January 11, 2017
Read More


How to Protect Yourself from a Hospital Data Breach
You may never have considered whether your preferred hospital is one of the approximately 311 major teaching hospitals in the U.S., but according to a new study, the type of hospital you choose might affect your privacy.
April 4, 2017
Read More


How to prevent your data from being searched at the U.S. border
The best way to keep your data from being searched is to leave it behind.
May 8, 2017
Read More


How to protect your Google and Facebook accounts with a security key
The keys are a step up in account security, but is implementation letting them down?
May 9, 2017
Read More


How to quickly check that your home IoT devices are secure
Don't let your smart clock expose you to hackers. a web app from BullGuard can help.
January 12, 2017
Read More


How to recover an iCloud security code after you've been locked out
If you enter the wrong iCloud security code too many times, you'll get locked out. Here's how to reset it.
November 30, 2016
Read More


How to secure your Apple and iCloud accounts
Keep hackers at bay
April 13, 2017
Read More


How to secure your CMS without patching
Attackers are exploiting CMSes by reverse-engineering security patches before they can be applied. German coders see a way to stop them.
June 27, 2017
Read More


How to secure your digital transformation
Organizations are demanding and implementing new solutions that enable them to streamline operations, cultivate new business opportunities and provide better service to their customers.
May 22, 2017
Read More


How to securely deploy medical devices within a healthcare facility
The risks insecure medical devices pose to patient safety are no longer just theoretical, and compromised electronic health records may haunt patients forever.
April 28, 2017
Read More


How to select a suitable incident response program for your organization
All organizations, regardless of how well they think their walls are fortified, will at some point fall victim to an attack. How they respond to the attack could mean the difference between recovering with minimal loss to shutting the organization down.
August 4, 2017
Read More


How to set up a manual threat intelligence lifecycle program
Threat intelligence is a popular topic in security circles these days. Many organizations are now using a threat feed that comes bundled with some other security product, such as McAfee's GTI or IBM's X-Force feeds. Lots of products, notably SIEMs, have added support for some sort of integration with specific threat intelligence feeds or more generic imports via STIX/TAXII. with many now hoping to take advantage of the large number of open source and free intelligence feeds available. some are even investing in commercial intelligence feeds.
December 27, 2016
Read More


How to Snoop-Proof Any Phone or Tablet
It's likely that you've got details of your whole life stored on your phone–the people you know, the banks you've used, the videos you've wasted hours watching–and you don't necessarily want that info getting out into the wider world. If you're keen to lock down your handset against unwelcome visitors, you need to take a few steps.
March 3, 2017
Read More


How to spot malicious mobile apps
The pervasiveness of smartphones has resulted in an onslaught of mobile apps, and it's pretty safe to say that, by now, there is an app for every imaginable purpose. Unfortunately, among the many helpful ones are also many malicious apps -- no app market is safe from them.
August 17, 2017
Read More


How to stay secure while staying connected on vacation
The wide availability of Wi-Fi networks can make it difficult to unplug and disconnect on vacation, but if consumers take that extra step and unplug they can experience a more secure trip.
June 7, 2017
Read More


How to use HTTPS to improve web security
HTTP over Transport Layer Security, also know as https, can go a long way to improving the security and privacy on a website. When you see a site's URL with https://, that site exercises good care on its internal security to protect user data and against break-ins
June 12, 2017
Read More


How will quantum computing impact security processes?
Quantum computers have the potential to perform calculations faster than ever possible before, inviting a significant rethink in how we approach cyber security.
November 23, 2016
Read More


How your company needs to train workers in cybersecurity
Survey finds workers still violate security policies to remain productive
April 25, 2017
Read More


HTTPS Certificate Revocation is broken, and it's time for some new tools
Certificate Transparency and OCSP Must-Staple can't get here fast enough.
July 3, 2017
Read More


Hundreds Of Android Apps Pulled From Google Play Store After Researchers Discover Botnet
Google pulled nearly 300 malicious apps from the Google Play Store this week, after a team of researchers from several internet companies discovered that they were all hijacking phones' power into a massive international botnet spanning more than 100 countries.
August 29, 2017
Read More


Hybrid cloud storage use to double in next 12 months
The use of hybrid cloud storage will accelerate rapidly over the next 12 months, according to Cloudian. Across 400 organisations surveyed in the UK and USA, 28% already use hybrid cloud storage, with a further 40% planning to implement within the next year. Only 19% have no plans to adopt.
November 21, 2016
Read More


Hybrid IT is becoming a standard enterprise model
Dimension Data research of 1,500 IT decision makers from multiple vertical industries across the US, Europe, Asia-Pacific and South Africa, reveals that hybrid IT is becoming a standard enterprise model, but there's no single playbook to get there.
March 22, 2017
Read More


Hyundai app security blunder allowed crooks to 'steal victims' cars'
Remote locate, unlock, and start vehicles -- using a fixed encryption key... ouch
April 25, 2017
Read More


Misc. - I

IBM adds Qualys technology to its Managed Security Services portfolio
Qualys announced at RSA Conference 2017 an expanded partnership with IBM that will add Qualys continuous cloud-based IT security and compliance technology to its Managed Security Services (MSS) portfolio.
February 15, 2017
Read More


IBM reboots iconic mainframe: Encrypt data all the time, at any scale
IBM today unveiled IBM Z, the next generation of a transaction system capable of running more than 12 billion encrypted transactions per day. The new system also introduces an encryption engine that, for the first time, makes it possible to pervasively encrypt data associated with any application, cloud service or database all the time.
July 17, 2017
Read More


IBM Watson to power cognitive security operations centers
At RSA Conference 2017, IBM Security announced Watson for Cyber Security, the industry's first augmented intelligence technology designed to power cognitive security operations centers (SOCs).
February 13, 2017
Read More


iCloud extortion racket nowhere near as epic as we thought it might be
But have your popcorn ready 2030 BST just in case
April 7, 2017
Read More


iCloud security: How (and why) to enable two-factor authentication
Apple's iCloud is used for everything from storage to syncing to verifying purchases from the App Store and iTunes. That's why you should keep it as secure as possible. Here's how.
August 18, 2017
Read More


Identity fraud hits record high
The number of identity fraud victims increased by sixteen percent (rising to 15.4 million U.S. consumers) in the last year, according to Javelin Strategy & Research. Their study found that despite the efforts of the industry, fraudsters successfully adapted to net two million more victims this year with the amount fraudsters took rising by nearly one billion dollars to $16 billion.
February 2, 2017
Read More


Identity-in-depth and the evolution of defense
We've seen it over and over again: the parade of companies and government agencies announcing the impact of their latest breach. These players have something in common that you might not realize -- they have all heavily invested in security. But despite this, they all have something else in common that we can all probably agree upon: the millions they have spent on security have been rendered all but irrelevant by nothing more than a modern identity thief.
August 4, 2017
Read More


If you downloaded HandBrake for Mac, you could be infected with Proton RAT
A mirror download server of HandBrake, a popular open source video conversion app for Mac, has been compromised, and the legitimate app .dmg file switched with a Trojanized version containing the Proton RAT.
May 8, 2017
Read More


If you're going to San Francisco be sure to travel free with ransomware
The Muni public transport system in San Francisco has been hit by a major ransomware attack over the weekend that left the network having to give passengers free travel.
November 28, 2016
Read More


If you're not doing this with all your accounts, you're doing it wrong
If you're not using a password manager and two-step authentication, you're most likely doing things wrong.
April 13, 2017
Read More


Illegal Bitcoin exchange operator gets 66-month prison sentence
Anthony Murgio, the operator of the Coin.mx Bitcoin exchange, has been sentenced to 66 months in prison for processing over $10 million in illegal Bitcoin transactions. He has also been sentenced to three years of supervised release once his prison sentence is over.
June 28, 2017
Read More


Implantable medical devices can be hacked to harm patients
The way to a man's heart is through his pacemaker's security flaws, researchers say
December 1, 2016
Read More


In 5 years AI may replace pros in tasks within medicine, law and IT
CIOs have a major role to play in preparing businesses for the impact that artificial intelligence (AI) will have on business strategy and human employment. Gartner predicts that by 2022, smart machines and robots may replace highly trained professionals in tasks within medicine, law and IT.
May 10, 2017
Read More


In 2017, the digital will get physical when machines start to lie
In a memorable scene from a 2014 episode of the series Homeland, the Vice President is murdered by hackers who tamper with his pacemaker. Despite this plot idea reportedly originating from the actions of a real vice president, in 2014 this still seemed just the stuff of fiction.
January 17, 2017
Read More


In colossal screwup, Essential shared customers' driver's licenses over email
There's a difference between scrappy and sloppy
August 31, 2017
Read More


In the three years since IETF said pervasive monitoring is an attack, what's changed?
IETF Security director Stephen Farrell offers a report card on evolving defences
December 6, 2016
Read More


Increasingly sophisticated attacks call for advanced protection tools
A new NTT Security report underscores the need for more advanced tools to protect organizations" data and networks from the evolving tactics, techniques and procedures (TTPs) used by cyber-attackers.
January 30, 2017
Read More


Independent labs will test the security of medical devices
The Medical Device Innovation, Safety and Security Consortium (MDISS) launched the first of more than a dozen planned specialized labs for security testing medical devices.
July 31, 2017
Read More


India pushes for Windows 10 discount following recent ransomware attacks
In light of the recent WannaCry and Petya ransomware attacks, India is pushing Microsoft to provide a one-time discount on Windows 10 so that its more than 50 million Windows users can upgrade to a more secure version.
June 30, 2017
Read More


Industrial robots are security weak link
Unsecure robots, linked to the internet, raise risk of cyberattack, study finds
May 9, 2017
Read More


Industry reactions to the Verizon 2017 Data Breach Investigations Report
Nearly 2,000 breaches were analyzed in this year's Verizon 2017 Data Breach Investigations Report and more than 300 were espionage-related. Here are some of the comments Help Net Security received on the report.
April 28, 2017
Read More


InfoArmor VigilanteATI: Threat intelligence from the Dark Web
InfoArmor has expanded its global customer base in the enterprise and SME/SMB sector with its award-winning VigilanteATI Advanced Threat Intelligence Platform and Investigative Services. These organizations are using VigilanteATI and VigilanteATI Accomplice to gain high value threat intelligence throughout the threat lifecycle.
February 13, 2017
Read More


InfoArmor: Operatively-sourced threat intelligence
In this podcast, Mike Kirschner, Senior Vice President of Advanced Threat Intelligence at InfoArmor, talks about this dark web operatively sourced intelligence firm that is really focused on dark web surveillance and sourcing of compromise and breach data through operative engagement.
June 19, 2017
Read More


Informatica uses behavioral analytics to spot and protect high risk data
With increasing amounts of sensitive data stored in the cloud and accessed on mobile devices, protecting that information presents a major challenge.
March 1, 2017
Read More


Information security consulting market to reach $26.15 billion by 2021
According to a new report by MarketsandMarkets, the information security consulting market is estimated to grow from $16.12 billion in 2016 to $26.15 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 10.2%.
January 10, 2017
Read More


Infosec certification and the talent shortage crisis
As more enterprises aspire to create future workspaces and harness the benefits of a mobile workforce that leverages cloud platforms, there's a greater need to implement appropriate measures to secure data, infrastructures, applications, and users wherever they may reside.
January 23, 2017
Read More


Innovation and exploitation fuel DDoS attack landscape
Arbor Networks released its 12th Annual Worldwide Infrastructure Security Report offering direct insights from network and security professionals at global service providers, cloud/hosting and enterprise organizations.
January 25, 2017
Read More


Innovative techniques allow malvertising campaigns to run for years
A threat actor dubbed AdGholas has been mounting successful malvertising campaigns by using innovative targeting and obfuscation techniques, and has been infecting thousands of victims every day since 2015 -- and possibly even earlier.
August 1, 2016
Read More


Inside Android's source code... // TODO -- Finish file encryption later
Android 7.0's crypto sauce is 'half-baked' and Google promises to make it better, soon
November 28, 2016
Read More


Insider threats putting many financial services at risk
The majority of financial services are at risk of insider cyber threats because their mainframe environments have blind spots, according to Compuware.
June 7, 2017
Read More


Insider threat solution for rapid response to in-progress attacks
CyberArk announced at RSA Conference 2017 advanced insider threat detection capabilities available through the CyberArk Privileged Account Security Solution, to automatically detect and alert on high-risk privileged activity during user sessions and enable rapid response to in-progress attacks.
February 16, 2017
Read More


Insider threat versus inside threat: Redefining the term
The traditional meaning of an insider threat is when a current employee or contractor with authorized access to a secure network intentionally or accidently misuses it to carry out a malicious activity. this type of activity can include sabotage, theft, espionage, fraud, mishandling of data or physical devices, as well as using information to gain a competitive advantage.
February 21, 2017
Read More


Insufficient security measures still hinder cloud adoption
Security and privacy of data and systems in the cloud remains a top worry for 70% of IT professionals worldwide, up from 63% in 2015, according to a new Cloud Security Survey by Netwrix. the top three cloud security concerns in 2016 are unauthorized access (69%), malware (37%) and denial of service (DoS) attacks (34%).
November 16, 2016
Read More


Integrating GDPR into your day to day IT practices
GDPR, four letters that when combined strike fear into the heart of any sysadmin. Luckily, there is quite some time before it comes into force, which means getting into the habit of complying should be natural by 25th May 2018. My default position on these types of regulations are to consider it from a consumer's point of view, and think about how I would feel with someone holding personal data of mine for longer than necessary.
August 28, 2017
Read More


Integration Holds the Keys to the Castle
Talks of integration are often met with audible sighs of displeasure. it's a lot of work. you have to combine various platforms, software, and the list goes on. at Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.
March 6, 2017
Read More


Intel Crosswalk bug invalidates SSL protection
A bug in the Intel Crosswalk Project library for cross-platform mobile development can open users to man-in-the-middle attacks, researchers from Nightwatch Cybersecurity have found.
August 1, 2016
Read More


Intel is offering up to $30,000 for bugs in its hardware
Intel has become the latest tech company to launch a bug bounty program.
March 17, 2017
Read More


Intel Security officially becomes McAfee again
McAfee has begun operating as a new standalone company. the launch of McAfee marks the closing of the previously announced investment by TPG and Intel Corporation (INTC) to establish a pure-play cybersecurity company with access to significant capital, operational and technology resources.
April 4, 2017
Read More


Intel's CHIPSEC can detect CIA's OS X rootkit
As details about CIA's hacking capabilities and tools are, bit by bit, popping to the surface, companies are trying to offer users some piece of mind.
March 13, 2017
Read More


Intelligence data, security credentials found exposed in the Amazon cloud
A data cache containing highly sensitive US military data has inadvertently been exposed online, UpGuard cyber risk analyst Chris Vickery has discovered last week.
June 1, 2017
Read More


Interpol arrests Nigerian scam mastermind who stole $60 million
The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).
August 1, 2016
Read More


International operation targets customers of counter anti-virus and crypter services
Between 5 and 9 June, 6 suspects were arrested and 36 were interviewed during an internationally coordinated operation in 6 European countries. The targets are all suspected customers of a counter anti-virus platform and crypter service -- two cybercriminal tools used for testing and clouding of malware samples to prevent security software solutions from recognising them as malicious.
June 15, 2017
Read More


Internet crime: The continuing rise of the BEC scam
Through its website, the FBI's Internet Crime Complaint Center (IC3) accepts complaints about Internet-facilitated criminal activity, and forwards them to the appropriate law enforcement agencies (both in and outside the US) to investigate.
June 23, 2017
Read More


Internet freedom around the world keeps decreasing
For the sixth year in a row, Internet freedom is declining.
November 23, 2016
Read More


Introducing security into software through APIs
Application programming interfaces (APIs) can make life easier for software developers, allowing them to concentrate on what they do best and preventing them from being forced to fiddle with things they know little about.
June 5, 2017
Read More


Intrusion detection is speeding up: Is it enough to tackle global cyber threats?
As criminals continue to develop new methods to break or sidestep cyber defences, in many cases the focus is shifting towards the ability to detect and respond to an incident as quickly as possible. Despite the average cost of a data breach soaring to $17.36m in 2016 according to the Ponemon Institute, we have found the security industry's incident response capabilities have advanced considerably in recent years.
August 3, 2017
Read More


Investigation finds Facebook mods fail to remove illegal content such as extremist and child porn
That Facebook is fighting against a tide of objectionable and illegal content is well known. that the task of moderating such content is a difficult and unenviable one should come as news to no one.
April 13, 2017
Read More


IO Active hacked into a robot and turned it into a screwdriver-wielding tomato killer
Only a few days ago did over a hundred experts from various AI and Robotics companies sign an open letter demanding the UN step in to restrict the development of killer robots. Now, a Seattle-based cybersecurity firm, IO Active, has discovered that many current robots are very easy to hack and cause potential harm with.
August 22, 2017
Read More


IoT adoption is driving the use of Platform as a Service
The widespread adoption of the Internet of Things (IoT) is driving platform as a service (PaaS) utilization. Gartner predicts that, by 2020, more than 50 percent of all new applications developed on PaaS will be IoT-centric, disrupting conventional architecture practices.
March 8, 2016
Read More


IoT and the resurgence of PKIs
With the digital revolution in full swing, security methods and models need to be re-evaluated to better address both the changing nature of enterprise architectures and processes.
March 17, 2017
Read More


IoT devices under attack: Amnesia hijacks, BrickerBot destroys
Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets. Security researchers have recently highlighted two of these threats coming after Linux- and BusyBox-based systems and devices.
April 10, 2017
Read More


IoT goods, software and digital services to be evaluated for privacy and security
Consumer Reports, a US non-profit group whose extensive reviews of consumer goods have helped the public make informed and better choices for many decades, has announced that it will start evaluating products and services for privacy and data security.
March 7, 2017
Read More


IoT malware starts showing destructive behavior
Researchers have observed attacks against IoT devices that wipe data from infected systems
April 7, 2017
Read More


IoT MSSPs market revenues to top $11 billion in 2021
Industrial applications are set to be the core focus for IoT Managed Security Service Providers (MSSPs) with ABI Research forecasting overall market revenues to increase fivefold and top $11 billion in 2021.
January 25, 2017
Read More


IoT Trust Framework: the foundation for future IoT certification programs
The Online Trust Alliance (OTA) released its updated IoT Trust Framework. Serving as a product development and risk assessment guide for developers, purchasers and retailers of Internet of things (IoT) devices, the Framework is the foundation for future IoT certification programs.
January 5, 2017
Read More


IoT: a hacker's dream come true?
There's a lot more to the web than the cat-video-laden sites we normally see. In fact, according to most sources, the web that we can typically get to via our browser of choice represents only a small fraction of what's out there.
July 29, 2016
Read More


iPhone, Mac owners: how to stymie hackers extorting Apple, threatening to wipe devices
Security expert spells out steps to take, just in case hacker claims are legit
March 22, 2017
Read More


Irregular application testing: App security in healthcare
Nearly half (45%) of NHS trusts scan for application vulnerabilities just once a year, with less only 8% doing so on a daily basis, according to Veracode. this potentially leaves them with outdated software and at an increased risk of a cyberattack, potentially exposing patient data to the wrong hands.
January 31, 2017
Read More


Is cyber insurance worth the paper it's written on?
Weighing up whether you think insurance is worth it, in any situation, depends to some extent on personal experience. You can see the value of protection far more clearly if you've been on the losing side a few times.
July 24, 2017
Read More


Is Europe ready for GDPR?
What impact will GDPR have on businesses across the UK, France, Belgium and Luxemburg? Vanson Bourne surveyed 625 IT decision makers in four countries and found that the UK is far behind when it comes to GDPR readiness.
June 15, 2017
Read More


Is healthcare industry's security spending focused on the wrong technologies?
global healthcare IT professionals are confronting a rapidly changing, challenging landscape, with 66% experiencing a data breach and 88% feeling vulnerable as a result. In response, 73% are increasing IT security spending to offset threats to data, according to Thales and 451 Research.
February 21, 2017
Read More


Is it time to call an MSSP? Five signs that it can't wait
Small and midsize businesses (SMBs) are fighting an uphill battle when it comes to managing their network security. According to a 2016 Ponemon study, 69 percent of SMBs don't have the adequate budget or in-house expertise to achieve a strong cyber security position. as a matter of fact, more than half of the study's SMB respondents experienced a data breach or cyber attack in the past year with an average cost of $879,582.
January 30, 2017
Read More


Is ransomware in decline or just evolving?
According to a new report from the Microsoft Malware Protection Center, the volume of ransomware being encountered is reducing.
February 16, 2017
Read More


Is remote access technology leaving you vulnerable?
Insider and third-party access are growing security threats facing organizations and enterprise IT systems, according to Bomgar.
May 10, 2017
Read More


Is your Windows 10 migration strategy leaving you vulnerable?
Despite enhanced security being a key driver in the move to Windows 10, many organizations are putting their security at risk with their choice of migration strategy, according to new research by 1E.
January 11, 2017
Read More


Israeli soldiers hit by Android malware from cyberespionage group
More than 100 soldiers from the Israel Defense Forces had their Android phones infected with malware by a cyberespionage group
February 16, 2017
Read More


Israeli soldiers hit in cyberespionage campaign using Android malware
More than 100 soldiers from the Israel Defense Forces had their Android phones infected with malware by a cyberespionage group
February 16, 2017
Read More


It might be time to stop using antivirus
Update your software and OS regularly instead, practice skeptical computing.
January 27, 2017
Read More


IT operators see promise in DevOps and new tech
A new Ponemon Institute survey of nearly 1,250 global public sector IT decision makers and managers revealed that public sector organizations undergoing digital transformation are losing confidence in IT operations' ability to manage the influx of new technologies and evolving citizen and mission expectations. Despite the rising complexity of IT, respondents see promise in DevOps to help achieve future mission success.
July 24, 2017
Read More


IT professionals believe their data is safer in the cloud than on-premise
Nearly seven in 10 executives and over half of IT professionals revealed that they would prefer having a single cloud services provider handling their varied hosted deployments, according to Evolve IP.
June 13, 2017
Read More


IT pros spend too much time handling emergencies
A 1E survey of 1,014 IT professionals, who together manage more than 21 million endpoints globally, centered on unplanned activities -- how often they occur, what types are most common, and the time spent identifying and addressing issues.
March 28, 2017
Read More


IT service providers, many other orgs targeted in long-standing attack campaign
US-CERT has released an alert warning about a sophisticated attack campaign using multiple malware implants and targeting organizations in the IT, Energy, Healthcare and Public Health, Communications, and Critical Manufacturing sectors.
April 28, 2017
Read More


IT teams struggle with digital transformation skills
New research conducted by Vanson Bourne aims to uncover how well-placed global IT leaders consider themselves and their teams to be in terms of meeting current and future business demands. of the six markets surveyed, Germany was found to be the best prepared to meet its digital transformation goals, closely followed by the U.S., while the UK lagged well behind its counterparts.
April 28, 2017
Read More


It's 2017 and Windows PCs are being owned by EPS files, webpages
Get patching ASAP as exploits are being used in the wild -- and fix Adobe stuff, too
May 9, 2017
Read More


It's now 2017, and your Windows PC can still be pwned by a Word file
Also: Edge is foiled by hyperlinks, Windows Server fails at authentication requests, and Microsoft is a $486bn company
January 10, 2017
Read More


It's official: the FBI says car hacking is a real risk
With a public service announcement compiled jointly with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI has announced that it finally considers car hacking a real and present danger, and so should the general public and vehicle manufacturers.
March 18, 2016
Read More


It's the thought that counts: Illinois emits 'no location stalking' law
No phone tracking without asking for permission that you probably already granted
June 29, 2017
Read More


It's time for a common sense security framework
Privacy Rights Clearinghouse maintains a database of every data breach made public since 2005, and as the total number of records rapidly approaches one billion, board members, infosec leaders, and consumers are all asking the same question: Why does this keep happening?
June 5, 2017
Read More


It's time to rethink using remote access VPNs for third-party access
No longer safely operating behind the traditional corporate perimeter, business productivity today depends on integrating external members of the extended enterprise into the work processes. this means giving access to critical business applications -- a risky aspect of doing business today, but necessary for most enterprises.
February 7, 2017
Read More


It's Windows 7 -- not Windows XP -- that's to blame for the spread of WannaCry ransomware
It's been a week since the WannaCrypt/WannaCry ransomware cyber attacks began, and the repercussions are still being felt. It became clear quite early on that the ransomware was hitting older Windows systems hard (Windows 10 wasn't affected), with a lot of talk focusing on the number of at-risk Windows XP systems still in service.
May 19, 2017
Read More


Misc. - J

JASK emerges from stealth with $12 million and an automated threat detection service
JASK is emerging from stealth today with $12 million in the bank and a machine learning technology that automates network monitoring and management for overtaxed security teams.
June 27, 2017
Read More


Java and Flash top list of most outdated programs on users' PCs
52% of the most popular PC applications, including Flash and Java, are out-of-date. People are exposing their PC and their personal data to risks, as malware targets older versions of software to exploit vulnerabilities.
March 23, 2017
Read More


Java and Python FTP attacks can punch holes through firewalls
Hackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls
February 21, 2017
Read More


Joomla users: Update immediately to kill severe SQLi vulnerability
Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found.
May 18, 2017
Read More


Joomla vulnerability can be exploited to hijack sites, so patch now!
If you're running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible -- or risk your site being hijacked.
December 14, 2016
Read More


Judge issues search warrant for anyone who Googled a victim's name in an entire US town
Court order casts wide net over 50,000 people
March 16, 2017
Read More


Jupyter Notebook unwittingly opens huge server security hole
Jupyter Notebook has become a reliable tool for individuals to learn new programming languages, build proof-of-concept tools and analyze data.
January 26, 2017
Read More


Misc. - K

Kaspersky and ESET top the security charts
The way people access the internet is changing, with a shift towards portable devices, and that in turn has led to a shift in the software they use.
January 30, 2017
Read More


Kaspersky Lab: 5 Travel Tips to Stay Safer
Kaspersky Lab, a global cybersecurity company, has studied the many tactics, methods and schemes of cybercriminals to understand how they work, and how the trick unsuspecting users. as we approach the year-end holiday season, Kaspersky Lab advises travelers to be wary while making financial transactions online.
January 16, 2017
Read More


Keep social engineering attacks from destroying your identity
Sometimes it takes a close call or bad experience to really hammer it home. the concept of identity theft is nothing new. to put it in perspective, my step-dad had his identity stolen, and didn't even know it. He was targeted by a social engineering attack and forked over several hundred dollars during the scam and didn't realize he was a victim until I sat down with him to help speed up his aging computer.
March 21, 2017
Read More


Key areas for risk managers in 2017 and beyond
A majority of banks and other financial institutions surveyed are not confident about their firms' effectiveness in managing cybersecurity and geopolitics, two of the biggest risks facing global businesses of all shapes and sizes, according to Deloitte Global's tenth survey of financial services risk managers.
March 6, 2017
Read More


Key causes of network outages and vulnerabilities
A new global study, conducted by Dimensional Research, surveyed 315 network professionals about their experiences with network outages, vulnerabilities and compliance.
November 15, 2016
Read More


Key to smart cybersecurity spending: Remove redundancies and strive for unification
Over the past two decades, the cybersecurity industry has been completely transformed. what was once seen as a somewhat niche field is now expected to reach a market valuation of $120 billion by the end of the year (according to research from Cybersecurity Ventures). And, that growth expected to further accelerate in the near future.
May 15, 2017
Read More


Key Transparency: a secure directory of public encryption keys
Google has released Key Transparency, an open source public directory meant to simplify the discovery of intended recipients' public encryption key.
January 17, 2017
Read More


Keyloggers: Beware this hidden threat
Common as dirt, recording every move you make.
June 28, 2017
Read More


Keys to attracting and retaining cybersecurity talent
Federal agencies need to invest strategically and heavily in their benefits strategy if they're going to successfully compete for cybersecurity talent, according to the Center for Cyber Safety and Education Global Information Security Workforce Study (GISWS).
May 11, 2017
Read More


Kingpin of IRS Scam that Made $225K/Day Arrested In India
Police in India say they've arrested the suspected kingpin behind a scammy call center operation that raked in $225,000 per day by pretending they were agents for the Internal Revenue Service.
April 10, 2017
Read More


Know your adversary: Focus on social engineering
In this podcast recorded at Black Hat USA 2017, Tim Roberts, Senior Security Consultant at NTT Security, talks about social engineering and emphasizes the importance of security awareness and security culture.
August 28, 2017
Read More


Know your enemy: Defining the new taxonomy of malicious emails
Just as it is the default tool for most businesses, email's capacity for rapid, mass communication has made it a favourite instrument of criminals. as a result, malicious emails have become a common occurrence in most consumer and business inboxes.
April 27, 2017
Read More


Kremlin-linked hackers believed to be behind Mac spyware Xagent
iPhone backups can be slurped for Mother Russia, say researchers
February 15, 2017
Read More


Krypt.co scores a $1.2M seed round to simplify developer encryption key security
Krypt.co, a new security startup founded by two former MIT students and one of their professors, is launching today with a free product called Kryptonite, designed to help developers protect their private encryption keys, using an app on their smartphones.
June 5, 2017
Read More


Misc. - L

Lack of IoT security could be our downfall
Just as healthcare providers need PALS certification to keep up with new discoveries and advancements in medicine, individuals who work in IT need to become recertified with data security measures. One particular area in need of improved security protocols is the Internet of Things (IoT). IoT is quickly becoming more and more popular and therefore more and more vulnerable.
February 10, 2017
Read More


Lack of security patching leaves mobile users exposed
An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old. Six percent of devices run patches that are six or more months old.
March 24, 2017
Read More


