CIOs and Employees Differ on Data Ethics, Ownership and Root Causes of Insider Breaches

Global Survey Commissioned by Egress Shows 61 Percent of CIOs Believe Employees Leak Data Maliciously; 9 out of 10 Employees Claim Policies ...

Posted on 25 March 2019 | 4:45 am

FEMA Exposed 2.3 Million Disaster Victims' Private Data

See Also: Live Webinar | Scaling Security at the Internet Edge with ... The slip up was detailed in a Department of Homeland Security OIG report ...

Posted on 25 March 2019 | 4:45 am

Global Medical Cyber Security Market 2019 New Innovations, Research And Growth Factor till 2025

The new research report on global Medical Cyber Security market 2019 offers in-depth insights, revenue details, and other vital information regarding ...

Posted on 25 March 2019 | 4:33 am

Lack of skills is leading cause of the information security 'talent gap', according to latest Infosecurity ...

Richmond, Surrey, UK, 0900 hours, 25 March 2019 – A lack of skills is cited as the biggest challenge to recruiting cyber and information security talent ...

Posted on 25 March 2019 | 4:33 am

Lack of skills is leading cause of the information security 'talent gap', according to latest Infosecurity ...

Richmond, Surrey, UK, 0900 hours, 25 March 2019 – A lack of skills is cited as the biggest challenge to recruiting cyber and information security talent ...

Posted on 25 March 2019 | 4:33 am

Indy startup works to connect Hoosiers to cybersecurity jobs

According to the Cyber Security Jobs Report, unfilled cybersecurity opportunities will reach 3.5 million by the year 2021. OpSec Cyber Security ...

Posted on 25 March 2019 | 4:33 am

Indy startup works to connect Hoosiers to cybersecurity jobs

Hiring Hoosiers is a new initiative from RTV6 that works to connect Hoosiers to employment opportunities, career development resources, training ...

Posted on 25 March 2019 | 4:33 am

Global Cyber Security for Oil & Gas Market 2019-26 Honeywell International, Symantec ...

Marketsresearch.biz conferred analysis report on worldwide Cyber Security for Oil & Gas Market 2019 by implementing an exquisite analysis ...

Posted on 25 March 2019 | 4:30 am

IT, security pros want FDA to ratchet up device cyber protection

The guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling and the documentation that the FDA ...

Posted on 25 March 2019 | 4:22 am

HIPAA Compliance in the Cloud: Who's Responsible?

However, cloud computing also brings with it a number of concerns. Not least, security and compliance. For companies operating in the healthcare ...

Posted on 25 March 2019 | 4:22 am

Second Critical Crypto Flaw Found in Swiss E-Voting System

More crypto vulnerabilities found in Swiss e-voting system

read more

Posted on 25 March 2019 | 4:11 am

Cyber Security for Oil & Gas market scrutinized in new research

Download PDF Brochure of Cyber Security for Oil & Gas Market spread across 100 Pages, Profiling 17 Companies and Supported with tables and ...

Posted on 25 March 2019 | 4:11 am

Bethwel Opil to lead Kaspersky Lab enterprise sales for Africa

Bethwel Opil has been appointed as the Enterprise Sales Manager for Kaspersky Lab in Kenya. According to the cyber security firm the appointment ...

Posted on 25 March 2019 | 4:11 am

The week ahead

The Senate Armed Services cybersecurity subcommittee holds a hearing on cybersecurity responsibilities and the defense industrial base. The House ...

Posted on 25 March 2019 | 4:11 am

Building a data security strategy – why the industry needs to work together

Recent high profile cyberattack cases such as IT network breaches on at least two local universities, SingHealth's data breach and the more ...

Posted on 25 March 2019 | 4:00 am

Businesses 'must grow own cyber security talent'

The CEO of a London-based IT support and services company has called for businesses to 'grow their own' cyber security professionals in order to ...

Posted on 25 March 2019 | 4:00 am

Mapping State-by-State Tech Trends: Most Popular Dating Apps

It was followed by Match, at 15 percent. Bumble and Plenty of Fish each ... 'Coffee Meets Bagel' Dating Site Hit by Data Breach · Secure a 'Vacay-bae' ...

Posted on 25 March 2019 | 4:00 am

Building a data security strategy – why the industry needs to work together

Recent high profile cyberattack cases such as IT network breaches on at least two local universities, SingHealth's data breach and the more ...

Posted on 25 March 2019 | 4:00 am

Tech employees ready to quit companies with sexual harassment cases: Survey

Close to 80 percent of respondents said they would be likely to leave their job if a technology-based issue such as data breach, product failure ...

Posted on 25 March 2019 | 3:48 am

Think Cathay leak was bad? Wait till hackers steal your DNA

It was a data leak of potentially epic proportions. When Cathay Pacific announced in October that its internal systems had been hacked, close to 10 ...

Posted on 25 March 2019 | 3:37 am

Secure workloads without slowing down your DevOps flows

In this Help Net Security podcast recorded at RSA Conference 2019, David Meltzer, CTO at Tripwire, and Lamar Bailey, Senior Director of Security Research at Tripwire, discuss the challenges of securing DevOps. Here’s a transcript of the podcast for your convenience. David: Welcome to the Help Net Security podcast. This is David Meltzer, the CTO at Tripwire. Today I’m joined by Lamar Bailey, Senior Director of Security Research at Tripwire. Today we’re going to be … More

The post Secure workloads without slowing down your DevOps flows appeared first on Help Net Security.

Posted on 25 March 2019 | 3:30 am

innogy Innovation Hub Invests in FirstPoint Mobile Guard

This military-grade, proven Cybersecurity-as-a-Service detects, alerts, protects and deceives, without requiring user intervention to install or update ...

Posted on 25 March 2019 | 3:15 am

Survey looks at cyber security incident response capabilities and priorities

According to a new poll by NTT Security the majority (59 percent) of respondents admit they are not confident their company could resume 'business ...

Posted on 25 March 2019 | 3:15 am

Elsevier Exposed User Credentials Publicly Through Misconfigured Server

A popular publisher of scientific journals Elsevier has now joined the trail of firms that inadvertently breach users' privacy. According to a recent report, ...

Posted on 25 March 2019 | 3:15 am

Survey looks at cyber security incident response capabilities and priorities

According to a new poll by NTT Security the majority (59 percent) of respondents admit they are not confident their company could resume 'business ...

Posted on 25 March 2019 | 3:15 am

innogy Innovation Hub Invests in FirstPoint Mobile Guard

FirstPoint's network-level protection shields all cellular devices against hidden network vulnerabilities that stump security teams: IMSI catchers (fake ...

Posted on 25 March 2019 | 3:15 am

innogy Innovation Hub Invests in FirstPoint Mobile Guard

FirstPoint's network-level protection shields all cellular devices against hidden network vulnerabilities that stump security teams: IMSI catchers (fake ...

Posted on 25 March 2019 | 3:15 am

innogy Innovation Hub Invests in FirstPoint Mobile Guard

FirstPoints network-level protection shields all cellular devices against hidden network vulnerabilities that stump security teams: IMSI catchers (fake ...

Posted on 25 March 2019 | 3:03 am

Defense Cyber Security Market Cost Analysis and Growth Factor Report 2019| Intel Security, Cisco ...

The global Defense Cyber Security market is comprehensively and Insightful information in the report, taking into consideration various factors such as ...

Posted on 25 March 2019 | 3:03 am

How to protect your money and information online

Security Baron, a consumer-focused website that covers security, conducted a survey of Michiganders about their general online security and found ...

Posted on 25 March 2019 | 3:03 am

Attackers Increasingly Target Cloud-Based Services and Encrypted Traffic; DDoS Attack Size Rises ...

Cyber Reflections. DDoS has long been a tool for online protests, thanks to the combination of increasingly sophisticated for-hire DDoS attack services ...

Posted on 25 March 2019 | 3:03 am

How to protect your money and information online

Security Baron, a consumer-focused website that covers security, conducted a survey of Michiganders about their general online security and found ...

Posted on 25 March 2019 | 3:03 am

HMD Global responds to Nokia 7 Plus data breach issue

Last week, the mobile industry was taken aback with reports of Nokia 7 Plus sending data and information to Chinese servers. It was discovered ...

Posted on 25 March 2019 | 3:03 am

FCW Insider: March 25

Getting cybersecurity and tech talent into government has been a top management priority spanning multiple administrations. Human resources ...

