Moscow-based cybersecurity firm appeals DHS decision to ban its software

Moscow-based cybersecurity firm Kaspersky Lab is appealing the decision by the Department of Homeland Security to ban its software from government computers. The U.S. intelligence community fears that Russian intelligence has access to the company's files and software. In a statement, the ...

Posted on 18 December 2017 | 1:56 pm

Moscow-based cybersecurity firm appeals DHS decision to ban its software

Moscow-based cybersecurity firm Kaspersky Lab is appealing the decision by the Department of Homeland Security to ban its software from government computers. The U.S. intelligence community fears that Russian intelligence has access to the company's files and software. In a statement, the ...

Posted on 18 December 2017 | 1:56 pm

Kaspersky Files Lawsuit Against the Depart of Homeland Security

In the ongoing battle between Kaspersky Labs and the United States government, the Russia-based antivirus provider has sued the U.S. Department of Homeland Security for failing to provide them basic due process. In a lawsuit filed today in the U.S. District Court for the District of Columbia, Kaspersky ...

Posted on 18 December 2017 | 1:33 pm

Hack the Air Force 2.0 Bug Bounty Kicks Off with $10K Payout

Hack the Air Force 2.0, which kicked off recently with 25 of the top-ranking hackers from around the world being flown in Manhattan to find vulnerabilities in mission-critical software, has paid out $10,650 in a top bounty. This, the largest single reward by any US government bug bounty program to date, ...

Posted on 18 December 2017 | 1:33 pm

Hackers find Air Force vulnerability for biggest government bug bounty reward yet

Fortunately for the Air Force, it came as part of its Hack the Air Force 2.0 bug bounty, which it kicked off during the h1-212 hacking event in New York. The service invited non-Air Force hackers to seek out vulnerabilities in 300 of its public websites. The Dec. 9 event brought together security teams and ...

Posted on 18 December 2017 | 1:33 pm

ELD Security Threats: Can trucks be mass-hacked to physically crash via ELDs?

Among other things I'm well known for researching and publishing information on threats to electronic voting systems – I'm one of the people who believes that “election hacking” is a real threat. If you're trying to google my work in this area (mostly 2012 and prior) you need to know that it was mostly done ...

Posted on 18 December 2017 | 1:22 pm

ELD Security Threats: Can trucks be mass-hacked to physically crash via ELDs?

The problem ELDs (“Electronic Logging Device”) bring to the table is that these same insecure onboard computers are opened to attack across the general Internet. How many simultaneous truck crashes (not in the “computer went and broke” sense!) will it take to equal the destructive power of four ...

Posted on 18 December 2017 | 1:22 pm

(ISC)² to Honor Top US Government Cybersecurity Professionals

Formerly known as the GISLAs, the ISLA Government program was established in 2004 as part of (ISC)²'s effort to recognize government information security leaders whose commitment to excellence is helping to improve government information security and to advance an in-demand workforce.

Posted on 18 December 2017 | 1:11 pm

(ISC)² to Honor Top US Government Cybersecurity Professionals

Formerly known as the GISLAs, the ISLA Government program was established in 2004 as part of (ISC)²'s effort to recognize government information security leaders whose commitment to excellence is helping to improve government information security and to advance an in-demand workforce.

Posted on 18 December 2017 | 1:11 pm

(ISC)² to Honor Top US Government Cybersecurity Professionals

Formerly known as the GISLAs, the ISLA Government program was established in 2004 as part of (ISC)²'s effort to recognize government information security leaders whose commitment to excellence is helping to improve government information security and to advance an in-demand workforce.

Posted on 18 December 2017 | 1:11 pm

Trump's national security strategy outlines 'cyberspace' goals

The sprawling 68-page document touches on a number of national security concerns, including economic ties with China and the lethality of the US nuclear arsenal, as well as a brief list of action items that aim to improve the country's approach to cybersecurity. According to the White House, the US will ...

Posted on 18 December 2017 | 1:09 pm

Kaspersky Sues U.S. Government Over Product Ban

Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies.

read more

Posted on 18 December 2017 | 1:04 pm

Russian cyberfirm Kaspersky appeals ban in US court

Embattled cyber security firm Kaspersky Lab said Monday that it is asking a federal court to overturn a ban on its products being used by US agencies. Allegations that Moscow-based Kaspersky, which sold more than $600 million of anti-virus software globally in 2015, knowingly or unknowingly helped ...

Posted on 18 December 2017 | 1:00 pm

Russian cyberfirm Kaspersky appeals ban in US court

Kaspersky said last month that malware-infected Microsoft Office software and not its own was to blame for the hacking theft of top-secret US intelligence materials. Adding tantalizing new details to a cyber-espionage mystery that has rocked the US intelligence community, Kaspersky also said there was ...

Posted on 18 December 2017 | 1:00 pm

Russian cyberfirm Kaspersky appeals ban in US court

Embattled cyber security firm Kaspersky Lab said Monday that it is asking a federal court to overturn a ban on its products being used by US agencies. Allegations that Moscow-based Kaspersky, which sold more than $600 million of anti-virus software globally in 2015, knowingly or unknowingly helped ...

Posted on 18 December 2017 | 1:00 pm

Bankrupt Cancer Clinic Chain's Insurer to Cover Breach Fine

OCR, 21st Century Oncology and Beazley did not immediately respond to Information Security Media Group's requests for comments. Separately, the company was hit by a $26 million settlement from the Department of Justice for making false attestations regarding its use of electronic health records ...

Posted on 18 December 2017 | 12:48 pm

Kaspersky Lab Suing Trump Administration Following Software Ban

In September, the US government mysteriously announced that it was banning Moscow-based Kaspersky Labs' anti-virus software from use on its employees' machines. A war of words, official and unofficial, has ensued and on Monday, Kaspersky filed a lawsuit claiming that its due process rights had ...

Posted on 18 December 2017 | 12:48 pm

Stronger security via a different chip?

As the military and government fervently push to aggregate and organize systems and data in ever more centralized ways, one corner of the cybersecurity community is taking a contrary approach to defending information and architecture -- by securing distributed hardware. Cambridge, Mass.-based ...

Posted on 18 December 2017 | 12:48 pm

Android Malware Mines Monero, Can Litteraly Destroy Phones

A new strain of malware known as Loapi has been discovered on Android devices. While some malware has been known to destroy files, this brand of virus can do actual damage to the physical phone it has infected. First spotted by security researchers at the Russia-based cybersecurity firm Kaspersky ...

Posted on 18 December 2017 | 12:37 pm

Android Malware Mines Monero, Can Litteraly Destroy Phones

In order to make sure it isn't undermined, the malware encourages victims to uninstall actual antivirus software on the device that may discover its true purpose. It also notes when the user attempts to open the Settings app to deactivate the administrator account and closes the window before the victim ...

Posted on 18 December 2017 | 12:37 pm

OSArmor : free Malwarebytes Anti-Exploit alternative

Monitor and block suspicious processes behaviors to prevent infections by malware, ransomware, and other threats. This tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via ...

Posted on 18 December 2017 | 12:26 pm

Kaspersky files lawsuit over anti-virus software ban

Earlier this month, the BBC's security correspondent Gordon Corera disclosed that the British government had issued a fresh warning about the security risks of using Russian anti-virus software. He said the UK's National Cyber Security Centre was to write to all government departments warning against ...

Posted on 18 December 2017 | 12:26 pm

StreamSets Debuts Dataflow Management, Data Ingestion Tools Targeting IoT And Cybersecurity ...

Managing the lifecycle of "data in motion" from operational applications, Internet of Things networks, industrial sensors, real-time analytical applications and cybersecurity endpoint systems is a challenge for businesses. While custom-coded software has been the traditional remedy, Bilodeau said such ...

Posted on 18 December 2017 | 12:26 pm

StreamSets Debuts Dataflow Management, Data Ingestion Tools Targeting IoT And Cybersecurity ...

Managing the lifecycle of "data in motion" from operational applications, Internet of Things networks, industrial sensors, real-time analytical applications and cybersecurity endpoint systems is a challenge for businesses. While custom-coded software has been the traditional remedy, Bilodeau said such ...