Laptop-light GoCardless says customers' personal data may have been lifted
Burglary didn't compromise payment system or financial info
February 7, 2017
Read More


Large corporations increasingly considering blockchain deployment
57% of large corporations are either actively considering, or are in the process of, deploying blockchain technology, according to Juniper Research.
August 1, 2017
Read More


Largest US voter data leak shines light on many problems
If US citizens weren't convinced by now that they have long lost control of their data, the fact is more than obvious after a misconfigured database containing 198 million US voters was found leaking the information online.
June 21, 2017
Read More


LastPass Authenticator Now Easier To Use With Cloud Backup Feature
LastPass announced a new cloud backup feature for its LastPass Authenticator (not to be confused with the LastPass Password Manager), which should remove some of the hassle of changing or resetting phones for its users.
May 19, 2017
Read More


LastPass extensions can be made to cough up passwords, deliver malware
LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims' passwords or execute commands on their computer.
March 22, 2017
Read More


LastPass is working on fixing latest code execution bug
It's been an eventful couple of weeks for LastPass developers, as they've scrambled to fix a couple of serious flaws in the popular password manager's extensions, which would allow attackers to get at users' passwords and even execute code on the users' machines.
March 28, 2017
Read More


LastPass password manager fixes serious password leak vulnerabilities in Chrome, Firefox, Edge extensions
One of the flaws could have also allowed for malicious code execution on users' computers under certain conditions
March 22, 2017
Read More


LastPass scrambles to fix another major flaw -- once again spotted by Google's bugfinders
Ormandy sets snowflakes off over disclosure
March 27, 2017
Read More


Latest Windows 10 Insider build pulls the trigger on crappy SMB1
Redmond adds UI tweaks, more emojis and Edge enticements
June 22, 2017
Read More


Launch your own cybersecurity sprint: 30 days to improved security
Whether it's well-publicized cyber attacks on government organizations or widespread ransomware that threatens to halt business operations, attackers continue to target privileged credentials as a quick and easy means to reach critical assets and steal sensitive data.
July 17, 2017
Read More


LaunchKey: Passwordless consumer authentication at scale
iovation announced its LaunchKey mobile multifactor authentication solution. It empowers global consumer brands to improve security and consumer experience by delivering a risk-aware alternative to passwords and two-factor authentication, at scale, via an easy-to-use mobile SaaS solution.
February 10, 2017
Read More


Law enforcement operation targets users of DDoS tools
From 5 to 9 December 2016, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of DDoS tools, leading to 34 arrests and 101 suspects interviewed and cautioned.
December 12, 2016
Read More


Lawmakers Seek Investigation Into Alleged Attack On FCC Commenting System
When the FCC's new leadership officially began the process of dismantling net neutrality rules, it didn't come as much of a surprise when an overwhelming amount of traffic crashed the Commission's public commenting system. After all, it happened a few years ago when these rules were being written. What did surprise people was the FCC's claim -- made without providing any additional information -- that the system failure was not the result of too many people trying to comment, but a malicious attack.
August 18, 2017
Read More


Leak of greater than 1,700 valid passwords could make the IoT mess much worse
List of unsecured devices lived in obscurity since June. Now, it's going mainstream.
August 25, 2017
Read More


Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8
Microsoft claims it has patched most of the exploited bugs
April 14, 2017
Read More


Leaked: Docs cataloguing CIA's frightening hacking capabilities
WikiLeaks has released 8,761 documents and files they claim originate from the US Central Intelligence Agency (CIA) — more specifically, from an "isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina."
March 7, 2017
Read More


Leaked: Personal info on 33+ million employees across the US
Personal and contact information on over 33 million employees of various US-based corporations and federal agencies like the Department of Defense has been leaked.
March 15, 2017
Read More


Learning from success: Brian Honan's infosec journey
When Brian Honan started his information security consultancy thirteen years ago, most of his conversations were with those in charge of IT and/or IT security within an organization. The focus of these discussions was usually on the technical aspects of security, while the policy and governance side was seen as a compliance headache.
August 22, 2017
Read More


Leprechaun Software
develops VirusBUSTER, an anti-virus software that protects PCs from boot, program, macro, and email based viruses.
Provides Information
Read More


Lessons from the CIA Hacking Leak: how to Keep your Data Secure
Thousands of leaked secret Central Intelligence Agency documents showing how the group hacked into phones, computers and internet-connected televisions erupted Tuesday with the look of another bombshell expose of government spying run amok.
March 8, 2017
Read More


Leveraging social media in advanced threat intelligence
In this podcast recorded at Black Hat USA 2017, Christian Lees, CISO at InfoArmor, discusses how leveraging social media helps to understand the motives and threat landscape from threat actors.
August 30, 2017
Read More


Like it or not, "cyber" is a shorthand for all things infosec
We have lost the cyber war. No, not that cyber war. Maybe war of words is a better way to put it. Whether we like it or not, cyber has become the default way for everyone else to talk about what we do.
March 27, 2017
Read More


Linksys Smart Wi-Fi routers full of flaws, but temporary fix is available
Over 20 models of Linksys Smart Wi-Fi routers have been found to have vulnerabilities that, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, change restricted settings, and inject and execute commands on the operating system of the router with root privileges.
April 20, 2017
Read More


Lip movement: Authentication through biometrics you can change
Choosing a unique, complex and long enough password that will still be easy to remember is a big challenge for most users, and most of them would happily opt for biometric authentication in a heartbeat.
March 16, 2017
Read More


Lippizan: Sophisticated, targeted spyware on Google Play
Google has discovered targeted spyware on Google Play that is likely the work of Equus Technologies, an Israeli cyber surveillance technology dealer.
July 27, 2017
Read More


Lithuanian arrested for $100 million BEC scams
Criminal charges were announced against Evaldas Rimasauskas for orchestrating a fraudulent business email compromise (BEC) scheme that induced two U.S.-based Internet companies to wire a total of over $100 million to bank accounts controlled by Rimasauskas. He was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.
March 22, 2017
Read More


Living in an Assume Breach world
Some security professionals claim their networks are secure from hacking. They may say this to justify a recent large purchase of security equipment. But many times, they say this because executive leadership or customers don't want to hear the bad news that all systems can be breached. As the poet Cross Jami said, "When a man is penalized for honesty he learns to lie."
August 23, 2017
Read More


Locky hidden in image file hitting Facebook, LinkedIn users
Malware masquerading as an image file is still spreading on Facebook, LinkedIn, and other social networks.
November 24, 2016
Read More


Locky ransomware makes a comeback, courtesy of Necurs botnet
The Necurs botnet has, once again, begun pushing Locky ransomware on unsuspecting victims.
April 24, 2017
Read More


Locky ransomware reportedly spreading on Facebook Messenger via JPG file
Very recently, it was reported that a piece of malware was spreading on Facebook, which exploited an image file to install malware. Today, a security firm has discovered a similar trick, which again takes advantage of images in order to install the Locky ransomware.
November 24, 2016
Read More


Locky ransomware returns with new tricks up its sleeve
Locky ransomware is back, again, delivered with the help of new tricks to fool users and anti-malware defenses.
September 1, 2017
Read More


Locky ransomware rises from the crypt with new Lukitus and Diablo variants
New variants of Locky--Diablo and Lukitus--have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky's presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
August 17, 2017
Read More


Login-stealing phishing sites conceal their evil with lots of hyphens in URL
Compromised domains target Android users with fake login pages for cloud services.
June 15, 2017
Read More


Logtrust debuts analytics solution for detecting threats in real-time
Logtrust announced at RSA Conference 2017 its Real-time Integrated Threat Analytics Solution Program.
February 15, 2017
Read More


Look out Silicon Valley, here comes Brit bruiser Amber Rudd to lay down the (cyber) law
Amber alert! The UK's Home Sec is heading this way
July 31, 2017
Read More


Low-cost PoisonTap tool can compromise locked computers
A new attack tool devised by security researcher Samy Kamkar will leave you wishing you could take your computer with you everywhere you go.
November 17, 2016
Read More


Misc. - M

Machine learning in cybersecurity will boost big data, intelligence, and analytics spending
Cyber threats are an ever-present danger to global economies and are projected to surpass the trillion dollar mark in damages within the next year. as a result, the cybersecurity industry is investing heavily in machine learning in hopes of providing a more dynamic deterrent. ABI Research forecasts machine learning in cybersecurity will boost big data, intelligence, and analytics spending to $96 billion by 2021.
January 31, 2017
Read More


Machine learning in information security: Getting started
Machine learning (ML) technologies and solutions are expected to become a prominent feature of the information security landscape, as both attackers and defenders turn to artificial intelligence to achieve their goals.
March 7, 2017
Read More


MacOS malware used to spy on home users in the US
A new variant of the macOS malware Fruitfly has been found by security researcher Patrick Wardle on some 400 machines of (mostly) home users located in the US.
July 25, 2017
Read More


Magento-based online shops hit with self-healing malware
Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de Groot.
February 17, 2017
Read More


Major data breach strikes Cloudflare, change your passwords immediately
For years, Cloudflare has provided a variety of services, including content delivery, DNS, and protection from DDoS attacks. Its services are widely used by many different companies and websites, though it's also been criticized for serving as an enabler to online piracy, terrorist organizations (two of ISIS' three forums in 2015 were guarded by Cloudflare), and other malcontents.
February 24, 2017
Read More


Major international crackdown on tech support scams
The FTC, along with federal, state and international law enforcement partners, announced Operation Tech Trap, a nationwide and international crackdown on tech support scams that trick consumers into believing their computers are infected with malware, and then charge them hundreds of dollars for unnecessary repairs.
May 15, 2017
Read More


Majority of workers blindly open email attachments
The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. of these respondents, 44 percent open these email attachments consistently every time they receive one, leaving organizations vulnerable to data breaches sourced to malicious attachments.
May 4, 2017
Read More


Making HTTPS phishing sites easier to spot
For years, we taught users that a website's URL that includes https at its very beginning is a relatively good indicator of whether they can safely input sensitive information into it.
June 28, 2017
Read More


Making enterprise content management secure and scalable
Content is one of the most valuable commodities that any business owns. It's the key driver of customer interactions, the foundation of core business processes, and it helps shape senior-level decision-making. Yet enterprises are clearly challenged by the need to manage large volumes of content in multiple formats -- and to do so in a compliant and secure manner.
June 27, 2017
Read More


Making security everybody's business goes beyond strong passwords
One of my colleagues recently shared a story that unfortunately, is not an uncommon happening among line of business application owners. He was monitoring a high value application using standard monitoring tools. He knew who was logging in, when, from where, and other information most application owners have purview to as part of their daily jobs.
May 4, 2017
Read More


Making sense of threat intelligence data in your IT environment
Threat intelligence data has been growing at an exponential rate of 39% a month. Enterprise customers are looking at around 30,000 events going into their SIEM every second. Only a small percentage have the infrastructure able to handle that amount of data.
March 8, 2016
Read More


Malicious ads trigger drive-by download of persistent Android adware
UK and US Android users have been saddled with unwanted apps via malicious ads that executed a drive-by download attack.
June 8, 2017
Read More


Malicious content delivered over SSL/TLS has more than doubled in six months
Threats using SSL encryption are on the rise. An average of 60 percent of the transactions in the Zscaler cloud have been delivered over SSL/TLS. Researchers also found that the Zscaler cloud saw an average of 8.4 million SSL/TLS-based security blocks per day this year.
August 3, 2017
Read More


Malicious online ads expose millions to possible hack
The attack campaign, called Stegano, has been spreading from malicious ads hosted by news websites
December 6, 2016
Read More


Malicious online ads expose millions to possible hack
The attack campaign, called Stegano, has been spreading from malicious ads hosted by news websites.
December 6, 2016
Read More


Malvertising campaign compromises routers instead of computers
The DNSChanger exploit kit is back and more effective than ever, and is being used in a widespread malvertising attack whose goal is to compromise small/home office routers.
December 16, 2016
Read More


Malvertising campaign targets routers and every device connected to router
Researchers warned that cyber-savvy crooks are using a malvertising campaign that infects routers and Android devices. Any devices connected to an infected router will also be infected.
December 14, 2016
Read More


Malware backdoors still the biggest threat to enterprises
New data from cloud security specialist Netskope shows that companies are still struggling to prevent network breaches and protect themselves at all points of entry.
April 20, 2017
Read More


Malware can Enable Surveillance by Turning Headphones Into Microphones
Researchers at the Ben-Gurion University of the Negev in Israel revealed that malware can turn headphones into microphones.
November 23, 2016
Read More


Malware creators increasingly run their business like legitimate software companies
The continuing increase in ransomware attacks is, partly, due to how easy the malware can be built and used by attackers that have limited technical skills.
July 26, 2017
Read More


Malware distributors switch to less suspicious file types
Recent email-based malware distribution campaigns have used malicious LNK and SVG attachments instead of JavaScript
February 6, 2017
Read More


Malware framework using legitimate utilities lobbed at government agencies
Bitdefender researchers have unearthed a previously unknown malware framework that, unlike those used by most APTs, contains many legitimate utilities.
May 5, 2017
Read More


Malware Hunter: Find C&C servers for botnets
Recorded Future and Shodan released Malware Hunter, a specialized crawler for security researchers that explores the Internet to find computers acting as remote access trojan (RAT) command and control centers.
May 3, 2017
Read More


Malware masquerading as an image spreads via Facebook
Malware spreading via Facebook has become a rare occurrence, but it does still occasionally crop up.
November 21, 2016
Read More


Malware posing as Siemens PLC software is hitting industrial environments
What kind of malware is hitting industrial control systems, and how worried should we and the operators of theses systems actually be?
March 23, 2017
Read More


Man stole bitcoin by phishing individuals on the dark web
Michael Richo, a 35-year-old from Connecticut, had the brilliant idea of stealing bitcoin from people involved in illegal deals through dark web marketplaces.
July 10, 2017
Read More


Man used DDoS attacks on media to extort them to remove stories, FBI says
"If you do not remove it immediately, more severe attacks will hit your website."
August 2, 2017
Read More


Manage SSL/TLS certificates across IT environments with Qualys CertView
Qualys announced CertView, a new app framework in the Qualys Cloud Platform that enables customers to discover, assess and manage SSL/TLS certificates on a global scale, helping them prevent downtime and outages, audit and compliance failures, and mitigate risks associated with any expired and/or vulnerable SSL/TLS certificates on their business-critical systems.
July 25, 2017
Read More


Managing third-party risk: Dominant trends
One in five organizations has faced significant risk exposure due to a third party in the last 18 months. of those who shared loss data, 25% said that the loss impact was greater than $10 million.
March 21, 2017
Read More


Many businesses spend more than $100,000 annually on additional cloud security features
Businesses prefer storing data in the cloud but plan to invest in extra security precautions, according to B2B ratings and reviews firm Clutch.
July 19, 2017
Read More


March Patch Tuesday closes record number of vulnerabilities
With no February Patch Tuesday, it was to be expected that Microsoft would fix a huge number of security issues in March. they didn't disappoint: 139 unique CVEs have been resolved.
March 15, 2017
Read More


Massive cybercrime infrastructure demolished
After more than four years of investigation, the Public Prosecutor's Office Verden and the Luneburg Police in cooperation with the US Attorney's Office for the Western District of Pennsylvania, the DOJ and the FBI, Europol and Eurojust, dismantled an international criminal infrastructure platform known as Avalanche.
December 2, 2016
Read More


Massive Global Cyberattack Shuts Down World's Biggest Shipping Company
Petya is the new WannaCry.
June 27, 2017
Read More


Massive Google Phishing Attack Highlights OAuth's Flaws
Google announced yesterday that Gmail for Android will soon warn you about potentially malicious emails. the company's timing couldn't have been more ironic, because on the same day, roughly 1 million people were affected by a phishing attack that stole information from their Google accounts.
May 4, 2017
Read More


Massive Oracle Critical Patch Update fixes 270 vulnerabilities
Oracle has released the first Critical Patch Update scheduled for 2017, and it's massive. It fixes 270 vulnerabilities across multiple products, and over 100 of them are remotely exploitable by unauthenticated attackers.
January 19, 2017
Read More


Massive ransomware campaign spreading around the world like wildfire
Organizations around the world have been hit with the Wana Decrypt0r (aka WannaCry) ransomware, in what seems to be the most massive ransomware delivery campaign to date.
May 12, 2017
Read More


Mastercard acquires NuData Security
Mastercard has entered into an agreement to acquire NuData Security, a technology company that helps businesses prevent online and mobile fraud using session and biometric indicators. Terms of the agreement were not disclosed.
March 30, 2017
Read More


Mastercard introduces cards that work with fingerprints instead of PINs
Mastercard has added fingerprint sensors to its payment cards, in an attempt to make face-to-face payments more convenient and more secure.
April 20, 2017
Read More


Maximizing MSP Profits with Cybersecurity Partnerships
Managed service providers are tasked with serving a broad range of markets, from construction to healthcare; accounting to legal; staffing firms to manufacturing; media and advertising to technology. But the day-to-day MSP challenges, even across so many diverse verticals, remain the same.
December 13, 2016
Read More


McAfee aims to strengthen human-machine defense teams
"Today's security teams are facing 244 new cyber threats every minute, amid a serious talent shortage. Siloed security, without automation, managed by overwhelmed teams is not a sustainable defense strategy," said Raja Patel, Vice President and General Manager, Corporate Security Products, McAfee.
July 28, 2017
Read More


McAfee launches virtual security platform for AWS
Workloads on AWS can be vulnerable to a number of different threats including cross-site scripting, SQL injection and botnets, and if one virtual server is compromised malware has potential to move to a customer's other machines.
August 14, 2017
Read More


McAfee Virus Scan Enterprise opens Linux machines to remote attackers
Security researcher Andrew Fasano has discovered a multitude of vulnerabilities in McAfee Virus Scan Enterprise product for Linux -- vulnerabilities that can be chained together to achieve root access to the machine running the software, and ultimately execute malicious code on it.
December 13, 2016
Read More


Medical washer-disinfector appliance's web server open to attack
Here's a string of words that you probably never thought you'll hear: An Internet-connected washer-disinfector appliance by German manufacturer Miele sports a vulnerable embedded web server.
March 27, 2017
Read More


Megaviral Meitu "beauty" app's data grab is anything but skin-deep
Android version seeks intrusive permissions, sends lots of data to servers in China.
January 20, 2017
Read More


Meitu photo retouching app may be invading your privacy
Have you heard about Meitu, the photo retouching mobile app that turns people into more cutesy or beautiful versions of themselves? Chances are that even if you don't know the app's name, you've already seen examples of the final product posted on a social network of your choice.
January 20, 2017
Read More


Meitu pleads complete innocence against spyware claims
You may have seen our story earlier today about the worrying permissions used by photo app Meitu -- and you have almost certainly seen the disturbing images created in the app and shared on Facebook. the company behind the app -- also called Meitu -- has jumped to defend itself, insisting there is nothing sinister going on.
January 20, 2017
Read More


Meitu's photo-effects app tracks users without disclosing enough
It's not malware, but the long-popular Chinese app's U.S. breakout moment was marred by a lack of disclosure and leftover code. Its maker promises to improve.
January 20, 2017
Read More


Men overboard! US Navy spills data on 134k sailors
In the Navy, we sink thanks to HPE! In the Navy, we leak data with much ease!
November 23, 2016
Read More


Metasploit upgraded to sniff out IoT weakspots in corporate networks
Radio frequency testing probes for foreign bodies
March 22, 2017
Read More


Michigan State University database with 400,000 student and staff records breached
Michigan State University has announced on Friday that a university server and a database containing information on some 400,000 faculty, staff and students has been accessed by a unauthorised third party.
November 21, 2016
Read More


Michigan State University: yet another data breach, yet another story to forget
On Nov. 18 2016, Michigan State University (MSU) reported that a database - which contained approximately 400,000 records including names, social security numbers and MSU identification numbers of current and former students and employees - was targeted by hackers resulting in a data breach.
November 22, 2016
Read More


Microsoft and Google increase bug bounty payouts
Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.
March 6, 2017
Read More


Microsoft bug bounty: now it doubles cash to put more focus on Office 365 flaws
Microsoft wants security researchers to switch more of their efforts to core applications in Office 365.
March 6, 2017
Read More


Microsoft buys security-automation vendor Hexadite
Microsoft plans to beef up its Windows Defender Advanced Threat Protection service in Windows 10 with its purchase of Hexadite.
June 8, 2017
Read More


Microsoft changing how Security-Only Patch Supersedence Works this Month
Microsoft today announced a December change in its servicing model for older Windows environments after some customers got tripped up by the new patch model.
December 6, 2016
Read More


Microsoft Details Windows 10's Built-in Ransomware Protection
When WannaCry hit last month, Microsoft took the unusual step of patching all of its older operating systems to guard against the systemic threat the ransomware posed to infrastructure and critical facilities, like hospitals. The one OS that didn't require any patching was Windows 10. Now, Microsoft has released a report on how Windows 10 is designed to prevent ransomware attacks. While such techniques are always a race between black hats on one side and white hats on the other, it's an interesting look at how OS design has evolved over the years, and what an OS developer can do to help prevent them.
June 14, 2017
Read More


Microsoft extends the Microsoft Edge Bounty Program
Initially time-bound, the Microsoft Edge Bounty Program has now been turned into one that will run indefinitely, Microsoft has announced.
June 22, 2017
Read More


Microsoft fixes 25 critical issues in August Patch Tuesday
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be exploited to achieve remote code execution, but the good news is that none of them are currently under active attack -- even though some exploits are already public.
August 9, 2017
Read More


Microsoft fixes another 'potentially extremely bad' vulnerability found by Google researcher
Google's Project Zero researcher Travis Ormandy seems to have a way with Windows exploits. Just three days after he revealed what he called a 'crazy bad vulnerability' in Windows earlier this month, he was back at it again with another critical exploit in Microsoft's Windows Defender.
May 29, 2017
Read More


Microsoft is killing off SMBv1 in Windows 10 to thwart the likes of WannaCry
From the fall, Microsoft is disabling SMBv1 in Windows 10. With the release of Windows 10 Fall Creators Update (or Redstone 3 if you prefer), the protocol that was exploited by the WannaCry ransomware will be no more.
June 19, 2017
Read More


Microsoft may offer a one-time discount on Windows 10 in India to curb ransomware threats
With two major ransomware outbreaks within a very short period, the need to upgrade from older, insecure versions of Windows to the latest version of the operating system has been realized by all. For most users in developing countries such as India, the pricing of the OS still remains an issue. However, the country's chief of cybersecurity has now revealed that Microsoft has agreed to give a one-time discount for Windows 10 upgrades in the country.
June 30, 2017
Read More


Microsoft Office vulnerabilities mean no .doc is safe
On the same day as a big Windows 10 update, Microsoft is patching an Office flaw that could let hackers take control of your machine.
April 11, 2017
Read More


Microsoft opens cybersecurity center to protect Mexicans
The Cybersecurity Engagement Center will bring together technology, experience and services to support government efforts against cybercrime while also helping companies and citizens to be more secure.
February 24, 2017
Read More


Microsoft opens fuzz testing service to the wider public
Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry.
July 28, 2017
Read More


Microsoft PatchGuard flaw could let hackers plant rootkits on x64 Windows 10 boxen
Redmond shrugs, says PC would already need to be thoroughly pwned
June 22, 2017
Read More


Microsoft plugs crazy bad bug with emergency patch
On Monday night, Microsoft released a critical out-of-band security update for the Microsoft Malware Protection Engine, to plug an easily exploitable bug that could allow remote attackers to compromise target Windows machines.
May 9, 2017
Read More


Microsoft pushes out patches for critical Flash Player vulnerabilities
Microsoft has skipped its February 2017 Patch Tuesday and postponed the release of those patches for March, but there are apparently security vulnerabilities that must be fixed now.
February 22, 2017
Read More


Microsoft pushes out critical Flash Player patches with one week delay
A critical Windows update released Tuesday fixes vulnerabilities in Flash Player
February 22, 2017
Read More


Microsoft releases Windows Ransomware Patch, Blasts NSA for Malware Stockpile
Microsoft on Friday released a security update for Windows XP that fixes an SMB v1 hole that has been recently used to spread ransomware via phishing attacks.
May 15, 2017
Read More


Microsoft should be applauded for its response to the WannaCrypt crisis
I've certainly been highly critical of Microsoft in the past, particularly last year when the company began forcing Windows 10 on to users.
May 15, 2017
Read More


Microsoft signs agreement to acquire Hexadite
Microsoft signed agreement to acquire Hexadite to support ongoing investments in next-gen security innovation
June 8, 2017
Read More


Microsoft to governments: Stop hoarding vulnerabilities
Microsoft is full of surprises lately: first they issued patches for unsupported versions of Windows, then they publicly criticized the NSA for hoarding knowledge about critical software vulnerabilities (and exploits for them).
May 15, 2017
Read More


Microsoft Touts Windows 10 'Creators Update' Ransomware Protections
Microsoft has published details about how the Windows 10 "creators update" (version 1703, released in April) provides protection against ransomware, including last month's infamous "WannaCrypt" (or "WannaCry") ransomware outbreak.
June 12, 2017
Read More


Microsoft turns two-factor authentication into one-factor by ditching password
As long as you can log in to your phone, you can log in to your Microsoft Account.
April 19, 2017
Read More


Microsoft unveils a bonanza of security capabilities
New features for Windows and Office 365 aim to help businesses with cybersecurity
February 10, 2017
Read More


Microsoft users can ditch password-based logins for phone sign-in 2FA
Microsoft added a new feature to its authenticator app, allowing users to sign into their Microsoft account without having to enter their password.
April 20, 2017
Read More


Microsoft warns of new tech support scams that use phishing tactics
Online scammers are always modifying and evolving their ploys, and one of the latest such scams involves spam email that resembles tech support messages from well-known companies and retailers, designed to get victims to click suspect links or call in for fake support, according to Microsoft.
August 8, 2017
Read More


Microsoft will now pay up to $250,000 for Windows 10 security bugs
Microsoft is launching a new Windows Bounty Program today, designed to expand its existing security bug bounty programs. While the software giant has previously paid out $100,000 for Windows 8.1 bugs, this new program will see the software giant pay out far more for serious Hyper-V flaws in Windows 10 or Windows Server operating systems.
July 26, 2017
Read More


Microsoft: 'No known ransomware works against Windows 10 S'
When WannaCry was running rampant on older versions of Windows -- Windows 7 being the most at risk -- Windows 10 was unaffected. According to Microsoft, "no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack."
June 8, 2017
Read More


Microsoft: Windows 10 will stop a ransomware epidemic when antivirus fails
Microsoft's latest argument for moving to Windows 10 is its built-in security features that can stop a ransomware infection from becoming an epidemic.
January 31, 2017
Read More


Microsoft's decision to retire security tool is myopic
Plan to end EMET support in mid-2018 comes under fire from security analyst
November 29, 2016
Read More


Millions exposed to malvertising that hid attack code in banner pixels
Manipulated images are almost impossible to detect by the untrained eye.
December 6, 2016
Read More


Millions of smart devices in Spain are vulnerable to attack
Avast revealed the findings of its research experiment into smart devices, including public and private webcam vulnerabilities in Spain, and, specifically, in Barcelona.
February 28, 2017
Read More


Minecraft players get scams instead of mods
Google has recently removed 87 fake Minecraft mods from Google Play, after being notified by researchers about their malicious nature.
March 23, 2017
Read More


Mirai copycats fired the IoT-cannon at game hosts, researchers find
After first wave attacks ended, thing-herders took aim at PlayStation, XBOX and Valve
August 21, 2017
Read More


Mirai is the hydra of IoT security: Too many heads to cut off
Some botnets have been disbanded, but new uses continue to emerge
March 14, 2017
Read More


MITRE offers temporary solution to the CVE assignment problem
MITRE's short-term solution to the problem of slow CVE assignment is to set up an experimental system for issuing federated CVE IDs using a new format.
March 18, 2016
Read More


Mobile forensics firm Cellebrite confirms data breach
Israeli mobile forensics firm Cellebrite has announced that it has suffered a data breach following an unauthorized access to an external web server.
January 13, 2017
Read More


Mobile payment card cloning: Understanding the risks
Mobile contactless payments have grown exponentially and Host Card Emulation (HCE) -- the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware -- has also boosted the number of applications.
April 12, 2017
Read More


Mobile workers continually expose organizations to security risks
29 percent of organisations have already experienced either a data loss or breach as a direct result of mobile working, according to research conducted by Vanson Bourne. as many as 44 percent expect that mobile workers will expose their organisation to the risk of a data breach. Underlining this concern, 48 percent say employees are one of their biggest security risks.
March 15, 2017
Read More


Modern security programs: Artificial intelligence and machine learning
A new research report by Carbon Black aggregates insight from more than 400 interviews with leading cybersecurity researchers who discussed non-malware attacks, artificial intelligence (AI) and machine learning (ML), among other topics.
March 29, 2017
Read More


Modern threat landscape: Seismic shifts in motivation and focus
Cybercriminals revealed new levels of ambition in 2016 -- a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec's Internet Security Threat Report (ISTR), Volume 22.
April 27, 2017
Read More


Monitoring scanning activities that could lead to IoT compromises
IoT devices are ideal targets for attackers looking to build DDoS botnets because they have limited or non-existent security features.
February 8, 2017
Read More


More and more apps equipped with ultrasonic tracking capability
Researchers have found 234 Android applications that are constantly listening for ultrasonic beacons in the background, allowing companies to track users' current location or their habits -- without the users' knowledge.
May 3, 2017
Read More


More Android-powered devices found with Trojans in their firmware
Doctor Web researchers have discovered two types of downloader Trojans that have been incorporated in the firmware of a number of Android-powered devices.
December 13, 2016
Read More