Posted on 25 March 2019 | 3:03 am

Stay vigilant to thwart identity thieves and fraudsters during tax season

n Unusual emails: Phishing emails often contain links that activate malware or lead to phony websites that request personal information. Misspellings ...

Posted on 25 March 2019 | 2:52 am

Several webpages from Elections Canada and MPs lack basic data protections, expert says

Political parties have created perplexing cyber security issues, as they are not beholden to privacy laws in Canada. It's gotten so bad that Canada's ...

Posted on 25 March 2019 | 2:52 am

Several webpages from Elections Canada and MPs lack basic data protections, expert says

"This is what you can really consider the minimum 'security 101' for your website," said Aleksander Essex, a cyber security expert at Western ...

Posted on 25 March 2019 | 2:52 am

Dubai British school issues advisory to parents after Cyber attack

Dubai: With no institution, government safe from Cyber attacks, hackers a British school in Dubai is the new victim of these anonymous hackers.

Posted on 25 March 2019 | 2:52 am

How business can protect their information from cyberattacks

Most computers nowadays have built-in network security settings: things like firewalls, blocking of remote access, and the like. Make sure that these ...

Posted on 25 March 2019 | 2:41 am

How business can protect their information from cyberattacks

Most computers nowadays have built-in network security settings: things like firewalls, blocking of remote access, and the like. Make sure that these ...

Posted on 25 March 2019 | 2:41 am

I spy: How Android phones keep tabs on our every move

The research is to be published in detail on April 1 and will be presented at one of the biggest global cyber security and privacy conferences in the ...

Posted on 25 March 2019 | 2:41 am

Vulnerability Assessment Vendors: How to Find the Right One

When selecting an appropriate information security services provider, it's essential to know the key factors to pay attention to. Before choosing the ...

Posted on 25 March 2019 | 2:30 am

How to Troubleshoot a DNS Leak

However, if your network settings are not set correctly, your device may ... The key to being secure, as it is with any online security, is to be proactive ...

Posted on 25 March 2019 | 2:30 am

Fortinet to Highlight Convergence of Cybersecurity and Physical Spaces at GISEC 2019

Dubai UAE : Fortinet® , a global leader in broad, integrated, and automated cybersecurity solutions, will participate at GISEC 2019 with the aim of ...

Posted on 25 March 2019 | 2:28 am

Business Continuity Practices in the age of Information

By Mark Eggleston, CISSP, GSEC, CHPS, Vice President, Chief Information Security and Privacy Officer, Health Partners Plans ...

Posted on 25 March 2019 | 2:18 am

QiO licenses BT's SATURN cyber analytics

SATURN was designed to handle very large volumes of data and deliver a real-time visual representation of the network. For cyber security engineers, ...

Posted on 25 March 2019 | 2:07 am

Why smart cities should aim for cyber resilience

While an attack on a corporate network may bring down applications, a cyber-attack on the industrial control networks of critical infrastructure providers ...

Posted on 25 March 2019 | 2:07 am

Cybersecurity in Insurance Market Global Key Players, Market Trends & Technology Development ...

By 2021 the global cybersecurity market is expected to be worth $1bn, up from $765m in 2017 according to GlobalData. However, the key issue is that ...

Posted on 25 March 2019 | 1:56 am

Data Of Virgin Islands Disaster Victims Were Not Part OF FEMA's Accidental Release, Agency Says

Late last week, FEMA acknowledged in a report that it inadvertently ... While FEMA maintains that the release was not a data breach, it did not deny ...

Posted on 25 March 2019 | 1:56 am

A boost for cybersecurity resilience

Funded by the Ministry of Internal Affairs and Communications of Japan, the project aims to boost cybersecurity resilience among ASEAN member ...

Posted on 25 March 2019 | 1:56 am

Employee cybersecurity essentials part 1: Passwords and phishing

Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn’t mean you’re not at risk for a breach, or that – as an employee, that you’re not putting your company at risk. Humans have always been the weakest link in the security chain. Phishing and social engineering schemes account for 93 percent of breaches, according to Verizon’s 2018 Data Breach Investigations Report. And passwords are easier for hackers to … More

The post Employee cybersecurity essentials part 1: Passwords and phishing appeared first on Help Net Security.

Posted on 25 March 2019 | 1:45 am

Employee cybersecurity essentials part 1: Passwords and phishing

Humans have always been the weakest link in the security chain. ... the NotPetya cyberattack from business disruptions of its worldwide operations, ...

Posted on 25 March 2019 | 1:45 am

Employee cybersecurity essentials part 1: Passwords and phishing

Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn't mean you're not at risk for a ...

Posted on 25 March 2019 | 1:45 am

Four hidden costs of software piracy for your business

According to the BSA: "Organisations now face a one in three chance of encountering malware when they obtain or install an unlicensed software ...

Posted on 25 March 2019 | 1:45 am

Employee cybersecurity essentials part 1: Passwords and phishing

Humans have always been the weakest link in the security chain. Phishing and social engineering schemes account for 93 percent of breaches, ...

Posted on 25 March 2019 | 1:45 am

Employee cybersecurity essentials part 1: Passwords and phishing

Your company may have state-of-the-art monitoring and the latest anti-malware and anti-virus programs, but that doesn't mean you're not at risk for a ...

Posted on 25 March 2019 | 1:45 am

Global Antivirus Software Market Driving Factors, Challenges And Market Trends – Symantec ...

Global Antivirus Software Market report contains all study material concerning summary, growth, demand and forecast analysis report altogether over ...

Posted on 25 March 2019 | 1:45 am

What worries you the most when responding to a cybersecurity incident?

The clock starts ticking immediately following a cybersecurity incident with the first 24 hours vital in terms of incident response. The majority (59 percent) of companies are not confident they could resume ‘business as usual’ after the first 24 hours, although 41 percent say they are, according to a new social media poll by NTT Security. Asked about their number one focus in the first 24 hours after a security incident, nearly two-thirds (64 percent) … More

The post What worries you the most when responding to a cybersecurity incident? appeared first on Help Net Security.

Posted on 25 March 2019 | 1:30 am

Lot Fourteen tenant Chamonix has been on a hiring spree, tackling areas such as augmented ...

SecMatters, as the name suggests, concentrates on cyber security, which Mr Rohrsheim said would naturally remain a crucial part of any business ...

Posted on 25 March 2019 | 1:22 am

United States: Third Circuit Shire Decision May Spell Trouble For FTC Cybersecurity Enforcement ...

Shire Viropharma, Inc. that may make it extremely difficult for the FTC to obtain such "monetary relief" in most privacy and cybersecurity actions.

Posted on 25 March 2019 | 1:22 am

United States: Third Circuit Shire Decision May Spell Trouble For FTC Cybersecurity Enforcement ...

Shire Viropharma, Inc. that may make it extremely difficult for the FTC to obtain such "monetary relief" in most privacy and cybersecurity actions.

Posted on 25 March 2019 | 1:22 am

What worries you the most when responding to a cybersecurity incident?

Lack of skills in-house is what worries the majority of companies (59 percent) when responding to a cybersecurity incident or breach, while 41 percent ...

Posted on 25 March 2019 | 1:22 am

Consumers willing to dump apps that collect private data, but can’t tell which are doing so

Consumers are increasingly leery of third parties using and capitalizing on their private data. Two in three consumers are willing to dump data-collecting apps if the information collected is unrelated to the app’s function, or unless they receive real value – such as that derived through email or browsers, according to a consumer data privacy survey conducted in recent weeks for Anagog. The survey, conducted by SurveyMonkey, also revealed optimism in the face of a … More

The post Consumers willing to dump apps that collect private data, but can’t tell which are doing so appeared first on Help Net Security.

Posted on 25 March 2019 | 1:15 am

Microsoft Defender Launched for MacOS

Just like any other Windows computer with Windows Defender pre-installed, the MacOS comes with inbuilt Antivirus and Antimalware. But, the security ...

Posted on 25 March 2019 | 1:11 am

Customers turn to MSSPs as channel rules security roost

Of further note to the channel, the second largest technology investment category in the year ahead will be network security hardware, spanning ...

Posted on 25 March 2019 | 1:11 am

Cyber Security of Security Services Market 2019 – Global Industry Analysis and Forecast by MRS ...

The new research report on global Cyber Security of Security Services market 2019 offers in-depth insights, revenue details, and other vital ...

Posted on 25 March 2019 | 1:11 am

Endpoint Security Market growth in APAC will be driven by increased deployment of endpoint ...

This growth can be precisely attributed to the fact that malware attacks have gained ferocity in stealing identities, draining bank accounts and generally ...