Posted on 18 December 2017 | 12:26 pm

Kaspersky challenges DHS software ban in court

In October 2017, the Wall Street Journal reported that in 2015 Russian hackers used access to Kaspersky's antivirus software to lift classified tools and files from the home computer of an NSA intelligence officer. On Dec. 1, Nghia Hoang Pho pled guilty in federal court to illegally taking home classified ...

Posted on 18 December 2017 | 12:26 pm

Kaspersky files lawsuit over anti-virus software ban

Russian software security firm Kaspersky Lab has filed a lawsuit against the Trump administration over a ban on its anti-virus products. It is the latest move by the company to refute allegations that it is vulnerable to Kremlin influence. Kaspersky says the US has deprived it of due process rights by ...

Posted on 18 December 2017 | 12:26 pm

UK Sees Growing Threat From Russian Propaganda, Cyber-Attacks

LONDON (Reuters) - Russia poses an increasing threat and is willing to use propaganda, subversion and cyber-attacks to undermine Britain and the rest ... are at risk of damage from any Russian attack on underwater communications cables that could disrupt trillions of dollars in financial transactions.

Posted on 18 December 2017 | 12:15 pm

Threat group APT-C-23 still active, releases GnatSpy mobile malware

A new mobile malware family, dubbed GnatSpy, that may be a much more dangerous variant of the earlier VAMP malware, has been reported in the wild. Trend Micro believes the threat group APT-C-23, which was behind VAMP, has been developing GnatSpy with components and capabilities that are ...

Posted on 18 December 2017 | 12:15 pm

(Another) Federal Data Breach Notification Law Introduced in Congress

Tammy Baldwin (D-WI), the Data Security and Breach Notification Act would apply to companies that acquire, maintain or use consumers' personal information. The bill's definition of “personal information” is slightly broader than the corresponding definition under many state laws, and includes, ...

Posted on 18 December 2017 | 12:15 pm

Cyber Security: Battling the Threat to Your Company

As looming cyber security attacks threaten businesses of all sizes and in all industries, the Philadelphia Business Journal is bringing together experts from around the region to talk about how companies can prevent, mitigate and respond to cyber attacks.

Posted on 18 December 2017 | 12:10 pm

Cyber Security: Battling the Threat to Your Company

As looming cyber security attacks threaten businesses of all sizes and in all industries, the Philadelphia Business Journal is bringing together experts from around the region to talk about how companies can prevent, mitigate and respond to cyber attacks.

Posted on 18 December 2017 | 12:10 pm

Branded Content

Cyber security is a key area of interest in the past year with the increased frequency of high profile breaches with the onslaught of ransomware (WannaCry) and ransomworm (NotPetya) attacks against governments, corporations and consumers worldwide with attacks increasing in volume and ...

Posted on 18 December 2017 | 12:03 pm

Four-way partnership aims at building cyber security workforce

South Dakota needs more cyber security experts, and four groups are working together to make that career path more widely available. Dakota State University, Southeast Technical Institute, the Sioux Falls School District and the Department of Labor and Regulation are teaming up for an initiative ...

Posted on 18 December 2017 | 12:03 pm

More Lawsuits: Kaspersky Lab Sues Trump Government Over Software Blacklist

The Moscow-based antivirus firm, Kaspersky Lab, has sued the United States Department of Homeland Security for blacklisting the firm's products from the federal agencies. The firm said on Monday it has unduly suffered as a result of this ban just because the Trump administration believes the AV firm ...

Posted on 18 December 2017 | 12:03 pm

Chinese Backdoor Still Active on Many Android Devices

Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China. According to Kryptowire, the backdoor code was collecting ...

Posted on 18 December 2017 | 12:03 pm

Four-way partnership aims at building cyber security workforce

South Dakota needs more cyber security experts, and four groups are working together to make that career path more widely available. Dakota State University, Southeast Technical Institute, the Sioux Falls School District and the Department of Labor and Regulation are teaming up for an initiative ...

Posted on 18 December 2017 | 12:03 pm

Kaspersky Lab Sues US Department Of Homeland Security Over Government Sales Ban

"Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence … does little to address information security concerns related to government networks," Eugene Kaspersky said.

Posted on 18 December 2017 | 12:03 pm

'Security Dawgs' place fifth in National Cyber League event

The 10-member team placed fifth overall out of 179 teams and second in the Silver Bracket in the National Cyber League, a capture-the-flag-style cybersecurity competition. The team also finished second overall in the wireless access exploitation, network traffic analysis and password cracking ...

Posted on 18 December 2017 | 12:03 pm

Jack of all Trades Malware Discovered

A new android trojan that is distributed by advertising campaigns, Trojan.AndroidOS.Loapi, is making the rounds and this one is a bit different. Loapi is a modular trojan that can conduct many different attacks. It can mine crypto, launch DDoS attacks, annoy with constant ads and other types of nefarious ...

Posted on 18 December 2017 | 11:52 am

84 Percent of Healthcare Organizations Don't Have a Cybersecurity Leader as the Industry ...

TAMPA, Fla., Dec. 18, 2017 /PRNewswire/ -- A recent survey conducted by Black Book Research indicated the majority of healthcare provider and payer organizations are not taking cybersecurity seriously enough. Responses included 323 strategic decision makers from the US. Black Book™ today ...

Posted on 18 December 2017 | 11:52 am

84 Percent of Healthcare Organizations Don't Have a Cybersecurity Leader as the Industry ...

TAMPA, Fla., Dec. 18, 2017 /PRNewswire/ -- A recent survey conducted by Black Book Research indicated the majority of healthcare provider and payer organizations are not taking cybersecurity seriously enough. Responses included 323 strategic decision makers from the US. Black Book™ today ...

Posted on 18 December 2017 | 11:52 am

84 Percent of Healthcare Organizations Don't Have a Cybersecurity Leader as the Industry ...

15 percent of all healthcare organizations responding to the survey claim to be taking cybersecurity seriously by having a chief information security officer (CISO) in charge now. For attackers looking to steal valuable data with minimal effort, the healthcare industry is a prime target. "The critical role of ...

Posted on 18 December 2017 | 11:52 am

NSA Cyberweapons Help Hackers Mine Cryptocurrency

By hijacking the machines, a hacker can exploit the computing power to more quickly mine Monero, which has been rising in value and become a favored currency among cybercriminals. It isn't clear how many machines have been hit with this mining attack, or how much profit has been generated.

Posted on 18 December 2017 | 11:52 am

Police: Computer virus scam hits 330 area code

A subject calling from either 615-789-5666 or 661-374-5007 and identifying their company as "U.S. Cyber Security" is telling residents their computers have been infected with a virus and demanding payment to combat the virus. "This is a scam," Police Chief Todd Higgins wrote on the department's ...

Posted on 18 December 2017 | 11:51 am

Trump's national security strategy calls out Russia for 'offensive cyber efforts'

The national security document lays out the administration's plan to defend national critical infrastructure and federal networks from cyberattacks, including by bolstering security of government systems, identifying and prioritizing risks to critical infrastructure, and imposing “swift and costly consequences” ...

Posted on 18 December 2017 | 11:47 am

Trump's national security strategy calls out Russia for 'offensive cyber efforts'

Trump unveiled his “America First” national security strategy during remarks at the Ronald Reagan Building later on Monday. He made little mention of cybersecurity during his speech, but said, “We will develop ways to counter those who use new domains such as cyber and social media to attack our ...

Posted on 18 December 2017 | 11:47 am

UK Would Respond to Russian Cyberattack With Weapon of Choice

Sedwill appeared deliberately cryptic about where and how the U.K. would choose to respond to any cyberattack. Part of the reason might be because the committee was meeting in public. Earlier he said a military alliance with France and other western states gave the U.K. international clout. “One of the ...

Posted on 18 December 2017 | 11:41 am

K-12 Cybersecurity: The End of Innocence

As we come to the close of 2017, it is increasingly evident that K-12 cybersecurity threats are neither hypothetical, nor imagined. In our rush to embrace technologies for teaching, learning and school operations, we may have made innocent, but ultimately faulty assumptions about the need and effort ...