More attacks, new technologies: Cybersecurity predictions for the year ahead
Every day, the cybersecurity landscape changes. Each new device connected to the network presents a new target for attackers that needs to be secured, and each new social media post creates new risks for phishing attacks or social engineering.
January 3, 2017
Read More


More fun in the sandbox: Experts praise security improvements to Edge
Time will tell if Microsoft's browser is less ez2pwn
March 30, 2017
Read More


More links between WannaCry and Lazarus group revealed
Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist.
May 23, 2017
Read More


More mobe malware creeps into Google play -- this time, ransomware
Charger seeks to drain bank accounts of unlucky 'droids
January 26, 2017
Read More


More people infected by recent WCry worm can unlock PCs without paying ransom
A tool released on Friday decrypts PCs running a fuller suite of Windows versions.
May 19, 2017
Read More


More than a million people were affected by the Google Docs phishing attack
A small percentage of Gmail users -- which is still a lot of users -- were affected.
May 4, 2017
Read More


More than half of companies fail to measure the effectiveness of their cyber security
With businesses spending increasing amounts on cyber security, a new survey reveals that many of them are failing to measure the effectiveness of their investments.
July 27, 2017
Read More


Most businesses will not put off cloud adoption because of security concerns
Businesses are pressing ahead with their digital transformation plans, despite fears of being hit by a cyber attack or data protection regulations. This is according to a new independent research report from Advanced, which questioned over 500 senior executives in UK organisations about their attitudes to using the cloud as part of their digital transformation plans.
June 26, 2017
Read More


Most companies fail to measure cybersecurity effectiveness
Thycotic released its first annual 2017 State of Cybersecurity Metrics Report which analyzes key findings from a Security Measurement Index (SMI) benchmark survey of more than 400 global business and security executives around the world.
July 27, 2017
Read More


Most companies falsely believe their Active Directory is secure
A majority of companies falsely believe their Active Directory (AD) is secure, according to a new survey conducted jointly by Skyport Systems and Redmond Magazine.
May 11, 2017
Read More


Most corporate finance leaders expect to change fraud-fighting strategies
Today's senior finance executives are battling record levels of fraud, in turn narrowing corporate focus and limiting resources that could otherwise be devoted to innovation, planning, budgeting and compliance.
June 16, 2017
Read More


Most damaging threat vector for companies? Malicious insiders
According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.
August 2, 2017
Read More


Most employees use unsanctioned group chat tools
Employees are sharing sensitive company information using group chat tools that are not officially sanctioned for use, according to SpiderOak.
January 20, 2017
Read More


Most Major Antivirus Programs Bypassed by the CIA, Shows WikiLeaks Document
WikiLeaks recently published thousands of documents that the organization said belongs to the CIA. Among them, there was a document that showed a list of antivirus and other security products that have been exploited and bypassed by the CIA.
March 8, 2017
Read More


Most organizations are not leveraging the benefits of business agility
Only 12 percent of organizations can claim that their whole organization is on the path to business agility, according to CA Technologies.
August 8, 2017
Read More


Most organizations are unaware of daily malicious activity
A new DomainTools survey of more than 550 security analysts, IT managers, and executives revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network. More than one in four organizations have been breached in the past 12 months, while 23 percent aren't sure if they have been breached or not.
January 26, 2017
Read More


Most organizations believe their mainframe is more secure than other systems
While 78 percent of CIOs say their mainframe is more secure than other systems, 84 percent say they are still exposed to a significant risk of insider threats due to blind-spots in internal data access and controls.
June 7, 2017
Read More


Most organizations were victims of business email compromise in 2016
Nearly three quarters of corporate treasury and finance professionals said their companies were victims of payments fraud last year, according to the Association for Financial Professionals (AFP). this is the highest percentage since the survey debuted in 2005 and comes after a dramatic increase in 2015.
April 6, 2017
Read More


Most people would pay a ransom to get their data back
The high-profile WannaCry attack was the first time that 57% of US consumers were exposed to how ransomware works, the results of a recent Carbon Black survey have revealed.
May 26, 2017
Read More


Most security pros expect increasing attacks on Industrial Internet of Things
A new Dimensional Research survey looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.
March 13, 2017
Read More


Most SMBs plan to outsource IT security this year
96 percent of small- to medium-sized businesses (SMBs) in the US, UK, and Australia believe their organizations will be susceptible to external cybersecurity threats in 2017. And although businesses recognize the growing threats, 71 percent still admit not being ready to address them, the results of a recent Webroot survey have revealed.
August 1, 2017
Read More


Motivation roulette: Is pseudo-ransomware a term?
It used to be so simple. Attack campaigns were relatively simple to determine, for example when we detailed the recent Shamoon campaign it was clear that this was intended to disrupt the victim. In this case the target was clearly Saudi Arabia, and the use of a wiper component indicated the objective of the perpetrators of the attack.
August 14, 2017
Read More


Moving towards compliance: GDPR issues and challenges
In this podcast, Mike McCandless, VP of Sales and Marketing for Apricorn, and Jon Fielding, Managing Director for Apricorn EMEA, discuss the European Union General Data Protection Regulation, otherwise known as GDPR, and look at some of the issues and challenges organizations will likely face whilst moving towards compliance.
June 6, 2017
Read More


Mozilla ports simplified private browsing app to Android
Less than a year since the release of Firefox Focus for iOS, Mozilla has ported the privacy-focused browser to Android.
June 21, 2017
Read More


Mozilla sets up private, encrypted file sharing service for large files
Mozilla has launched an online service for private sharing of encrypted files between two users. It's called Send, and it's meant to ensure users' shared files do not remain online forever.
August 4, 2017
Read More


MS Office zero-day exploited in attacks -- no enabling of macros required!
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe -- not even those who use a fully patched Windows 10 machine.
April 10, 2017
Read More


MS Office zero-day is used to infect millions of users with Dridex
The still unpatched MS Office zero-day vulnerability (CVE-2017-0199) publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking malware.
April 11, 2017
Read More


MSPs Won't Believe what Ransomware is up to Now...
Did we get you to click? That's how the bad guys get you, too. One little click on the wrong link and your clients' businesses could be up the proverbial creek.
December 21, 2016
Read More


MTV's Catfish wants to introduce people to their internet trolls in real life
MTV's Catfish: the TV Show, a morally questionable documentary series based on the infamous, morally questionable documentary film of the same name, usually seeks out romantic relationships between internet strangers from which to draw poignant and/or horrifying human drama.
April 24, 2017
Read More


Multiple security flaws found in mainstream robotic technologies
IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. the array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack.
March 2, 2017
Read More


Mystery deepens over Android spyware targeting Israeli soldiers
'Unlikely Hamas is responsible' — researchers
February 17, 2017
Read More


Misc. - N

Nagios Core 4.2.4 closes serious root privilege escalation bug
If you're using Nagios Core to monitor your systems, networks and infrastructure, and you have not updated to version 4.2.4, you better hop to it.
December 16, 2016
Read More


NanoCore RAT creator pleads guilty
26-year-old Taylor Huddleston, of Hot Springs, Arkansas, pleaded guilty today to charges of aiding and abetting computer intrusions.
July 26, 2017
Read More


Nation-states are biggest cyber threat for drug and medical device makers
Government-sponsored hackers were seen as the biggest threat to cyber security among executives in charge of technology, information, and security at drug and medical device makers, according to the 2017 Cyber Healthcare & Life Sciences Survey by audit, tax and advisory firm KPMG.
July 31, 2017
Read More


Nearly all WannaCry victims were running Windows 7
Roughly 98 percent of PCs hit by the ransomware attack were running Windows 7, says security firm Kaspersky Lab.
May 19, 2017
Read More


Needle iOS security testing tool to be unveiled at Black Hat Arsenal
In a session at Black Hat USA 2016 on Wednesday, Marco Lancini, Security Consultant at MWR InfoSecurity, will demonstrate publicly for the first time a new iOS security testing tool.
August 1, 2016
Read More


Netflix 4K streaming comes to the PC–but it needs Kaby Lake CPU
You will also need latest version of Windows 10, Edge browser to get 4K video.
November 22, 2016
Read More


Netflix Phishing Attack Steals Credit Card Data, Personal Info
FireEye revealed that Netflix users in the United States were recently targeted by a phishing campaign.
January 9, 2017
Read More


Netgear pushes out beta firmware for vulnerable router models
Netgear has confirmed that eight of its router models are vulnerable to device hijacking due to a vulnerability that can be easily exploited by remote, unauthenticated attackers.
December 13, 2016
Read More


Netherlands reverts to hand-counted votes to quell security fears
Windows XP? SHA-1? USB sneakernet? what were they thinking? Or smoking?
February 2, 2017
Read More


Network forensics tool NetworkMiner 2.2 released
NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic. It collects data about hosts on the network rather than to collect data regarding the traffic on the network.
August 22, 2017
Read More


Network management vulnerability exposes home cable modems to hacking
SNMP authentication bypass flaw could be used to hijack hundreds of thousands of cable modems from around the world.
April 28, 2017
Read More


Network security: a team sport for SMBs
The increased volume and frequency of cyberattacks has made information security an everyday issue of great importance, regardless of your geographical location, industry, language or culture. Soccer, often regarded as the world's most popular sport, is a similar universal phenomenon -- one that lends itself well as a lens to see how SMB teams can work together to mitigate security risks.
November 28, 2016
Read More


Network teams spend more time on data security amidst new threats
Enterprise network teams are expending more time and resources than ever before to battle security threats, according to Viavi Solutions, who surveyed 1,035 CIOs, IT directors, and network engineers around the world.
April 11, 2017
Read More


New AirDroid releases fix major security issues
Popular AirDroid remote management tool for Android can now be used without worrying about malicious updates and data theft, its developers claim.
December 12, 2016
Read More


New Android malware breaches over a million Google accounts
Researchers at cyber security company Check Point have uncovered a new malware variant that has breached more than a million accounts and is infecting over 13,000 Android devices a day.
November 30, 2016
Read More


New attack sounds death knell for widely used SHA-1 crypto hash function
SHA-1 is definitely, provenly dead, as a group of researchers from CWI Institute in Amsterdam and Google have demonstrated the first practical technique for generating a collision.
February 24, 2017
Read More


New authentication methods help companies to ditch passwords
Most people now recognize that passwords alone are flawed as a means of securing systems. The problem is that there are lots of options when it comes to finding a better way of doing things.
August 31, 2017
Read More


New Browser Act would restore restrictions on sharing browsing history
Google and Facebook would face the same rules as Comcast and AT&T
May 19, 2017
Read More


New Cerber ransomware variant steals Bitcoin wallets, passwords
Here's a new reason to fear ransomware more than ever before: a new variant of Cerber has been modified to steal Bitcoin wallets and passwords before encrypting victims' files and demanding ransom.
August 7, 2017
Read More


New class of attacks affects all Android versions
Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users' Android devices.
May 26, 2017
Read More


New Gmail anti-phishing features rely on machine learning
Google has announced several new security features and improvement of existing ones in order to protect Gmail users against phishing emails.
June 2, 2017
Read More


New Gmail phishing technique fools even tech-savvy users
An effective new phishing attack is hitting Gmail users and tricking many into inputing their credentials into a fake login page.
January 16, 2017
Read More


New Home Depot Data Leak Exposes Gap In Consumer Privacy Protection
Recently, Consumerist received an anonymous tip pointing to an internet address that hosted digital images of bathtubs, garage doors, kitchen countertops, contractors at work on various projects, and customers picking out and paying for products in a home-center store. the site also hosted 13 Excel spreadsheets of customer records, including the full names, phone numbers, mailing addresses and email addresses of approximately 8,000 people, as well as other information chronicling the apparent installation complaints of each customer.
April 27, 2017
Read More


New infosec products of the week​: September 1, 2017
Palo Alto Networks announces Next-Generation Security Platform for VMware Cloud on AWS
September 1, 2017
Read More


New infosec products of the week​: August 25, 2017
Malwarebytes for Android features proprietary anti-ransomware technology
August 25, 2017
Read More


New infosec products of the week: August 18, 2017
New Firebox M Series appliances help SMBs keep up with encrypted traffic
August 18, 2017
Read More


New infosec products of the week: August 11, 2017
Forensically sound extraction of public domain social media data
August 11, 2017
Read More


New infosec products of the week: August 4, 2017
New Forcepoint CASB behavior analytics help security teams reduce time to action
August 4, 2017
Read More


New infosec products of the week of July 14, 2017
Pramati introduces ThumbSignIn biometric authentication platform
July 14, 2017
Read More


New infosec products of the week June 30, 2017
Protection against the impacts of malware, ransomware and DNS data exfiltration
June 30, 2017
Read More


New infosec products of the week June 23, 2017
API Behavioral Security: Detecting and blocking attacks targeting API infrastructures
June 23, 2017
Read More


New infosec products of the week June 16, 2017
Uplevel Systems unveils managed VPN service infrastructure
June 16, 2017
Read More


New infosec products of the week June 9, 2017
Absolute expands its self-healing endpoint security and compliance solutions for Android devices
June 9, 2017
Read More


New infosec products of the week June 2, 2017
EclecticIQ Platform broadens scope of available cyber threat intelligence
June 2, 2017
Read More


New infosec products of the week May 26, 2017
Independent expert advice on Data Protection and GDPR
May 26, 2017
Read More


New infosec products of the week May 19, 2017
Delta is testing facial recognition technology
May 19, 2017
Read More


New infosec products of the week May 12, 2017
Versive Security Engine detects cyber campaigns automatically with AI
May 12, 2017
Read More


New infosec products of the week May 5, 2017
Inside threat detection and alerting from Code42
May 5, 2017
Read More


New infosec products of the week April 28, 2017
Cyberbit EDR uses adaptive behavioral analysis to detect fileless, signature-less attacks
April 28, 2017
Read More


New infosec products of the week April 21, 2017
ThreadFix integrates application security into DevOps pipelines
April 21, 2017
Read More


New infosec products of the week April 7, 2017
A rules engine that adapts to changing attack patterns
April 7, 2017
Read More


New infosec products of the week March 31, 2017
Waterfall Security, CNA Hardy and THB partner to create global industrial cyber proposition
March 31, 2017
Read More


New infosec products of the week March 24, 2017
Lookout expands mobile endpoint security solution
March 24, 2017
Read More


New infosec products of the week March 17, 2017
Capture, process, analyze data generated by IoT devices
March 17, 2017
Read More


New infosec products of the week March 3, 2017
Nehemiah Security's AtomicEye RQ quantifies the effects of cyber exploits
February 23, 2017
Read More


New infosec products of the week February 24, 2017
Security solutions for IoT automotive telematics
February 24, 2017
Read More


New infosec products of the week: February 10, 2017
Capsule8: Container-aware, real-time threat protection for Linux
February 10, 2017
Read More


New infosec products of the week February 3, 2017
New approach to continuous Docker container security
February 3, 2017
Read More


New infosec products of the week January 27, 2017
Prevent DNS-based data exfiltration and detect malware
January 27, 2017
Read More


New infosec products of the week January 20, 2017
Twistlock 1.7 comes with new runtime defense architecture
January 20, 2017
Read More


New infosec products of the week January 13, 2017
Denim Group enhances ThreadFix platform
January 13, 2017
Read More


New infosec products of the week December 16, 2016
Ixia enhances network assessment and monitoring platform
December 16, 2016
Read More


New infosec products of the week December 9, 2016
Thales releases advanced encryption solutions for secure docker containers
December 9, 2016
Read More


New infosec products of the week December 2, 2016
Trend Micro offers Deep Security as a Service on AWS Marketplace
December 2, 2016
Read More


New infosec products of the week November 25, 2016
Anomali STAXX: Easy way to subscribe to any STIX/TAXII feed
November 24, 2016
Read More


New infosec products of the week November 18, 2016
ThreatQuotient delivers threat intelligence platform for threat operations and management
November 18, 2016
Read More


New intelligence service allows companies to protect their digital identity
Hackers often seek to imitate well-known companies in order to cash in on events as we saw in the wake of the recent WannaCry attacks.
July 25, 2017
Read More


New IoT malware targets 100,000 IP cameras via known flaw
The new malware emerged exploiting vulnerabilities that a researcher reported in March
May 9, 2017
Read More


New Mac malware linked to Russian hackers of US election
APT28, blamed for the hack of the Democratic Party, releases Xagent malware that can steal iPhone backups.
February 15, 2017
Read More


New Microsoft Edge vulnerability allows hackers to steal your cookie and password data
Security researcher Manuel Caballero has discovered a vulnerability in the code of Microsoft's default browser for Windows 10, that can allow the theft of password and cookie data from your computer, giving unauthorized access to sites such as Facebook and Twitter.
May 12, 2017
Read More


New minimum code signing requirements for use by all CAs
The Certificate Authority Security Council, an advocacy group committed to the advancement web security, announced the Code Signing Working Group has released new Minimum Requirements for Code Signing for use by all Certificate Authorities.
December 12, 2016
Read More


New platform detects and blocks attacks using behavior patterns
Traditional security solutions rely on detecting an attack based on existing information, which allows zero-day threats to slip through the net.
January 12, 2017
Read More


New platform looks to plug gaps in enterprise security
When enterprises have a range of different IT systems and integrated supply chains it can lead to gaps in security coverage which are easily overlooked.
August 14, 2017
Read More


New PowerPoint malware delivery technique tested by spammers
A spam run detected by several security companies has attempted to deliver malware through an innovative technique: a link in a PowerPoint slideshow.
June 9, 2017
Read More


New Samsung security camera hacks show yet again why it's important to have a good firewall
The saga of hacks made on Samsung's popular SmartCam security cameras are a perfect illustration of why your network defense must start with a well-managed firewall. It has become impossible to rely on IoT device makers to create completely secure devices, and unworkable to have to keep them all up to date even when patches are provided. So while the history of these hacks isn't unique, it does provide a good case study.
January 19, 2017
Read More


New security concerns due to business complexities
It is estimated that in 2016, more than $94 billion will be invested in security solutions, per industry analyst forecasts, yet nearly half of organizations report having had a breach -- either internal or external -- in the last twelve months.
January 10, 2017
Read More


New sheriffs in town: No More Ransom
A couple of months ago, Intel Security, Kaspersky Lab, Dutch National Police and Europol announced the No More Ransom initiative.
December 14, 2016
Read More


New skimmers fit right on top of chip and PIN credit card scanners
As usual Mr. Krebs has some great images of a credit card skimmer found in the wild. this model uses Samsung phone parts and lays right over the Ingenico card scanners you've probably seen in stores. the interesting thing is that these scanners also support chip and PIN technology but, as evidenced by the photo, it looks like the retailer disabled it essentially sending the scanner back into the 1970s and allowed the skimmer unfettered access.
March 2, 2017
Read More


New software adds secure authentication to any enterprise application
Increased numbers of phishing and other cyber attacks are putting companies under greater pressure to secure their applications.
May 23, 2017
Read More


New solution uses machine learning to protect against botnet attacks
The Mirai botnet is thought to have affected more than 1.5 million smart devices over the past few months.
January 4, 2017
Read More


New statistical model examines massive amounts of data to automatically spot anomalies
With the number of security breaches and cyber-attacks on the rise, cyber-security experts may soon have a new tool in the fight against online threats. Scientists have developed a new statistical method for monitoring networks to automatically detect 'strange behavior' and ultimately prevent intrusion.
July 31, 2017
Read More


New tech support scam borrows ransomware tricks
You've probably heard about tech support scams and ransomware attacks separately, but there's a new breed of malware that includes elements of both. the latest breed of support scam substitutes a human "support rep" in place of a ransomware bitcoin payment. the current examples don't seem to employ encryption, but they might be just as effective at extracting money from victims thanks to the seemingly helpful person on the other end of the phone.
February 24, 2017
Read More


New UK data protection law to offer more control to users
UK citizens will have more control over how their personal information is used by businesses, and the right to demand from social media companies and online traders the deletion of such data, the UK government has decided.
August 8, 2017
Read More


New WannaCry variant being monitored, DHS official says
U.S. doesn't have many victims of ransomware outbreak; those hit aren't seeing significant problems
May 15, 2017
Read More


New year, new patches: a look back and what to expect in the future
As to be expected when ringing in a new year, there are predictions galore flooding social media and that includes the cybersecurity space. Predications are more than just possibilities when it comes to landscape we now know as IoT-based on the trends that ushered out 2016.
January 9, 2017
Read More


New year's resolution for IoT vendors: Start treating LANs as hostile
The prevalence of insecure default configurations for embedded devices suggests that vendors don't account for LAN-based threats
December 29, 2016
Read More


New year's resolution for IoT vendors: Treat LANs as hostile
The prevalence of insecure default configurations for embedded devices suggests that vendors don't account for LAN-based threats
December 29, 2016
Read More


New York's cyber security regulations aren't perfect, but other states should pay attention to them
The new rules, which go into effect March 1, call for banks and insurers to scrutinize security at third-party vendors that provide them goods and services.
February 28, 2017
Read More


New, custom ransomware delivered to orgs via extremely targeted emails
Ransomware campaigns are usually wide-flung affairs: the attackers send out as many malicious emails as possible and hope to hit a substantial number of targets. But more targeted campaigns are also becoming a trend.
August 28, 2017
Read More


Newly discovered router flaw being hammered by in-the-wild attacks
Researchers detect barrage of exploits targeting potentially millions of devices.
November 28, 2016
Read More


Newly leaked documents show low-level CIA Mac and iPhone hacks
For years, the agency has known of implants for iPhones and low-level rootkits for MacBooks.
March 23, 2017
Read More


Next level red teaming: Working behind enemy lines
The term "hacker" calls forth both positive and negative mental pictures, but I can bet that there are not many people, even in the infosec community, to whom the term generates the image of a guy running through the jungle with a laptop and an automatic weapon.
December 1, 2016
Read More


Nintendo offers up to $20,000 for bug info
Video game giant Nintendo has set up a bug bounty program through HackerOne's platform, and is asking researchers to find and flag vulnerabilities in the Nintendo 3DS family of handheld game systems.
December 6, 2016
Read More


Nishang: Using PowerShell for penetration testing
Nishang is a framework, and a collection of scripts and payloads which enables PowerShell usage for offensive security, penetration testing and red teaming.
August 1, 2016
Read More


NIST: In mobile authentication, think hardware, not software
The National Institute of Standards and Technology is trying to bolster ecommerce authentication on desktops and mobile devices.
August 21, 2017
Read More


Nmap 7.60 released: SSH support, SMB2/SMB3 improvements, 14 more scripts
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
August 2, 2017
Read More


No, Windows XP didn't fuel WannaCry
Scratch that idea, says Kaspersky, after mining attack detection data from PCs running its security software
May 22, 2017
Read More


Node.js Foundation to oversee the Node.js Security Project
The Node.js Security Project will become a part of the Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform.
December 1, 2016
Read More


NordVPN's impressive features, lack of user logs make it a top VPN option
NordVPN is one of the best virtual private network (VPN) providers out there, due to its lack of user logs, plenty of servers, and P2P connectivity.
May 10, 2017
Read More


Northern Ireland cops hired cybersecurity biz to ID critics on Twitter
Anonymous trolls censured force's management
August 31, 2017
Read More


Not all threat intelligence is created equal
In this podcast recorded at RSA Conference 2017, John Czupak, CEO at ThreatQuotient, and Jonathan Couch, Senior VP of Strategy at ThreatQuotient, talk about what's important to know about the difference between threat intel versus threat intelligence platforms, how threat intelligence changed over the past few years, and much more.
February 27, 2017
Read More


NotBeingPetya: UK critical infrastructure firms face huge fines for lax security
Makes you WannaCr... we mean WannaPatch
August 8, 2017
Read More


NotPetya aftermath: Companies lost hundreds of millions
The infamous NotPetya ransomware attack, which started in Ukraine on June 27 but later spread to many international businesses, has resulted in huge monetary losses for the victims.
August 17, 2017
Read More


NotPetya attacker can't provide decryption keys, researchers warn
While defenders and security researchers are sifting artefacts that could help prevent new NotPetya ransomware attacks and perhaps point to the identity of the attacker, the victims are trying to recover their systems.
June 29, 2017
Read More


NotPetya outbreak: What we know so far
Tuesday's ransomware outbreak hit many businesses and government entities around the world, but by far the most numerous victims are located in Ukraine.
June 28, 2017
Read More


NoTrove threat actor delivering millions of scam ads
Researchers at RiskIQ have identified NoTrove, a threat actor that is delivering millions of scam ads that threaten consumers and further undermine the digital advertising industry. NoTrove was so effective that one of his pages ranked as one of the internet's most visited pages for one day.
April 26, 2017
Read More


NSA backdoor detected on >55,000 Windows boxes can now be remotely removed
Microsoft dismisses DoublePulsar infection estimates, but otherwise remains silent.
April 25, 2017
Read More


NSA's alleged leaker got tripped up by a secret printer feature
The Department of Justice is charging Reality Winner with leaking a classified NSA report -- investigators just had to follow the hidden prints.
June 6, 2017
Read More


NSA-Derived Ransomware is So Serious, Microsoft is Patching Windows XP
Last week, we discussed the appearance of a new type of ransomware and the havoc it has wreaked across the internet. WannaCrypt (also known as Wanna, Wannacry, or Wcry) uses NSA-derived exploits and has hit tens of thousands of systems worldwide. Infections have spread across the globe and included institutions in Spain, the UK, China, Russia, and the United States.
May 15, 2017
Read More


NTT Security: Delivering cyber resilience
In this podcast recorded at RSA Conference 2017, Garry Sidaway, SVP of Security Strategy & Alliances for NTT Security, talks about the formation of NTT Security and how they deliver cyber resilience by enabling organizations to build high-performing and effective security.
February 21, 2017
Read More


NTT Security to give away Gap Assessment at Black Hat USA 2017
This year at Black Hat USA 2017, NTT Security is focusing on incident response readiness with a promotion called Swimming with the Sharks: The Need for Proactive Critical Incident Response.
July 14, 2017
Read More


Nuh-uh, Google, you will hand over emails stored on foreign servers, says US judge
If you can access them in California, so can the Feds
April 20, 2017
Read More


Number of compromised records up 566% in 2016
The number of records compromised grew a historic 566 percent in 2016 from 600 million to more than 4 billion.
March 30, 2017
Read More


Number of disclosed vulnerabilities reaches all time high in 2016
A new report shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. the 15,000 vulnerabilities cataloged during 2016 by Risk Based Security eclipsed the total covered by the CVE and National Vulnerability Database (NVD) by more than 6,500.
February 6, 2017
Read More


Number of HTTPS phishing sites triples
When, in January 2017, Mozilla and Google made Firefox and Chrome flag HTTP login pages as insecure, the intent was to make phishing pages easier to recognize, as well as push more website owners towards deploying HTTPS.
May 19, 2017
Read More


Misc. - O

Obscuring malicious Facebook links using the Open Graph Protocol
Most users click on links popping up in their Facebook News Feed without thinking twice about it, but it's good to keep in mind that they can lead to malicious sites.
August 7, 2017
Read More


Of machines and men: AI and the future of cybersecurity
For many in the cybersecurity community, 'Ghost in the Shell', both in its source material and recent film adaptation, is an inventive representation of where the sector is heading. we still have a way to go, but the foundations are in place for the melding of human and machine.
April 13, 2017
Read More


Off-the-shelf BYOD systems bring privacy and security risks
When companies allow staff to use their own systems to access corporate data, the devices used can often be outside of IT department control.
March 18, 2016
Read More


Offer of nude celeb photos turns Twitter users into spammers
If not careful, Twitter users who are dead set on seeing nude photos of WWE star Paige will end up on marketers" spam lists and with their own Twitter account pushing out messages leading other users to the same scam they fell for.
March 21, 2017
Read More


Oil and gas companies' cybersecurity strategies are evolving
Lacking enterprise-wide cyber analytics technology to monitor for cyberattacks, most oil and gas companies are not fully aware of when or even how cyberattacks might affect them, according to new research from Accenture.
April 7, 2017
Read More


Old Windows PCs can stop WannaCry ransomware with new Microsoft patch
In a rare step, Microsoft published a patch for Windows XP, Windows Server 2003 and Windows 8.
May 15, 2017
Read More


One billion users affected in newly revealed Yahoo hack
Yahoo has revealed that it's been the victim of another hack and massive data breach that resulted in the compromise of information of a billion users!
December 14, 2016
Read More


One in five UK businesses suffered a cyber attack in the past year
One in five businesses have fallen victim to cyber attacks in the past year, according to the British Chambers of Commerce.
April 18, 2017
Read More


One of 1st-known Android DDoS malware infects phones in 100 countries
Move over, IoT. Attackers are abusing a new widely used platform to knock out sites.
August 28, 2017
Read More


One third of executives have blockchain on their mind
In a study among C-Suite executives seeking their perspective on blockchain, one third of almost 3,000 executives surveyed are using or considering blockchain in their business.
May 22, 2017
Read More


OneLogin suffers data breach, again
OneLogin, a popular single sign-on service that allows users to access thousands of popular cloud-based apps with just one password, has suffered what seems to be a serious data breach.
June 1, 2017
Read More


Online banking customers remain extremely frustrated with passwords
A new survey by iovation and Aite Group, polled nearly 1,100 consumers across four generations who use online and/or mobile banking platforms to better understand their attitudes toward various authentication mechanisms used today.
March 22, 2017
Read More


Online card fraud up as thieves avoid more secure chip cards for in-store payments
Increasing use of biometrics may help protect online payments
February 3, 2017
Read More


Online credit card fraud up 20% Black Friday to Cyber Monday
Iovation released new data that shows card-not-present fraud increased significantly from Black Friday to Cyber Monday 2016 when compared to the same period in past years.
December 2, 2016
Read More