Posted on 25 March 2019 | 1:11 am

Microsoft Defender Launched for MacOS

Microsoft has officially launched the Windows Defender Anti-virus and Anti-malware software program for Macintosh computers. The company has ...

Posted on 25 March 2019 | 1:11 am

Chiyodo launches digital systems for enhancement of EPC execution

Norsk Hydro ASA (Hydro; Oslo, Norway; www.hydro.com) announced earlier this week that it was the victim of an extensive cyber-attack,… Honeywell ...

Posted on 25 March 2019 | 1:11 am

Cyber ecosystem helping Australian security startups focus more on partnerships than quick ...

The two-week [[xref:https://www.austcyber.com/news-events/looking-forward-to-us-rsa-conference |Australian Cyber Security Mission to the USA]] saw ...

Posted on 25 March 2019 | 1:11 am

2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise

Network attacks targeting a vulnerability in the Cisco Webex Chrome extension have increased dramatically. In fact, they were the second-most common network attack, according to WatchGuard Technologies latest Internet Security Report for the last quarter of 2018. The vulnerability was first disclosed and patched in 2017 and attacks were almost non-existent in early 2018, but WatchGuard detections grew by over 7,000 percent from Q3 to Q4. Phishing campaigns The report also shows that phishing campaigns … More

The post 2017 Cisco WebEx flaw increasingly leveraged by attackers, phishing campaigns rise appeared first on Help Net Security.

Posted on 25 March 2019 | 1:00 am

Latest Hacking News Podcast #246

Personal information leaked by US organizations, UK Police hit with ransomware, motel guests live-streamed unaware, and another WordPress plugin ...

Posted on 25 March 2019 | 1:00 am

Managing Corporate Risk in Cyberspace

Tom Martin-Ball, Alcumus ISOQAR's Information Security Sector Manager, explains how businesses can enhance cyber security by investing in ...

Posted on 25 March 2019 | 1:00 am

US threatens an elected government

President Nicolas Maduro of Venezuela said the U.S. is responsible for the recent cyber attack, which blacked out most of the country. Of course, we ...

Posted on 25 March 2019 | 1:00 am

Patient Data of Milestone Family Medicine potentially breached after EHR Hack

The security breach might have led to some of the patients PHI (Protected Health Information)being viewed/obtained by the unauthorized individuals, ...

Posted on 25 March 2019 | 12:48 am

Hacked school district in Georgia thwarts attempt of stealing the payroll funds

"This was a targeted attack," as told to EdScoop by the public relations ... and that "protecting the security of our employees' personal information is a ...

Posted on 25 March 2019 | 12:48 am

The success of the digital workplace depends on the practical implementation of new technology

Medium-sized businesses now account for over 60% of US jobs, and are investing fast in technology. However, with digital now a priority for businesses of all sizes, they must ensure they have the necessary skills and security management in place to handle the change, or risk falling behind competitors according to a new report from Aruba, a Hewlett Packard Enterprise company. Developed to explore how medium-sized businesses across the globe are currently adopting workplace technology, … More

The post The success of the digital workplace depends on the practical implementation of new technology appeared first on Help Net Security.

Posted on 25 March 2019 | 12:45 am

Singapore government credentials found on dark web

Groups like Lazarus are also using new tools to target the region, including a new malware that Group-IB detected in January 2019 that infects a host ...

Posted on 25 March 2019 | 12:37 am

Singapore government credentials found on dark web

Russian cyber security vendor, Group-IB, has reported a rise in cyber crime activity focused on Asia, and in particular Singapore. In 2018, around ...

Posted on 25 March 2019 | 12:37 am

Singapore government credentials found on dark web

Russian cyber security vendor, Group-IB, has reported a rise in cyber crime activity focused on Asia, and in particular Singapore. In 2018, around ...

Posted on 25 March 2019 | 12:37 am

Is it a data leak if you give consent?

Is it a data leak if companies have permission to access and distribute the ... If you're concerned about data security, there are several data privacy ...

Posted on 25 March 2019 | 12:26 am

Data breaches and identity theft through hacking - The impact and best practices to meet today's ...

But alongside the constant evolution and addition of security solutions and defence specialists, cyberattacks, data breaches and hackers also seem to ...

Posted on 25 March 2019 | 12:15 am

We Still Know Almost Nothing About the Mueller Report

... evidence to think he could convict Trump or his campaign staff of direct criminal collusion with Russia's social media and hacking operations.

Posted on 25 March 2019 | 12:15 am

Arlo Ultra security camera system now available

The Arlo Ultra security camera system which features 4K HDR video, night ... image and audio quality, but also AI and computer vision capabilities.”.

Posted on 25 March 2019 | 12:15 am

Data breaches and identity theft through hacking - The impact and best practices to meet today's ...

The cyber security industry is expanding rapidly. But alongside the constant evolution and addition of security solutions and defence specialists, ...

Posted on 25 March 2019 | 12:15 am

Ignore the SEC's Strengthened Stance on Cybersecurity At Your Own Peril

As a former chief information security officer, I understand the challenges in articulating the right messages to the board. However, to meet with the ...

Posted on 25 March 2019 | 12:03 am

Cyber attacks: we are all vulnerable

Rapid7, Inc. (Nasdaq: RPD) recently released its latest Industry Cyber-Exposure Report , an aggregated research paper examining the overall ...

Posted on 25 March 2019 | 12:03 am

Ignore the SEC's Strengthened Stance on Cybersecurity At Your Own Peril

As a former chief information security officer, I understand the challenges in articulating the right messages to the board. However, to meet with the ...

Posted on 25 March 2019 | 12:03 am

Cyber attacks: we are all vulnerable

It followed an attack in late 2018 on Perth-based Navy shipbuilder Austal. the Australian Cyber Security Centre suspected criminals based in Iran.

Posted on 25 March 2019 | 12:03 am

President signs Security Council resolution "On the concept of information security"

Last week, the President signed a Security Council resolution "On the concept of information security." The document is based on the geopolitical ...

Posted on 25 March 2019 | 12:03 am

Juniper Networks unveils 'connected' security architecture

Information security cannot be separated from the everyday operation of IT,” said Samantha Madrid, vice president of security business and strategy ...

Posted on 25 March 2019 | 12:03 am

Ignore the SEC's Strengthened Stance on Cybersecurity At Your Own Peril

As a former chief information security officer, I understand the challenges in articulating the right messages to the board. However, to meet with the ...

Posted on 25 March 2019 | 12:03 am

How to protect your institution from cyber attack

As Paul Taylor, UK head of cyber security at consultancy KPMG, says: “Criminals are lazy. They like to go to where there's lots of money, if only to ...

Posted on 24 March 2019 | 11:52 pm

'It's a job for anyone who likes science fiction'

In insurance, however, risk is everyone's day job: the buying and selling of protection against a whole range of incidents, from cyber attacks to delayed ...

Posted on 24 March 2019 | 11:52 pm

Hacking contest CODEGATE 2019 kicks off in Seoul on Tuesday

White hackers from all over the world are set to compete for 65 million won ($57,000) worth prize in total at CODEGATE 2019, one of major ...

Posted on 24 March 2019 | 11:52 pm

How to protect your institution from cyber attack

The reach of cyber attacks on business is growing all the time. But the fight back is also under way. Regulators in the UK are running war game-like ...

Posted on 24 March 2019 | 11:52 pm

Arlo Ultra 4K HDR Wire-Free Security Camera System Now Available Worldwide

Arlo Ultra 4K HDR Wire-Free Security Camera System Now Available Worldwide ... The subscription service utilizes powerful AI and computer vision ...

Posted on 24 March 2019 | 11:52 pm

Government to review data management after more security breaches found

The Smart Nation and Digital Government Office (SNDGG) is currently reviewing the Government's management of data, revealed a spokesperson to ...

Posted on 24 March 2019 | 11:43 pm

Handheld Parking Charge Machine Market 2019 – Keypass, Chainway, Sunway, Cardlan, Kingdy

The report on Handheld Parking Charge Machine Market delivers executive summary along with data analysis of the current market scenario of ...

Posted on 24 March 2019 | 11:41 pm

From jail to java: How Luckin's CMO is hacking China's coffee market

Yang's miraculous success was built on a series of growth hacking principles and techniques called “fission marketing,” which he subsequently ...

Posted on 24 March 2019 | 11:41 pm

Government to review data management after more security breaches found

The Smart Nation and Digital Government Office (SNDGG) is currently reviewing the Government's management of data, revealed a spokesperson to ...