Posted on 18 December 2017 | 11:41 am

Black Book: 84 percent of hospitals lack a dedicated security leader

One would think, after all of the high-profile cyberattacks on healthcare, from WannaCry to Petya to NotPetya, not to mention countless smaller assaults, that healthcare C-suite executives would take cybersecurity deadly seriously. That doesn't seem to be the case, according to a new Q4 2017 survey ...

Posted on 18 December 2017 | 11:41 am

Climategate Was an Early Prototype for Russia's Campaign Hacking in 2016

It is, in fact, remarkable how strong the parallels are between the email hacking at the heart of Climategate in 2009 and the email hacking at the heart of Russiagate in 2016. It's well worth refreshing your memory on Climategate, since it appears to be an early prototype for a kind of ratfucking that ...

Posted on 18 December 2017 | 11:41 am

Black Book: 84 percent of hospitals lack a dedicated security leader

One would think, after all of the high-profile cyberattacks on healthcare, from WannaCry to Petya to NotPetya, not to mention countless smaller assaults, that healthcare C-suite executives would take cybersecurity deadly seriously. That doesn't seem to be the case, according to a new Q4 2017 survey ...

Posted on 18 December 2017 | 11:41 am

Black Book: 84 percent of hospitals lack a dedicated security leader

Fifteen percent of healthcare organizations do appear to be taking cybersecurity seriously, by having a chief information security officer in charge today, the survey showed. But by and large, for hackers looking for valuable data with minimal effort, the healthcare industry remains a prime target.

Posted on 18 December 2017 | 11:41 am

Kaspersky sues Trump administration over software ban

Moscow-based anti-virus company Kaspersky Lab has sued the Trump administration, arguing that the American government has deprived it of due process rights by banning its software from US government agencies. The lawsuit is the latest effort by Kaspersky Lab to push back on allegations that the ...

Posted on 18 December 2017 | 11:41 am

K-12 Cybersecurity: The End of Innocence

As we come to the close of 2017, it is increasingly evident that K-12 cybersecurity threats are neither hypothetical, nor imagined. In our rush to embrace technologies for teaching, learning and school operations, we may have made innocent, but ultimately faulty assumptions about the need and effort ...

Posted on 18 December 2017 | 11:41 am

Kaspersky sues US government over federal software ban

The company is particularly upset that the DHS was worried about security risks that are true of antivirus tools as a whole, not any evidence that Kaspersky was up to no good. Many antivirus companies use the cloud to collect and process malware samples, for example, but these were treated as unique ...

Posted on 18 December 2017 | 11:41 am

Mozilla Inserted a Mr. Robot Add-on Into Firefox

Mozilla has upset some of its most loyal users by inserting an add-on into Firefox without invitation or explanation. The add-on, called “Looking Glass,” turned out to be nothing more than part of the Mr. Robot ARG, but many Firefox users thought they had been hit with malware. Firefox add-ons are an ...

Posted on 18 December 2017 | 11:30 am

The hacks that left us exposed in 2017

But many businesses had not patched their software. The tools Shadow Brokers leaked were then used in the year's biggest global cyberattacks, including WannaCry. In March, WikiLeaks released documents that claimed to describe hacking tools created by the CIA. Researchers found that many of the ...

Posted on 18 December 2017 | 11:30 am

The hacks that left us exposed in 2017

The cyberattacks highlighted the alarming vulnerability of our personal information. More tools used by government hackers have become public, and it's easier than ever to create sophisticated ways to spread malware or ransomware or steal data from companies. Companies also frequently fail to patch ...

Posted on 18 December 2017 | 11:30 am

The AV Tradeoff: Safety for Cybersecurity?

However, fully utilizing their potential will require innovative new cybersecurity protocols, which may strain pre-existing regulatory frameworks. The stakes are high, though, since without effective regulation, consumers will likely shy away from autonomous vehicle technology. “With intelligent vehicles ...

Posted on 18 December 2017 | 11:18 am

The AV Tradeoff: Safety for Cybersecurity?

(TNS) — A decade ago, the idea of hacking a car seemed about as feasible as downloading one. After all, cars were physical objects driven by people, with all their accompanying human flaws. Today, as artificial intelligence (AI) technology is making a future full of self-driving cars increasingly likely, ...

Posted on 18 December 2017 | 11:18 am

The AV Tradeoff: Safety for Cybersecurity?

However, fully utilizing their potential will require innovative new cybersecurity protocols, which may strain pre-existing regulatory frameworks. The stakes are high, though, since without effective regulation, consumers will likely shy away from autonomous vehicle technology. “With intelligent vehicles ...

Posted on 18 December 2017 | 11:18 am

The Market for Stolen Account Credentials

Past stories here have explored the myriad criminal uses of a hacked computer, the various ways that your inbox can be spliced and diced to help cybercrooks ply their trade, and the value of a hacked company. Today's post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.

Posted on 18 December 2017 | 11:13 am

Fitzpatrick's bipartisan Ukraine cybersecurity bill advances to full House vote

In December 2015, for example, cyberattacks resulted in unscheduled power outages at Ukrainian power companies that impacted many customers across the country. And during the 2014 presidential election in the Ukraine a failed cyberattack attempted to disrupt the country's election system software ...

Posted on 18 December 2017 | 11:07 am

Estonia and Japan to sign a cyber security cooperation treaty

Estonia and Japan are to sign a cyber security cooperation agreement in January 2018 during the Japanese prime minister's visit to the country. The Japanese prime minister, Shinzo Abe, is scheduled to visit Estonia in the middle of January as one of the stops in his European tour. This would be the first ...

Posted on 18 December 2017 | 10:56 am

Obama's cybersecurity commissioner offers advice on how to keep safe when shopping online

Digital Trends caught up with former cybersecurity commissioner to President Obama, Eric Cole, to get some insight on the best ways to stay safe and secure. Digital Trends: What sort of things can consumers do to stay safe while shopping online? Eric Cole: First and foremost, use common sense.

Posted on 18 December 2017 | 10:56 am

Obama's cybersecurity commissioner offers advice on how to keep safe when shopping online

Digital Trends caught up with former cybersecurity commissioner to President Obama, Eric Cole, to get some insight on the best ways to stay safe and secure. Digital Trends: What sort of things can consumers do to stay safe while shopping online? Eric Cole: First and foremost, use common sense.

Posted on 18 December 2017 | 10:56 am

Is Group-IB's $10 million bank cyberheist claim fake news?

“As part of an information sharing body, you can confirm whether the attack was real or not,” he said. He pointed out that any time a high-profile security attack on banks hits the press, often a bank's board of directors will call the CEO, who will call the chief information security officer or whoever oversees ...

Posted on 18 December 2017 | 10:56 am

Estonia and Japan to sign a cyber security cooperation treaty

Estonia and Japan are to sign a cyber security cooperation agreement in January 2018 during the Japanese prime minister's visit to the country. The Japanese prime minister, Shinzo Abe, is scheduled to visit Estonia in the middle of January as one of the stops in his European tour. This would be the first ...

Posted on 18 December 2017 | 10:56 am

Kaspersky Lab Sues Trump Administration Over Software Ban

The Department of Homeland Security in September issued a directive to U.S. civilian agencies ordering them to remove Kaspersky Lab from their computer networks within 90 days. The order came amid mounting concern among U.S. officials that the software could enable Russian espionage and ...

Posted on 18 December 2017 | 10:56 am

Is Group-IB's $10 million bank cyberheist claim fake news?

An explosive report that hackers have stolen $10 million from U.S. and Russian banks over the past year and a half is drawing skepticism from experts who question whether such an event has really taken place. Moscow-based cybersecurity software company Group-IB claimed last week that a gang of ...

Posted on 18 December 2017 | 10:56 am

Is Group-IB's $10 million bank cyberheist claim fake news?

Even if the alleged cyber attack turns out not to be correct, banks can still learn from the allegations, an expert said. Outside analysts say that's a red flag that the report's conclusion is likely untrue. “You couldn't have attacks on 16 community banks without [the FS-ISAC] knowing about it,” said Avivah ...