"Online fraudsters" preferred tools and techniques revealed
A new report by DataVisor Threat Labs has provided unprecedented insight into the behaviors and attack techniques of some of the world's largest online crime rings, and revealed their favorite tools and attack techniques for creating accounts and evading detection.
March 15, 2017
Read More


Open Security Controller: Security service orchestration for multi-cloud environments
The Linux Foundation launched the Open Security Controller project, an open source project focused on centralizing security services orchestration for multi-cloud environments.
June 29, 2017
Read More


OpenVPN to get two separate security audits
VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of OpenVPN.
December 9, 2016
Read More


Operators of decade-old Malware-as-a-Service outfit charged
As Crackas With Attitude hacker "Incursio" got handed a 2-year prison sentence for gaining unauthorized access to government computers and online accounts of a number of US government officials (including then-CIA Director John Brennan), his hacking colleagues are either awaiting sentencing in the US or prosecution by the UK Crown Prosecution Service.
July 6, 2017
Read More


Operatively-sourced threat intelligence: Using human awareness
In this podcast recorded at RSA Conference 2017, Mike Kirschner, Senior Vice President of Sales and Marketing, Advanced Threat Intelligence at InfoArmor, talks about the platforms that they've developed and the data sets that they have — everything from risk to network, to advanced intelligence type services
March 1, 2017
Read More


Oracle buys Dyn
Oracle today announced that it has signed an agreement to acquire Dyn, a cloud-based Internet Performance and DNS provider that monitors, controls, and optimizes Internet applications and cloud services.
November 21, 2016
Read More


Organizations are intimidated by global privacy and data security regulations
While companies generally are aware of and intimidated by global privacy and data security regulations, they fail to properly understand and address necessary organizational changes to comply.
June 27, 2017
Read More


Organizations are not effectively dealing with open source security threats
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation (COSRI) analyzed 1,071 applications audited during 2016 and found both high levels of open source usage -- 96% of the apps contained open source -- and significant risk to open source security vulnerabilities -- more than 60% of the apps contained open source security vulnerabilities.
April 20, 2017
Read More


Organizations award hackers up to $900,000 a year in bug bounties
A new HackerOne report examines over 800 hacker-powered programs from organizations including Airbnb, GitHub, General Motors, Intel, Lufthansa, Nintendo, U.S. Department of Defense, Uber, and more. Findings are based on nearly 50,000 resolved security vulnerabilities and more than $17 million in bounties awarded.
June 28, 2017
Read More


Organizations hit with Petya ransomware with a twist
Various organizations are being targeted by cyber crooks leveraging the infamous Petya ransomware.
March 15, 2017
Read More


Organizations remain vulnerable to brute force attacks
Gaining access to accounts is often done the old-fashioned way, using brute force guesses, but a new report reveals that many devices and accounts still have default usernames and passwords.
March 19, 2017
Read More


Organizations seeking way to balance development agility with application security
A new DigiCert survey reveals that 98 percent of enterprises integrating their security teams into their existing DevOps methodologies. Or, at least they're trying to.
July 19, 2017
Read More


Organizations still unclear on cloud security responsibility
Vanson Bourne surveyed 1,300 IT decision makers from organizations using public cloud Infrastructure as a Service (IaaS) from the Americas, Europe, Middle East and Africa (EMEA), and from Asia Pacific (APAC).
June 23, 2017
Read More


Organizations still vulnerable to brute force attacks
While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, according to Ixia.
March 19, 2017
Read More


Organized sextortion led four British men to suicide?
Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims.
November 30, 2016
Read More


Our personal information is now currency and we should spend it morely wisely
We're all data-millionaires and should start acting like one.
December 20, 2016
Read More


Outdated operating systems triple the risk of a data breach
The recent WannaCry attack has highlighted the dangers of running out of date and un-patched systems.
June 8, 2017
Read More


Outdated programs main cause for security incidents
Did you update Flash on your PC? how about Java? According to cybersecurity firm Avast, you probably didn't -- and that's the number one cause of cybersecurity incidents.
March 28, 2017
Read More


Outdated systems and their link to data breaches
BitSight analyzed more than 35,000 companies from industries across the globe over the last year, to better understand the usage of outdated computer operating systems and Internet browsers, the time to it took to update operating systems once a new release was made available, and how these practices correlate to data breaches. The data shows that there are large gaps in asset management programs across the globe.
June 9, 2017
Read More


Over 2.8 million cheap Android smartphones come with preinstalled backdoor
If you're using a cheap Android smartphone manufactured or sold by BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo, you are likely wide open to Man-in-the-Middle attacks that can result in your device being thoroughly compromised.
November 21, 2016
Read More


Over 400,000 phishing sites have been observed each month during 2016
84 percent of phishing sites observed in 2016 existed for less than 24 hours, with an average life cycle of under 15 hours. the data collected by Webroot shows that today's phishing attacks have become increasingly sophisticated and carefully crafted in order to obtain sensitive information from specific organizations and people.
December 6, 2016
Read More


Over a third of IoT medical device organizations suffer security incidents
As the internet of things spreads into more and more areas, increasing numbers of medical devices are now connected, making them vulnerable to cyber attacks that could shut down medical processes, expose critical hospital and patient data, and ultimately put patient safety at risk.
August 15, 2017
Read More


Over-reliance on one defensive layer leads to ransomware attacks: prepare early, check often
Since its first appearance more than 20 years ago, ransomware has become one of the most discussed cyber threats -- affecting companies of all sizes, across all industries.
May 12, 2017
Read More


Misc. - P

Packet Analytics
Net/FSE, Packet Analytics' network data search engine, puts the power of real time searches over terabytes of NetFlow data in the hands of security analysts. Employing sophisticated algorithms, Net/FSE reduces exposure to significant business risk by enabling security specialists to quickly and determine the extent of a network alert.
Provides a Service
Read More


PacketTotal: Free online tool for analyzing packet captures
PacketTotal is a free tool for analyzing packet captures that has recently been offered to the infosec community.
February 13, 2017
Read More


Password managers may not be as secure as you think
Password managers are often pitched as a convenient way to secure online accounts. Their main appeal is that they can generate and store very complex, distinct passwords -- that would normally be virtually impossible for the average person to memorize (or for someone to crack) -- and the user only has to remember a master password -- that encrypts them -- to access those credentials.
March 3, 2017
Read More


Password Reset MITM: Exposing the need for better security choices
Attackers that have set up a malicious site can use users' account registration process to successfully perform a password reset process on a number of popular websites and messaging mobile applications, researchers have demonstrated.
June 23, 2017
Read More


Patch and security management take 8 hours per month for most companies
Shavlik and AppSense used VMworld Europe 2016 to collect data from frontline experts, and to highlight patch management and security concerns in corporations.
January 17, 2017
Read More


Patch Critical: new Vulnerability on Microsoft Windows Operating Systems Found by Secunia Research
The edition of Microsoft Patch Tuesday released yesterday brought a highly critical vulnerability found and described by Hossein Lotfi from Secunia Research at Flexera Software. the vulnerability is in a core component of all supported versions of Microsoft Windows operating systems, the so-called Unicode Scripts Processor that is enclosed in the operating system.
December 14, 2016
Read More


Patch to fix Intel-based PCs with enterprise bug rolls out this week
Intel is also offering a tool to help IT administrators discover machines built with the vulnerability
May 8, 2017
Read More


Patients with St. Jude pacemakers called in for firmware update
Patients using one of several types of implantable radio frequency-enabled pacemakers manufactured by St. Jude Medical will have to visit their healthcare provider to receive a firmware update that fixes several cybersecurity issues.
August 31, 2017
Read More


Payment security: What are the biggest challenges?
With cybercrime on the increase, payment card security is increasingly a focus for companies and consumers alike. The Payment Card Industry Data Security Standard (PCI DSS) is there to help businesses that take card payments protect their payment systems from breaches and theft of cardholder data.
August 31, 2017
Read More


PCI SSC publishes best practices for securing e-commerce
Exponential online sales growth paired with the EMV chip migration in the US makes e-commerce payment security for merchants more important than ever before. as EMV chip technology continues to reduce face-to-face credit card fraud, the shift to e-commerce security becomes increasingly important to businesses large and small.
February 2, 2017
Read More


Peace in our time! Symantec says it can end Google cert spat
It's basically a promise to do better and not mess things up
April 27, 2017
Read More


People are still the biggest security threat to any organization
Despite an increase in spending and investment in deterrence tactics and detection tools, insider threats continue to cause harm to all types of organizations.
March 31, 2017
Read More


Perception and reality: The role of AI and automated cyber defenses
Executives in the U.S. and Europe now place broad trust in artificial intelligence (AI) and machine learning systems, designed to protect organizations from more dynamic pernicious cyber threats, according to Radware.
June 16, 2017
Read More


'Petya' ransomware: Everything you need to know
There's another massive ransomware attack sweeping across the world. If you're dual-booting your Mac, here's what you need to know to stay safe.
June 28, 2017
Read More


Phishers new social engineering trick: PDF attachments with malicious links
It is -- or it should be -- a well known fact that attackers occasionally email potential victims with PDF attachments containing malware or exploit code.
January 27, 2017
Read More


Phishers offer WoW players free in-game pets
Avid World of Warcraft players are being targeted with phishing emails seemingly coming from Blizzard Entertainment, the video game developer behind the popular multiplayer role-playing game, warns Malwarebytes' Chris Boyd.
March 29, 2017
Read More


Phishers steal Chrome extension from developer
An attacker has compromised the Chrome Web Store account of German developer team a9t9 software, and has equipped their Copyfish Chrome extension with ad/spam injection capabilities.
July 31, 2017
Read More


Phishers' techniques and behaviours, and what to do if you've been phished
Once a user has been phished, how long does it takes for the phishers to misuse the stolen credentials?
July 28, 2017
Read More


Phishing attacks responsible for three-quarters of all malware
With phishing now widely used as a mechanism for distributing ransomware, a new NTT Security reveals that 77% of all detected ransomware globally was in four main sectors -- business & professional services (28%), government (19%), health care (15%) and retail (15%).
April 25, 2017
Read More


Phishing attacks using internationalized domains are hard to block
Chrome and Firefox developers attempt to find a balance between showing internationalized domain names and protecting users from phishing
April 21, 2017
Read More


Phishing through homographs: Letters that look alike but lead you astray in some browsers
An old, unsolved problem with non-Roman characters in domain names raises it head again, but you can deter it.
May 29, 2017
Read More


Phishing trends: Who is targeted and why
The business model of phishing has evolved. the bad guys have found ways to multiply their profits at the expense of organizations they aren't even attacking directly, according to PhishLabs.
February 8, 2017
Read More


PhishTank
Out of the Net, into the Tank.
Provides a Service
Read More


Photo gallery: Black Hat USA 2017
Black Hat USA 2017 is underway at Las Vegas, and here are a few photos from the Business Hall and the Arsenal.
July 26, 2017
Read More


Photo gallery: Black Hat USA 2017, part 2
Black Hat USA 2017 is underway at Las Vegas, and here are a few photos from the Business Hall, the Arsenal, and the Innovation City.
July 27, 2017
Read More


Photo gallery: Infosecurity Europe 2017 Expo
Infosecurity Europe 2017 is underway at Olympia London in London. Here are a few photos from the expo floor.
June 7, 2017
Read More


Photo gallery: Infosecurity Europe 2017 Expo, part 2
Infosecurity Europe 2017 is underway at Olympia London in London. Here are a few photos from the expo floor.
June 7, 2017
Read More


Photos: HITBSecConf Amsterdam 2017
The always exciting Hack In the Box conference took place last week in Amsterdam. Groundbreaking security research was disclosed during the event, which also featured a free and open CommSec (community + security) track of talks, along with an exhibition area dedicated to all things hacker and maker.
April 18, 2017
Read More


Photos: RSA Conference 2017 Expo, part 2
RSA Conference 2017 is underway at the Moscone Center in San Francisco.
February 16, 2017
Read More


Photos: RSA Conference 2017, Early Stage Expo
RSA Conference 2017 is underway at the Moscone Center in San Francisco.
February 15, 2017
Read More


Picky ransomware targets specific subset of would-be Netflix users
Aspiring Netflix users who don't want to actually pay for the popular video on demand service are being targeted with a new type of ransomware.
January 30, 2017
Read More


Playing the blame game: Breaking down cybersecurity attribution
Attributing the adversary behind a cyber attack ranks as perhaps the hardest challenge in all of cyber security, well beyond securing networks from intrusions, for the simple reason that bits are simply bits and do not belong to any single person. In other words, I can flawlessly copy any digital content including malware and other attack exploits and re-use it without leaving behind my personal fingerprints.
December 19, 2016
Read More


Poachers are trying to hack animal tracking systems
Animal tracking through electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers, hunters, animal-persecution groups and people interested in seeing and interacting with the animals — all to the detriment of our animal brethren.
March 6, 2017
Read More


Police dismantle organised crime network suspected of online payment scams
The Polish National Police, working in close cooperation with its law enforcement counterparts in Croatia, Germany, Romania and Sweden, alongside Europol's European Cybercrime Centre (EC3), have smashed a Polish organised crime network suspected of online payment scams and money laundering.
June 5, 2017
Read More


Police watchdog investigates illegal outsourced Indian hackers scandal
Will the whistleblower please identify himself, asks IPCC
May 11, 2017
Read More


Pompeo sworn in as CIA chief amid opposition from surveillance critics
Pompeo was sworn in by Vice President Mike Pence after Senate confirmation
January 24, 2017
Read More


Poor endpoint security can cost you millions in detection, response, and wasted time
A new study reveals organizations are wasting an average of $6 million on the time to detect and contain insecure endpoints, among other staggering findings that show endpoint threats are a growing concern, companies are not efficiently protecting their proprietary data, and the cost and complexity of reducing endpoint risks are at an all-time high.
June 13, 2017
Read More


Popular smart toys violate children's privacy rights?
My Friend Cayla and i-Que, two extremely popular "smart" toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children's) rights to security and privacy, researchers have found.
December 6, 2016
Read More


Powerful Android RAT impersonates Netflix app
Mobile malware peddlers often make their malicious wares look like popular Android apps and push them to users through third-party app stores. the latest example of this is the fake Netflix app spotted by Zscaler researchers.
January 26, 2017
Read More


Predictive breach-risk platform helps enterprises stay secure
Companies face the possibility of security breaches from many different sources, which means they must constantly react to new threats.
June 6, 2017
Read More


Pressures security professionals face have become more personal
While 53% of security professionals report increased pressure in trying to secure their organization, there has been a shift in the source of this stress, according to Trustwave. Security is now becoming more personal, with 24% of respondents citing pressure exerted by oneself as the second-biggest human pressure pusher, up 13% from the previous year.
April 13, 2017
Read More


Privacy activist wants to unveil lawmakers' browser histories
GoFundMe campaign focused on fighting back at Internet privacy changes
March 30, 2017
Read More


Privacy awareness checklist for GDPR readiness
A little more than a year out from its effective date of May 25, 2018, the General Data Protection Regulation (GDPR) is undoubtedly on the minds of many of privacy professionals whose organizations handle the data of EU citizens.
May 15, 2017
Read More


Privacy by Design: what it is and where to build it
People tend to think about privacy in terms of the individual, but it is also critically important for the proper functioning of any business organization. this is being made increasingly relevant by the recent rise of personalization initiatives that rely on user data to recommend the right products or services to customers.
March 18, 2016
Read More


Privacy expectations and the unfortunate reality
A recent survey that polled 5,710 Americans on private browsing (aka "Privacy Mode", aka "Incognito Mode") revealed that 46 percent of them have used the option at least once, and 32.9 percent of those use it daily.
January 31, 2017
Read More


Privacy groups say FBI hacking operation went too far
The FBI used malware to hack 8,700 computers in 120 countries in a child pornography probe
February 10, 2017
Read More


Privacy Isn't Dead. It's More Popular Than Ever
One out of every seven people on the planet uses the messaging app WhatsApp every day, according a recent blog post from the company. A billion people a day send messages to their friends and family on a service that's end-to-end encrypted by default, up from a billion per month last year.
July 27, 2017
Read More


Privacy warning: Meitu photo app is spyware sharing your phone's data
There has been a sudden craze for freaky-looking photos created using the Chinese app Meitu. the images the app creates are either cutesy or horrific, depending on your point of view, but it's what's going on in the background that has people concerned.
January 20, 2017
Read More


Privacy, security concerns grow for wearables
While Google Glass was not the success Google wanted it to be, there is no doubt that the wearable camera market is growing.
June 19, 2017
Read More


Products highlighted by recent infosec awards
Bitglass was named by Cyber Defense Magazine the winner of the Hot Company award in the Cloud Security Solutions category.
February 17, 2017
Read More


Protect your privacy with SafeErase Professional 11
O&O Software has released the latest version of its commercial secure-deleting privacy protector, SafeErase Professional 11.
November 16, 2016
Read More


Protecting against man in the browser attacks
The web-enabled generation has become increasingly reliant on technology for everyday activities. Cloud services, social networks, web extensions, plug-ins and online games, are all growing in popularity and as such, are replacing desktop applications. this heightened use of mobile web-browsers has opened the back door to cybercriminals, who now have new channels to implement browser-based attacks, spread malware and maximize infection campaigns.
December 22, 2016
Read More


Protecting data isn't optional: what frustrates CIOs and CISOs?
In this podcast recorded at RSA Conference 2017, Chris Drake, CEO at Armor, talks about the frustration that he sees in the cybersecurity industry as he continues to meet CIOs and CISOs in the field.
March 6, 2017
Read More


Protecting hybrid apps from attackers [Q&A]
In order to speed up development times and roll out their apps across multiple platforms without the need to create entirely new code, companies are increasingly turning to hybrid apps. The problem is that these rely on HTML and JavaScript code which is relatively easy to reverse engineer.
July 4, 2017
Read More


Protecting smart hospitals: a few recommendations
The European Union Agency for Network and Information Security (ENISA) has released a new report to help IT and security officers of healthcare organizations implement IoT devices securely and protect smart hospitals from a variety of threats.
November 28, 2016
Read More


Protecting your cloud from ransomware
For enterprises that use the cloud, the key to being protected starts with understanding the layers that make up the components of their cloud stack. These different layers create multiple potential targets, and for the informed, they each represent a piece of the cloud environment that can be secured against potential threats.
May 22, 2017
Read More


Public cloud services spending to reach $122.5 billion in 2017
Worldwide spending on public cloud services and infrastructure will reach $122.5 billion in 2017, an increase of 24.4% over 2016. Over the 2015-2020 forecast period, overall public cloud spending will experience a 21.5% compound annual growth rate (CAGR) — nearly seven times the rate of overall IT spending growth. by 2020, IDC forecasts public cloud spending will reach $203.4 billion worldwide.
February 21, 2017
Read More


Purism Laptops to Use 'Heads' Firmware to Protect Against Rootkits, Tampering
Purism, a startup that builds laptops with a focus on privacy and security, announced that Trammell Hudson, an infosec researcher known for creating the "Thunderstrike' exploits against Macs, will collaborate with the company to integrate his own "Heads' firmware project into Purism laptops to increase their anti-tampering security.
April 12, 2017
Read More


Pwn2Own contest highlights renewed hacker focus on kernel issues
All Pwn2Own exploits this year achieved privilege escalation, mostly through OS kernel flaws
March 18, 2016
Read More


Pwn2Own contest highlights renewed hacker focus on kernel issues
All Pwn2Own exploits this year achieved privilege escalation, mostly through OS kernel flaws
March 18, 2016
Read More


Pwn2Own hacking contest ends with two virtual machine escapes
Two teams of researchers chain multiple vulnerabilities together to escape from a guest OS running inside a VMware Workstation virtual machine
March 19, 2017
Read More


Pwnd Android conference phone exposes risk of spies in the boardroom
Researchers could listen in on meetings and plant backdoors
February 15, 2017
Read More


Pwnie Express open sources IoT and Bluetooth security tools
Pwnie Express announced the availability of open sourced versions of its Blue Hydra and Android build system software. the release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices.
July 29, 2016
Read More


Misc. - Q

QNAP NAS devices open to remote command execution
If you're using one of the many QNAP NAS devices and you haven't yet upgraded the QTS firmware to version 4.2.4, you should do so immediately if you don't want it to fall prey to attackers.
April 7, 2017
Read More


Qualys and Bugcrowd bring automation, crowdsourcing to web app security
At RSA Conference 2017, Qualys and Bugcrowd announced joint development integrations allowing joint customers the ability to share vulnerability data across automated web application scanning and crowdsourced bug bounty programs.
February 14, 2017
Read More


Qualys app for IBM QRadar offers critical insight into key vulnerability metrics
At RSA Conference 2017, Qualys launched a new Qualys App for the IBM QRadar Security Intelligence Platform, which allows customers to visualize their network IT assets and vulnerabilities in real-time, and helps teams produce continuous vulnerability and risk metrics from a data analytics perspective.
February 16, 2017
Read More


Qualys at RSA Conference: Implementing innovation
There will be no lack of interesting content from Qualys at this year's RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations.
February 10, 2017
Read More


Qualys brings web application security automation to a new level
At RSA Conference 2017, Qualys announced new functionality in its web application security offerings, including scalable fast scanning, detection and patching of websites, mobile applications and Application Programming Interfaces (APIs) in one unified platform.
February 13, 2017
Read More


Qualys CISO on making everything visibile and secure
In this podcast recorded at Black Hat USA 2017, Mark Butler, CISO at Qualys, talks about his role, streamlining security and compliance solutions, building security into digital transformation initiatives, end-to-end IT security, keeping your teams in sync, and compliance for all your assets.
August 7, 2017
Read More


Qualys Container Security: Discover, track, and secure containers
Qualys announced a new solution that extends its single-pane visibility and continuous security to the new and growing virtualization environment of Docker containers, and enables customers to proactively build security into their container deployments and their DevOps processes at any scale.
June 12, 2017
Read More


Qualys enables customers to efficiently comply with key GDPR elements
Qualys now offers customers purpose-built content, workflows and reporting in its cloud platform to provide them with continuous IT asset visibility, data collection and risk evaluation for compliance with the EU General Data Protection Regulation (GDPR). It also helps customers with ongoing protection of personal data across global IT environments and third parties.
June 6, 2017
Read More


Qualys helps federal agencies address requirements of White House EO on cybersecurity
The FedRAMP-certified Qualys Cloud Platform now supports the requirements laid out in the 2017 White House Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
June 14, 2017
Read More


QRLJacking: a new attack vector for hijacking online accounts
We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use.
August 1, 2016
Read More


Misc. - R

Ransoc browser locker/ransomware blackmails victims
An unusual combination of browser locker and ransomware, dubbed Ransoc by researchers, is targeting users who visit adult sites.
November 17, 2016
Read More


RansomFree protection software gets key upgrades
Today, at RSA Conference 2017 in San Francisco, Cybereason launched the latest version of RansomFree, the free, anti-ransomware protection software, which works on PCs running Windows 7, 8 and 10, Windows 2010 R2 and Windows 2008 R2.
February 13, 2017
Read More


Ransomware attacks growing rapidly, organizations are struggling
The percentage of ransomware attacks increased from 5.5%, to 10.5% of all recognized malware attacks from July to December 2016, according to Check Point.
February 22, 2017
Read More


Ransomware disrupts Washington DC's CCTV system
Ransomware attacks target various types of systems and businesses and are unlikely to stop
January 30, 2017
Read More


Ransomware hits San Francisco's transport system, users get free rides
The computer systems of the San Francisco Municipal Transportation Agency have been hit with ransomware on Friday. the infection apparently still persists on some of the systems, but others have already been cleaned and restored.
November 28, 2016
Read More


Ransomware locks up San Francisco public transportation ticket machines
Some systems now restored; attacker demanded $73,000.
November 28, 2016
Read More


Ransomware spiked 752% in new families
2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises.
March 2, 2017
Read More


Ransomware Strike Game: Classic shooter reinvented
Today you have a chance to kill the ugly ransomware creature with a gun. Netwrix presents its Ransomware Strike Game, a cyber-security version of the classic shooter.
March 23, 2017
Read More


Ransomware success creates apathy towards traditional antivirus software
In the last 12 months, 48 percent of organizations across the globe have fallen victim to a ransomware campaign, with 80 percent indicating that they've suffered from three or more attacks, according to a global survey conducted by Vanson Bourne.
November 21, 2016
Read More


Ransomware takes a nasty turn
Another open source database has been targeted for attack. Only this time, paying the ransom isn't even an option. Instead, the perpetrators just destroy the database, sometimes leaving a nasty message before moving on. this makes these attacks a very odd subcategory of "ransomware."
January 19, 2017
Read More


Ransomware victims paid over $25 million to recover files
Ransomware victims have paid more than $25 million in the past two years to get their data back, a new study by Google has shown.
July 27, 2017
Read More


Ransomware: a Modern Threat to Public Safety
Ransomware authors are pivoting their attacks from individuals to government entities and health care institutions, causing a threat to public safety. Traditionally, crypto ransomware targeted individuals and encrypted their personal data and files as a form of extortion for hundreds of dollars. Ransomware has evolved to target businesses and government agencies for much larger financial gains.
March 28, 2017
Read More


Ransomworm: The birth of a monster
The last few weeks have seen two substantial attacks: one massive phishing attack that leveraged Google Apps and which tricked recipients to give OAuth access to their email accounts, and a large-scale ransomware attack that blanketed almost 100 countries a week later.
May 17, 2017
Read More


RawPOS malware has new data-grabbing capabilities
RawPOS continues to evolve, and has recently been equipped with the capability to steal data contained in the victims' driver's license's 2-dimensional barcode.
April 21, 2017
Read More


RDP Attacks: what you Need to Know and how to Protect Yourself
For many years now, Microsoft has offered a system with Windows that allows you to take control of another machine. this has been invaluable for system admins that need to control servers and other Windows machines, without having to run around from office to office or site to site.
November 23, 2016
Read More


Reactions to the KeRanger ransomware for Macs
Palo Alto researchers have discovered the first fully functional ransomware aimed at Mac users. the malware, dubbed KeRanger, has been found bundled into the Mac version of the open source Transmission BitTorrent client, and made available for download on the Transmission developers' official website.
March 8, 2016
Read More


Ready or not, IoT third party risks are here
A new survey conducted by The Ponemon Institute uncovered a high rate of concern among organizations about the security of IoT, yet a gap in understanding of how to mitigate and communicate the risks, especially as it relates to third parties.
June 1, 2017
Read More


Ready, set, race to the IoT hub
Battle lines are being drawn. Armies are being marshaled. Territory is being eyed and strategies drawn up with military precision. But this war is about to be fought in your home and the giants squaring up to fight for supremacy are already household names -- Google and Amazon.
May 17, 2017
Read More


Real-time network health management: Closing the gap between known and unknown threats
2016 was yet another record year for cyber security threats. as of July 2016, there were 522 reported breaches, exposing more than 13 million records, according to the Identity Theft Resource Center. These cyber-attacks reach across multiple industry verticals impacting business from Fortune 500 to SMBs.
January 24, 2017
Read More


Recommendations to help the security of ICS-SCADA systems
The use of long-range communication networks, and specially the Internet, has revolutionised ICS-SCADA systems and architectures. the use of network communication in these systems has proven to be an effective way of gaining a means for remotely operating and maintaining these infrastructures in real-time.
February 3, 2017
Read More


Record wave of phishing comes to an ebb in autumn 2016
The Anti-Phishing Working Group reports that the year's record wave of phishing subsided in the autumn. According to the APWG's new Phishing Activity Trends Report, the total number of phishing websites detected in the third quarter of 2016 was 364,424, compared with 466,065 in the second quarter – a decline of 25 percent.
January 1, 2017
Read More


Redefining the role of security in software development
Software is becoming increasingly important for market success, driving an ever greater need for speed in the development process. the rapid adoption of DevOps is testimony to this shift, with agile development no longer making the grade for many companies.
January 16, 2017
Read More


Reinventing software patching, curing big security holes
Today's security updates are too big, too risky and too late. It is common for enterprises to thoroughly test security updates and install them several months after they have been released, which leaves them open to inexpensive attacks.
March 13, 2017
Read More


Regional regulatory compliance trends: Strategies and implications
In this podcast, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about regulatory compliance trends that across a variety of different regions in the world, as well as strategies for dealing with them.
June 19, 2017
Read More


Remote access options for unidirectionally protected networks
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about remote access options for unidirectionally protected networks.
December 6, 2016
Read More


Remote attackers can force Samsung Galaxy devices into never-ending reboot loop
A single SMS can force Samsung Galaxy devices into a crash and reboot loop, and leave the owner with no other option than to reset it to factory settings and lose all data stored on it.
January 27, 2017
Read More


Remote credential rotation for distributed environments
At RSA Conference 2017, Bomgar introduced Bomgar Vault 17.1, the latest version of its enterprise password and credential management solution.
February 15, 2017
Read More


Remove Windows Script Hosting
completely from your system.
Provides Information
Read More


Report: Backdoor access in the Blu R1 HD and other phones sent data to China
The spyware impacted some prepaid and international models, but Blu says that a software fix has patched the privacy breach.
November 15, 2016
Read More


Report: FBI Urges Firms to Ditch Kaspersky Lab
The FBI is reportedly urging private sector businesses to ditch cyber security firm Kaspersky Lab.
August 22, 2017
Read More


Research: 2016 Netwrix Cloud Security Report
Security and privacy of data and systems in the cloud remains a top worry for 70% of IT professionals worldwide, up from 63% in 2015, according to a new Cloud Security Survey by Netwrix.
November 21, 2016
Read More


Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of major operating systems and browsers by exploiting a common feature of computer microprocessors.
February 15, 2017
Read More


Researchers demonstrate ransomware for industrial control systems
We've witnessed ransomware targeting Windows and Linux systems and Macs, Android devices, smart TVs, and even a ransomware scheme targeting iPhone users (though not effected through malware).
February 14, 2017
Read More