Posted on 24 March 2019 | 11:41 pm

Government to review data management after more security breaches found

Last year, the government saw the major cyberattack in July that infiltrated over 1.5 million patient personal particulars and outpatient dispensed ...

Posted on 24 March 2019 | 11:41 pm

Persons behind Uhuru's social media accounts hacking 'exposed'

However, Sifuna has accused Ruto of using proxies to hack Uhuru's social media accounts as a way of frustrating the ongoing war on graft which the ...

Posted on 24 March 2019 | 11:30 pm

Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World's Most Dangerous Malware

In episode 86 of our monthly show we discuss Tom's new garbage service (yep, that's right) and why taking credit cards by filling out a form and ...

Posted on 24 March 2019 | 11:18 pm

Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World's Most Dangerous Malware

In episode 86 of our monthly show we discuss Tom's new garbage service (yep, that's right) and why taking credit cards by filling out a form and ...

Posted on 24 March 2019 | 11:18 pm

Verifications.io Data Breach, Capsizing a Ship with a Cyberattack, World's Most Dangerous Malware

In episode 86 of our monthly show we discuss Tom's new garbage service (yep, that's right) and why taking credit cards by filling out a form and ...

Posted on 24 March 2019 | 11:18 pm

Don't Be The Weakest Link — Why You Might Be An APT's Favorite Target

More often than not, we simply assume that we have nothing worth stealing, so why should anyone take the time to try and hack us? Taking a step ...

Posted on 24 March 2019 | 11:18 pm

At IEDC meeeting in Terre Haute, Holcomb says Indiana landing businesses, jobs

One example is Emerging Threats Pro, a cyber security start-up company in Lafayette. The company was valued at $840,000 when it started.

Posted on 24 March 2019 | 11:07 pm

Colmenares says nat'l ID system could be a 'data breach nightmare'

MANILA, Philippines — The possible data leak that hit the government-run Freedom of Information (FOI) website raises serious doubts about the ...

Posted on 24 March 2019 | 11:07 pm

PayThink Savvy boomers are ready to embrace payment tech

Among consumers in the over-50 demographic: 91 percent own a computer; ... They are also more likely to break-off a relationship due to security ...

Posted on 24 March 2019 | 10:56 pm

Abu Dhabi To Invest $272M In Tech Startups

Abu Dhabi said Sunday (March 24) that it will invest as much as $272 .... The claims come after British Airways suffered a data breach in the summer of ...

Posted on 24 March 2019 | 10:33 pm

Uber To Acquire Careem For $3B

Our data and analytics team has developed a number of creative .... The claims come after British Airways suffered a data breach in the summer of ...

Posted on 24 March 2019 | 10:22 pm

Malware Alert: Bitcoin Core Copycat On The Loose

Being the first release of the Bitcoin (BTC) protocol, the Bitcoin Core wallet is a common target for malicious copycats — since it is the most commonly ...

Posted on 24 March 2019 | 10:22 pm

What's driving the Enterprise Networking market Share ? Arista Networks, Inc, Broadcom, Cisco ...

As several malware programs are created by attackers each day, the demand for robust antimalware solutions is expected to increase over the ...

Posted on 24 March 2019 | 10:11 pm

Collusion or Not? Trump Said No, and Mueller Agrees

He hinted during the 2016 campaign that he knew in advance that the anti-secrecy group WikiLeaks would release unflattering information hacked ...

Posted on 24 March 2019 | 10:00 pm

Hackers Who Cracked Tesla Model 3 Security In Competition Win Electric Car And $375K

A team of skilled hackers got more than what they bargained for in the Pwn2Own Hacking Event in Vancouver, Canada. This is after Tesla gifted them ...

Posted on 24 March 2019 | 9:15 pm

Infosec researcher Nik Cubrilovic changes plea on GoGet breach

Australian security researcher Nik Cubrilovic has pleaded guilty to a reduced set of charges related to his role in a data breach at car sharing service ...

Posted on 24 March 2019 | 9:03 pm

7 Foolproof Steps To Total Password Management

Billions of accounts have been compromised. From Yahoo's multiple breaches to Facebook's Cambridge Analytica scandal and Equifax's data ...

Posted on 24 March 2019 | 9:03 pm

Data security prepares world for 5G revolution

"If a computer is the brain, 5G is the nervous system, data is the blood, and memory, as well as storage, is very much the heart of all these things," said ...

Posted on 24 March 2019 | 9:03 pm

If you thought Cathay Pacific data leak was bad, just wait till hackers steal your DNA

When Cathay Pacific announced in October that its internal systems had been hacked, close to 10 million passengers of Hong Kong's flagship air ...

Posted on 24 March 2019 | 8:52 pm

If you thought Cathay Pacific data leak was bad, just wait till hackers steal your DNA

It was a data leak of potentially epic proportions. When Cathay Pacific announced in October that its internal systems had been hacked, close to 10 ...

Posted on 24 March 2019 | 8:52 pm

Engage:BDR continues programmatic integration spree and targets a return to profitability

AdCel's technological advantages such as malware scanning has enabled engage:BDR to accommodate the high demand for its unique filtered ...

Posted on 24 March 2019 | 7:33 pm

PwC Herald Talks Presents Cyber Security

PwC Herald Talks is tackling the topic of Cyber Security in the first 2019 talk, on Thursday 11 April. After five sell-out events in Auckland last year, PwC ...

Posted on 24 March 2019 | 7:33 pm

India to seek US help for tracing virtual SIMs used in Pulwama

Unlike SIM cards, 'virtual SIMs' are computer generated and used via an app ... While the security agencies would attempt to find who had paid for the ...

Posted on 24 March 2019 | 7:33 pm

Microsoft: Developing markets in Asia-Pacific among the most vulnerable to malware

In the 24th edition of its Security Intelligence Report (SIR), an annual study aimed to improve cyber resilience in the region, Microsoft said malware ...

Posted on 24 March 2019 | 7:22 pm

Kiwis' distrust of social media a headache for business

Pickup said Kantar TNS's research also showed Kiwis to be worried about their online security but most not doing the simple things they know they ...

Posted on 24 March 2019 | 6:48 pm

USI Collaborates with Microsoft to Launch the World's First Azure Sphere Combo Module ...

USI Collaborates with Microsoft to Launch the World's First Azure Sphere Combo Module Designed to Meet Data Security and Connectivity Needs

Posted on 24 March 2019 | 6:26 pm

Voting tech creates growing concern for local officials

Concerns about election hacking have permeated the country after the U.S. intelligence community determined that Russia successfully interfered in ...

Posted on 24 March 2019 | 6:15 pm

Security researcher pleads guilty in GoGet case

Security researcher pleads guilty in GoGet case ... Illawarra-based security researcher Nikola Cubrilovic has pleaded guilty to charges ... dealing with identity information to commit an indictable offence, and taking and driving a ...

Posted on 24 March 2019 | 6:15 pm

Voting tech creates growing concern for local officials

And election security experts told The Hill that malicious cyber actors could ... Duncan Buell, a computer science professor at the University of South ...

Posted on 24 March 2019 | 6:15 pm

Somebody left the window open

By storing passwords in readable plain text, Facebook violated fundamental computer-security practices. Those call for organisations and websites to ...

Posted on 24 March 2019 | 6:02 pm

Russia is a threat to American democracy, with or without collusion

In July 2018, Mueller indicted 12 Russian intelligence officers, charging them with hacking the computer networks of members of Hillary Clinton's ...

Posted on 24 March 2019 | 5:52 pm

What Businesses Can Learn About the Insider Threat From the NSA Contractor Data Breach

Many have even enhanced their dedicated information security departments by hiring specialist experts to spearhead efforts. While this proactivity is to ...

Posted on 24 March 2019 | 5:30 pm

Seeing is believing? Media in a post-truth world

He is a founding member of the Center for Cyber Security (CCS), a collaborative initiative of multiple schools within NYU. He is the founder of Cyber ...

Posted on 24 March 2019 | 5:30 pm

What Businesses Can Learn About the Insider Threat From the NSA Contractor Data Breach

Every employee – from regular key workers to specialist high-level cybersecurity contractors – can be an insider threat, but businesses that recognise ...

Posted on 24 March 2019 | 5:30 pm

Fox's Henry Challenges Donna Brazile: Will You Now 'Accept the President' as Legitimate?

Brazile is naturally personally involved in the story, having been with the DNC at the time of the email hacking, and she and Perino discussed it before ...