Posted on 18 December 2017 | 10:56 am

Is Group-IB's $10 million bank cyberheist claim fake news?

An explosive report that hackers have stolen $10 million from U.S. and Russian banks over the past year and a half is drawing skepticism from experts who question whether such an event has really taken place. Moscow-based cybersecurity software company Group-IB claimed last week that a gang of ...

Posted on 18 December 2017 | 10:56 am

Obama's cybersecurity commissioner offers advice on how to keep safe when shopping online

Digital Trends caught up with former cybersecurity commissioner to President Obama, Eric Cole, to get some insight on the best ways to stay safe and secure. Digital Trends: What sort of things can consumers do to stay safe while shopping online? Eric Cole: First and foremost, use common sense.

Posted on 18 December 2017 | 10:56 am

Syracuse University, Le Moyne College Announce New Academic Partnership

Madden School students can study data science and information security management at Syracuse University, while iSchool students can benefit from Le Moyne's expertise in health information systems and enterprise systems. The new academic opportunities are open to iSchool students in the ...

Posted on 18 December 2017 | 10:45 am

For a safe cyberspace

However, these achievements come with a problem: innovation in technology, enhanced connectivity, and increasing integration in commerce and governance also make India the fifth most vulnerable country in the world in terms of cybersecurity breaches, according to the Internal Security Threat ...

Posted on 18 December 2017 | 10:45 am

84 Percent of Healthcare Organizations Don't Have a Cybersecurity Leader as the Industry ...

TAMPA, Fla., December 18, 2017 – A recent survey conducted by Black Book Research indicated the majority of healthcare provider and payer organizations are not taking cybersecurity seriously enough. Responses included 323 strategic decision makers from the US. Black Book™ today announced ...

Posted on 18 December 2017 | 10:45 am

For a safe cyberspace

... named KeRanger, targeting Mac users was also reported. The Mirai botnet malware affected 2.5 million home router users and other Internet of Things devices. A number of viruses, malware and cryptoworms are also being developed in the JavaScript, which gives the attackers cross-platform options.

Posted on 18 December 2017 | 10:45 am

Trade Recommendation: Litecoin

This is a short term trade. The price bounces from the support zone formed by SMA20, the uptrend line and 0.016000 level. MACD and DMI support upward movement. We have a new trading opportunity. Pending orders for buy can be placed at 0.017500 level with stop at 0.015500 level. Profit targets ...

Posted on 18 December 2017 | 10:45 am

SANS Dallas 2018 Cyber Security Training to Provide Insight into the Legal Side of Data Security ...

BETHESDA, Md., Dec. 18, 2017 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced the agenda for SANS Dallas 2018 taking place in Texas February 19 – 24. SANS Dallas 2018 offers hands-on immersion style courses and evening ...

Posted on 18 December 2017 | 10:33 am

SANS Dallas 2018 Cyber Security Training to Provide Insight into the Legal Side of Data Security ...

SANS Dallas 2018 offers hands-on immersion style courses and evening discussions covering some of today's most complex cyber security issues. Attorney Benjamin Wright will offer insight into the legal side of cyber security during his LEG523: Law of Data Security and Investigations course and ...

Posted on 18 December 2017 | 10:33 am

SANS Dallas 2018 Cyber Security Training to Provide Insight into the Legal Side of Data Security ...

BETHESDA, Md., Dec. 18, 2017 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced the agenda for SANS Dallas 2018 taking place in Texas February 19 – 24. SANS Dallas 2018 offers hands-on immersion style courses and evening ...

Posted on 18 December 2017 | 10:33 am

Hacker Shuts Down Industrial Plant in Sophisticated Attack

A hacker has recently used a highly sophisticated attack technique using Triton malware to shut down an industrial plant. Cybersecurity researchers from the security firm, FireEye has recently issued an alert shortly after a hacker was discovered to have halted operations at an industrial plant.

Posted on 18 December 2017 | 10:33 am

SANS Dallas 2018 Cyber Security Training to Provide Insight into the Legal Side of Data Security ...

SANS Dallas 2018 offers hands-on immersion style courses and evening discussions covering some of today's most complex cyber security issues. Attorney Benjamin Wright will offer insight into the legal side of cyber security during his LEG523: Law of Data Security and Investigations course and ...

Posted on 18 December 2017 | 10:33 am

SANS Dallas 2018 Cyber Security Training to Provide Insight into the Legal Side of Data Security ...

BETHESDA, Md., Dec. 18, 2017 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced the agenda for SANS Dallas 2018 taking place in TexasFebruary 19 – 24. SANS Dallas 2018 offers hands-on immersion style courses and evening ...

Posted on 18 December 2017 | 10:33 am

A new evolution in infection

Researchers at the questionably named company, Bromuim, have published information on a new emailed virus which is making the rounds and is not stopped by the vast majority of antivirus programs. This particular nasty is making it through because the infectious payload is being updated at least as ...

Posted on 18 December 2017 | 10:33 am

Hacker Shuts Down Industrial Plant in Sophisticated Attack

However, the nature and scope of this attack has raised the eyebrows of more than one security expert. According to Dragos' Sergio Caltagirone, this attack signifies a watershed moment in the history of cyber attacks. Symantec, the notable cybersecurity firm, has confirmed that the Triton malware has ...

Posted on 18 December 2017 | 10:33 am

New Survey: Cyberattacks Hitting US Physicians Hard

According to a survey by Accenture and the American Medical Association (AMA), more than four in five U.S. physicians (83%) have had a cyberattack in their clinical practices. The survey results which were gathered from about 1,300 U.S. physicians suggest that it is not a matter of “if” a cyberattack will ...

Posted on 18 December 2017 | 10:22 am

Air Force Hackers Earn Biggest Government Bug Bounty Ever

But the US government has been a bit slower to adopt them, for several reasons: Federal agencies have stricter guidelines about how they can spend their budgets, and they're a bit more cautious about opening themselves up to hackers. But that's been changing slowly since the Defense Department ...

Posted on 18 December 2017 | 10:22 am

Preparing for Cyber Attacks on Japan

First, it's clear from the number of Japanese officials participating that Japan takes the cyber threat seriously. This is important, because large-scale cyber attacks are complex and involve the use and abuse of assets that fall within the jurisdiction of multiple governmental agencies. Effective mitigation ...

Posted on 18 December 2017 | 10:22 am

84 Percent of Healthcare Organizations Don't Have a Cybersecurity Leader as the Industry ...

A recent survey conducted by Black Book Research indicated the majority of healthcare provider and payer organizations are not taking cybersecurity seriously enough. Responses included 323 strategic decision makers from the US. Black Book™ today announced key findings from a Q4 2017 survey ...

Posted on 18 December 2017 | 10:22 am

Air Force Hackers Earn Biggest Government Bug Bounty Ever

“Hack the Air Force allowed us to look outward and leverage the range of talent in our country and partner nations to secure our defenses,” Air Force chief information security officer Peter Kim said in a statement. “We're greatly expanding on the tremendous success of the first challenge by opening up ...

Posted on 18 December 2017 | 10:22 am

Sportscaster James Brown says account was hacked after posting porn video

CBS sportscaster James Brown says his Twitter was hacked after a porn video was posted to the account. On Sunday night, Brown's account shared a ... Brown has not said anything further on the alleged hacking that drove Twitter nuts for a quarter of an hour. Obviously my account has been hacked!!!

Posted on 18 December 2017 | 10:11 am

New Android Malware Could Melt Your Phone

The malware, dubbed "Loapi," can display ads, redirect web traffic, launch DDoS attacks, send text messages, download and install other apps and "mine" the Monero cryptocurrency. It does the last function so intensely, the Kaspersky researchers said in a post about the threat, that the battery of one of ...

Posted on 18 December 2017 | 10:11 am

Letter submitted in lawsuit alleges Uber hacked competitors' networks

A letter written on behalf of a former Uber employee contains allegations that the transportation company illegally hacked and surveilled its competitors. The letter was reportedly submitted by the Department of Justice to a judge presiding over a legal battle between Uber and Waymo, an autonomous ...