Researchers devise app to protect PINs and passwords
Every ATM or smartphone user can attest to the discomfort of having a stranger standing close enough to observe a financial transaction -- and potentially note a PIN or account number. Now researchers at the NYU Tandon School of Engineering have announced an application to combat such "shoulder-surfing," whether in person or via a building's video camera.
August 23, 2017
Read More


Researchers figured out how to disable the Intel ME controller on Intel chipsets
Researchers have discovered that Intel Management Engine (Intel ME) 11, a dedicated (and non-optional) microcontroller integrated into all Intel chipsets, can be disabled through a publicly undocumented mode.
August 29, 2017
Read More


Researchers hack a computer using malware injected into DNA
Security researchers have managed to infect a computer with malware embedded in a strand of human DNA.
August 15, 2017
Read More


Researchers identify domain-level service credential exploit
CyberArk Labs unveiled new research detailing what it considers to be a significant risk across all Windows endpoints, including those on Windows 10 with Credential Guard enabled. the exploit could allow cyber attackers to harvest encrypted service credentials from the registry and inject them into a new malicious service to achieve lateral movement and full domain compromise.
November 17, 2016
Read More


Researchers predict upsurge of Android banking malware
Android users, beware: source code and instructions for creating a potent Android banking Trojan have been leaked on a hacker forum, and researchers are expecting an onslaught of malware based on it.
January 23, 2017
Read More


Researchers remotely hack Tesla Model X
Security researchers from Tencent's Keen Security Lab have done it again: they've found vulnerabilities in one of Tesla's cars and demonstrated that they can be exploited remotely to do things like open the car's doors and force it to break while in motion.
July 31, 2017
Read More


Results of the rogue Access Point experiment at RSA Conference 2017
The security of open Wi-Fi hotspots has been a subject of great concern for years. But, would you believe that we were overwhelmingly successful using Wi-Fi attacks dating back twelve years on the RSA Conference show floor in San Francisco? Either we are really good at getting lucky with old tools, or there is a serious Wi-Fi security pandemic out there.
February 24, 2017
Read More


Retailers largely lack on-site security and IT expertise
A new Cybera survey of more than 50 retail professionals found that many retailers lack the necessary IT staff at the store level to ensure proper solution implementation and security.
January 19, 2017
Read More


Retina-X admits they have suffered a data breach
Retina-X Studios, the makers of several consumer-grade monitoring products, have finally announced that they have suffered a data breach.
May 2, 2017
Read More


Review: Acunetix 11
Acunetix is one of the biggest players in the web security arena. The European-based company released the first version of their product back in 2005, and thousands of clients around the globe use it to analyze the security of their web applications. They recently unveiled Acunetix version 11, so we've decided to take it for a spin.
July 10, 2017
Read More


Review: Advanced Persistent Security
Ira Winkler, CISSP is President of the Internet Security Advisors Group. He is considered one of the world's most influential security professionals.
July 6, 2017
Read More


Review: Data Breach Preparation and Response
Kevvie Fowler is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. He is a SANS lethal forensicator and sits on the SANS Advisory Board where he guides the direction of emerging security and forensics research.
March 31, 2017
Read More


Review: DNS Security
Allan Liska is a Consulting Systems Engineer at FireEye, and Geoffrey Stowe is an Engineering Lead at Palantir Technologies.
January 25, 2017
Read More


Review: iStorage diskAshur Pro SSD
The iStorage diskAshur Pro SSD is the hard drive for users with security on their mind. this USB 3.0 device comes in various storage capacities, ranging from 128GB to 1TB, and is certified and tested to NIST FIPS 140-2 Level 2 requirements. for accessing the data you'll need to go through a PIN input process and the stored files are secured with 256-bit XTS-AES encryption.
November 15, 2016
Read More


Review: Pwnie Express Pulse
Pwnie Express Pulse is a SaaS offering that uses custom hardware sensors to provide continuous network discovery, threat detection, risk assessment, and critical information about all security issues that should be resolved.
July 24, 2017
Read More


Review: Securing the Internet of Things
Shancang Li is a senior lecturer in the cyber security research unit, Department of Computer Science and Creative Technologies at University of the West of England, Bristol, UK. His security background ranges from network penetration testing, wireless security, mobile security, and digital forensics.
August 25, 2017
Read More


Review: the Internet of Risky Things
Professor Sean Smith is the Principal Investigator of the Dartmouth Trust Lab and Director of Dartmouth's Institute for Security, Technology, and Society. He investigates how to build trustworthy systems in the real world.
February 7, 2017
Read More


Rewriting the rules on how to protect against evolving adversaries
Hackers are getting better at exploiting your organization's increasingly complex IT environment. Adversaries are using highly customized attack campaigns to infiltrate their targets and evade detection for long periods of time. In this podcast recorded at RSA Conference 2017, Yonatan Striem-Amit, CTO and co-founder of Cybereason, talks about how his company defends complex IT ecosystems.
February 28, 2017
Read More


Rights Groups Object To 'Secret' Warrants For Facebook Data
Access Now, the Electronic Frontier Foundation, and other rights groups have objected to the U.S. government's use of secret warrants to obtain Facebook user data as part of a not-so-secret investigation. The complaint arrived after Facebook "sent out a kind of bat signal," the EFF said, by asking the D.C. Court of Appeals to allow these groups to file amicus briefs in a case that involves fighting secret search warrants for user data.
July 5, 2017
Read More


Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to every CISO.
July 3, 2017
Read More


Rising volume of attacks overpowers security teams
New research from IDC that shows organizations are constantly under attack and struggling to keep up. The research finds most organizations run time-consuming security investigations and often fail to effectively protect themselves.
June 1, 2017
Read More


Riskiest shopping malls for mobile devices
As the biggest shopping weekend of the year in the US approaches, Skycure is advising shoppers to beware of mobile threats while browsing in both physical and online stores.
November 18, 2016
Read More


Risky sites have never been easier to exploit
46% of the Internet's top 1 million web sites, as ranked by Alexa, are risky. this is largely due to vulnerable software running on web servers and on underlying ad network domains, according to Menlo Security.
December 14, 2016
Read More


Rollout of DMARC email security protocol needs to gain steam
Trust, from both customers and investors, is the most important currency for financial services companies. a breach of trust can break a bank, while maintaining trust leads to long-term success. at its core, financial services customers expect their banking institutions to protect their money and their information. and it starts with the most basic of 21st century communications -- email. So how are the globe's leading financial institutions doing?
April 3, 2017
Read More


RSA Conference 2016: the infosec glass house?
A couple of years late to the party, but I finally made it to San Francisco with a real sense of excitement to attend what was described to me as the "Super Bowl of the Security Industry." Working with the analogy, there certainly were plenty of cheerleaders waving their pompoms for companies all claiming to do threat intelligence, and of course let us not forget machine learning.
March 8, 2016
Read More


RSA Conference 2017 debuts education program
RSA Conference announced the debut of RSAC AdvancedU -- a new series of programs to educate and encourage more people to pursue a career in cybersecurity and also invigorate veterans with decades of experience -- at RSA Conference 2017, February 13-17, in San Francisco.
January 1, 2017
Read More


Rudimentary attacks pose the greatest risk to midsized organizations
Rudimentary attacks, such as intrusion attempts, information gathering, and policy violations pose the greatest risk to midsized organizations, according to eSentire.
May 8, 2017
Read More


Rules for secure coding in the C++ programming language
The Software Engineering Institute (SEI) has released the 2016 edition of the SEI CERT C++ Coding Standard. the standard provides rules for secure coding in the C++ programming language to help developers create safe, reliable, and secure systems free from undefined program behaviors and exploitable vulnerabilities.
April 18, 2017
Read More


Russia threatening to ban Telegram encrypted messaging app
Roskomnadzor, Russia's communications regulator, is threatening to ban the use of popular encrypted messaging app Telegram.
June 26, 2017
Read More


Russia's bid for mobile self-sufficiency may be the saviour of Sailfish
Comrades: we present your official alternative to Android
December 6, 2016
Read More


Russian arrested, indicted for laundering funds from Mt. Gox hack
Alexander Vinnik, a Russian man arrested on Tuesday in Greece, is allegedly the operator of digital currency exchange BTC-e, through which funds from the Mt. Gox bitcoin exchange hack have been laundered.
July 27, 2017
Read More


Russian carding industry pioneer sentenced to 27 years in prison
32-year-old Roman Valeryevich Seleznev, aka Track2, has been handed the longest US hacking sentence to date: 27 years in prison.
April 24, 2017
Read More


Russian Hackers used Android malware to track Ukrainian artillery
More proof that you need to be extra careful downloading apps online.
December 22, 2016
Read More


Russian hackers using Instagram to mask malware links
Turla, a Russian hacking collective, was recently found to be using Instagram comments as a means of hiding links to its malware. Known for targeting governments in the past, the hacker group appears to be experimenting with familiar routes of infection, although targeting rather unfamiliar victims -- everyday citizens.
June 9, 2017
Read More


Russian government agents among those charged for massive Yahoo hack
Hackers targeted Yahoo accounts of officials for intelligence and financial gain, says US government
March 15, 2017
Read More


Misc. - S

Samba at Risk from Wormable Bug Similar to WannaCry: Present on Many NAS boxes
Samba, the open source implementation of the Windows CIFS file sharing protocol found on Linux and many home NAS-systems, now has its own version of a "WannaCry" grade bug ready to cause users grief. Like WannaCry, Sambas bug enables remote code execution and is totally wormable.
May 25, 2017
Read More


SAMRi10: Windows 10 hardening tool for thwarting network recon
Microsoft researchers Itai Grady and Tal Be'ery have released another tool to help admins harden their environment against reconnaissance attacks: SAMRi10 (pronounced "Samaritan").
December 1, 2016
Read More


Samsung Galaxy S8 iris scanner can be fooled with a printed photo
After demonstrating how easily Apple's Touch ID can be fooled with a user fingerprint photographed from a glass surface, Chaos Computer Club (CCC) hacker "Starbug' has proven that the iris recognition system in Samsung's Galaxy S8 smartphone can be fooled by using a printed photo of the user's eye(s).
May 24, 2017
Read More


Samsung 'Secure Folder' Brings Enterprise-Class Security to Consumers
Samsung offered Galaxy S7 and S7 Edge owners a taste of enterprise-ready security with the new Secure Folder. this special folder will allow consumers to hide apps from their home screen, keep sensitive data separate from other information, and use an extra layer of security for everything it contains.
February 24, 2017
Read More


Samsung's Tizen is riddled with security flaws, amateurishly written
Researcher calls it the "worst code [he's] ever seen."
April 4, 2017
Read More


SAP closes critical vulnerability affecting TREX
SAP closed a critical vulnerability for an issue that was exposed for almost two years. the vulnerability (SAP Security Note 2419592) affects TREX, a SAP NetWeaver standalone search engine, which is deployed in over a dozen SAP products including SAP HANA.
April 12, 2017
Read More


SAP co-founder's VC firm leads $15M investment in Vera
Vera announced a $15 million strategic investment led by HP-Ventures, the venture capital firm founded by of SAP Chairman, Hasso Plattner. Drawing from its third fund of €150 million, HP-Ventures is joined by existing investors Battery Ventures, Sutter Hill Ventures, Clear Venture Partners, Amplify Partners and Leslie Ventures who all participated in this strategic financing.
May 10, 2017
Read More


Satan: a new ransomware-as-a-service
Ransomware as a Service (RaaS) has been growing steadily since it made its debut in 2015 with Tox. with the new Satan service, it's easier than ever. the idea is to use this web portal to contract threat actors to create new ransomware samples for distribution via the desired attack vector. this allows any potential cybercriminal, regardless of their skill or coding knowledge, to upgrade to an encrypting ransomware business model.
January 19, 2017
Read More


Satellite phone communications can be decrypted in near real-time
Satellite phone communications encrypted with the GMR-2 cipher can be decrypted in mere fractions of a second, two Chinese researchers have proved.
July 7, 2017
Read More


Say hello to Dvmap: The first Android malware with code injection
Trojan deletes root access to dodge detection
June 9, 2017
Read More


SCADA systems plagued by insecure development and slow patching
"Behind most modern conveniences, there exists a SCADA system somewhere that controls them,' Trend Micro researchers pointed out in a new report that delves in the heart of vulnerabilities affecting SCADA systems' Human Machine Interfaces (HMIs).
May 23, 2017
Read More


Scammers are blending W-2 phishing with wire fraud
During last year's run-up to the US Tax Day, scammers mercilessly targeted companies" payroll and human resources professionals, tricking them into handing over employees" W-2 forms.
February 3, 2017
Read More


Scareware scammers target iOS users
A bug in the way that Mobile Safari handles pop-up dialogs has been abused to scare iOS users into paying a "fine" in the form of an iTunes pre-paid card.
March 28, 2017
Read More


Script for remote DoublePulsar backdoor removal available
NSA's DoublePulsar backdoor can now be remotely uninstalled from any infected Windows machine, thanks to the updated detection script provided by security firm Countercept.
April 26, 2017
Read More


Seagate to pay millions for forking over employee info to scammers
A moment of inattention by one of its employees, and Seagate stands to lose tens of millions of dollars. No, the company was not the victim of a BEC scam -- instead, it has been dragged to court by its own employees.
July 31, 2017
Read More


Seal the integrity of your logs with Waterfall BlackBox
Upon discovery of a cyberattack, forensic experts look inside the compromised network's various logs to locate and analyze tracks left by the attacker. Logs are the baseline information required for quality incident response and forensics. they consist of tracks and hints of the attack and the attacker.
November 30, 2016
Read More


Secretions on your phone reveal your secrets
Chemistry laughs at your strong passwords
November 15, 2016
Read More


Secure all the Things: AT&T, IBM, Others Form IoT Cybersecurity Alliance
Can the Internet of Things (IoT) shake its reputation of being a festering network of insecure devices? AT&T, IBM, Symantec, and other companies plan to find out with a new IoT Cybersecurity Alliance that will work together to "research and raise awareness of ways to better secure the IoT ecosystem."
February 9, 2017
Read More


Secure messaging app Wickr opens core crypto protocol to review
Wickr, the San Francisco-based company that's behind the secure ephemeral messaging app of the same name, has published the core crypto protocol powering both the personal and the business versions of the app.
February 16, 2017
Read More


Secure operations automation: Close the gap between security and operations teams
A new voke survey of 318 participants from companies of varying sizes globally, focuses on the need to operationalize security through secure operations automation practices and solutions, and explores real-world insights about IT patch and compliance, automation, and operations security.
March 13, 2017
Read More


Secure OS Tails 3.0 Launches With Debian 9 Base, Redesigned Interface
Tails, the "read-only" Linux-based operating system that routes all internet traffic through the Tor anonymity network, has now reached version 3.0. The new release dropped 32-bit support to increase security and adopted the latest Tor Browser 7.0, and it also comes with a more polished desktop interface.
June 14, 2017
Read More


Secure websites brought to you by the letter S
What's so special about the letter S? it's one of the most frequently used letters in the English language, a regular sponsor of Sesame Street, and is so common that Vanna White automatically selects it for contestants during the Wheel of Fortune's final round.
December 16, 2016
Read More


SecureList
Kaspersky Lab presents Lab Matters, a series of webcasts that get right to the heart of some of the IT security industry's hottest topics. In the first program, two of the company's leading antimalware experts, Costin Raiu and Magnus Kalkuhl, will be giving viewers the complete lowdown on targeted attacks and discussing a host of other fascinating topics.
Provides Information
Read More


Securing applications in the public cloud
The security and auditing model of installing agents on virtual servers breaks down in the public cloud.
March 8, 2017
Read More


Securing document flow: Exploring exposure and risk
There is a widespread and growing need to improve security practices surrounding confidential documents in most organizations today, according to a new study by the BPI Network. In a global survey of managers and information workers, 6 out of every 10 respondents said they or someone they know have accidently sent out a document they shouldn't have.
March 16, 2017
Read More


Securing Enterprise Data with Windows Information Protection
Learn about Windows Information Protection. it's a new security feature in Windows 10, and this video will show you how administrators use it to protect organizational data on devices.
January 12, 2017
Read More


Securing the converged cloud: CSA Summit at RSA Conference 2017
The Cloud Security Alliance (CSA) announced the agenda for its annual CSA Summit 2017, a full-day event being held at the RSA Conference 2017 on Monday, February 13, 2017.
January 16, 2017
Read More


Security analytics and operations are becoming more difficult
A new Enterprise Strategy Group (ESG) study, which involved a survey of more than 400 IT and cybersecurity professionals, found that 72 percent feel cybersecurity analytics and operations is more difficult today than it was two years ago, and that the rapidly evolving threat landscape and growing volumes of security alarms are the most common challenges facing enterprises today.
July 13, 2017
Read More


Security and the human factor: Creating a positive user experience
Despite the myriad of security solutions deployed, breaches are still happening. Even with the most robust security solutions it seems that we're failing with the fundamentals, with ever more sophisticated hacks infiltrating and bringing down networks or resulting in compromised data.
April 20, 2017
Read More


Security audit of Dovecot mailserver reveals good security practices
Dovecot -- a popular open source IMAP and POP3 server for Linux/UNIX-like systems -- is as secure as its developers claim it is. a security audit performed by German security outfit Cure 53 revealed only three minor security issues, and they've all already been fixed.
January 17, 2017
Read More


Security awareness is good, but good security culture is better
As an efficient mechanism to influence employee behavior, security culture is one of the most important, yet most overlooked, aspects of organizational security.
May 8, 2017
Read More


Security bods find Android phoning home. Home being China
Kryptowire uncovers firmware sending texts, contacts and everything else
November 15, 2016
Read More


Security budgets shifting from prevention to detection
According to industry estimates, enterprises have historically spent more than 75% of their infosec technology budgets on preventative technologies. According to a new survey conducted by Anderson Research, the portion of security budgets targeted for detection solutions increased substantially over 2015.
January 26, 2017
Read More


Security Features on IoT Core
Security is a hot-button issue in the IoT space; IoT developers should be thinking about implementing hardware and software security features from the start of development. Windows 10 IoT Core provides several of these features to help protect your devices from network attacks as well as physical tampering.
June 26, 2017
Read More


Security for multirobot systems
Distributed planning, communication, and control algorithms for autonomous robots make up a major area of research in computer science. But in the literature on multirobot systems, security has gotten relatively short shrift.
March 17, 2017
Read More


Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel
Kaymera: building on shoulders of a giant, claim
January 12, 2017
Read More


Security holes in Confide messaging app, used by White House staffers, exposed user details
Despite its marketing, the app contained glaring problems with protecting user account information, according to security researchers.
March 8, 2017
Read More


Security improvements primary reason for Windows 10 migration
Migration to Windows 10 is expected to be faster than previous OS adoption, according to a survey by Gartner. the survey showed that 85 percent of enterprises will have started Windows 10 deployments by the end of 2017.
April 26, 2017
Read More


Security issues of the top and bottom government organizations
SecurityScorecard released its annual U.S. State and Federal Government Cybersecurity Report, which paints a grim picture of the overall cyber health of the nation's government entities.
August 25, 2017
Read More


Security management outlook: Five trends to watch
Cybersecurity can't sit still. as we look ahead to what this year has in store for the security management landscape, organizations globally should be paying attention to five key trends.
January 23, 2017
Read More


Security programs not keeping up with IoT threats
More than 90 percent of IT security professionals said that connected devices will be a major security issue this year. However, 66% aren't sure how many devices are in their environment, according to new research from Pwnie Express.
February 14, 2017
Read More


Security researcher who neutralized WCry to be released on $30,000 bond
Prosecutors say Marcus Hutchins admitted he wrote alleged malware. Defense disagrees.
August 4, 2017
Read More


Security researchers uncover new global cyber espionage campaign
There is a new, global cyber espionage campaign, and this one demonstrates a "new level of maturity." this is according to a new report by PwC and BAE, released after consultation with other cyber security experts, including the UK's National Cyber Security Center.
April 5, 2017
Read More


Security skills gap? what security skills gap?
After the year we've had, it shouldn't come as a surprise that cybersecurity skills are heavily in demand. Breaches, attacks and incidents have never been far from the headlines, so as boards and businesses pay closer attention, they're adjusting their hiring plans to ensure they're protected. But a new study from recruiter Indeed.com found severe cybersecurity shortages persist in every country.
February 13, 2017
Read More


Security skills need to be deep and wide to mitigate critical risks
Businesses recognize security as a growing imperative, but many remain on the defensive, fighting cyber threats with dated tactics and training, according to CompTIA.
April 25, 2017
Read More


Security startup confessions: Attending industry events
Attending conferences and similar events typically involves a lot of meetings, sales pitches (both giving and receiving), and alcohol.
June 19, 2017
Read More


Security startup confessions: Customer breach disclosure
Balancing the needs of your company, your employees, and your customers requires making tough choices.
December 6, 2016
Read More


Security vulnerabilities in radiation monitoring devices
IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his research at the Black Hat conference in Las Vegas.
July 27, 2017
Read More


Security-as-a-Service: how mid-market companies achieve network security
Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, according to a study conducted by 451 Research.
April 26, 2017
Read More


Security's blind spot: The long-term state of exception
It seems every major hack is accompanied by the pointing of fingers. And there are plenty of places to point them: the servers that weren't patched, the retailer who hadn't finished setting up an intrusion detection system, the high-ranking official who used his personal email to store secrets, the critical application with unfixed security holes because the programmers hadn't finished fixing them yet, the users of unapproved cloud or mobile applications for corporate data.
July 4, 2017
Read More


Self-healing endpoint security as a foundation for visibility
When it comes to persistent cyber threats, a majority of companies have resigned themselves to the fact they will be or are already infiltrated by an unknown adversary. It is impossible to stop well-funded, well-prepared and persistent adversaries 100 percent of the time.
February 8, 2017
Read More


Self-service perimeter security for the hybrid cloud
Skyport Systems, a secure hyperconverged infrastructure provider for the hybrid enterprise, announced at the Black Hat USA 2017 conference the release of new self-service capabilities aimed at increasing the security and agility of hybrid cloud application deployments across the enterprise.
July 27, 2017
Read More


Sensitive data on 198 million US voters exposed online
For at least two whole weeks, a database containing information on 198 million potential US voters -- more than half of the American population -- lay exposed on the internet, accessible to anyone who stumbled upon it while looking for unsecured assets.
June 19, 2017
Read More


Setting up a Minimal, Yet Useful JavaScript Dev Environment
In an era of omnipresent frameworks, libraries and tooling, it may be hard to decide what tool to use and when.
November 22, 2016
Read More


Several Marvel Twitter Pages Fall Victim to Same Group that Hacked Netflix's Account
On the same day that Netflix's U.S. Twitter account was briefly compromised, the group responsible for that attack is taking responsibility for hacking several Marvel social media pages as well.
December 21, 2016
Read More


Several high risk 0-day vulnerabilities affecting SAP HANA found
Onapsis discovered several high risk vulnerabilities affecting SAP HANA platforms. If exploited, these vulnerabilities would allow an attacker, whether inside or outside the organization, to take full control of the SAP HANA platform remotely, without the need of a username and password.
March 14, 2017
Read More


Severe vulnerability in Cisco's WebEx extension for Chrome leaves PCs open to easy attack
if you have the Cisco WebEx Chrome browser extension installed make sure you're running the latest version.
January 24, 2017
Read More


Shadow Brokers data dump reveals yet another NSA-Stuxnet link
When the Shadow Brokers dumped on Friday another batch of data allegedly stolen from the Equation Group, which has been linked to the NSA, security researchers dove right in.
April 18, 2017
Read More


Shadow Brokers say goodbye, leak a batch of Windows hacking tools
The Shadow Brokers, a group (?) of hackers that has made a big splash in August last year by leaking and offering for sale exploits supposedly stolen from the infamous Equation Group, has decided to call it quits , but not before offering a parting gift.
January 13, 2017
Read More


ShadowPlex delivers cost-effective deception technology
Deception technology intended to catch out attackers by deploying decoys that mimic business systems is gaining in popularity. the market for deception is expected to exceed $2 billion by 2021.
April 20, 2017
Read More


SharePoint houses sensitive data, but organizations are not keeping it safe
A new report from the Ponemon Institute is focused on how organizations are keeping sensitive or confidential data safe in collaboration and file sharing environments such as SharePoint, Dropbox, and file sync and share applications.
May 8, 2017
Read More


Shark or not? 3 real-life security scenarios and how to tell which will really bite
We've just wrapped one of my favorite weeks of television, Shark Week. Viewers were treated to show after show of sharks stalking and attacking helpless victims. In most shark movies, the person swims along oblivious to the looming and hidden threat -- a continuous false negative. In fact, false negatives are very bad for both swimmers and security professionals.
August 2, 2017
Read More


Sharing passwords is a bad idea, yet people still do it
A lot of people like sharing their passwords with others, even though such actions put their data at risk -- and they know it. Those are the results of a new survey commissioned by password management firm LastPass, and conducted by RedShift Research.
March 8, 2016
Read More


Shopping cart attack provides insight into criminal operations
The Magecart attack which injects JavaScript into unpatched eCommerce sites in order to capture payment information first appeared in October last year.
July 12, 2017
Read More


Should security vendors offer product guarantees?
A new Vanson Bourne survey of 500 businesses in the UK, US, France and Germany revealed that nine in ten companies want to see IT security vendors offer a guarantee on their products and services, and 85 per cent claim they would change providers if they could find an alternate IT security vendor who offers a guarantee.
December 14, 2016
Read More


SIEM challenges: Why your security team isn't receiving valuable insights
Today, many enterprises use security information and event management (SIEM) software to help detect suspicious activity on their networks. However, to be effective organizations need to surround a SIEM with security experts, advanced use cases, threat intelligence, and proven processes to investigate and respond to threats.
August 29, 2017
Read More


Siemens CT scanners open to remote compromise via publicly available exploits
Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand.
August 7, 2017
Read More


Siemens RUGGEDCOM industrial communication devices vulnerable to remote attacks
All version of Siemens RUGGEDCOM ROX I VPN endpoints and firewall devices sport five vulnerabilities that can be exploited by attackers to perform actions with administrative privileges.
March 29, 2017
Read More


Significant decrease in Locky ransomware attacks
Locky ransomware attacks have dramatically decreased during December 2016, according to Check Point.
January 17, 2017
Read More


Similarities in partial fingerprints may trick biometric security systems
No two people are believed to have identical fingerprints, but researchers at the New York University Tandon School of Engineering and Michigan State University College of Engineering have found that partial similarities between prints are common enough that the fingerprint-based security systems used in mobile phones and other electronic devices can be more vulnerable than previously thought.
April 11, 2017
Read More


Six best practices for managing cyber alerts
Security professionals know that the number of cyber alerts is growing at a frantic pace. Even a mid-sized company can face tens of thousands of alerts every month. as the 2011 Target breach demonstrated, failing to investigate alerts adequately and responding to them effectively can have serious consequences for a business as well as its customers.
January 31, 2017
Read More


Six key principles for efficient cyber investigations
Many organizations today are not equipped to defend against traditional cyberattacks, as demonstrated by the ever-increasing numbers of successful breaches reported daily -- the Privacy Rights Clearinghouse's latest number is 900,875,242 records breached in 5,165 attacks over the past decade -- and that's U.S. only.
November 23, 2016
Read More


Six tips for practicing safe social media
With Facebook now counting over 1.7 billion monthly users and LinkedIn another 467 million, it was only a matter of time until criminal hackers turned their attention to exploiting social media as an attack vector. the current attack is being waged to introduce ransomware into these environments. Dubbed "Imagegate", it's a clever way of sneaking malware into your environment.
December 9, 2016
Read More


Slack bug paved the way for a hack that can steal user access
The problem deals with the postMessage API the chat application uses to exchange data between browser windows
March 2, 2017
Read More


Smart TV hack embeds attack code into broadcast signal--no access required
Demo exploit is inexpensive, remote, scalable--and opens door to more advanced hacks.
March 31, 2017
Read More


Smart, safe data sharing will power the new economy
Companies need to accept tradeoffs to foster "digital trust" with employees if they want to gather the workplace data necessary to realize the full economic and competitive benefits of the Internet of Things (IoT) and the sharing economy, according to a new study by AIG.
January 5, 2017
Read More


SMEs more prone, but still quite oblivious, to cyberattacks
Despite governments, organizations and brands intensifying their cybersecurity awareness campaigns in recent years, as well as several recent high-profile attacks and security breaches, it seems that many small and medium business owners still fail to realize the extent of risk for their companies from hacking, phishing, denial-of-service, and other types of common attacks.
November 30, 2016
Read More


Sneaky Gmail phishing attack fools with fake Google Docs app
Russian hackers resorted to a similar method to abuse the OAuth protocol to phish user accounts
May 4, 2017
Read More


SOCs are maturing, but need more automation
Security operations centers (SOCs) are growing up, according to a new SANS survey. Respondents indicate the SOC's primary strengths are flexibility of response and response time, while their biggest weakness is lack of visibility into events.
May 9, 2017
Read More


Software development teams embrace DevSecOps automation
Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype.
March 22, 2017
Read More


Software security assurance: Everybody's invited
As more and more things in this world of ours run on software, software security assurance -- i.e. confidence that software is free from vulnerabilities (either intentional or not) and functions as intended -- is becoming more important than ever.
May 22, 2017
Read More


Soldiers bust massive click-farm that used 500k SIM cards, 100s of mobes to big up web tat
Cops pad up to Thai operation
June 14, 2017
Read More


Some password-manager apps that store data centrally get it right
You might be concerned from recent attacks that hosted secrets stored by 1Password and LastPass are at risk. the details say they're not.
April 18, 2017
Read More