Posted on 24 March 2019 | 5:18 pm

Pelosi, Schumer demand DOJ release entire Russia report

... investigation cleared Trump's campaign of allegations it cooperated with Russians who meddled in the 2016 election, which included the hacking of ...

Posted on 24 March 2019 | 5:07 pm

The Mueller probe ends, and the gloating begins in Moscow

And the special counsel also brought charges against Russian military officers in connection with the hacking of the Hillary Clinton campaign and ...

Posted on 24 March 2019 | 5:07 pm

Global Computer Numerical Control Equipment Market 2019 Seimens AG, Fanuc Corporation, Dr ...

The overall Computer Numerical Control Equipment market is made with the fundamental and direct conclusion to exploit the Computer Numerical ...

Posted on 24 March 2019 | 5:07 pm

The Mueller probe ends, and the gloating begins in Moscow

Moscow (CNN) The Kremlin has yet to respond to the conclusions from special counsel Robert Mueller's investigation, but the gloating has already ...

Posted on 24 March 2019 | 5:07 pm

Pay What You Want for These eLearning Bundles

With over 100 hours of expert-led training, this bundle introduces you to the increasingly important and lucrative field of cybersecurity. You'll prepare ...

Posted on 24 March 2019 | 4:56 pm

'If Netanyahu Had a Way to Get Me Hurt, Killed, He Would,' Gantz Says in Leaked Recording

Gantz also said it is possible that Iran is behind the hacking of his phone, but does not rule out cooperation between Netanyahu and Russia in the ...

Posted on 24 March 2019 | 4:33 pm

5 key takeaways from Mueller report summary in Russia investigation

In addition, the special counsel's office found that the Russian government tried to "conduct computer hacking operations designed to gather and ...

Posted on 24 March 2019 | 4:33 pm

What to know about UNB's massive email data breach

What to know about UNB's massive email data breach ... Erik Denis, the senior cyber security officer at UNB, offered some explanation of the event for ...

Posted on 24 March 2019 | 4:00 pm

CloudSEK: The start-up that keeps cyber threats at bay

CloudSEK, an Artificial Intelligence (AI)-powered digital risk management enterprise, is on a roll. Founded in 2015 by cybersecurity expert Rahul Sasi, ...

Posted on 24 March 2019 | 3:26 pm

Week in review: Norsk Hydro cyber attack, Android privacy, exploiting IMAP to bypass MFA

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Featured in this issue are the ...

Posted on 24 March 2019 | 3:15 pm

Tips for Online Security from IT Security Firm Segurazo

Avoiding scams, phishing, and malware is a huge part of online security. Be careful with your passwords, and with your social media accounts.

Posted on 24 March 2019 | 2:46 pm

Tips for Online Security from IT Security Firm Segurazo

Online security is something that many people do not think about. This can be a serious problem causing computer damage or financial loss.

Posted on 24 March 2019 | 2:46 pm

Tips for Online Security from IT Security Firm Segurazo

Online security is something that many people do not think about. This can be a serious problem causing computer damage or financial loss.

Posted on 24 March 2019 | 2:41 pm

MaxFit Gym, Rehmann Cybersecurity Event, Red Level Recycling Day, UM's Hashbash Update

Jim Carpp, CTO and Vice Chairman of Rehmann, announces a May 9 free cybersecurity conference in Troy. Dave King, CEO of Red Level Group, ...

Posted on 24 March 2019 | 2:41 pm

Latest jobs 2019 notifications: Apply Now

The online examination will consist of objective type multiple choice ... (TAU), in Israel has announced its summer program open in Cyber Security, ...

Posted on 24 March 2019 | 2:18 pm

Simon Bridges calls for tougher cyber security laws in wake of Christchurch terror attacks

Simon Bridges has called for greater cyber security in the wake of ... Party leader is calling on the Government to target hate crime on the internet.

Posted on 24 March 2019 | 2:18 pm

¿Cómo proteger un celular de los hackers?

¿Recuerda la noticia del malware (programa malicioso) WannaCry que afectó a cientos de compañías en 2017? En ese año, piratas informáticos ...

Posted on 24 March 2019 | 1:59 pm

IRS Urges Taxpayers to Protect Personal Information

The IRS is urging taxpayers to take steps to ensure the security of their personal, financial and tax information. During tax time, con artists often use ...

Posted on 24 March 2019 | 1:56 pm

Shell Asset Management Co Has Raised State Str (STT) Stake By $1.79 Million; Princeton Portfolio ...

... JPMorgan Conference Tomorrow; 13/04/2018 – March's Most Wanted Malware: Cryptomining Malware That Works Outside the Web Browser on the ...

Posted on 24 March 2019 | 1:33 pm

Week in review: Norsk Hydro cyber attack, Android privacy, exploiting IMAP to bypass MFA

Here’s an overview of some of last week’s most interesting news and articles: Norsk Hydro cyber attack: What happened? “Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. The company continued to keep the public appraised of the evolving situation. Attackers are exploiting IMAP to bypass MFA on Office 365, G Suite accounts Where possible, and especially for important accounts such as Office 365 and G … More

The post Week in review: Norsk Hydro cyber attack, Android privacy, exploiting IMAP to bypass MFA appeared first on Help Net Security.

Posted on 24 March 2019 | 1:00 pm

PSA: Mueller report malware is on the way, probably

Has someone sent you an email with an attachment that claims to be a leaked copy of the Mueller report? Have you been directed to a website where ...

Posted on 24 March 2019 | 12:48 pm

Simon Bridges calls for greater cyber security in the wake of Christchurch terror attacks

Simon Bridges calls for greater cyber security in the wake of Christchurch ... leader is calling on the Government to target hate crime on the internet.

Posted on 24 March 2019 | 12:48 pm

Cyber Security “Expert” claims WhatsApp “sells” user data, SOFTEC 2019

This year, a panel sat together to talk about Cyber Security. The panel consisted of Mr. Ibrahim Nadir, an Assistant Professor at FAST NU, Dr. Ghalib ...

Posted on 24 March 2019 | 12:44 pm

Cyber attack on Dubai school network, parents warned

DUBAI: A British school in Dubai has warned parents about a cyber attack on its network last week, but has reassured them that necessary action has ...

Posted on 24 March 2019 | 12:15 pm

Let's Talk Business: Information Technology Sector

Of course, I'm talking about the information technology sector, or IT. ... Southeast Missouri State University is dominating state-wide cyber security ...

Posted on 24 March 2019 | 11:41 am

Hugh Johnson Advisors Decreased By $1.86 Million Its Check Point Software Tech LTD (CHKP ...

... Jun 7; 12/03/2018 – February's Most Wanted Malware: Cryptomining Malware Continues to Chip Away at Enterprise CPU Power, says Check Point; ...

Posted on 24 March 2019 | 11:18 am

Adults rely on teenagers for online security advice, GCHQ survey suggests

Adults turn to older teenagers for help with online security advice more than their work colleagues or partners, revealing how families are increasingly ...

Posted on 24 March 2019 | 11:07 am

INTERVIEW: Chinese-made devices pose risk to security

Taking the above into account, it is safe to say that US actions against Huawei and ZTE are not purely motivated by cybersecurity, but by national ...

Posted on 24 March 2019 | 10:56 am

Bitauto Holdings Limited (BITA) Reaches $15.46 52 Week Low; Harding Loevner LP Boosted Its ...

Some Historical CHKP News: 12/03/2018 – February's Most Wanted Malware: Cryptomining Malware Continues to Chip Away at Enterprise CPU ...

Posted on 24 March 2019 | 10:33 am

Watchdog: FEMA Wrongly Released Personal Data of Victims

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

read more

Posted on 24 March 2019 | 9:37 am

The Elon Musk of Global Crime and European Colonialism in Africa

A pioneer in the field of cyber security, LeRoux broke bad and used his exceptional gifts to become the international criminal underground's premier ...

Posted on 24 March 2019 | 9:26 am

GEEK TO ME: Don't fall for tech support telephone scams

Under the guise of diagnostics and repair (which they will very likely charge you for) they are actually installing malware and scanning your files.

Posted on 24 March 2019 | 9:03 am

How Apple's push into new services could strain its relationships with developers & competitors

Cybersecurity firm Kaspersky Lab made similar claims last week and filed an antitrust complaint in Russia. IDC analyst Rivka Gewirtz Little says these ...

Posted on 24 March 2019 | 8:52 am

Global Hand-Held Charging Machine Market 2019 Dynamics – Sunway, Kingdy, Chainway ...