Posted on 18 December 2017 | 10:11 am

Donald Trump in strategy document to cite China, Russia as competitors

The strategy will pledge to protect critical U.S. infrastructure from cyber hacking and vow to "go after malicious cyber actors." Both China and Russia are often accused of cyber attacks against U.S. targets, allegations they deny. Trump has been working with Xi to exert pressure on North Korea over its ...

Posted on 18 December 2017 | 10:11 am

Kaspersky Lab sues Trump administration over software ban

WASHINGTON, Dec 18 (Reuters) - Moscow-based antivirus firm Kaspersky Lab sued the Trump administration in U.S. federal court on Monday, arguing that the American government has deprived it of due process rights by banning its software from U.S. government agencies. The lawsuit was filed in ...

Posted on 18 December 2017 | 10:11 am

New Android Malware Could Melt Your Phone

From what we could glean from the icons displayed in a screenshot in the Kaspersky blog posting, the ads for Loapi impersonate legitimate Android antivirus apps from AVG, Psafe DFNDR, Kaspersky Lab, Norton, Avira, Dr. Web and CM Security, among others. There were also a dozen icons, some ...

Posted on 18 December 2017 | 10:11 am

Trump unveils a national security strategy that reflects 'America First' campaign pledge

President Donald Trump on Monday released his first national security strategy, a document that lays out a framework for the Trump administration's ... It goes on to say that Russia and China "are determined to make economies less free and less fair, to grow their militaries, and to control information and ...

Posted on 18 December 2017 | 10:00 am

Three Cybersecurity Predictions for 2018

With 2018 just around the corner, there are a lot of predictions about where cybersecurity is headed in the new year. For some deeper Insight on the subject, Inside Counsel sat down with the founder and CEO of PreVeil, Randy Battat, who shared his top three predictions for cybersecurity in 2018.

Posted on 18 December 2017 | 9:48 am

Uber accused of hacking, spying on competitors in court filing

In short order, the company has had to deal with its share of troubles, including a sexual harassment scandal, an all-encompassing talent exodus that has affected the firm's top leadership and, of late, the revelation that it covered up a cybersecurity hack affecting tens of millions of people.

Posted on 18 December 2017 | 9:48 am

Three Cybersecurity Predictions for 2018

With 2018 just around the corner, there are a lot of predictions about where cybersecurity is headed in the new year. For some deeper Insight on the subject, Inside Counsel sat down with the founder and CEO of PreVeil, Randy Battat, who shared his top three predictions for cybersecurity in 2018.

Posted on 18 December 2017 | 9:48 am

Cryptocoins robbed at gunpoint

... to cyber crime, since robberies that don't involve physical cash are often done not with a gun or a pen, but with computer keystrokes from miles – even tens of thousands of miles – away. Especially when it comes to that ephemeral money called cryptocurrency, where, as Naked Security has reported, ...

Posted on 18 December 2017 | 9:37 am

Yener makes Highly Cited Researchers List for 2017

Yener's research areas are in information theory, information security, communication theory, energy sustainable communications, and fundamental limits of networked systems. “The recognition signifies the acceptance and appreciation of our research contributions by fellow researchers, as the metric is ...

Posted on 18 December 2017 | 9:37 am

Hacks, bribes and bugs: Uber accused of illegal snooping on rivals

The document, written by Jacobs' lawyer Clayton D Halunen and sent to Uber's general counsel, Angela Padilla, claimed that Uber "frequently engaged in fraud and theft, and employed third-party vendors to obtain unauthorised data or information", used "computer hacking tactics", infiltrated driver ...

Posted on 18 December 2017 | 9:26 am

US Government Pays $10650 Bug Bounty in Hack the Air Force Event

Twenty-five civilian hackers from seven countries, and seven US Air Force members, reported 55 total vulnerabilities in nine hours of hacking over the course of the day. The average time to first response was 25 minutes, and every report was triaged by the end of the day, HackerOne states. Hack the Air ...

Posted on 18 December 2017 | 9:26 am

Businesses stashing bitcoin to pay ransom in case of hack attacks

Computer security company McAfee has also confirmed that stockpiling the digital currency is a practice businesses are engaging in. “It's not something that organizations have publicly confirmed, because it says, 'We are willing to pay criminals in the event we are hit by ransomware,'” McAfee chief ...

Posted on 18 December 2017 | 9:26 am

Jharkhand epicenter of cyber crime: Experts

To create awareness and build a sense of confidence among the people to switch over to digitization, a five day workshop on Cyber Security was inaugurated by IT Secretary Satendra Singh at BIT Mesra in Ranchi. Singh, in his inaugural address, said that such workshops will help people participating ...

Posted on 18 December 2017 | 9:26 am

Air Force Pays Out Government's Biggest Bug Bounty Yet

The H1-212 event kicked off Hack the Air Force 2.0, a larger bug bounty program that is running through Jan. 1. Unlike the original Hack the Air Force bug bounty, the second iteration is open to citizens of the Five Eyes countries—Australia, Canada, New Zealand, United Kingdom and United States—as ...

Posted on 18 December 2017 | 9:15 am

Top 8 Cybersecurity Skills IT Pros Need in 2018

The survey results in the the Robert Half Technology IT Hiring Forecast and Local Trends Report also found that 43% of respondents point to cybersecurity as the technical skill in highest demand at their organization. "When we entered 2017, the talking points were about bridging the gap between ...

Posted on 18 December 2017 | 9:15 am

Top 8 Cybersecurity Skills IT Pros Need in 2018

But with sophisticated technical breaches and ransomware attacks like WannaCry, there is a return back to incident response and more technical skills, which are hard to find," says Owanate Bestman, information security contract consultant at Barclay Simpson. As for technical skills, "play to your ...

Posted on 18 December 2017 | 9:15 am

Top 8 Cybersecurity Skills IT Pros Need in 2018

The survey results in the the Robert Half Technology IT Hiring Forecast and Local Trends Report also found that 43% of respondents point to cybersecurity as the technical skill in highest demand at their organization. "When we entered 2017, the talking points were about bridging the gap between ...

Posted on 18 December 2017 | 9:15 am

Air Force Pays Out Government's Biggest Bug Bounty Yet

Bug bounties recruit ethical or white-hat hackers to find security holes within an organization's computer networks. Vulnerabilities can range from low-risk flaws to major gaffes capable of corrupting the entire network or exposing sensitive information. HackerOne has led four government bug bounty ...

Posted on 18 December 2017 | 9:15 am

9. CARDS SMACKED WITH HACKING PENALTY

St. Louis Cardinals general manager John Mozeliak answers questions from the media during a press conference after Major League Baseball handed down a $2 million fine and the loss of two draft picks for the illegal hacking by a former Cardinals employee on Monday, Jan. 30, 2017, at Busch ...

Posted on 18 December 2017 | 9:15 am

Air Force Pays Out Government's Biggest Bug Bounty Yet

“Hack the Air Force allowed us to look outward and leverage the range of talent in our country and partner nations to secure our defenses,” said Air Force Chief Information Security Officer Peter Kim in a statement. ”The cost-benefit of this partnership in invaluable.” The H1-212 event kicked off Hack the ...

Posted on 18 December 2017 | 9:15 am

Crypto Mining Malware Used to Hack Russian Pipeline Giant Transneft

Transneft, the largest oil pipeline company in the world, has suffered a cyber attack in which its computers were used for the unauthorized mining of the cryptocurrency Monero, the tenth-largest cryptocurrency with a market cap of over $5 billion. Transneft is a Russian state-owned transport monopoly.

Posted on 18 December 2017 | 9:15 am

Warning over 'polymorphic' Emotet banking Trojan that can evade most anti-virus software

Users of online and mobile banking have been warned about a newly discovered form of 'polymorphic' malware that can evade detection in 50 out of the 66 anti-virus security products it was tested with. Researchers at security company Bromium discovered a technique being used by hackers that they ...