Some Vine Users' Email Addresses, Phone Numbers Exposed
Like stumbling onto a bunch of Pitbull songs some ex put in your music library four years ago, the ghost of video-sharing platform Vine continues to haunt the internet. See, even though Vine is dead and gone, its cache of user information is not -- and now some of that data has apparently been leaked.
May 19, 2017
Read More


Sophos acquires Invincea
Sophos has agreed to acquire Invincea from its current shareholders for a cash consideration of $100 million with a $20 million earn-out. Sophos will retain the company™ office in Fairfax. Invincea CEO Anup Ghosh and COO Norm Laudermilch will join Sophos in key leadership positions.
February 8, 2017
Read More


Sophos Predicts Top 10 Cyber Security Trends for 2017
2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. the year also saw a rising tide of data breaches, from organizations big and small, and significant losses of people's personal information.
December 30, 2016
Read More


Sorry, iPhone fans -- only Fandroids get Barclays' tap-to-withdraw
It's only a test
November 23, 2016
Read More


South Korean banks threatened with DDoS attacks unless they pay $315,000
South Korean banks are being threatened with crippling DDoS attacks unless they pay $315,000 in bitcoin. The attackers threatening them identified themselves as the Armada Collective.
June 27, 2017
Read More


South Korean bitcoin exchange hacked, user accounts plundered
Bithumb, a South Korean bitcoin and ether exchange, has suffered a data breach that resulted in customer losses potentially reaching billions of South Korean won (currently, a billion won is equivalent to some 870,000 US dollars).
July 4, 2017
Read More


Spectacular phishing attack pushes Google to improve defenses
The most recent Google-themed phishing attack shouldn't have come as a surprise, but it did -- and has affected around a million Gmail users.
May 8, 2017
Read More


Spora ransomware could become the new Locky
A recent decrease of Locky ransomware infections has been tied with the lack of activity of the Necurs botnet, which is used to deliver the malware directly to potential victims' email accounts.
January 19, 2017
Read More


SpyNote Android RAT builder has been leaked
A builder for the capable SpyNote Android RAT is being freely distributed on several underground hacker forums.
July 29, 2016
Read More


Spyware backdoor prompts Google to pull 500 apps with greater than 100m downloads
Google killed secret plugin download capability after being alerted by researchers.
August 22, 2017
Read More


Spyware on a Chromebook
I think Chromebooks are great. they are cheap, fast laptops that can satisfy the computing needs of many users, if not for their primary computer, then as a secondary one.
January 25, 2017
Read More


SquirrelMail opens users to remote code execution
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered independently by two researchers.
April 25, 2017
Read More


Sqrrl empowers threat hunters with self-service analytics
Today, analysts must either have advanced data science skills to build hunting algorithms that detect suspicious cyber behaviors or rely on blackbox vendor tools that package rigid algorithms. Sqrrl Enterprise 2.8 introduces the ability for analysts to easily create new hunting analytics without writing any code or having any data science skills. These analyst-defined analytics are referred to as "Risk Triggers."
August 21, 2017
Read More


SSD security challenges: Which data sanitization methods are effective?
In recent years, a growing number of data breaches have resulted from the improper data removal and insecure storage of drives. Organizations face a myriad of internal and external challenges with preventing sensitive personal and corporate information from being accessed or breached from solid state drives (SSDs), according to the Blancco Technology Group.
February 1, 2017
Read More


Stack Clash bug could give root privileges to attackers on Unix, Linux systems
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to develop patches since May.
June 19, 2017
Read More


Stealthy DDoS attacks distract from more destructive security threats
The greatest DDoS risk for organisations is the barrage of short, low volume attacks which mask more serious network intrusions.
June 6, 2017
Read More


Stealthy backdoor used to spy on diplomats across Europe
A new, sophisticated backdoor Trojan has been used to spy on targets in embassies and consulates across Southeastern Europe and former Soviet Union republics.
August 31, 2017
Read More


Stealthy Mughthesec Mac adware exposed: What it does, how to protect yourself
Mac malware is still a rare occurrence, so it's no wonder that some of it can lurk, unnoticed for months, on random machines.
August 11, 2017
Read More


Stealing Windows credentials using Google Chrome
Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to local area networks. One of the rare research involving attacks over the Internet was presented by Jonathan Brossard and Hormazd Billimoria at the Black Hat security conference in 2015.
May 15, 2017
Read More


Stealing Your Identity Can Be As Easy As Stealing Your Phone Number
You're smart about online security, right? Sure! You use two-factor authentication on all your accounts, you don't use dodgy WiFi, you make sure to put a passcode on your phone, and you keep it with you at all times, never out of your sight. Unfortunately, that's not enough to protect you. Because it only takes one thing to hijack your whole digital life: Your ten-digit mobile number.
August 22, 2017
Read More


Stethoscope spurs employees to implement better security practices
Every now and then, Netflix open sources some of the security tools created by its coders. the latest example of this is Stethoscope, a web application that collects information about users' devices and provides them with specific recommendations for securing them.
February 22, 2017
Read More


Stiller Research
We provide current anti-virus news, a list of myths regarding viruses, a virus information list and a list of in-the-wild viruses.
Provides Information
Read More


STIX and TAXII: Sharing cyber threat intelligence
In this podcast recorded at Black Hat USA 2017, Allan Thomson, CTO at LookingGlass Cyber Solutions, talks about STIX and TAXII.
August 14, 2017
Read More


StoneDrill: new wiper targets Middle East, shows interest in Europe
Kaspersky Lab has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.
March 7, 2017
Read More


Store and synchronize your passwords with the free KeePassXC
Accessing your data is becoming tougher with two-way authentication, multiple password entry options and having to answer 'secret' questions where you can't always remember the answer.
July 10, 2017
Read More


'Streaming Prevention' technology takes a new approach to stopping cyber attacks
Traditional security techniques can be effective in fending off cyber threats, but a new generation of non-malware attacks try to gain control of computers without downloading malicious software. Instead, they use trusted, native operating system tools, such as PowerShell, and exploit running applications, like browsers.
February 6, 2017
Read More


Study shows 'BYOK' can unlock public cloud market for businesses
Bring your own key to the encryption kingdom
January 30, 2017
Read More


Study Suggests Network Traffic Can Help Stop Malware Attack
Before large malware attacks, systems need to be infected by the malware, where it can linger undetected for weeks or months. Until a sample of the malware is discovered, traditional anti-virus software cannot remove it, but researchers at Georgia Institute of Technology, with collaboration from EURECOM and the IMDEA Software Institute, have found a way to help catch malware before it is activated. The key is monitoring network traffic.
May 22, 2017
Read More


Study warns of human rights risks from censoring online terror content
Global Network Initiative said that internet companies should not be required to monitor third-party terror content
November 30, 2016
Read More


Study warns of human rights risks from censoring online terror content
Global Network Initiative said that internet companies should not be required to monitor third-party terror content
November 30, 2016
Read More


Study: One-Third of Websites Use Outdated, Insecure JavaScript Libraries
Websites are only as safe as their operators allow them to be. Researchers find vulnerabilities, and organizations release patches for them all the time. But it's up to site operators to install those patches to make sure their sites don't endanger visitors and, potentially, their personal information. Many don't, as Northeastern University discovered when it found that 37% of sites use outdated JavaScript libraries with at least one known vulnerability.
March 13, 2017
Read More


Super Free Music Player is the latest malware on Google Play
Another day, another piece of malware lurking on Google Play, masquerading as a free and helpful app.
May 2, 2017
Read More


Super Malware Bros: Android Marcher Poses as 'Super Mario Run'
It's malware time. a cloud security company named Zscaler revealed that malicious software has been disguised as the Android version of Super Mario Run, which is currently restricted to iOS devices, to fool eager gamers into compromising their financial data by installing the Android Marcher Trojan.
January 6, 2017
Read More


Surprise! another insecure web-connected CCTV cam needs fixing
Siemens firmware emits admin login details to anyone who asks nicely
November 21, 2016
Read More


Surveillance firm slashes staff after losing Facebook, Twitter data
ACLU called out Geofeedia for getting social media data and selling it to cops.
November 22, 2016
Read More


Sushi or pizza? Mac or Windows threat?
Fortinet researchers have made an unusual find: a malicious Word file that is meant to target both OS X and Windows users.
March 23, 2017
Read More


SWIFT systems of three Indian banks compromised to create fake trade documents
Since last year's revelation that attackers have compromised SWIFT software of Bangladesh's central bank and used it to perform fraudulent transfers worth tens of millions, news about similar attacks -- both successful and not -- have become a regular occurrence.
January 16, 2017
Read More


Swiss users targeted with Windows, macOS banking Trojan
Swiss users are once again hit with emails delivering banking malware, for both Windows and macOS systems.
July 11, 2017
Read More


Symantec offloads its certs and web security biz to DigiCert
Reports solid Q1 and makes spats with Google and Mozilla someone else's problem
August 3, 2017
Read More


Symantec Rejects Google's Certificate Plan, Promises to be Good from now On
Google recently announced that it would start progressively distrusting Symantec's existing certificates over a period of several Chrome releases. Symantec doesn't seem to like this plan, and it has instead proposed a number of alternative steps that it can take to improve its certificate validation process and prove that it's properly issuing certificates.
April 27, 2017
Read More


Symantec Responds to Google Distrusting Its Certificates
Google announced in March that its Chrome browser would gradually stop trusting certificates issued by Symantec because the company improperly issued 30,000 certificates over the last few years. Symantec responded today with a blog post saying it's met with Google to discuss the issue several times and that its customers have said the change would "cause significant business disruption and additional expense."
April 17, 2017
Read More


Symantec Security Updates
library of documents on computer viruses including the top ten list of most common viruses and new viruses to be on the alert for, as well as general virus Q&A.
Provides Information
Read More


Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice
Once you're through the web interface the email-to-printer address is easy to find
May 26, 2017
Read More


SysAdmin Magazine: best of 2016
In the last issue of SysAdmin Magazine you'll find the best articles of 2016. from data security to ransomware and cloud adoption -- the hottest topics of this year collected in one edition.
January 12, 2017
Read More


Sysadmin 'trashed old bosses' Oracle database with ticking logic bomb'
Always ensure the office laptop gets returned
April 14, 2017
Read More


Misc. - T

Target Will Pay $18.5M To 47 States To Close Investigations Into 2013 Data Breach
Just like those embarrassing Facebook photos of you with your ill-advised "Macklemore' hairdo, Target's massive 2013 data breach continues to haunt the retailer. Today, the company reached an agreement to pay $18.5 million to close the book on investigations by 47 states (and D.C.) into the month-long attack that exposed information for more than 60 million payment card accounts.
May 23, 2017
Read More


Targeted attack prevention in cloud email and messaging systems
The Threat Platform extends the capabilities of the company's cloud-native communication security platform, enabling organizations to tap into the threat data, machine-learning, and automated response framework that underpins GreatHorn's threat detection and response solutions for social engineering, phishing, and targeted attack prevention in cloud email and messaging systems.
February 14, 2017
Read More


Tax season security tips: Protect yourself from cybercrime
Between December 2016 and February 2017, IBM X-Force researchers saw a 6,000 percent increase in tax-related spam emails. the researchers see this increase and other factors as evidence that cybercriminals are not slowing down their attacks in the days leading up to Tax day 2017.
April 5, 2017
Read More


Tech Companies Urge SCOTUS To Protect Location Data
Where do you take your phone? If you're anything like us, the answer is probably "everywhere." The doctor's office, the grocery store, the movie theater, and basically anywhere else you go, your phone is probably with you. Because your phone is always with you, and because many services rely on location information, chances are good that a detailed history of your goings-on is sitting in a bunch of servers who-knows-where. Microsoft, Google, and other tech companies have asked the Supreme Court to make sure police need a warrant to access that history.
August 15, 2017
Read More


Tech companies urge Supreme Court to protect cell phone privacy
Apple, Facebook, Google and others file a brief arguing that police should have a warrant before accessing users' location data.
August 15, 2017
Read More


Tech firms band together to take down Android DDoS botnet
An ad-hoc alliance of tech firms has managed to seriously cripple an Android-based botnet that was being actively used to DDoS multiple content providers.
August 29, 2017
Read More


Tech giants to Congress: Please change how NSA spies on people
Companies like Facebook, Google and Amazon band together in a push for internet surveillance reform.
May 26, 2017
Read More


Tech support scam piggybacks off Windows app crash alerts
A tech support scam application has recently been found online, which is programmed to pop-up every time an app in Windows crashes, prompting users to call a certain number to fix the problem.
March 17, 2017
Read More


Tech to help protect Final Four crowds
Video, social network and drone surveillance in arsenal; FBI sees no current credible threats
March 31, 2017
Read More


Teen quiz app Wishbone hacked, users' emails and phone numbers exposed
Check your kid's phone for this app, ASAP: Wishbone. this popular quiz app for kids, tweens and teens has been hacked, according to a report from Motherboard out this morning. the hack involved 2.2 million email addresses, as well as 287,000 phone numbers, many of which are from kids under the age of 18.
March 15, 2017
Read More


Tenable launches cloud-based vulnerability management
Increased adoption of virtualization, the cloud, and the accelerating use of web applications and short-lived assets like containers has led to changes in how and when companies need to assess vulnerabilities.
January 31, 2017
Read More


Telecoms don't protect users from government overreach
The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives--where we go, who we see, what we say, our political affiliations, our religion, and more.
July 11, 2017
Read More


Telecrypt Decryptor foils ransomware's simple encryption method
The recently spotted Telecrypt ransomware can be thwarted: malware analyst Nathan Scott has created a tool that decrypts the encrypted files.
November 23, 2016
Read More


Telegram-based Katyusha SQL injection scanner sold on hacker forums
Despite regularly achieving one of the top spots on the OWASP Top 10 list of the most critical web application security risks, injection vulnerabilities continue to plague database-driven web sites and get regularly exploited by attackers.
July 12, 2017
Read More


Testing the security of connected cars and IoT devices
IBM Security announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT).
July 25, 2017
Read More


Testing times: can your crypto-code survive the Google gauntlet?
Mount Wycheproof pinpoints mistakes in software libraries
December 20, 2016
Read More


The anatomy of a completely fileless attack
The use of fileless malware is definitely on the rise, and it's used both by targeted threat actors and cybercriminals.
August 3, 2017
Read More


The ancient Microsoft networking protocol at the core of the latest global malware attack
The company is going to kill off SMB1 at long last, but you shouldn't wait to disable it
July 6, 2017
Read More


The anti social network
Let's be honest. Our online world is judged on how others view us, or as the psychologist Caldini would put it social validation. Want to buy a product? Well how many people gave it five stars? I refuse to now try something new unless someone has been there before, took the time to review it, and then post it on a social network of some description.
February 10, 2017
Read More


The best VPN Services of 2017
What are the best Virtual Private Networks (VPNs)?
April 11, 2017
Read More


The biggest high-profile password blunders of 2016
Weak or reused passwords are one of the main causes of security breaches and nobody is immune from the problem.
December 13, 2016
Read More


The CIA built a fake software update system to spy on intel partners
Anyone relying on the CIA for tech support got a nasty surprise this morning, as documents published by Wikileaks revealed a secret project to siphon out data through its technical liaison service, dating back to 2009.
August 23, 2017
Read More


The CIA has lots of ways to hack your router
New WikiLeaks docs reveal how spies rewrote firmware in the supply chain
June 15, 2017
Read More


The cost of IoT hacks: Up to 13% of revenue for smaller firms
Nearly half of U.S. firms using an Internet of Things (IoT) network have been hit by a recent security breach, which can cost up to 13% of smaller companies' annual revenue, according to a new survey by Altman Vilandrie & Company.
June 5, 2017
Read More


The 'Could Have Been Worse' WannaCry Has Arrived
Reports are coming in from around the globe about a new ransomware that is spreading quickly. Maersk, and Ukraine's National Bank have both warned of cyber attacks. But it appears this new dog is using some old tricks. From what we know right now, this attack appears to be leveraging the same EternalBlue exploits that WannaCry leveraged to obtain its ability to spread within organizations and impact more endpoints with encrypted files and demands of Bitcoin ransom.
June 27, 2017
Read More


The difficult path to cyber resilience
Global organizations are more confident than ever that they can predict and resist a sophisticated cyber attack, but are falling short of investments and plans to recover from a breach in today's expanding threat landscape, according to EY.
December 19, 2016
Read More


The dangers that come with buying pre-owned IoT devices
When you buy a second-hand connected car, can you be sure that it is not still not reachable by its former owner? Similarly, when you sell your own connected car, how can you be sure that it will not leak the personal information you fed it to the next owner?
February 20, 2017
Read More


The decline of cyber resilience: Organizations unprepared to face attacks
Only 32 percent of IT and security professionals say their organisation has a high level of cyber resilience -- down slightly from 35 percent in 2015, according to a global study involving 2,400 security and IT professionals, conducted by the Ponemon Institute.
November 17, 2016
Read More


The early IoT gets the worm
Five days after the start of World War I, Sir Edward Grey, British Foreign Secretary, remarked to a close friend, "The lights are going out all over Europe, we shall not see them lit again in our lifetime."
December 6, 2016
Read More


The economics of ransomware revealed
70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data, according to IBM Security.
December 14, 2016
Read More


The emergence of new global cybercriminal attack patterns
The findings of a new Malwarebytes report illustrate a significant shift in cybercriminal attack and malware methodology from previous years. Ransomware, ad fraud and botnets, the subject of so much unjustified hype over previous years, surged to measurable prominence in 2016 and evolved immensely. Cybercriminals migrated to these methodologies en masse, impacting nearly anyone and everyone.
February 1, 2017
Read More


The evolution of cloud and mobile security
In this podcast recorded at RSA Conference 2017, Salim Hafid, Product Marketing Manager at Bitglass, talks about how organizations are dealing with BYOD, cloud security, and mobile security, and how these trends are affecting their businesses in a real fundamental way.
February 23, 2017
Read More


The failure of EU's regulation on cyber-surveillance tech exports
When in April 2016 the Italian Ministry of Economical Progress revoked Hacking Team's licence to export their Galileo remote control software outside of the EU, it seemed, at first glance, like a long overdue reaction to the many revelations that the company provides offensive intrusion and surveillance software to governments that don't have a good track record at respecting human rights.
February 27, 2017
Read More


The FDA recalls 465,000 pacemakers which are at risk from possible hacking attacks
With our world becoming ever more connected, the threat of being hacked has become a serious concern for many that go online every day. However, staying safe requires more than just making sure you do not click a seemingly innocent link sent by a Nigerian prince through email. Recently we reported on a research firm finding 8,000 security vulnerabilities in every-day pacemakers, which makes them susceptible to possible attacks.
August 31, 2017
Read More


The future of AppSec: Stop fighting the last war
It's a cornerstone of military doctrine: when you focus too much on the last battle you faced, you miss signs of the new battleground taking shape. The principle holds as true for cybersecurity as it does for cavalries and tanks.
July 25, 2017
Read More


The future of macOS security: Baked-in protection and third-party tools
Anyone in the information security industry who's interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he's also the creator of a number of security tools for macOS, which he makes available for free on his Objective-See project site.
July 17, 2017
Read More


The future of payments: sensor fingerprinting, facial recognition, retinal scanning and voice control
Viewpost surveyed a cross-section of 1,000 U.S.-based consumers, finding that overall, 80 percent of Americans are in support of payments technologies and currencies, including tools like sensor fingerprinting, facial recognition, retinal scanning and voice control, as well as currencies like bitcoin.
July 12, 2017
Read More


The gift that keeps giving away your data
if you unwrapped a shiny, new connected device this holiday season, it's likely that you're in the honeymoon stage, reaping many benefits from your new device. However, this story about a smart toy that is popping up on a variety of news sources makes you think twice about what happens after the initial "oohs" and "ahhs" subside.
January 13, 2017
Read More


The global decline of cybersecurity confidence
Tenable Network Security solicited insights from 700 security practitioners in nine countries and across seven industry verticals to calculate a global index score reflecting overall confidence that the world's cyber defenses are meeting expectations.
December 5, 2016
Read More


The group that hacked the DNC infiltrated Ukrainian artillery units
The group distributed a trojanized version of an Android app used by Ukrainian artillery personnel
December 22, 2016
Read More


The growing threat of ransomware: Lucrative, low-risk and easy to use
Recent headlines are testament to the growing popularity of ransomware attacks on businesses and consumers alike. In January, for example, Lincolnshire County Council saw its computer systems shut down for four days after it received demands for a £1 million ransom.
August 1, 2016
Read More


The HTTPS interception dilemma: Pros and cons
HTTPS is the bread-and-butter of online security. Strong cryptography that works on all devices without complicating things for users. Thanks to innovative projects like Let's Encrypt, adoption of HTTPS is rising steadily: in mid-2015 it was at 39%, now it's at 51% of HTTPS requests.
March 8, 2017
Read More


The human point: Gaining visibility into the context behind user actions
In this podcast recorded at Black Hat USA 2017, Dr. Richard Ford, Chief Scientist at Forcepoint, talks about the security industry's need of a paradigm shift toward examining user behavior and intent.
August 17, 2017
Read More


The journey from Microsoft Security Bulletin to Security Update Guides
For decades, the Microsoft Security Bulletins have provided IT administrators with a monthly list of vulnerabilities and accompanying patches. Much to the chagrin of the IT community, these Bulletins have been replaced by the Security Update Guides portal (SUG), which many administrators believe will be a lot more work for them, especially for patch management professionals who already have enough on their plate.
June 22, 2017
Read More


The impact of highly targeted attacks on modern organizations
In this podcast recorded at RSA Conference 2017, Lance Cottrell, Chief Scientist at Ntrepid, talks about the growing trend of targeted attacks, as well as strategies organizations need to consider as the breakdown of traditional security perimeter continues.
March 15, 2017
Read More


The information security marketplace shift
In this podcast recorded at RSA Conference 2017, Garry Sidaway, SVP of Security Strategy & Alliances for NTT Security, talks about the shift in the marketplace, and how effective security controls enable the increasingly connected world and digital economy to overcome constantly changing security challenges.
March 17, 2017
Read More


The latest on the critical RCE Cisco WebEx extension vulnerability
Since Google bug hunter Tavis Ormandy revealed the existence of a remotely exploitable code execution flaw in the Cisco WebEx extension for Google Chrome last week, Cisco has pushed out several updates for it in quick succession.
January 30, 2017
Read More


The most common passwords of 2016
Despite having been predicted many times, the demise of the password as the preferred authentication method is still far off, as it's difficult to beat its ease of use.
January 16, 2017
Read More


The new age of quantum computing
Quantum encryption is the holy grail of truly secure communications. If and when quantum computing becomes a widespread reality, many public-key algorithms will become obsolete. this includes those whose security relies on one of three hard mathematical dilemmas: the integer factorization dilemma, the discrete logarithm dilemma or the elliptic-curve discrete logarithm dilemma.
November 17, 2016
Read More


The new CISO imperative: Solving the information management paradox
According to Cybersecurity Ventures' Cybersecurity Market Report, worldwide spending on cybersecurity is predicted to top $1 trillion for the five-year period from 2017 to 2021. However, in the drive to become more cyber resilient in 2017, organizations are extending risk management that is traditionally based on parametric measures (i.e., data loss prevention and firewalls) towards information stewardship -- the proper identification, categorization and deletion of their own content, regardless of where it is saved.
December 13, 2016
Read More


The next frontier of cyber governance: Achieving resilience in the wake of NotPetya
Earlier this week, several European nations experienced a widespread ransomware attack. Major international giants, such as Merck, WPP, Rosneft, and AP Moller-Maersk, alongside financial institutions, banks, energy companies and more were affected, where users were locked out of computers. The focus of the attack was Europe, but it was also discovered that DLA Piper, a massive U.S. headquartered law firm, was hit by this new strain of ransomware.
June 29, 2017
Read More


The path to protecting health data: 10 steps to get started
The information in your medical records can be more valuable than your credit card numbers to a cybercriminal.
June 29, 2017
Read More


The power of Big Data for security, operations and DDoS protection
DDoS atacks are costly to your reputation and your bottom line. In this podcast recorded at RSA Conference 2017, Avi Freedman, CEO at Kentik, discusses how to recognize attacks quickly and accurately, then shut them down with situation-appropriate mitigation.
March 7, 2017
Read More


The privacy threat of IoT device traffic rate metadata
Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata.
May 22, 2017
Read More


The return of the long-lasting DDoS attack and the rise of RDoS
The latest DDoS intelligence report from Kaspersky Lab shows that long-lasting attacks are making a comeback.
August 2, 2017
Read More


The real cost of alarm fatigue
One of the toughest challenges for an IT security team is managing and sifting through the deluge of security alerts that are created on a daily basis. Teams can waste considerable time chasing down false positives with the resultant burden on manpower and IT resources adding costs. However, the stakes are high; failing to detect an active infection can have far more serious financial consequences.
September 1, 2017
Read More


The rewards of advanced agile and DevOps adoption
In today's fiercely competitive environment for customer satisfaction and brand loyalty, agile and DevOps are driving happier customers and employees. Results from a new CA Technologies global study reveal that advanced users of agile or DevOps realized significant increases of up to 52 percent in customer satisfaction and up to 50 percent in employee productivity.
January 12, 2017
Read More


The rise of InsurTech: how young startups influence a mature industry
Artificial intelligence (AI) and the Internet of Things (IoT) now account for almost half of total investment in insurance technology (InsurTech) startups globally, according to Accenture.
April 3, 2017
Read More


The rising use of personal identities in the workplace
90% of enterprise IT professionals are concerned that employee reuse of personal credentials for work purposes could compromise security. However, with 68% saying they would be comfortable allowing employees to use their social media credentials on company resources, Gemalto's research suggests that personal applications (such as email) are the biggest worry to organisations.
December 14, 2016
Read More


The security impact of HTTPS interception in the wild
HTTPS deployment is on an upward trajectory, and this growth is accompanied by the increasing HTTPS interception and SSL inspection by enterprise-grade firewalls, web filters, gateways, as well as client-side antivirus and security solutions.
February 10, 2017
Read More


The security status quo falls short with born-in-the-cloud software
Born-in-the-cloud software, pioneered by companies like Salesforce, are beginning to dominate the computing landscape. According to Gartner, by 2020, the cloud shift will affect more than $1 trillion in IT spending, and cloud computing will be one of the most disruptive forces since the early days of the digital age.
August 31, 2017
Read More


The security threat of quantum computing is real, and it's coming fast
The threat quantum computers pose on encryption is weighing on the minds of some of the world's most technologically advanced nations: In 2016 alone, the EU announced a $1.13B investment in the discipline, the UK pledged nearly $300M, Australia put in $25M and Canada devoted $50M.
March 9, 2017
Read More


The six stages of a cyber attack lifecycle
The traditional approach to cybersecurity has been to use a prevention-centric strategy focused on blocking attacks. While important, many of today's advanced and motivated threat actors are circumventing perimeter based defences with creative, stealthy, targeted, and persistent attacks that often go undetected for significant periods of time.
March 6, 2017
Read More


The time to fortify your organization against CNP fraud is now
When it comes to EMV (Europay, MasterCard and Visa) security chip adoption, the United States is the clear laggard.
February 20, 2017
Read More


The transformative impact of cloud adoption
Despite the average company using 1,427 cloud services to upload an average of 18.5 TB of data to cloud applications each month, less than 9 percent of cloud providers are taking the strict data security and privacy steps recommended for a modern enterprise, according to Skyhigh Networks. Companies specifically struggle with securing employee behavior, accurately detecting threats and enforcing cloud governance.
November 21, 2016
Read More


The war for cybersecurity talent hits the Hill
AT&T is retraining its IT workforce
January 17, 2017
Read More


The West African cybercriminal ecosystem is unlike any other
While there is still not an actual underground marketplace, cybercrime is pervasive in the West African region. Specifically, scamming operations.
March 9, 2017
Read More


There's a chronic shortage of women in information security
A survey of over 19,000 cybersecurity professionals has revealed a chronic shortage of women working in the cybersecurity amid a widening skills gap, with women forming just 7% of the European cybersecurity workforce, according to (ISC)2's charitable arm, the Center for Cyber Safety and Education.
March 16, 2017
Read More


There's a ransom-free fix for WannaCry. Oh snap, you've rebooted your XP box
Sooo... that's not gonna work for you mate
May 19, 2017
Read More


Thieves can guess your secret Visa card details in just seconds
Distributed guessing attacks are surprisingly effective.
December 5, 2016
Read More


Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol
The same weakness could be used to eavesdrop on calls and track users' locations.
May 3, 2017
Read More


Think twice before buying a smart toy for your child
For a while now, security researchers have been warning about the security and privacy dangers of many popular "smart" toys.
July 18, 2017
Read More


This low-cost device may be the world's best hope against account takeovers
Privacy-preserving "cryptographic assertions" are impossible to guess or phish.
December 23, 2016
Read More


This Malware Turns Headphones Into Microphones
Researchers at Ben Gurion University in Israel have created malware that will turn your plugged in headphones into a microphone.
November 22, 2016
Read More


This ransomware will share your browser history with friends
A different form of ransomware, LeakerLocker threatens to humiliate you. But it's only on Android.
July 11, 2017
Read More


This year's top identity technology trends
HID Global forecasts a shift in the use of identity technology that will lead to increased adoption of mobile devices and the latest smart card technology, a greater emphasis and reliance on the cloud, and a radical new way of thinking of trust in smart environments and Internet of Things (IoT).
January 13, 2017
Read More


Threat hunting still maturing and mostly ad-hoc
Threat hunting is becoming an integral part of defensive activities in larger enterprises or those that have been heavily targeted in the past, according to a new SANS survey. Yet, findings also show that threat hunting is still an immature practice that relies mostly on human intuition to conduct the searches.
April 18, 2017
Read More