... Sunway, Kingdy, Chainway, Cardlan, Jin Hao, Jilian, Keypass, Realand of the global Hand-Held Charging Machine market in the upcoming period.

Posted on 24 March 2019 | 8:41 am

What to do if your browser address bar doesn't search

Malware: Your PC might have been invaded by malicious software which subsequently sneaked into your browser. Browser Extensions: It's a ...

Posted on 24 March 2019 | 8:41 am

As of Mar 24, 2019 Fortinet Inc (NASDAQ:FTNT) Shorts Reduced By 15.9%

... anti-malware, virtual private network, application control, Web filtering, anti-spam, and wide area network acceleration; FortiManager product family ...

Posted on 24 March 2019 | 8:18 am

Trump's son-in-law's WhatsApp habits worry experts

Ignoring national security concerns, Jared Kushner, son-in-law of US ... and hackers, have raised concerns among cyber security experts, the report ...

Posted on 24 March 2019 | 7:33 am

Cybersecurity Researcher Says Mobile Payment Platforms Are Selling Your Data To Third-Parties

According to Victor Gevers, a cybersecurity adviser from GDI. Foundation, companies like Alipay, are selling their customer data to third-party clients ...

Posted on 24 March 2019 | 7:03 am

Where Next For Smart Cities?

This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post ...

Posted on 24 March 2019 | 6:48 am

Cisco Patches High Severity Vulnerabilities in IP Phones

Cisco this week released security patches to address high severity vulnerabilities in its IP Phone 8800 Series and IP Phone 7800 Series. 

A total of five vulnerabilities were addressed, all impacting the web-based management interface of Session Initiation Protocol (SIP) Software of IP Phone 8800 Series. 

read more

Posted on 23 March 2019 | 12:39 pm

Tesla car hacked at Pwn2Own contest

Research duo who hacked Tesla car win the competition's overall standings. They also get to keep the car.

Posted on 23 March 2019 | 11:30 am

FEMA 'unnecessarily' shared data of 2.3 million disaster victims with contractor

FEMA says accidental data leak has been dealt with and user data removed from contractor's systems.

Posted on 23 March 2019 | 8:15 am

Researchers find 36 new security flaws in LTE protocol

South Korean researchers apply fuzzing techniques to LTE protocol and find 51 vulnerabilities, of which 36 were new.

Posted on 23 March 2019 | 3:00 am

Pwn2Own 2019: Researchers Win Tesla After Hacking Its Browser

Researchers win Tesla Model 3 at Pwn2Own

read more

Posted on 23 March 2019 | 1:02 am

Mozilla Releases Security Updates for Firefox

Original release date: March 22, 2019

Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 22 March 2019 | 4:35 pm

Alleged Child Porn Lord Faces US Extradition

In 2013, the FBI exploited a zero-day vulnerability in Firefox to seize control over a Dark Web network of child pornography sites. The alleged owner of that ring - 33-year-old Freedom Hosting operator Eric Eoin Marques - was arrested in Ireland later that year on a U.S. warrant and has been in custody ever since. This week, Ireland's Supreme Court cleared the way for Marques to be extradited to the United States.

Posted on 22 March 2019 | 2:32 pm

UK Police Federation Hit by Ransomware

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

read more

Posted on 22 March 2019 | 12:12 pm

Russian Hackers Target European Governments Ahead of Elections: FireEye

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

read more

Posted on 22 March 2019 | 12:08 pm

Industry Reactions to Norsk Hydro Breach: Feedback Friday

Norwegian aluminum giant Norsk Hydro has been hit by a serious ransomware attack that caused disruptions at some of its plants and forced the company to turn to manual processes to fulfill customer orders.

read more

Posted on 22 March 2019 | 11:37 am

Microsoft Launches Defender ATP Endpoint Security for macOS

Microsoft Brings Defender Advanced Threat Protection to macOS

read more

Posted on 22 March 2019 | 10:43 am

Norsk Hydro will not pay ransom demand and will restore from backups

Microsoft employees have arrived in Norway to help Norsk Hydro recover after ransomware attack.

Posted on 22 March 2019 | 10:14 am

D.C. Attorney General Introduces New Data Security Bill

Karl A. Racine, the attorney general for the District of Columbia, on Thursday announced the introduction of a new bill that aims to expand data breach notification requirements and improve the way personal information is protected by organizations.

read more

Posted on 22 March 2019 | 9:58 am

DataVisor launches DCube delivering expanded control to data scientists and fraud teams

DataVisor, the award-winning AI-powered fraud management company, announced the launch of DCube. DCube builds on DataVisor’s pioneering fraud platform to deliver a single, turnkey solution that introduces unprecedented advances to the current fraud management landscape. DCube supports the fraud management needs of large enterprises by enabling organizations to minimize risk exposure, while putting control in the hands of its users to proactively detect and stop fraud in real time. “As the enterprise rapidly moves towards … More

The post DataVisor launches DCube delivering expanded control to data scientists and fraud teams appeared first on Help Net Security.

Posted on 22 March 2019 | 8:04 am

Facebook allegedly knew of Cambridge Analytica activity months prior to public reports

Court filings indicate that Facebook may have been well aware of what was going on before the scandal erupted.

Posted on 22 March 2019 | 7:28 am

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to protect your computers and precious data stored on them. Unfortunately, to cover these bases, one

Posted on 22 March 2019 | 6:57 am

Medtronic's Implantable Defibrillators Vulnerable to Life-Threatening Hacks

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients' chests) that gives a patient's heart an electric

Posted on 22 March 2019 | 6:54 am

Observations From RSA Conference 2019

The RSA Conference is one of the premier events in the cybersecurity world. At times, it can be an overwhelming experience for vendors and attendees alike because of its massive scale and fast pace; however, it’s also a great opportunity for people like me to get insight into trends in the industry.

read more

Posted on 22 March 2019 | 6:00 am

Norsk Hydro cyber attack: What’s new?

Norwegian aluminum producer Norsk Hydro ASA was hit by ransomware-wielding attackers early this week. The company lost no time in reacting and responding to the attack – they notified the authorities, called in experts to help, and (very laudably) committed to keeping the public informed. In the latest official update on the situation, the company shared that: With the help of experts from Microsoft and other IT security partners, they are working on reverting virus … More

The post Norsk Hydro cyber attack: What’s new? appeared first on Help Net Security.

Posted on 22 March 2019 | 5:58 am

Critical flaw revealed in Facebook Fizz TLS project

The DoS vulnerability is trivially easy to trigger.

Posted on 22 March 2019 | 5:42 am

Microsoft Announces Windows Defender ATP Antivirus for Mac

Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it's true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well—and to more platforms soon, like Linux. As a result, the technology giant renamed its Windows Defender Advanced

Posted on 22 March 2019 | 2:55 am

Worldwide spending on security solutions expected to continue growing

Worldwide spending on security-related hardware, software, and services is forecast to reach $103.1 billion in 2019, an increase of 9.4% over 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. $133.8 billion by 2022 Worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 9.2% over the 2018-2022 forecast period … More

The post Worldwide spending on security solutions expected to continue growing appeared first on Help Net Security.

Posted on 22 March 2019 | 1:30 am

Researchers Earn $270,000 for Firefox, Edge Hacks at Pwn2Own 2019

White hat hackers earned a total of $270,000 on the second day of the Pwn2Own hacking competition for demonstrating exploits against the Mozilla Firefox and Microsoft Edge web browsers.

read more

Posted on 22 March 2019 | 1:30 am

Microsoft tech support scammer pleads guilty to defrauding victims of $3 million

Suspect admits role in criminal operation within a week after being arrested.

Posted on 22 March 2019 | 12:30 am

Over 100,000 GitHub repos have leaked API or cryptographic keys

Thousands of new API or cryptographic keys leak via GitHub projects every day.

Posted on 21 March 2019 | 6:21 pm

Threat Hunting Tips to Improve Security Operations

From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.

read more

Posted on 21 March 2019 | 2:33 pm

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext

Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of

Posted on 21 March 2019 | 2:20 pm

Global Security Spend Set to Grow to $133.8 Billion by 2022: IDC

Global spending on security-related hardware software and services will grow at a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022, to a total of $133.8 billion in 2022. The figures come from the latest Worldwide Semiannual Security Spending Guide compiled by IDC.

read more

Posted on 21 March 2019 | 12:48 pm

Facebook Stored Passwords of Hundreds of Millions Users in Plain Text

Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users. 

read more

Posted on 21 March 2019 | 11:53 am

How Three of 2018's Critical Threats Used Email to Execute Attacks

History Tends to Repeat Itself - Attackers Repurpose Tried and Tested Methods to Launch Attacks

read more

Posted on 21 March 2019 | 11:38 am

Nokia firmware blunder sent some user data to China

Company behind Nokia smartphones accidentally left a data collection package inside some Nokia 7 Plus devices' firmware.