Posted on 18 December 2017 | 9:15 am

Warning over 'polymorphic' Emotet banking Trojan that can evade most anti-virus software

Users of online and mobile banking have been warned about a newly discovered form of 'polymorphic' malware that can evade detection in 50 out of the 66 anti-virus security products it was tested with. Researchers at security company Bromium discovered a technique being used by hackers that they ...

Posted on 18 December 2017 | 9:15 am

Barclays Bank Employee Jailed for Role in Malware Scheme

A Barclays bank employee in London has been sentenced to six years and four months in jail for his role in a scheme to launder money stolen using the Dridex banking Trojan.

read more

Posted on 18 December 2017 | 9:04 am

Adventures in cybersecurity research: risk, cultural theory, and the white male effect

These questions can be particularly vexing for people who have been working in cybersecurity for a long time, people like myself and fellow ESET security researcher, Lysa Myers, who worked on this project with me. Again and again we have seen security breaches occur because people did not heed ...

Posted on 18 December 2017 | 9:03 am

Adventures in cybersecurity research: risk, cultural theory, and the white male effect

There is strong indirect evidence of this in the information security profession, members of which clearly “get” the importance of cyber risks, yet are predominantly male (89% according the most recent (ISC) Work Force Study), and mainly white (according to my personal observations at every security ...

Posted on 18 December 2017 | 9:03 am

AHIMA Releases 17-Point Healthcare Cybersecurity Plan

Another key suggestion for healthcare leaders is the preparation of a “State of the Union” on an organization's cybersecurity. Such a report should contain considerations of how a hospital's security efforts stack up against comparable institutions; who is in charge of what aspects of cybersecurity; what ...

Posted on 18 December 2017 | 9:03 am

Russians suspected of gearing up to hit Ukraine power-grid over holidays?

The Ukrainian incidents motivated power companies to redouble their efforts to improve their cyber-security programmes and increase investments. In-depth analysis available from the Ukrainian attacks made it clear that utilities needed to take several steps to get visibility and situational awareness into ...

Posted on 18 December 2017 | 9:03 am

Adventures in cybersecurity research: risk, cultural theory, and the white male effect

These questions can be particularly vexing for people who have been working in cybersecurity for a long time, people like myself and fellow ESET security researcher, Lysa Myers, who worked on this project with me. Again and again we have seen security breaches occur because people did not heed ...

Posted on 18 December 2017 | 9:03 am

DOJ confirms Uber is under criminal investigation

The letter was written by an attorney for Richard Jacobs, a former Uber security analyst who worked in the company's global intelligence unit. ... As Ars Technica notes, those prosecutors are assigned to the Computer Hacking and Intellectual Property (CHIP) Unit at the United States Attorney's Office in ...

Posted on 18 December 2017 | 9:03 am

AHIMA Releases 17-Point Healthcare Cybersecurity Plan

Another key suggestion for healthcare leaders is the preparation of a “State of the Union” on an organization's cybersecurity. Such a report should contain considerations of how a hospital's security efforts stack up against comparable institutions; who is in charge of what aspects of cybersecurity; what ...

Posted on 18 December 2017 | 9:03 am

Android malware posing as porn can literally make your phone's battery explode

A strain of Android malware found lurking on third-party application stores is so packed full of nefarious capabilities it can cause physical damage to smartphones. Security experts from Moscow-based anti-virus company Kaspersky Lab said Monday (18 December) that a newly discovered Trojan ...

Posted on 18 December 2017 | 8:52 am

2018 could be the biggest ransomware year yet

"However, over the last two years the number of new malware we discovered has been growing, which is a sign that interest in creating new malicious code has been revived. The explosive increase in ransomware attacks over the last couple of years is only set to continue, as there is a huge criminal ...

Posted on 18 December 2017 | 8:52 am

Android malware posing as porn can literally make your phone's battery explode

The malware was posing as at least 20 variations of anti-virus software and porn applications. "We've never seen such a 'jack of all trades' before," Kaspersky Lab commented in a blog post. Upon installation, the researchers explained, Loapi forces the user to give it heightened device permissions by ...

Posted on 18 December 2017 | 8:52 am

How to Teach Your Kids About Digital Privacy and Security

But, in part because of the increasing number of smart devices and greater awareness among all consumers, digital privacy and security issues related to children's technology use are rightly gaining more attention. Still, many parents may not think to teach kids about how information is shared or how ...

Posted on 18 December 2017 | 8:52 am

Let no endpoint go dark

The compromise of a single enterprise endpoint can ultimately lead to a wider security incident, ransomware outbreak, data breach, costly remediation and rebuilding of lost reputation. Most organizations know this, but still struggle to obtain visibility into and control over corporate endpoints, which are often distributed throughout the world. When a device goes dark – goes off the corporate network, is lost or stolen, or operating without security controls – organizations have a limited window … More

Posted on 18 December 2017 | 8:49 am

Using game theory to protect networks, infrastructure

In June 2013, U.S. officials disclosed that unnamed parties -- later determined to be Chinese hackers -- had stolen the designs for the F-35, America's next-generation fighter jet. Eventually, cybersecurity experts determined that it wasn't a military computer that had been hacked, but rather a ...

Posted on 18 December 2017 | 8:45 am

Watch out – fake support scams are alive and well this Christmas

The crooks call up and say they're from “Microsoft” or “Windows”; tell you they're following up reports of malware activity coming from your computer; ... They're not legitimate IT support technicians; they have no idea whether there is malware on your computer or not; the “evidence” they come up with is ...

Posted on 18 December 2017 | 8:41 am

Zeus Panda targeting holiday shoppers

With just a few more shopping days available before Christmas, cybercriminals are taking advantage of online shoppers' frenzied buying habits by injecting the Zeus Panda banking trojan into a wide range of retail and travel sites, along with spreading the malware through malspam. Proofpoint reported ...

Posted on 18 December 2017 | 8:41 am

Watch live: Trump gives remarks on national security strategy

... reportedly emphasize the threats from Russia, China and North Korea and promote an "America First" agenda. According to excerpts of the document reported by Reuters, the president will label China and Russia “revisionist powers.” ADVERTISEMENT. Trump will also talk about the threat of hacking.

Posted on 18 December 2017 | 8:41 am

The Truth about Data Breaches in the Cloud

At the minute, there are competing forces that organisations and security personnel fight against. The mad dash to get to the cloud has not helped. We saw the same thing happen 25 years ago when the first computers were connected together over the network. The security issues brought about by this ...

Posted on 18 December 2017 | 8:41 am

DHS project catches 18 first-responder apps with 'critical' cyber flaws

The department's Science and Technology Directorate established the program in order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device ...

Posted on 18 December 2017 | 8:41 am

AI Cyberattacks Worry 91 Percent of Security Pros

While the rise of artificial intelligence (AI) has stoked fears of job loss in many industries, cybersecurity professionals have something new to worry about. A recent research study showed more than 91 percent of security experts are worried they'll soon face AI cyberattacks. Security firm Webroot ...

Posted on 18 December 2017 | 8:30 am

Cybersecurity chief: Singapore escaped cyberattacks largely by chance

... not that Singapore is particularly good or that Singaporeans are very alert with respect to malware, we were just lucky,” said Koh. The Global Cybersecurity Index from the United Nations lists Singapore at the top of national cybersecurity strategy, with a 'near-perfect' approach to national cybersecurity.

Posted on 18 December 2017 | 8:18 am

DHS S&T Pilot Project Helps Secure First Responder Apps From Cyberattacks

To these ends, the pilot sought to determine the degree to which the selected public-safety apps are vulnerable to cyberattacks—malware, ransomware and spyware—or had coding vulnerabilities that could compromise the device's security, expose personal data or allow for eavesdropping. “This pilot ...

Posted on 18 December 2017 | 8:18 am

Cybersecurity chief: Singapore escaped cyberattacks largely by chance

In an interview with ChannelNews Asia, David Koh, chief executive of the CSA, said that the year could have been much worse for Singapore in terms of cyber attacks, but that the nation benefited from favourable circumstances. For example, Singapore was mostly unscathed by the worldwide WannaCry ...