Threat intelligence sharing challenges: Understand the context of cyber events
A new McAfee report details the challenges facing threat intelligence sharing efforts. the growing complexity of the technology environment is a very important driver for sharing threat intelligence.
April 7, 2017
Read More


Threat operations and management with ThreatQ
In this podcast recorded at RSA Conference 2017, Ryan Trost, CTO at ThreatQuotient, discusses the relevance of threat intelligence, as well as the ThreatQ platform, designed to enable threat operations and management.
March 14, 2017
Read More


Threat prevention for protecting production environments
Capsule8 launched the beta version of Capsule8 Protect, a threat prevention and response platform purpose-built for cloud-native environments.
July 28, 2017
Read More


Threat Recap: Week of July 25th
There's a lot that happens in the security world, with many stories getting lost in the mix. In an effort to keep our readers informed and updated, we present the Webroot Threat Recap, highlighting 5 major security news stories of the week.
July 29, 2016
Read More


ThreatQ 3.0: a threat intelligence platform with fine-tuned controls
ThreatQuotient announced new ThreatQ platform advancements, a robust Partner Integration Program and Professional Services offerings to answer industry demand to make threat intelligence operational within the context of a company's specific environment.
February 1, 2017
Read More


Three cybersecurity threat trends that organizations should address today
The cybersecurity landscape grows seemingly more complex -- and dangerous -- by the day: Hackers and other bad actors unleash increasingly intricate and formidable attacks, on more mission critical systems. Yet, organizations attempt to counter their threats with the same limited resources.
May 5, 2017
Read More


Three barriers to digital IDs on the blockchain
There has been a lot of hype around blockchain technology and the benefits it could potentially bring to a wide variety of verticals, including identity verification.
August 18, 2017
Read More


Three megatrends that will drive digital business into the next decade
Gartner revealed three distinct megatrends that will enable businesses to survive and thrive in the digital economy over the next five to 10 years.
August 17, 2017
Read More


Through inter-app data sharing, Android apps can get your data without permission
With a newly developed toolsuite that can analyze Android apps and detect whether two or more of them can collude with each other to acquire information that they would otherwise not be capable of obtaining, a group of researchers has shed some light on an existing capability that could easily become a big problem in the future.
April 4, 2017
Read More


Tips for businesses to avoid being the next big headline
Data integrity breaches are set to send shockwaves throughout the world in 2017, with at least one almighty breach disclosure of this type expected next year, according to Jason Hart, CTO Data Protection, Gemalto.
November 30, 2016
Read More


Tips on how to address the growing cyber security skills gap
Sophisticated cyber security defenses are increasingly in high demand as a cyber security attack is now viewed as an inevitability. However, a majority of surveyed organizational leaders fear they are ill-equipped to address these threats head-on.
February 13, 2017
Read More


Tips on where to start in managing risk
You may not be able to plug up every hole, but there are ways to keep the dam from caving.
January 19, 2017
Read More


TLS security: Past, present and future
The Transport Layer Security (TLS) protocol as it stands today has evolved from the Secure Sockets Layer (SSL) protocol from Netscape Communications and the Private Communication Technology (PCT) protocol from Microsoft that were developed in the 1990s, mainly to secure credit card transactions over the Internet.
July 3, 2017
Read More


To compete with YouTube, Facebook is preparing to launch connected TV apps
Facebook wants its users to upload and consume more videos, and it's making a couple of changes to the way that it displays and distributes those videos. Today at CODE Media, Facebook VP of partnerships Dan Rose said the company would also launch a series of apps for Apple TV, Amazon Fire TV and Samsung Smart TV.
February 14, 2017
Read More


To punish Symantec, Google may distrust a third of the web's SSL certificates
After the latest incident of improper certificate issuance, Google says that it has lost confidence in the world's largest certificate authority
March 24, 2017
Read More


Token's smart ring autofills your passwords, badges you into work, makes payments, unlocks your car, AND more
In a world filled with wearables of varied usefulness and quality, among the mediocre and the redundant sometimes floats a device that seems to actually make life easier for people of this age. One such device purported to do so is the Token Ring, a smart ring with a bevy of useful features -- none of which pertaining to fitness. Instead, this ring focuses on being your universal security key for authentication of many kinds.
June 28, 2017
Read More


Top 4 global security threats businesses will face in 2017
The Information Security Forum (ISF) has announced their outlook for the top four global security threats that businesses will face in 2017.
December 6, 2016
Read More


Top 6 breach response best practices for 2017
Cybercrime costs are expected to rise to $2 trillion by 2018, according to Juniper Research, in large part because the increase in cyber threats is resulting in a surge in data breaches, exposing millions of individuals and their sensitive information.
December 6, 2016
Read More


Top 10 most malware-infected US cities
Webroot revealed the top 10 most malware-infected US cities. According to Webroot's data, Houston is the most infected US city with 60,801 infected devices.
January 26, 2017
Read More


Top cloud challenges: Security, compliance, and cost control
A new Fugue survey, fielded to over 300 IT operations professionals, executives, and developers, found that most respondents believe that the cloud is not living up to expectations because of compliance and security concerns, unexpected downstream costs, and the glut of cloud management tools available in the market.
June 29, 2017
Read More


Top cyber concerns plaguing digital enterprises
69% of senior security and IT executives say digital transformation is forcing fundamental changes to existing cybersecurity strategies, according to BMC and Forbes Insights. Financial and customer information, brand reputation, intellectual property, and employee information were also listed as critical assets to protect against security breaches.
January 12, 2017
Read More


Top five most wanted malware families worldwide
The Hancitor downloader has surged into the top five most wanted malware families worldwide for the first time, according to Check Point.
March 14, 2017
Read More


Top obstacles and benefits of security framework adoption
95 percent of organizations face significant challenges when implementing leading cybersecurity frameworks, according to Tenable Network Security and the Center for Internet Security (CIS).
January 9, 2017
Read More


Top obstacles for women in technology
Wage inequality compared to male colleagues, workplace gender bias and a shortage of female role models are among the main barriers faced by women working in the technology field, according to a new ISACA survey.
March 7, 2017
Read More


Top risks identified across private cloud environments
Based on data gathered from over 100 enterprise environments over the past year, a Continuity Software study found that downtime and security risks were present in each cloud environment tested.
November 18, 2016
Read More


Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials.
April 21, 2017
Read More


Torrent Sites Suffer DDoS Attacks and Other Trouble
The past few days have been pretty hectic for many torrent sites, several of which have suffered downtime due to DDoS attacks. But the trouble doesn't stop there. WorldWideTorrents had its domain name suspended, while IsoHunt.to has disappeared without a trace.
September 1, 2017
Read More


Total security appliance market shows positive growth
The total security appliance market showed positive growth in both vendor revenue and unit shipments for the fourth quarter of 2016, according to IDC.
March 13, 2017
Read More


Tracking Data In Complex Java Code: a Functional Programming Approach
Companies across all industries are increasingly adopting cloud technologies. Naturally, many Visio users move to Lucidchart as they step into a more modern, collaborative, and integrated diagramming environment. to help make their transition as smooth as possible, users can import existing Visio documents into Lucidchart. We're constantly collecting feedback on how well this import is working so we can focus our efforts on the most common problems.
November 22, 2016
Read More


Trending 'Fireball' adware raises botnet concerns
Last week, security researchers reported on a trending adware infection known as "Fireball". Sourced to the Chinese marketing firm Rafotech, reports indicate a footprint of more than 250 million infected machines worldwide. While the infection currently appears to only make changes to victims' browser homepages and search engines, analysis suggests that the software could be remotely leveraged to act as a malware dropper.
June 14, 2017
Read More


Troubleshooting iCloud Keychain: The ultimate guide
Can't get iCloud Keychain to work right? Don't freak out! We've got the solution to your problem.
July 6, 2017
Read More


Trojan source code leak poised to spur new online banking attacks
Nuclear Bot's author releases its source code publicly for other cybercriminals to use
March 29, 2017
Read More


Trojanized Facebook Lite steals info, installs apps
A Trojanized Facebook Lite app for Android has been found stealing device information and installing malicious apps in the background.
March 7, 2017
Read More


True privacy online is not viable
You can hide from casual observers, but a motivated person will see through your attempts at anonymization
February 21, 2017
Read More


Trusted identities bridge gap between connected workers and smart buildings
Trusted identities can serve as the backbone for smart buildings and today's connected workforce, according to a new study conducted by IFSEC Global.
June 22, 2017
Read More


Trustwave introduces proactive threat hunting service
Trustwave announced at RSA Conference 2017 new and enhanced managed security and professional services designed to help short-circuit an attacker's activities by detecting cybersecurity threats much earlier and shutting them down before real damage is done.
February 15, 2017
Read More


Turla gets ready to target Mac users
The cyber espionage group deploying the Turla (aka Snake, Uroburos, or Agent.BTZ) malware framework is expected to be able to target Mac users soon.
May 5, 2017
Read More


Twistlock delivers enhanced security and compliance for container environments
In recent years containerization has seen increased popularity thanks to its ability to deliver an agile, flexible environment in which software can be reliably moved from development to testing to live, or from in-house to the cloud.
April 17, 2017
Read More


Twitter reactions to the WikiLeaks CIA data dump
Here are some interesting Twitter reactions regarding the WikiLeaks release of 8,761 documents and files they claim originate from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence in Langley, Virgina.
March 8, 2017
Read More


Two Foxit Reader RCE zero-day vulnerabilities disclosed
Trend Micro's Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader.
August 18, 2017
Read More


Two Iranians charged with hacking, stealing US missile design software
Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license.
July 19, 2017
Read More


Two Mac malware-as-a-Service offerings uncovered
Two pieces of Mac malware -- MacRansom and MacSpy -- that seem to be created by the same developer are being offered for sale through two separate dark web portals.
June 12, 2017
Read More


Two-factor authentication: Everything you need to know!
Hackers are too good, and security systems flawed. Longer complicated passwords created by generators like Safari's iCloud Keychain or third party apps like LastPass or 1Password can help, but the best way to lock down your accounts is to add extra security options for two-step or two-factor (2FA) authentication. Here's how to go about it.
August 18, 2017
Read More


Two-factor FAIL: Chap gets pwned after 'AT&T falls for hacker tricks'
This is getting stupid now -- time to dump SMS and switch to code-generating apps or tokens
July 10, 2017
Read More


Misc. - U

U.S. charges Russian FSB officers for hacking Yahoo, millions email accounts
A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo's network and the contents of webmail accounts.
March 15, 2017
Read More


U.S. consumers' views on cybersecurity
To better understand how Americans think about hacker motivations, consumer versus business security responsibilities, ransomware and the political climates impact on the threat landscape, Kaspersky Lab and HackerOne surveyed over 5,000 U.S. consumers at least 16 years old.
February 14, 2017
Read More


UEFI BIOS flaws can be exploited to install highly persistent ransomware
A team of researchers exploited two vulnerabilities in the firmware of Gigabyte BRIX mini PCs to demonstrate low-level ransomware
April 3, 2017
Read More


UK businesses lack necessary security skills and awareness
British firms are putting themselves at risk of being hit by major cyber-attacks such as the WannaCry ransomware due to a lack of proper security skills and awareness, a new government report has warned.
August 22, 2017
Read More


UK businesses unprepared for virtualization security challenges
For UK companies with at least 1,000 PCs, virtualization is a "strategic priority", however, they are yet unprepared for all the different security challenges this approach brings. this is according to a new report by Bitdefender.
November 28, 2016
Read More


UK essential service operators with poor cyber security face massive fines
Organisations who fail to implement effective cyber security measures could be fined as much as £17 million or 4 per cent of global turnover, as part of plans to make Britain's essential networks and infrastructure safe, secure and resilient against the risk of future cyber attacks.
August 8, 2017
Read More


UK executives badly informed about where data is stored compared to other countries
When it comes to data compliance matters, one in five business decision makers within the UK admit they do not know which compliance regulations their company is subject to, while a worrying number do not believe the forthcoming GDPR applies to them, according to NTT Security.
July 10, 2017
Read More


UK Home Secretary signs extradition order for British hacker Lauri Love
The extradition order for British hacker Lauri Love has been signed on Monday by the UK Home Secretary Amber Rudd, and Love has 14 days to appeal the decision.
November 15, 2016
Read More


UK ICO offers grants for practical privacy research
The UK Information Commissioner's Office (ICO) has launched a Grants Programme to promote and support independent, innovative research and solutions focused on privacy and data protection issues.
June 8, 2017
Read More


UK govt urges teenagers to apply for cyber security training programme
UK teenagers are being encouraged to register in a cyber security training programme rolled out to help the nation address the risk of a future skills shortage.
July 25, 2017
Read More


UK govt wants real-time communication surveillance powers, courtesy of telcos
A leaked draft of proposed regulations shows that the UK government is after greater communication surveillance powers, and that in order to get them, it will legally require UK communications companies to provide the technical capabilities.
May 5, 2017
Read More


UK organisations have a worrying digital security gap
UK organisations reveals that while 82 percent of C-Suite and senior managers admit they are concerned about the vulnerability of their web sites, mobile applications and social media accounts to cyber attack and impersonation, according to Risk IQ.
November 24, 2016
Read More


UK residents hit with extremely personalized scam emails
A compelling and potentially very successful email spam campaign is being leveraged against UK residents, warns Sophos researcher Paul Ducklin.
March 30, 2017
Read More


UK researcher who stopped WannaCry charged with creating and distributing banking Trojan
Marcus Hutchins, the 23-year-old UK researcher who found the kill-switch domain in the WannaCry ransomware code and registered it, preventing the malware to wreak even more chaos than it did, has been arrested in Las Vegas on Wednesday.
August 4, 2017
Read More


Uncloaking Tor Browser users with DRM-protected files
Digital Rights Management (DRM)-protected media files can be used to reveal Tor Browser users" actual IP address and therefore possibly reveal their identity, HackerHouse researchers have demonstrated.
February 3, 2017
Read More


Understanding Europe's insider threats
35% of employees across the UK, France, Germany and Italy admit to have been involved in a security breach, presenting regional CISOs with a significant challenge when it comes to protecting company data, particularly in light of the forthcoming European GDPR will come into effect in early 2018.
March 28, 2017
Read More


Understanding the dark web and how it factors into cybersecurity
In this podcast recorded at Black Hat USA 2017, Eric Olson, VP of Intelligence Operations at LookingGlass Cyber Solutions, talks about the dark net and how it factors into cyber security.
August 23, 2017
Read More


Understanding your responsibility and security in the cloud
In this podcast recorded at Black Hat USA 2017, Chris Drake, CEO at Armor, talks about the difference between security of the cloud and security in the cloud.
August 9, 2017
Read More


UniCredit breach: Data of 400,000 customers exposed
Italian global banking and financial services company UniCredit has revealed that it has suffered two security breaches in less than a year.
July 26, 2017
Read More


Unified security management comes to the cloud
Implementing effective security can be time consuming, complex and costly, more so given the adoption of cloud-based systems.
February 7, 2017
Read More


UnifyID's ingenious user authentication platform wins Innovation Sandbox Contest
A panel of venture capitalists, entrepreneurs and large security companies selected UnifyID from a group of 10 finalists as the winner of the Innovation Sandbox Contest at RSA Conference 2017.
February 15, 2017
Read More


United Airlines cockpit access codes leaked online
A United Airlines flight attendant has inadvertently leaked access codes for the company's airplanes' cockpit doors, a safety alert email to United employees has revealed. According to the WSJ, the information was mistakenly posted on a public website.
May 15, 2017
Read More


University Upgrades--and Shares--Security System
The University of Massachusetts implements a centralized network security system and offers it as a managed service to other schools and businesses.
June 5, 2017
Read More


Unsanctioned cloud services present growing problem for organizations
Enterprise cloud service usage continues to rise, and despite the best efforts of IT, unsanctioned cloud service usage remains a problem as half of all users of sanctioned cloud storage services also have a personal instance of the same cloud service.
January 12, 2017
Read More


Unsecured Wi-Fi hotspots and troubling browsing behaviors
As adoption of cloud and mobile continues to rise, common employee practices inside and outside the workplace create risk for enterprises. To uncover the risks posed by users' data-related habits, Bitglass tested real-world scenarios -- frequency of connections to unsecured Wi-Fi hotspots, rate of external sharing in cloud applications, and the volume of corporate credentials already exposed.
August 11, 2017
Read More


Upgraded Mirai botnet disrupts Deutsche Telekom by infecting routers
Hackers have updated the Mirai malware to infect more devices, according to a security researcher
November 28, 2016
Read More


Unpatched flaw opens Ubiquiti Networks devices to compromise
A critical vulnerability in many of Ubiquiti Networks' networking devices can be exploited by attackers to take over control of the device and, if that device acts as a router or firewall, to take over the whole network.
March 17, 2017
Read More


Unprotected database exposes VINs, owner info of 10 million cars
A database containing information on 10 million cars sold in the US and personal information about their owners has been found exposed online.
June 7, 2017
Read More


US Border Patrol isn't allowed to search travelers'' data stored in the cloud
When searching travelers'' mobile phones at the border, US Customs and Border Protection (CBP) officers do not have the authority to rifle through data stored solely on remote servers ("in the cloud'').
July 17, 2017
Read More


US Customs says it can't search cloud data at the border
But anything on your phone is still fair game
July 13, 2017
Read More


US data breaches surge, businesses and healthcare organizations hit hardest
The number of US data breaches tracked through June 30, 2017 hit a half-year record high of 791, according to recent numbers released by the Identity Theft Resource Center (ITRC).
July 18, 2017
Read More


US device searches at borders ignite resistance
Customs and Border Protections searches of smartphones and laptops have ballooned in the past two years, although only a small minority of travelers are affected.
May 8, 2017
Read More


US DOJ publishes guidelines for setting up a vulnerability disclosure program
Instituting a vulnerability disclosure program (aka bug bounty program) that won't blow up in the organization's face can be a daunting task.
August 2, 2017
Read More


US intelligence chiefs don't trust Kaspersky Lab software
The big question in Thursday's intelligence hearing on worldwide threats before the US Senate Intelligence Committee was whether the Russian government interfered with US elections.
May 12, 2017
Read More


US lawmakers propose bill to stop warrantless phone searches at US border
Four US Congressmen have introduced on Tuesday a new law aimed at protecting Americans from warrantless searches of their digital devices when they cross the US border.
April 5, 2017
Read More


US senators introduce bill to improve IoT security, protect researchers probing it
US Senators Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-WA) and Steve Daines (R-MT) introduced bipartisan legislation to improve the cybersecurity of Internet-connected devices.
August 2, 2017
Read More


US senators reveal bipartisan effort to secure IoT devices
A bipartisan group of US senators have introduced a new bill to better secure Internet of Things (IoT) devices and to protect security researchers as they attempt to find vulnerabilities in these devices.
August 3, 2017
Read More


US to ban electronic devices from airplane cabins on some US-bound flights
With a (now deleted) tweet, Royal Jordanian Airlines has jumped the gun on a new ban by the US government expected to be announced today: air travellers to the US from several Middle Eastern and African countries will be forced to stow all electronic devices in the airplane's cargo hold.
March 21, 2017
Read More


US to expand carry-on laptop ban to flights from Europe
The Department of Homeland Security is planning to ban US-bound air travelers from Europe and the UK from carrying laptops and other large electronic devices in their hand luggage.
May 11, 2017
Read More


US visa applicants will have to provide social media handles
US consular officials have been provided with a new questionnaire that they can give selected visa applicants to complete. Among other things, Form DS-5535 requires applicants to share all social media handles and email addresses they used in the last five years.
June 2, 2017
Read More


Use a smartwatch to verify handwritten signatures and detect forgeries? Sure!
A new system that uses smartwatch devices and software to verify handwritten signatures and detect even the most skilled forgeries has been developed by Ben-Gurion University of the Negev (BGU) and Tel Aviv University (TAU) researchers.
January 19, 2017
Read More


Used devices are a treasure trove of personally identifiable information
40 percent of hard drives, mobile phones and tablets resold in publicly-available resale channels contain personally identifiable information (PII), according to an analysis by CPR Tools.
March 27, 2017
Read More


User info of millions of Wishbone users slurped by hackers
Science Inc., the company behind the popular online poll creation app Wishbone, has suffered a data breach. as a consequence, personal and account information of over 2.2 million of the app's users is being circulated on underground forums.
March 16, 2017
Read More


USM Anywhere simplifies security for organizations of all sizes
AlienVault announced the availability of USM Anywhere, an all-in-one Software-as-a-Service (SaaS) security monitoring platform designed to centralize threat detection, incident response and compliance management of cloud, hybrid cloud, and on-premises environments from a single cloud-based console.
February 8, 2017
Read More


Misc. - V

Vault 7: the CIA weaponized these popular programs to spy on people
Two days ago, WikiLeaks unleashed a treasure trove of data relating to the CIA's supposed arsenal of hacking tools. Code-named Vault 7, the "Year Zero" cache contains over 8,500 documents and files, and is, according to WikiLeaks, just the first batch. More content will be leaked over time.
March 9, 2017
Read More


vCenter's phone-home 'customer improvement' feature opened remote code execution hole
VMware's also released first vSphere 6.5 hardening guide
April 18, 2017
Read More


Vera for Mail protects the confidentiality of email messages and attachments
Vera for Mail is an enterprise-grade security solution that lets businesses secure, track, and revoke access to any email they send.
February 10, 2017
Read More


Victims of Filecoder ransomware for macOS can now decrypt their files
Last week, researchers discovered and analyzed a new piece of ransomware targeting a specific subset of Mac users: those who are looking for ways to crack legal copies of some very pricy software.
March 1, 2017
Read More


Video: TinyNuke botnet explained
In the videos below, McAfee Labs show the setup requirements for installing and deploying TinyNuke. they review the available features of TinyNuke through the control panel, deploy a bot a client machine, and perform attacks against a client.
April 6, 2017
Read More


Viral phishing scams and vulnerabilities: what to watch out for this Patch Tuesday
I am about to head to Las Vegas for Ivanti's Interchange 2017 at the Mirage hotel and feeling a bit in a gambling mood, so I am going to take a shot at this month's forecast and see if luck is on my side.
May 8, 2017
Read More


VirLocker ransomware is back, but can be defeated
VirLocker (aka VirLock, aka VirRansom) is a virulent piece of machine-locking ransomware that has been around for quite some time.
January 26, 2017
Read More


Virtually all business cloud apps lack enterprise grade security
Blue Coat Systems analyzed apps for their ability to provide compliance, data protection, security controls and more. of the 15,000 apps analyzed, it was revealed that 99 percent do not provide sufficient security, compliance controls and features to effectively protect enterprise data in the cloud.
July 29, 2016
Read More


Virulent Android malware returns, gets >2 million downloads on Google Play
HummingWhale is back with new tricks, including a way to gin user ratings.
January 23, 2017
Read More


Virulent WCry ransomware worm may have North Korea's fingerprints on it
Identical code ties Friday's attacks to hacks on Sony Pictures and $1bn bank heist.
May 15, 2017
Read More


Virus Alert
for GOOD TIMES, read about these fake viruses.
Provides Information
Read More


VirusTotal
VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.
Provides a Service
Read More


Visibility and assessment of vulnerable attack paths
Attivo Networks announced that its ThreatMatrix Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths.
August 1, 2016
Read More


Vizio smart TVs spied on millions of users without their consent
American company Vizio has decided to settle charges that it installed software on its smart TVs that collected viewing data of some 11 million users without their knowledge or consent.
February 7, 2017
Read More


VPN for dummies ... Or Dads ... Or why it's time to finally take the plunge
A good VPN isn't as complicated as it used to be, but it's still a pretty big step for a "regular" user to take. It's time to get my family used to it. Their data may depend on it.
May 30, 2017
Read More


Vulnerability affecting 1,000+ apps is exposing terabytes of data
A newly discovered backend data exposure vulnerability, dubbed HospitalGown, highlights the connection between mobile apps and insecure backend databases.
May 31, 2017
Read More


Vulnerability in WhatsApp and Telegram allowed complete account takeover
Check Point researchers today revealed a new vulnerability on WhatsApp and Telegram's online platforms -- WhatsApp Web & Telegram Web. by exploiting this vulnerability, attackers could completely take over user accounts, and access victims' personal and group conversations, photos, videos and other shared files, contact lists, and more.
March 15, 2017
Read More


Vulnerability opens FreeRADIUS servers to unauthenticated attackers
A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS.
May 30, 2017
Read More


Misc. - W

'Walnut' Attack Uses Sound to Trick Sensors In Cars, Phones, and other Devices
University of Michigan students revealed that MEMS accelerometers used in smartphones, cars, and other devices are vulnerable to sonic attacks. Attackers could exploit this vulnerability to take over systems controlled via accelerometer data--but you don't have to soundproof your phone just yet.
March 14, 2017
Read More


Wanawiki is the WannaCry fix that might save affected PCs--if you work fast
To give the wanawiki tool a fighting chance, though DO NOT REBOOT YOUR PC.
May 19, 2017
Read More


WannaCry All Over Again? European Servers Hit By Massive Ransomware Attack
In an attack reminiscent of WannaCry -- the ransomware that held servers around the world hostage in May -- web servers across Europe have reportedly been hit by another strain of rapidly spreading malware.
June 27, 2017
Read More


WannaCry and IoT: Vendors react
Among the organizations most gravely affected by the WannaCry ransomware was the UK National Health Service.
May 17, 2017
Read More


WannaCry is a painful reminder of why enterprises must stay current on software updates
WannaCry is a wake-up call for the excessive numbers of companies needlessly dragging their feet over Windows 10 migrations. Certainly since Friday, we've seen an upswing in interest from companies hoping -- suddenly -- to accelerate the migration process, or automate their patching processes.
May 18, 2017
Read More


'WannaCry' ransomware attack: what you need to know
Can WannaCry infect Mac users? what about other ransomware? and if this leaked from a government agency, what about that iOS backdoor they wanted...?!
May 15, 2017
Read More


WannaCry ransomware causes Honda plant shutdown in Japan
Just when you thought you wouldn't hear about WannaCry again...
June 21, 2017
Read More


WannaCry Researcher Detained By US
Yesterday US authorities detained a cyber security researcher best known for helping the world fight back against the WannaCry attack from a couple months back. The malware infected systems in sectors ranging from telecommunications to hospitals across Europe.
August 4, 2017
Read More


WannaCry: How to recover encrypted files
The WannaCry ransomware has made a huge mess across the globe, affecting hundreds of thousands of PCs, including critical devices in the healthcare sector. It is so dangerous that Microsoft released a public patch for Windows XP, after it dropped support three years ago.
May 19, 2017
Read More


WannaCry: Smaller businesses are at great risk
Last week saw a widespread attack with more than 10,000 organisations across 150 countries -- including 48 NHS trusts in the UK -- almost simultaneously hit by the ransomware strain WannaCry. With data encrypted, the impacted businesses and other institutions experienced significant downtime as they were unable to continue with normal operations. The hospitals, for example, were forced to postpone non-urgent procedures and people were asked not to visit Accident & Emergency.
May 18, 2017
Read More


WannaCry: Who's behind it? Who's to blame?
As the amount of money in the three bitcoin addresses associated with the WannaCry attack slowly continues to rise, the question of who is behind the ransomware is still without answer.
May 16, 2017
Read More


WannaCry: ransomware note likely written by Google Translate-using Chinese speakers
Signs of machine translation spotted by analysts
May 26, 2017
Read More


WannaCrypt: Roots, reasons and why scramble patching won't save you now
Watch your backup
May 19, 2017
Read More


Warmer Temperatures Drying the Rio Grande
The intensifying effects of warming temperatures on water shortages have been detected in remote northern new Mexico, where melting snowfall feeds one of the Southwest's most important rivers.
May 12, 2017
Read More


Warning: Chrome, Opera and Safari's auto form fillers make it easy to steal personal data
We're all looking for ways to save time and effort, so it's hardly surprising that some web browsers offer a feature that automatically fills in online forms with commonly requested personal information. While incredibly useful, the feature can also be exploited to extract data a user might not want to share with a particular website.
January 10, 2017
Read More


Was your data breach an inside job?
Kaspersky Lab revealed the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. a top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.
November 22, 2016
Read More


Waterfall BlackBox: Restoring trust in network information
Waterfall Security Solutions announced the launch of the Waterfall BlackBox, developed to maintain the integrity of log repositories in the event of a cyber attack. Based on Waterfall's patented unidirectional technology, the Waterfall BlackBox creates a physical barrier between networks and logged data, so that stored logs become inaccessible to attackers who are trying to cover their tracks.
November 15, 2016
Read More


Waterfall Security: Impact of IIoT on cybersecurity
Ten or twenty years ago, the protection of a critical piece of industrial infrastructure meant building a wall around it -- or at least a perimeter fence with razor wire on the top. Admission to the site would be controlled at an entrance gate.
December 12, 2016
Read More


Watch how much money WannaCry generates in ransom -- in near real time
The WannaCry/WannaCrypt ransomware attack has hit businesses and individuals hard. It has now infected and locked over 300,000 computers across more than 150 countries.
May 16, 2017
Read More


We can't rely on black swans: Three areas to improve cyber policy now
What will it take for cybersecurity policy to finally catch up to the digital age?
August 9, 2017
Read More


Weak DevOps cryptographic policies increase financial services cyber risk
Cryptographic security risks are amplified in DevOps settings, where compromises in development or test environments can spread to production systems and applications. This is a particular issue for financial services organizations, which have been early adopters of DevOps technology.
June 2, 2017
Read More


Weak social network password security is more trouble than you think
53 percent of users haven't changed their social network passwords in more than one year -- with 20 percent having never changed their passwords at all, according to a survey conducted by Thycotic at RSA Conference in San Francisco in February.
April 4, 2017
Read More