Posted on 21 March 2019 | 11:33 am

Multiple Vulnerabilities Patched in PuTTY and LibSSH2

PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.

read more

Posted on 21 March 2019 | 11:27 am

Facebook Pays Big Bounty for DoS Flaw in Fizz TLS Library

While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting Fizz, its open source TLS library.

read more

Posted on 21 March 2019 | 11:18 am

FIN7 Hackers Use New Malware in Recent Attacks

The financially-motivated hacking group FIN7 has used new malware samples in a recent attack campaign, Flashpoint security researchers warn. 

read more

Posted on 21 March 2019 | 11:16 am

Finland to Investigate Suspected Nokia Chinese Data Breach

Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users' personal data to China, the country's data protection ombudsman announced on Thursday.

read more

Posted on 21 March 2019 | 10:26 am

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Posted on 21 March 2019 | 10:17 am

Securing Industrial IoT in the Modern World

Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it. But these ‘everyday’ attacks and the associated losses are only the tip of the iceberg when it comes to what could potentially happen in the future.

read more

Posted on 21 March 2019 | 10:15 am

Zero-day in WordPress SMTP plugin abused by two hacker groups

Hacker groups are creating backdoor admin accounts on vulnerable sites and redirecting users to tech support scams.

Posted on 21 March 2019 | 8:46 am

OceanLotus adopts public exploit code to abuse Microsoft Office software

APT32 is using a public exploit to abuse Office and compromise targeted systems.

Posted on 21 March 2019 | 7:17 am

MyPillow and Amerisleep wake up to Magecart card theft nightmare

The US firms may have a few sleepless nights over the security breaches.

Posted on 21 March 2019 | 5:49 am

Google Will Prompt European Android Users to Select Preferred Default Browser

Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to "illegally" tie its proprietary apps and services—specifically,

Posted on 21 March 2019 | 3:50 am

PewDiePie fans keep making junk ransomware

Please, YouTube! Just hide PewDiePie and T-Series' followers count and put this competition to bed.

Posted on 21 March 2019 | 12:30 am

Drupal Releases Security Updates

Original release date: March 20, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 20 March 2019 | 4:51 pm

Lithuanian man pleads guilty to scamming Google and Facebook out of $123 million

Man posed as hardware vendor to trick Google and Facebook into sending payments to his bank accounts.

Posted on 20 March 2019 | 3:54 pm

Cisco Releases Security Advisories for Multiple Products

Original release date: March 20, 2019

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 20 March 2019 | 3:50 pm

AT&T, Comcast successfully test SHAKEN/STIR protocol for fighting robocalls

AT&T and Comcast successfully test first SHAKEN/STIR-authenticated call between two different networks.

Posted on 20 March 2019 | 2:22 pm

Global threat group Fin7 returns with new SQLRat malware

Previously unseen malware and a new admin panel have been tied to the notorious group.

Posted on 20 March 2019 | 12:00 pm

Google bans VPN ads in China

Google cites "local legal restrictions" as the cause for its Chinese VPN ads ban.

Posted on 20 March 2019 | 11:01 am

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.

Posted on 20 March 2019 | 8:31 am

Google Photos vulnerability could have let hackers retrieve image metadata

Browser side-channel leaks are emerging as the next big threat for per-target stalking ops.

Posted on 20 March 2019 | 8:00 am

CUJO Smart Firewall vulnerabilities exposed home networks to critical attacks

Remote code execution bugs were among those found.

Posted on 20 March 2019 | 7:15 am

Bank hackers team up to spread financial Trojans worldwide

The gang agreements focus on theft, malware capabilities, and territory grabs.

Posted on 20 March 2019 | 5:06 am

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of

Posted on 20 March 2019 | 4:41 am

Mozilla Releases Security Updates for Firefox

Original release date: March 19, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 19 March 2019 | 1:32 pm

Android Q — Google Adds New Mobile Security and Privacy Features

Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face

Posted on 19 March 2019 | 1:19 pm

Microsoft Ending Support for Windows 7

Original release date: March 19, 2019

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:

Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

 


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 19 March 2019 | 1:14 pm

Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and

Posted on 19 March 2019 | 12:05 pm

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).   

CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 19 March 2019 | 12:03 pm

Libssh Releases Update to Patch 9 New Security Vulnerabilities

Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library

Posted on 19 March 2019 | 5:27 am

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices

Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet, this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks. Although the original creators of Mirai botnet have already been arrested and jailed, variants of the infamous IoT malware

Posted on 19 March 2019 | 2:55 am

FBI Warns of Fraud Actors Scamming Investors Through Fictitious Standby Letters of Credit

Posted on 18 March 2019 | 10:00 am

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of

Posted on 18 March 2019 | 1:17 am

Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.

Posted on 17 March 2019 | 6:25 pm

New Zealand Tragedy-Related Scams and Malware Campaigns

Original release date: March 15, 2019 | Last revised: March 18, 2019

In the wake of the recent New Zealand mosque shootings, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 15 March 2019 | 5:18 pm

Intel Releases Security Advisories on Multiple Products

Original release date: March 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 15 March 2019 | 11:28 am

VMware Releases Security Updates for Workstation and Horizon

Original release date: March 15, 2019

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 15 March 2019 | 10:38 am

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates

Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical

Posted on 15 March 2019 | 3:17 am

Microsoft Releases Security Update for Azure Linux Guest Agent

Original release date: March 14, 2019

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 14 March 2019 | 8:42 pm

Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage

WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubling both for the social media giant and its millions of users, guess who benefits the most out of

Posted on 14 March 2019 | 5:50 am

New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites

If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, has once

Posted on 14 March 2019 | 4:41 am

Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers' PCs

If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers. A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by

Posted on 14 March 2019 | 2:10 am

Windows 10 Now Automatically Uninstalls Updates That Cause Problems

Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects a startup failure, which could be due to

Posted on 14 March 2019 | 12:37 am

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform." "You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.

Posted on 13 March 2019 | 3:56 pm

AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF

With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). <!-- adsense --> With the AWS Certified Architect Developer Bundle 2019,

Posted on 13 March 2019 | 9:11 am

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity. The update addresses flaws in Windows, Internet Explorer, Edge, MS

Posted on 13 March 2019 | 6:01 am

Firefox Send — Free Encrypted File Transfer Service Now Available For All

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like

Posted on 13 March 2019 | 3:40 am

Patch Tuesday, March 2019 Edition

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.

Posted on 12 March 2019 | 11:55 pm

Adobe Releases Patches for Critical Flaws in Photoshop CC and Digital Edition

Adobe users would feel lighter this month, as Adobe has released patches for just two security vulnerability in its March Security Update. The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions. Upon successful exploitation, both critical vulnerabilities could

Posted on 12 March 2019 | 11:22 am

Cynet is offering unhappy competitors' customers a refund for the time remaining on existing contracts

Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an

Posted on 12 March 2019 | 8:12 am

Analysis Of Brexit-Centric Twitter Activity

This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]

Posted on 12 March 2019 | 2:56 am

F5 Networks Acquires NGINX For $670 Million

One of the most important software companies NGINX, which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks, in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log

Posted on 12 March 2019 | 2:17 am

BEWARE – New 'Creative' Phishing Attack You Really Should Pay Attention To

A cybersecurity researcher who last month warned of a creative phishing campaign has now shared details of a new but similar attack campaign with The Hacker News that has specifically been designed to target mobile users. Just like the previous campaign, the new phishing attack is also based on the idea that a malicious web page could mimic look and feel of the browser window to trick even the

Posted on 11 March 2019 | 10:46 am

Severe Flaw Disclosed In StackStorm DevOps Automation Software

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services. StackStorm, aka "IFTTT for Ops," is a powerful event-driven automation tool for integration and automation across services and tools that allows

Posted on 11 March 2019 | 5:16 am

Insert Skimmer + Camera Cover PIN Stealer

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM. And sometimes, the scammers just hijack the security camera built into the ATM itself.