Posted on 18 December 2017 | 8:18 am

INM chairman Leslie Buckley claims privilege over communications, High Court hears

According to his Linkedin, profile Mr Mizak is a cyber security consultant and an expert in information security, digital forensics, counterintelligence and IT security management. The court also heard the documents involve John Henry, of Specialist Security Services, who provides security services to Mr ...

Posted on 18 December 2017 | 8:18 am

Kremlin's New Cyber Weapons Spark Fears and Fantasies

From Donald Trump's election to Brexit and the Catalan crisis, accusations that the Kremlin is meddling in Western domestic affairs have heightened fears over Russian hackers, trolls and state-controlled media. 

read more

Posted on 18 December 2017 | 8:07 am

Data Breach Protection and Information Security Will Be Critical Issues for Screening Firms in 2018

The data breach at Equifax – one of three major credit reporting agencies with Experian and TransUnion – occurred between mid-May and July of 2017 and allowed hackers to access sensitive information that included names, social security numbers, birth dates, addresses, and driver's license numbers ...

Posted on 18 December 2017 | 7:56 am

Data Breach Protection and Information Security Will Be Critical Issues for Screening Firms in 2018

In response to the Equifax data breach and other cyber security incidents, Governor Andrew Cuomo directed the New York Department of Financial Services (NYDFS) to issue a proposed regulation that would require credit reporting agencies to register to comply with the state's cybersecurity standard ...

Posted on 18 December 2017 | 7:56 am

Don’t Let An Auto-Elevating Bot Spoil Your Christmas

Ho ho ho! Christmas is coming, and for many people it’s time to do some online shopping. Authors of banking Trojans are well aware of this yearly phenomenon, so it shouldn’t come as a surprise that some of them have been hard at work preparing some nasty surprises for this shopping season. And that’s exactly […]

Posted on 18 December 2017 | 7:48 am

"Zealot" Apache Struts Attacks Abuses NSA Exploits

A sophisticated multi-staged Apache Struts cyber attack campaign is abusing NSA-linked exploits to target internal networks, researchers from F5 Networks have discovered.

read more

Posted on 18 December 2017 | 7:47 am

Hackers use NSA exploits to mine Monero

Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks. They said that the campaign was a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy ...

Posted on 18 December 2017 | 7:45 am

Hackers use NSA exploits to mine Monero

Security researchers have found a new hacking campaign that used NSA exploits to install cryptocurrency miners on victim's systems and networks. ... Josh Mayfield, director at FireMon, told SC Media UK that organisations looking to mitigate the Zealot threat (among others) are shifting to a Zero-Trust ...

Posted on 18 December 2017 | 7:45 am

New software often brings security risk, study says

“The lack of understanding around cyber risk may be attributed in part to a lack of awareness of successful cyberattacks and their causes,” according to the report. “Because business leaders are unaware of either the breaches themselves or the underlying causes, they are not compelled to learn about ...

Posted on 18 December 2017 | 7:45 am

Nominee for OMB Deputy for 'M' Outlines Priorities

“In and of themselves, functions like IT, information security, human capital management, finance, accounting, performance management and procurement may not be inherently exciting, but these functions provide necessary and essential capabilities needed to support the work of government agencies ...

Posted on 18 December 2017 | 7:45 am

Hackers use NSA exploits to mine Monero

“The Zealot campaign, however, seems to be opening new attack vector doors, automatically delivering malware on internal networks via web application vulnerabilities. The level of sophistication we are currently observing in the Zealot campaign is leading us to believe that the campaign was ...

Posted on 18 December 2017 | 7:45 am

Pentagon Hacked in New U.S. Air Force Bug Bounty Program

The Hack the Air Force 2.0 bug bounty program kicked off earlier this month with researchers finding a critical vulnerability that could have been exploited to gain access to a network of the U.S. Department of Defense.

read more

Posted on 18 December 2017 | 7:43 am

A Startup Uses Quantum Computing to Boost Machine Learning

A company in California just proved that an exotic and potentially game-changing kind of computer can be used to perform a common form of machine learning. The feat raises hopes that quantum computers, which exploit the logic-defying principles of quantum physics to perform certain types of ...

Posted on 18 December 2017 | 7:36 am

California Voter Data Stolen from Insecure MongoDB Database

An improperly secured MongoDB database has provided cybercriminals with the possibility to steal information on the entire voting population of California, Kromtech security researchers reported.

read more

Posted on 18 December 2017 | 7:36 am

Why incident response is the best cybersecurity ROI

Business leaders and IT executives aren't expected to entirely prevent cyber attacks, but they're expected to react immediately and manage the fallout. Poor incident response — including, but not limited to, delayed response — has caused incalculable damages and reputational harm to Yahoo, Equifax, ...

Posted on 18 December 2017 | 7:33 am

Why incident response is the best cybersecurity ROI

“According to an article by Computer Weekly, companies spend an average of $89,000 per cybersecurity incident, but I've seen investigations cost well into the hundreds of thousands of dollars," Payton explains. “Some of the companies we have worked with have cybersecurity liability insurance ...

Posted on 18 December 2017 | 7:33 am

Bitcoin Adds $1000 as CME Group Launches Futures Contract

Bitcoin rose again on Monday, as investors braced for a rush of institutional demand following the launch of CME Group's bitcoin futures contract. // -- Discuss and ask questions in our community on Workplace. BTC/USD Price Levels. The value of bitcoin surged in early-week trade, reaching an intraday ...

Posted on 18 December 2017 | 7:33 am

How to engage with the C-suite on cyber risk management, part 3

These quantitative terms offer little context for the listener (It's not that we should never use numbers, but perhaps those numbers are best used only within circles where they are guaranteed to be understood.) We also often use qualitative statements, like “medium risk of a cyber attack,” that, in isolation, ...

Posted on 18 December 2017 | 7:33 am

How drone detection will protect cyber security in 2018

Dedrone is watching closely incidents related to cybersecurity, cyberterrorism, and hacking. In 2018, cybersecurity threats will advance and become more prevalent due to drones using hacking software, and their ability to swiftly infiltrate sensitive airspace. They are small, quiet, and capable of carrying ...

Posted on 18 December 2017 | 7:33 am

Check Point CEO Wants Faster Growth

Gil Shwed, Chief Executive of Network security provider Check Point Software Technologies, speaks during the annual Cyber Week conference at the Tel ... Kramer -- who has gone on to invest in a string of Israeli winners -- to develop a world-class Firewall to protect computer networks from hackers.

Posted on 18 December 2017 | 7:22 am

Loapi malware capable of destroying Android phones

A new strain of malware targeting Android phones is capable of performing a plethora of malicious activities, from mining cryptocurrencies to launching DDoS attacks – and so many more malicious functions in-between those extremes that it can cause the battery to bulge and destroy the phone within ...

Posted on 18 December 2017 | 7:11 am

Unions slam `missed opportunity´ as report urges trials of online strike votes

An official review into electronic voting for industrial action ballots has been described as a “missed opportunity” after it recommended trials should be held first. The report for the Government, by former fire chief Sir Ken Knight, said there were a number of “unanswered questions” surrounding e-balloting.

Posted on 18 December 2017 | 7:11 am

Loapi malware capable of destroying Android phones

There was an error emailing this page. malware cybersecurity skull crossbone Thinkstock. More like this. android malware · Best Android antivirus? The top 10 tools · Mobile security · 5 mobile security threats you should take seriously in 2018 · 7 all-in-one security suites: Anti-malware for all your devices.

Posted on 18 December 2017 | 7:11 am

Antiquated Policy Complicates Threat Intelligence Collection

Threat Intelligence Gathering

read more

Posted on 18 December 2017 | 7:04 am

Uber hacked its competitors, ex-manager alleges

Uber hacked its competitors, ex-manager alleges Cyber insurance has been firmly in the spotlight this year after a series of high-profile attacks from hackers and those looking to collect ransoms – but now there may be a new potential threat to filter into the increasingly complicated cyber equation: your ...