Weaponizing machine learning to improve cyber defenses
As defensive technologies based on machine learning become increasingly numerous, so will offensive ones -- whether wielded by attackers or pentesters.
August 1, 2017
Read More


Weave a web of deception to secure data
Today's technically superior and incredibly well-funded (often state-funded, in fact) hackers are not impressed with breach prevention and traditional security solutions. Security professionals have accepted that no matter how hard their teams try, it is nearly impossible to keep hackers out of a network.
November 15, 2016
Read More


Website Performance Bootcamp: Quiz-based training course
The Website Performance Bootcamp is an online portal that provides quiz-based technical training in the field of website acceleration and content optimization.
March 28, 2017
Read More


Western Digital My Cloud NAS devices wide open to attackers
Western Digital My Cloud NAS devices have again been found wanting in the security department, as two set of researchers have revealed a number of serious flaws in the devices' firmware.
March 8, 2017
Read More


Western Union admits it facilitated scammers, forfeits $586 million
Western Union has agreed to forfeit $586 million and enter into agreements with the Federal Trade Commission, the Justice Department, and several U.S. Attorneys' Offices. Western Union admits to criminal violations including willfully failing to maintain an effective anti-money laundering program and aiding and abetting wire fraud.
January 20, 2017
Read More


What developers and managers are saying about application security challenges
Despite showing moves toward earlier and more frequent security testing throughout the development process, there are still hurdles development and security teams must overcome when it comes to securing applications, according to Veracode.
January 4, 2017
Read More


What healthcare CISOs should know
"Are we more secure today than yesterday?' is the question every healthcare organization needs to asks itself every day. in order to develop a more effective security posture, says Rami Essaid, CEO of Distil Networks.
May 9, 2017
Read More


What impact will artificial intelligence have on business?
Tata Consultancy Services polled 835 executives across 13 global industry sectors in four regions of the world, finding that 84% of companies see the use of AI as "essential" to competitiveness, with a further 50% seeing the technology as "transformative."
March 17, 2017
Read More


What Info Security Pros Think About Fake News
Fake news sources are manipulating U.S. politics, and it's virtually impossible to stanch the flow of bogus reports. That's the opinion of most cyber-security experts and industry thought leaders who participated in a survey at the Black Hat 2017 security conference
August 22, 2017
Read More


What is encryption?
Encryption can be a very complicated subject, but getting a grasp of the basics isn't difficult.
December 23, 2016
Read More


What leads women to cybersecurity, and what makes them stay?
Many studies have shown that different perspectives result in a better understanding of problems and, ultimately, in better solutions for everybody. But even though it's an industry where problem solving is of primary importance, cybersecurity still lags behind when it comes to diversity in the workforce.
August 4, 2017
Read More


What makes a good security analyst: The character traits you need
Of all the skillsets IT decision-makers are looking to hire for, cybersecurity is easily the most challenging. According to Global Knowledge's 10th annual IT Skills and Salary Survey, 31% of IT decision-makers have a difficult time finding qualified cybersecurity talent. And when it comes to hiring a security analyst, the challenge goes beyond simply finding candidates with the right technical skills.
June 28, 2017
Read More


What Microsoft owes customers, and answers to other 'WannaCry' questions
Patch experts weigh in on May's ransomware attack and Microsoft's response
June 12, 2017
Read More


What motivates youngsters to get into cybercrime?
A UK National Crime Agency report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime.
April 21, 2017
Read More


What to look for when choosing a VPN provider
How do I go about choosing a Virtual Private Network (VPN) service?
August 15, 2017
Read More


What We Learned at Black Hat 2017
Last week, Black Hat USA 2017 brought an impressive 15,000+ cybersecurity professionals to Las Vegas to talk shop about the biggest issues facing businesses today. Here's a recap from the perspective of the Webroot security experts who attended.
August 2, 2017
Read More


What will it take to improve the ICS patch process?
While regular patching is indisputably good advice for IT networks, one of the main takeaways from the Petya and WannaCry attacks is that a lot of companies don't do it. And with even more NSA exploits like EternalBlue scheduled to be released by The Shadow Brokers (TSB), it's certainly not going to get any better.
July 12, 2017
Read More


What will it take to keep smart cities safe?
"Smart cities' use smart technologies in their critical infrastructure sectors: energy, transportation, environment, communications, and government.
May 30, 2017
Read More


What Windows users need to know about the latest 'Shadow Brokers' exploits
Staying informed is the best way to prevent getting hacked.
April 14, 2017
Read More


What's an IT architect, and could you become one?
If you're a Computer Science student or an IT professional looking for a new job that's interesting, well paid, and for which demand is constant, you might want to consider becoming an IT architect.
June 13, 2017
Read More


What's needed for the first NYS DFS cybersecurity transitional phase?
The first transitional phase of the New York State's Department of Financial Services (NYS DFS) cybersecurity regulation is upon us. As of August 28th, 2017 covered entities are required to be in compliance with the first phase of the 23 NYCRR Part 500 standard.
August 23, 2017
Read More


What's next after WannaCry and Adylkuzz? Are we having the right discussion?
Yesterday, TrendLabs released a blog describing another attack using the Eternalblue vulnerability, dubbed UIWIX. According to the blog UIWIX is different because "It appears to be fileless: UIWIX is executed in memory after exploiting EternalBlue. Fileless infections don't entail writing actual files/components to the computer's disks, which greatly reduces its footprint and in turn makes detection trickier.'
May 18, 2017
Read More


What's really stopping users from adopting secure communication tools?
"Users' goal to communicate with others overrides everything else, including security," a group of researchers has concluded after interviewing sixty individuals about their experience with different communication tools and their perceptions of the tools' security properties.
June 2, 2017
Read More


What's the security posture of the Fortune 1000?
BitSight analyzed the security posture of some of the world's largest organizations, and identified the most common system compromises. for comparison, Fortune 1000 companies were studied alongside a random sample of 2,500 companies with a similar industry breakdown and with at least 2,500 employees.
March 9, 2017
Read More


What's the use of a privacy policy?
In 2012 it was reported that "16% of Internet users claim to always read privacy policies of the sites and online services with which they share their private information".
September 1, 2017
Read More


WhatsApp again dogged by privacy questions, but there's a fix
A Guardian report says WhatsApp and its parent Facebook could intercept user messages. Security experts aren't sure it's really a problem.
January 13, 2017
Read More


WhatsApp vulnerability could expose messages to prying eyes, report claims
However, security experts claim that the threat is 'remote' and 'limited in scope,' and call for a retraction by the Guardian.
January 13, 2017
Read More


WhatsApp's security flaw has legal implications
Earlier this month there was widespread reporting in both the tech and mainstream media of the discovery of a potential security vulnerability in Facebook's WhatsApp messaging service. Coverage of the likely flaw, which was reportedly discovered by researchers at Berkeley University in California, was a blow to Facebook given that WhatsApp places privacy and security at the heart of its service by providing end-to-end encryption of user's messages and photos, preventing third parties including its own staff from accessing them.
February 3, 2017
Read More


When AI and security automation become foolish and dangerous
There is a looming fear across all industries that jobs are at risk to artificial intelligence (AI), which can perform those same jobs better and faster than humans. A recent Forrester report predicts automation will replace 17 percent of U.S. jobs by 2027, only partly offset by the 10 percent growth in new jobs predicted to result from the automation economy.
August 30, 2017
Read More


When hashes collide: Google shatters SHA-1
To the average computer user, hash is the first part of a compound word quickly replacing "pound sign" in our vernacular. Or, if you're particularly hungry, it's a delicious combination of diced meat and potatoes, but beneath the surface, hashes play an integral part in basic computing functions. Essentially, hashes are ways for computers to summarize large amounts of data into easily digestible bits, and are used for everything from checking for file duplicates to transporting secure data. it's the latter part of this functionality that is at the center of Google's latest findings.
February 24, 2017
Read More


When it comes to cybersecurity, businesses remain overconfident and vulnerable
Consumer products companies, retailers and restaurant businesses may be operating with a false sense of security, according to a new Deloitte study. The study captures input from more than 400 CIOs, CISOs, CTOs and other senior executives about cyber risks and response plans affecting customer trust, payments, executive level engagement, human capital and intellectual property.
June 22, 2017
Read More


When it comes to GDPR, many organizations are behind schedule for compliance
Set to go into effect on May 25, 2018, GDPR requires all organizations doing business in EU member countries to comply with new regulations governing the data privacy rights of EU citizens.
May 25, 2017
Read More


When it comes to trustworthy websites, banks drop the ball
OTA's ninth annual Online Trust Audit & Honor Roll analyzed more than 1,000 consumer-facing websites for their website and email security and privacy practices. The Audit revealed that 52 percent of analyzed websites qualified for the Honor Roll, a five percent improvement over 2016.
June 21, 2017
Read More


Where does corporate cloud security responsibility begin and service provider responsibility end?
Security has, is and will continue to be the cornerstone of advancement in the digital age. Conditions of trust, real or expected, are essential for digital economies to grow and prosper. As more organizations rely on cloud service providers, partner responsibilities for security must be well understood and comprehensive. If you are not sure who's responsible for security, no one is. A bad answer for all concerned. Especially for the contracting organization who in the eyes of the public -- and law -- will be held accountable.
August 8, 2017
Read More


Where does the cyber security buck stop?
Late last year, Bruce Schneier testified before the U.S. House Energy and Commerce committee asking them to consider imposing security regulations on the Internet of Things (IoT). Schneier argued that neither IoT buyers nor sellers care about a device's security.
June 12, 2017
Read More


Where's My Bitcoin? "Cerber" Ransomware Starts Stealing Cryptocurrency Wallets
"Where's my Bitcoin?" is a question no miner, investor or mere user in the cryptocurrency ever wants to have to ask. There's always someone willing to take advantage of someone else's hard work or subjection to risk in order to increase their own value; and if there's something years of cyber security have told us, is that hackers seldom lag in picking up new sources of undeserved revenue. So it was only a matter of time before general purpose ransomware started seeing updates so as to take advantage of the newer trends in valuable assets. Enter cryptocurrency. And you can probably guess the rest of this piece.
August 7, 2017
Read More


While consumers remain complacent, hackers refine their skills
A new Norton Cyber Security Insights Report found that consumers who were victims of cybercrime within the past year often continued their unsafe behavior. for example, while these consumers were more likely to use a password on every account, they were nearly twice as likely to share their password with others, negating their efforts.
November 17, 2016
Read More


While on vacation, users continue to prioritize convenience over security
Despite the benefits experienced from unplugging, most individuals prefer to stay connected. Fifty-two percent of U.S. respondents indicated that they spend at least an hour a day using their connected devices to check email, text and post to social media while on vacation, according to McAfee.
June 9, 2017
Read More


Which countermeasures improve security and which are a waste of money?
If you want to know about which cyber defenses are most effective and which are a waste of money and resources, ask a hacker. and that's just what Nuix researchers did.
February 24, 2017
Read More


Whitepaper: Confronting advanced threats as an organization
Global cybersecurity issues have gone mainstream, but email security has curiously slipped by the wayside despite the fact that 91% of today's targeted attacks start with email. What's more, while email security should be central in any cybersecurity strategy, most emerging businesses think they are too small to be targeted. Still, 30% of users open phishing messages each year, and SMBs are actually the chief target of most cybercriminals.
June 15, 2017
Read More


Whitepaper: Confronting advanced threats as an organization
Global cybersecurity issues have gone mainstream, but email security has curiously slipped by the wayside despite the fact that 91% of today's targeted attacks start with email. What's more, while email security should be central in any cybersecurity strategy, most emerging businesses think they are too small to be targeted. Still, 30% of users open phishing messages each year, and SMBs are actually the chief target of most cybercriminals.
June 6, 2017
Read More


Whitepaper: Understanding pulse wave DDoS attacks
Pulse wave DDoS is a new attack tactic, designed to double the botnet's output and exploit soft spots in "appliance first cloud second" hybrid mitigation solutions.
September 1, 2017
Read More


Who are we kidding? WannaCry is not a first
On Friday, May 12, 2017, the world was alarmed to discover that cybercrime has reached a new record, in a widespread ransomware attack dubbed WannaCry that is believed to have caused the biggest attack of its kind ever recorded. The details of the attack are all being reported as we go, as security teams scramble to recover and law enforcement agencies dig further into the evidence.
May 17, 2017
Read More


Who's responsible for fixing SS7 security issues?
The WannaCry ransomware onslaught has overshadowed some of the other notable happenings this month, including the spectacular Google-themed phishing/spamming attack, and the news that attackers have managed to exploit vulnerabilities in the SS7 protocol suite to bypass German banks' two-factor authentication and drain their customers' bank accounts.
May 19, 2017
Read More


Who's responsible for secure Internet access?
Americans are divided on key issues around Internet access and responsibility for online privacy, according to AnchorFree.
May 5, 2017
Read More


Why Apple's future's up on ransomware
Thousands of enterprises must upgrade fast. Apple is a viable choice.
June 28, 2017
Read More


Why businesses should care about identity theft
Identity theft is a type of fraud that's directed squarely against individuals, but to believe that businesses don't suffer any consequences or costs associated with it is simply wrong.
April 14, 2017
Read More


Why companies need a two-step plan to secure credit card transactions
It's the latest in a long line of cybersecurity incidents involving a well-known brand: In April, Chipotle Mexican Grill notified customers that it detected "unauthorized activity" on a credit card payment processing system. This put the restaurant chain in a position no company wants to be in -- recommending that customers "closely monitor" their bank statements for unauthorized charges.
June 7, 2017
Read More


Why companies shouldn't dread the advent of GDPR
The main aim of the General Data Protection Regulation (GDPR) is to make sure that the data of EU citizens is protected, no matter where it's held.
June 14, 2017
Read More


Why companies shouldn't feel helpless in the fight against ransomware
According to recent reports, ransomware is now a billion dollar business for cybercriminals. Attackers are honing in on the weak spots of organisations; human behaviour through social engineering and ineffective cyber protection techniques based on static analysis. They'll lure individuals to open phishing emails, or simply wait for users to click on a compromised website before executing malware that alters data and corrupts or deletes back-ups.
January 31, 2017
Read More


Why cyber hygiene is vital for the security of your organization
In this podcast recorded at RSA Conference 2017, Rob Brownsword, VP of Product Marketing at Nehemiah Security, talks about how the most useful thing that you can do as the owner of a network of computer systems is to focus on cyber hygiene. it's the most effective thing that you can do though to keep an adversary out.
March 8, 2017
Read More


Why ethical hacking is the top job of 2017
61 percent of UK businesses believe they will suffer from cyber crime in 2017, according to new research from Mimecast. These anxieties are justified: two thirds of large UK businesses were targeted by cyber criminals last year.
March 23, 2017
Read More


Why Kodi boxes can pose a serious malware threat
When new streaming devices, such as the Amazon Firestick and Apple TV, were first introduced, many were intrigued by the ease by which they could watch "over the top' content from the Internet, such as Netflix or Hulu, on their living room televisions.
July 7, 2017
Read More


Why one Republican voted to kill privacy rules: "Nobody has to use the Internet'
Republicans encounter angry citizens after killing online privacy rules.
April 14, 2017
Read More


Why now's the time to finally take the VPN plunge
A good virtual private network (VPN) isn't as complicated as it used to be, but it's still a pretty big step for a "regular" user to take. Still, I decided it's time to get my family used to VPNs, because their data may depend on it.
May 31, 2017
Read More


Why Passphrases Are More User-Friendly Than Passwords
A user's account on a website is like a house. the password is the key, and logging in is like walking through the front door. When a user can't remember their password, it's like losing their keys. When a user's account is hacked, it's like their house is getting broken into.
December 15, 2015
Read More


Why people are at the heart of your information security success
In this podcast, Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, talks about the human side of security. Are humans the weakest link? Why do people fall for phishing attacks and what can we do? He'll also talk about how to put security at the front of our minds for organizations, where data protection and compliance mandates like EU GDPR fit in, and why people are ultimately at the heart of your business and security success.
June 6, 2017
Read More


Why we should define our right to privacy now, before it's too late
The debate has stirred up again. Talk of wiretapping and government spying has spurred another bout of privacy versus security. Internet of Things (IoT) devices have raised suspicion that strangers are listening to us or watching us using everything from TVs to toys.
March 29, 2017
Read More


Why Won't Macy's Tell Me If Password Reset Email Is Legit Or Not?
Someone (either Macy's or perhaps a mysterious third-party) is confusing shoppers by blasting out emails telling them to either change their Macy's passwords... or just ignore the email altogether because maybe they don't have an account and shouldn't be worried.
June 6, 2017
Read More


Why You Need A Comprehensive Security Assessment
Detecting and fixing security holes before they're exploited yields broad savings.
May 24, 2017
Read More


Why you need a tailored application security program
For companies that provide applications to their customers, keeping those applications secure is a must. Setting up an application security program is the next logical step, but there are many choices to be made when trying to make it as effective as possible.
February 8, 2017
Read More


Why you need to implement security controls across your environment
In this podcast recorded at Black Hat USA 2017, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses the importance of security configuration assessment as part of a comprehensive vulnerability management program, and why automating the configuration assessment and reporting of varied IT assets in a continuous manner is important to securing today's organizations.
August 21, 2017
Read More


Why you should start using a VPN
Why do you need to start considering a Virtual Private Network (VPN) service? Oh so many reasons...
May 15, 2017
Read More


Wi-Fi holography: Generate a 3D image of space using stray Wi-Fi signals
Scientists at the Technical University of Munich (TUM) have developed a holographic imaging process that depicts the radiation of a Wi-Fi transmitter to generate three-dimensional images of the surrounding environment. Industrial facility operators could use this to track objects as they move through the production hall.
May 25, 2017
Read More


Wi-Fi risks: Delivering a secure hotspot
The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold. Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available.
January 5, 2017
Read More


WikiLeaks posts three more exploits, supposedly from the CIA, targeting Mac OS and Linux
Continuing its series of publishing information on malware and exploits allegedly used by the US government and its partners, WikiLeaks has posted another set of manuals for digital attack tools.
July 28, 2017
Read More


Wikileaks reveals potent Windows malware from the CIA
Could take over a machine, delete files and upload more malicious code.
May 23, 2017
Read More


WikiLeaks: CIA Hacks Smartphones to Work Around Encrypted Communications
WikiLeaks published documents purporting to show the CIA's hacking abilities. In with claims that the intelligence agency compromised smart TVs to spy on their owners, among other things, the documents explained how the agency targets smartphones to evade the protections of end-to-end encrypted (E2EE) messaging services like Signal and WhatsApp.
March 8, 2017
Read More


WikiLeaks: CIA tools could infiltrate MacBooks, iPhones
A new series of leaked documents appears to show tools from as far back as 2009 that could infect Apple products. they required physical access.
March 23, 2017
Read More


WikiLeaks: CIA's Dumbo project can hack webcams and corrupt recordings
WikiLeaks has published the latest installment of its cache of CIA documentation known as Vault 7. This time around we learn about Project Dumbo, a hacking tool which allows for the control of webcams and microphones.
August 4, 2017
Read More


WikiLeaks' Dark Matter documents reveal CIA hacks for Macs and iPhones
It's only a couple of weeks since WikiLeaks unleashed the first batch of its Vault 7 CIA documents, revealing the agency's spying and hacking capabilities. now the organization has released a second cache of files dubbed Dark Matter, and they show that the CIA has developed tools for hacking Apple products.
March 23, 2017
Read More


Wikimedia wins small victory in challenge to NSA "Upstream' spying
"This surveillance will finally face badly needed scrutiny in our public courts.'
May 23, 2017
Read More


Will 2017 be the year of ransomworm?
It's safe to say that 2016 was the year of ransomware. More specifically, the year of crypto-ransomware, that nefarious variant that encrypts files and holds them captive until a ransom is paid. Since the release of Cryptolocker in late 2013, crypto-ransomware has exploded, and 2016 was a banner year.
January 10, 2017
Read More


Will February's Patch Tuesday fix a known zero-day?
Coming into Patch Tuesday we have a known zero day on the Microsoft side, and we've seen example code for an SMB exploit that could lead to DoS and BYOD of a system.
February 10, 2017
Read More


Will fileless malware push the antivirus industry into oblivion?
The death of antivirus has been prophesied for years now, but the AV industry is still alive and kicking. SentinelOne, though, believes that in-memory resident attacks, i.e. fileless malware, just might be the thing that pushes it into oblivion.
April 28, 2017
Read More


Will most security operations transition to the cloud?
Companies across industries are increasingly leveraging the cloud for security applications, with 42 percent indicating they currently run security applications in the cloud and 45 percent stating they are likely or extremely likely to transition security operations to the cloud in the future, according to Schneider Electric.
March 23, 2017
Read More


Will the IoT force truck stops?
"Not with a bang, but with a whimper," that was how T.S. Eliot described how the world would end, in his 1925 poem "The Hollow Men." Things don't always end in cataclysm; sometimes they just... stop, which might seem awfully prophetic in a few years...
March 14, 2017
Read More


Windows 10 adoption is accelerating, many concerns remain
The vast majority of IT organizations (91%) have installed Windows 10, but there is still great variation in the current level of Windows 10 adoption, according to a new survey conducted by Dimensional Research.
May 2, 2017
Read More


Windows 10 Creators Update will come with clearer privacy options
Nearly two years after Microsoft released Windows 10, the company has finally revealed what data it collects from users. the revelation comes as part of a recent change of the company's privacy statement, which has been made to reflect the company's move towards more transparency.
April 6, 2017
Read More


Windows 10 security: After Kaspersky fight, Microsoft talks up its case for Defender
Windows 7 machines mostly unprotected because they're not running any antivirus, says Microsoft.
August 18, 2017
Read More


Windows 10 will use protected folders to thwart crypto ransomware
Windows 10 Fall Creators Update (the next major update of Microsoft's popular OS) is scheduled to be released in September, and will come with major new end-to-end security features.
July 3, 2017
Read More


Windows security: Cryptocurrency miner malware is enslaving PCs with EternalBlue
Stealthy and persistent cryptocurrency-mining malware is hitting Windows machines.
August 22, 2017
Read More


Windows Trojan hacks into embedded devices to install Mirai
The Trojan tries to authenticate over different protocols with factory default credentials and, if successful, deploys the Mirai bot
February 9, 2017
Read More


Windows XP crashed too much to spread WannaCrypt
What a time to be alive: the BSOD has become a useful feature
May 31, 2017
Read More


Windows XP hit by WannaCry ransomware? This tool could decrypt your infected files
Windows XP wasn't vulnerable to the WannaCry worm but still could be infected with the ransomware. Now there's a tool to decrypt Windows XP machines attacked by WannaCry.
May 19, 2017
Read More


Windows XP PCs infected by WCry can be decrypted without paying ransom
Decryption tool is of limited value, because XP was unaffected by last week's worm
May 18, 2017
Read More


Winning the war on ransomware
Windows Defender's detection rates rivals those of many pay antivirus'.
May 22, 2017
Read More


With 1.2 million phishing attacks, 2016 was a success for cybercriminals
The Anti-Phishing Working Group (APWG) observed that 2016 ended as the worst year for phishing in history. the total number of phishing attacks in 2016 was 1,220,523. this number represents the highest ever recorded, and fully a 65 percent increase over 2015.
March 1, 2017
Read More


With Firefox 50, Mozilla plugs many security holes
Firefox 50 is out, and it includes security fixes for 3 critical, 12 high, 10 moderate, and 2 low severity issues, as well as many usability improvements.
November 16, 2016
Read More


With iOS 10.3, iDevices get new Apple File System with native encryption support
On Monday, Apple released updates for its various products. as usual, they fix flaws and add capabilities, but the iOS update (v10.3) is more noteworthy than usual, as it will make all updated iDevices switch to a new file system.
March 28, 2017
Read More


With ransomware, pay up if you want to keep paying
A hospital CEO is contacted in the middle of the night with a dire warning. Hackers have taken control of computer systems used for patient care, CT scans, and lab work.
June 26, 2017
Read More


WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS.
May 4, 2017
Read More


WordPress announces bug bounty program
WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform.
May 17, 2017
Read More


WordPress kept users and hackers in the dark while secretly fixing critical zero-day
Last week WordPress released the newest version (4.7.2) of the popular CMS, ostensibly fixing three security issues affecting versions 4.7.1 and earlier.
February 2, 2017
Read More


World Password Day: Make the Internet a more secure place
Identity theft is one of the world's fastest growing crimes, but adding strong authentication to your password can prevent it. Today is World Password Day, and here are some of the comments Help Net Security received from the infosec community.
May 4, 2017
Read More


Worldwide cloud IT infrastructure market revenue grows 8.1%
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 8.1% year over year to $8.4 billion in the third quarter of 2016 (3Q16), according to IDC. Ethernet switch continues to be the growth leader, as the market awaits new hyperscale datacenter builds to spur additional growth.
January 16, 2017
Read More


Worldwide infosec spending to reach $90 billion in 2017
Enterprises are transforming their security spending strategy in 2017, moving away from prevention-only approaches to focus more on detection and response, according to Gartner.
March 15, 2017
Read More


Worldwide IoT spending to reach $1.29 trillion in 2020
Worldwide IoT spending is forecast to reach $737 billion in 2016 as organizations invest in the hardware, software, services, and connectivity that enable the IoT.
January 9, 2017
Read More


Worldwide IT spending to grow 2.4 percent in 2017
Worldwide IT spending is projected to total $3.5 trillion in 2017, a 2.4 percent increase from 2016, according to Gartner. This growth rate is up from the previous quarter's forecast of 1.4 percent, due to the U.S. dollar decline against many foreign currencies.
July 14, 2017
Read More


Worldwide ransomware hack hits hospitals, phone companies
The ransomware attack has hit 16 NHS hospitals in the UK and up to 70,000 devices across 74 countries using a leaked exploit first discovered by the NSA.
May 12, 2017
Read More


Worldwide spending on security technology to reach $81.7 billion in 2017
A new update to the Worldwide Semiannual Security Spending Guide from IDC forecasts worldwide revenues for security-related hardware, software, and services will reach $81.7 billion in 2017, an increase of 8.2% over 2016.
March 31, 2017
Read More


WWW inventor Tim Berners-Lee opposes encryption backdoors
As the de-facto inventor of the world wide web, Sir Tim Berners-Lee's opinions on things like online privacy and encryption backdoors should carry a lot more weight than those of most people.
April 5, 2017
Read More


Misc. - Y

XAgentOSX Mac malware linked to Russian hacking group
Researchers have discovered and analyzed a new piece of Mac malware that is believed to be used by the Sofacy (aka Fancy Bear, aka Pawn Storm, aka APT28) hacking group.
February 15, 2017
Read More


Researchers have discovered and analyzed a new piece of Mac malware that is believed to be used by the Sofacy (aka Fancy Bear, aka Pawn Storm, aka APT28) hacking group.

Yahoo admits it's been hacked again, and 1 billion accounts were exposed
That's a billion with a b–and is separate from the breach "cleared" in September.
December 14, 2016
Read More


Yahoo cookie-forging incident affected 32 million accounts
We finally know how many user accounts were affected by last year's Yahoo cookie-forging incident: 32 million.
March 2, 2017
Read More


Yahoo notifies more users of malicious account activity
Yahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords. how many in total, the company wouldn't say.
February 16, 2017
Read More


Yahoo reports massive data breach involving 1 billion accounts
The data breach occurred in August 2013 and is not connected to another recently disclosed huge breach
December 14, 2016
Read More


Yes, 50 million years ago the earth was hotter. Here's why climate change is still a major problem
We've got 99 problems and CO2 is number one
April 5, 2017
Read More


You can now sign into your Microsoft Account without a password
It's not necessarily faster than entering a password, but it is easier.
April 19, 2017
Read More


You're going to hear a lot of FUD about Apple's Secure Enclave being hacked. It wasn't.
The curtain has been lifted on Apple's Secure Enclave Processor, but all anyone can see now is the vault behind it.
August 17, 2017
Read More


Your "Anonymous" Web Browsing History Totally Isn't
You might think you're pretty good at making sure you don't share your internet life with the entire world. You use Facebook's strictest privacy settings, don't share anything sensitive on Twitter, and you regularly trash your laptop's browsing history. All good, right? Nope. All that "anonymized" data you leave behind out in the ether is still totally you, and it's far easier than you think to make it paint your picture and yours alone.
August 1, 2017
Read More


Your Car Could Be The Next Ransomware Target
The recent "WannaCry" ransomware attack that crippled computer systems around the globe has highlighted the digital vulnerabilities in our daily lives.
June 5, 2017
Read More


Your data is probably safer with Facebook than with your hospital
So says Stripe CEO Patrick Collison on the latest episode of Recode Decode.
May 15, 2017
Read More


Your iPhone is not infected, and you don't need a free VPN app to clean it
To be sure that your online browsing is protected and your data is secure, you have to be able to trust the VPN service of your choice. But, as a research into Android VPN clients has recently shown, there are not a lot of them that deserve that trust.
April 7, 2017
Read More


Your smartphone's unlock pattern or PIN can be easily cracked
Locking your smartphone or tablet when not in use is a great idea, but you should be aware that shoulder-surfing individuals can easily discover the PIN or pattern you use to unlock your device.
January 25, 2017
Read More


Your web browsing history can be linked to your social media accounts
Your web browsing history contains enough information for third parties to be able to link it to your social media profile (Twitter, Facebook, Reddit), Stanford and Princeton researchers have found.
February 7, 2017
Read More


Misc. - Z

Zcash mining software covertly installed on victims' machines
Software "mining" the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns.
December 13, 2016
Read More


Zscaler Finds 'Drive By' Android Malware Installed Via Malicious Ads
Zscaler has discovered new "drive by" malware that's automatically installed on Android smartphones when they visit sites with harmful ads.
June 7, 2017
Read More


Week in review

The MerchantStore © 1997 - 2017