Posted on 10 March 2019 | 10:41 pm

MyEquifax.com Bypasses Credit Freeze PIN

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don't already have an account at the credit bureau's new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Posted on 8 March 2019 | 10:12 am

Hackers Sell Access to Bait-and-Switch Empire

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S. Federal Trade Commission, Microsoft and Oprah Winfrey, to name a few.

Posted on 4 March 2019 | 4:11 pm

Booter Boss Interviewed in 2014 Pleads Guilty

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son's online activities.

Posted on 28 February 2019 | 9:14 am

Crypto Mining Service Coinhive to Call it Quits

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month.

Posted on 27 February 2019 | 5:19 pm

Why Social Network Analysis Is Important

I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]

Posted on 21 February 2019 | 7:20 am

Oracle Critical Patch Update Advisory - January 2019

Posted on 15 January 2019 | 1:30 pm

NRSMiner updates to newer version

More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […]

Posted on 2 January 2019 | 11:04 pm

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Posted on 12 December 2018 | 9:13 pm

Phishing Campaign targeting French Industry

We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]

Posted on 26 November 2018 | 7:16 am

Ethics In Artificial Intelligence: Introducing The SHERPA Consortium

In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]

Posted on 22 November 2018 | 2:25 am

Spam campaign targets Exodus Mac Users

We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […]

Posted on 2 November 2018 | 12:56 pm

Oracle Critical Patch Update Advisory - October 2018

Posted on 16 October 2018 | 2:30 pm

Oracle Security Alert for CVE-2018-11776 - 31 August 2018

Posted on 31 August 2018 | 7:00 pm

Value-Driven Cybersecurity

Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]

Posted on 31 August 2018 | 8:20 am

Taking Pwnie Out On The Town

Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]

Posted on 14 August 2018 | 6:58 am

Oracle Security Alert for CVE-2018-3110 - 10 August 2018

Posted on 10 August 2018 | 2:30 pm

How To Locate Domains Spoofing Campaigns (Using Google Dorks) #Midterms2018

The government accounts of US Senator Claire McCaskill (and her staff) were targeted in 2017 by APT28 A.K.A. “Fancy Bear” according to an article published by The Daily Beast on July 26th. Senator McCaskill has since confirmed the details. And many of the subsequent (non-technical) articles that have been published has focused almost exclusively on […]

Posted on 30 July 2018 | 12:17 pm

Oracle Critical Patch Update Advisory - July 2018

Posted on 17 July 2018 | 2:30 pm

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads […]

Posted on 5 July 2018 | 12:00 pm

Video: Creating Graph Visualizations With Gephi

I wanted to create a how-to blog post about creating gephi visualizations, but I realized it’d probably need to include, like, a thousand embedded screenshots. So I made a video instead.

Posted on 24 May 2018 | 2:50 am

Pr0nbots2: Revenge Of The Pr0nbots

A month and a half ago I posted an article in which I uncovered a series of Twitter accounts advertising adult dating (read: scam) websites. If you haven’t read it yet, I recommend taking a look at it before reading this article, since I’ll refer back to it occasionally. To start with, let’s recap. In my […]

Posted on 4 May 2018 | 5:03 am

Oracle Critical Patch Update Advisory - April 2018

Posted on 17 April 2018 | 2:30 pm

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]

Posted on 3 April 2018 | 2:56 pm

Marketing “Dirty Tinder” On Twitter

About a week ago, a Tweet I was mentioned in received a dozen or so “likes” over a very short time period (about two minutes). I happened to be on my computer at the time, and quickly took a look at the accounts that generated those likes. They all followed a similar pattern. Here’s an […]

Posted on 16 March 2018 | 4:49 am

How To Get Twitter Follower Data Using Python And Tweepy

In January 2018, I wrote a couple of blog posts outlining some analysis I’d performed on followers of popular Finnish Twitter profiles. A few people asked that I share the tools used to perform that research. Today, I’ll share a tool similar to the one I used to conduct that research, and at the same […]

Posted on 27 February 2018 | 6:07 am

Improving Caching Strategies With SSICLOPS

F-Secure development teams participate in a variety of academic and industrial collaboration projects. Recently, we’ve been actively involved in a project codenamed SSICLOPS. This project has been running for three years, and has been a joint collaboration between ten industry partners and academic entities. Here’s the official description of the project. “The Scalable and Secure […]

Posted on 26 February 2018 | 2:11 am

Searching Twitter With Twarc

Twarc makes it really easy to search Twitter via the API. Simply create a twarc object using your own API keys and then pass your search query into twarc’s search() function to get a stream of Tweet objects. Remember that, by default, the Twitter API will only return results from the last 7 days. However, […]

Posted on 16 February 2018 | 8:33 am

NLP Analysis Of Tweets Using Word2Vec And T-SNE

In the context of some of the Twitter research I’ve been doing, I decided to try out a few natural language processing (NLP) techniques. So far, word2vec has produced perhaps the most meaningful results. Wikipedia describes word2vec very precisely: “Word2vec takes as its input a large corpus of text and produces a vector space, typically of several […]

Posted on 30 January 2018 | 6:37 am

NLP Analysis And Visualizations Of #presidentinvaalit2018

During the lead-up to the January 2018 Finnish presidential elections, I collected a dataset consisting of raw Tweets gathered from search words related to the election. I then performed a series of natural language processing experiments on this raw data. The methodology, including all the code used, can be found in an accompanying blog post. […]

Posted on 30 January 2018 | 6:35 am

How To Get Tweets From A Twitter Account Using Python And Tweepy

In this blog post, I’ll explain how to obtain data from a specified Twitter account using tweepy and Python. Let’s jump straight into the code! As usual, we’ll start off by importing dependencies. I’ll use the datetime and Counter modules later on to do some simple analysis tasks. from tweepy import OAuthHandler from tweepy import […]

Posted on 26 January 2018 | 2:35 am

How To Get Streaming Data From Twitter

I occasionally receive requests to share my Twitter analysis tools. After a few recent requests, it finally occurred to me that it would make sense to create a series of articles that describe how to use Python and the Twitter API to perform basic analytical tasks. Teach a man to fish, and all that. In […]

Posted on 17 January 2018 | 6:50 am

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for […]

Posted on 16 January 2018 | 5:00 pm

Oracle Critical Patch Update Advisory - January 2018

Posted on 16 January 2018 | 1:30 pm

Further Analysis Of The Finnish Themed Twitter Botnet

In a blog post I published yesterday, I detailed the methodology I have been using to discover “Finnish themed” Twitter accounts that are most likely being programmatically created. In my previous post, I called them “bots”, but for the sake of clarity, let’s refer to them as “suspicious accounts”. These suspicious accounts all follow a […]

Posted on 12 January 2018 | 7:52 am

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's […]

Posted on 29 November 2017 | 2:33 pm

Oracle Security Alert for CVE-2017-10269 - 13 November 2017

Posted on 13 November 2017 | 1:30 pm

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to […]

Posted on 31 October 2017 | 9:20 am

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 27 October 2017 | 2:30 pm

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 2:30 pm

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 2:30 pm

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this […]

Posted on 19 September 2017 | 5:17 pm

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 2:30 pm

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 2:30 pm

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

Posted on 16 May 2017 | 5:39 pm

WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]

Posted on 15 May 2017 | 11:02 am

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 2:30 pm

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]

Posted on 6 March 2017 | 11:53 am

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 2:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 1:30 pm

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 2:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 2:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 2:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 2:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 2:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 2:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 2:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 1:30 pm

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 1:30 pm

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 1:30 pm

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 1:30 pm

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 2:26 pm

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 2:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 2:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 2:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 5:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 3:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 3:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 10:40 am

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 2:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 3:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 2:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 1:33 pm

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 4:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 5:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 5:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 3:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 4:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 1:40 pm

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 11:07 am

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 2:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 4:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 2:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 12:05 pm

Critical Patch Update - October 2009

Posted on 20 October 2009 | 10:39 am

Critical Patch Update - July 2009

Posted on 15 July 2009 | 8:00 pm

Critical Patch Update - April 2009

Posted on 14 April 2009 | 5:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 5:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 1:53 pm

Critical Patch Update - July 2008

Posted on 15 July 2008 | 3:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 5:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 4:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 3:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 3:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 10:57 am

Critical Patch Update - January 2007

Posted on 16 January 2007 | 5:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 1:37 pm

Critical Patch Update - April 2006

Posted on 18 April 2006 | 3:42 pm

Critical Patch Update - January 2006

Posted on 17 January 2006 | 6:20 pm

Critical Patch Update - January 2005

Posted on 18 October 2005 | 5:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 5:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 5:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 2:46 pm