Posted on 18 December 2017 | 6:37 am

How to Prevent a Healthcare Data Breach in 2018

December 18, 2017 - One word can describe the current security landscape: chaos. We're way beyond the days of traditional firewall and network security solutions. Today, healthcare organizations have to worry about security when it comes to cloud, data, end-point, network, application, IoT, and more.

Posted on 18 December 2017 | 6:26 am

Firewall Bursting: A New Approach to Better Branch Security

One of the most common network security solutions is the branch firewall. Branch firewall appliances can pack into a single device a wide range of security capabilities including a stateful or next-generation firewall, anti-virus, URL filtering, and IDS/IPS. But the reality is that most of these edge devices lack the processing power to apply the full scope of capabilities on all of the

Posted on 18 December 2017 | 6:17 am

DDoS And The Law: Should Cyber Crime Victims strike back?

The bill permits anyone victimised by cyber crime to establish that the attack was caused by way of attribution, to disrupt the cyberattack without damaging hackers' computers, to retrieve and destroy their own stolen files, to track the behaviour of the attacker, and to utilise beaconing technology to identify ...

Posted on 18 December 2017 | 6:03 am

Justice League Directors Cut Fan Petition Hacked

Turns out that what had actually happened was that his account was hacked, and the petition erased. With plenty of adult language, his Tweet is here. The petition is back up and running again now though, and closing in on 200,000 names. You can find it here. Warner Bros is expected to announce its ...

Posted on 18 December 2017 | 6:03 am

DDoS And The Law: Should Cyber Crime Victims strike back?

Where the law and technology meet, there is usually some friction, and proposed legislation in the US to help cybercrime victims turn the tables on their attackers has proven to be no exception. The controversial legislation, called by some the 'hack back' bill, was formally introduced in October by Rep.

Posted on 18 December 2017 | 6:03 am

Global Automotive Partners Collaborate to Keep Hackers Out of Cars; Joint Solutions to be ...

BLOOMFIELD HILLS, Mich. and HOD HASHARON, Israel, Dec. 18, 2017 (GLOBE NEWSWIRE) -- Karamba Security, the world leader in automotive cyberattack prevention, today announced that it will be part of a collaboration of global automotive players to secure connected and autonomous vehicles.

Posted on 18 December 2017 | 5:52 am

These were 2017's biggest hacks, leaks, and data breaches

Dozens of data breaches, millions of people affected.

Posted on 18 December 2017 | 5:21 am

Five things CIOs can do as IoT adoption turns into a nightmare

There is no doubt that IoT technology has tremendous potential to improve outcomes for customers and also deliver significant business outcomes. As businesses are increasing investment on IoT, security professionals are going through a nightmare implementing secure deployments. While there are numerous benefits, the highly interconnected nature of IoT setups and deployments coupled with their open nature and diverse hardware is creating a new set of security problems to deal with. According to a report … More

Posted on 18 December 2017 | 5:00 am

Android Malware Will Destroy Your Phone. No Ifs and Buts About It

This is how Loapi obtains device administrator rights and how Loapi forces users to uninstall real antivirus apps from their phones. Loapi-infected apps will also close the Settings window whenever it detects that a user is trying to deactivate its administrator account. Users will have to boot their device in ...

Posted on 18 December 2017 | 4:44 am

How enterprises must prepare for the tech generation

With fall in full swing, HR departments are being flooded with resumes from new graduates looking to enter the workforce. But this year’s crop of new talent has some key differences from those in years past. They are widely considered to be the first class of Generation Z, the successor of Millennials, to enter the workforce. This generation is even more digitally savvy. In fact, they have never lived in a world without the internet, … More

Posted on 18 December 2017 | 4:30 am

Worldwide spending on digital transformation to reach $1.3 trillion in 2018

Worldwide spending on digital transformation (DX) technologies (hardware, software, and services) is expected to be nearly $1.3 trillion in 2018, an increase of 16.8% over the $1.1 trillion spent in 2017. A new update to the Worldwide Semiannual Digital Transformation Spending Guide from International Data Corporation (IDC) forecasts DX spending to maintain a strong pace of growth over the 2016-2021 forecast period with a compound annual growth rate (CAGR) of 17.9%. In 2021, DX spending … More

Posted on 18 December 2017 | 4:00 am

Global Cyber Security Market to 2026: IBM Corporation, Juniper Networks Inc, Fortinet Inc, Palo ...

... Firewall, Antivirus/anti-malware, Intrusion detection system (ids)/intrusion prevention system (IPS), Security and vulnerability management, Disaster recovery, Distributed denial of service (DDOS) mitigation, Security information and event management (SIEM). Based on the security type Cyber Security ...

Posted on 18 December 2017 | 4:00 am

Do you need antivirus on iPad or iPhone?

Why are there no antivirus apps in the App Store? Apple built iOS – the software which runs on iPhones and iPads – to be as secure as it can be. And because all apps are checked before they're allowed into the App Store, there's almost zero chance of it containing a virus. That's the reason why you ...

Posted on 18 December 2017 | 3:37 am

LastPass adds support for Microsoft Edge on Android

The popular password manager LastPass has just added Microsoft Edge for Android in its list of supported apps. Edge on Android and iOS has its own password manager, coupled with a really cool dark theme and InPrivate mode (but that's another story), but since many people are already using ...

Posted on 18 December 2017 | 3:15 am

Hardware Associates' 12 Top Tips to Running a Faster Computer this Christmas

Your computer is vulnerable to all kinds of threats, so make sure you're fully protected with up-to-date antivirus software. You may have installed anti-malware and anti-virus software a few years back but don't forget times have changed and you need the most robust software out there. Also, do a regular ...

Posted on 18 December 2017 | 2:30 am

UK firms 'stockpile' Bitcoin to pay off ransomware hackers

Ransomware attacks can cripple a business, leading to a rather sad trend in the industry.

Posted on 18 December 2017 | 2:22 am

How to Update Antivirus Software on Windows 10

Have you wondered if Windows Defender is up-to date? Do you have to manually update it? Let's see 3 ways of keeping Windows Defender updated and how you can do it. Usually Windows Defender receives regular updates, but users should check the latest security definitions. The updates on ...

Posted on 18 December 2017 | 2:18 am

From Around The World, 8 Real Ways To Fight Fake News

The cybersecurity supervisors of Silicon Valley giants exchange information as soon as one of them spots a new hacking threat. Why don't the Big Five (Google, Facebook, Amazon, Apple, Microsoft) also cooperate when they see a new piece of fake news?, asked Karen Wickre, Twitter's former editorial ...

Posted on 18 December 2017 | 12:37 am

Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly

Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a popular internet forum software—vBulletin—one of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server. It powers

Posted on 18 December 2017 | 12:17 am

Russia's hackers, trolls, media pose great threat to security of west countries

Moscow: From Donald Trump's election to Brexit and the Catalan crisis, accusations that the Kremlin is meddling in Western domestic affairs have heightened fears over Russian hackers, trolls and state-controlled media. While the first accusations against Moscow came following a 2016 hack attack on ...

Posted on 17 December 2017 | 11:07 pm

Google Researcher Finds Critical Flaw in Keeper Password Manager

Google Project Zero researcher Tavis Ormandy recently discovered that the Keeper password manager had been affected by a critical flaw similar to one he identified just over one year ago in the same application.

read more

Posted on 17 December 2017 | 11:00 pm

vBulletin to Patch Disclosed Code Execution, File Deletion Flaws

The details of two potentially serious vulnerabilities affecting version 5 of the vBulletin forum software were disclosed by researchers last week. The flaws are currently unpatched, but vBulletin developers have promised to release fixes soon.

read more

Posted on 17 December 2017 | 9:29 pm

Your Medical Records Could Have Been Exposed In A Health Department Error

The Greens' digital rights spokesperson, senator Jordon Steele-John, called on the government to improve the security of publicly available data. "Given 10% of Australian's are included in this historical data, this public release can effectively be viewed as a data breach on the grandest scale," ...

Posted on 17 December 2017 | 7:33 pm

AI does not provide a shortcut to GDPR compliance

GDPR aims to give EU citizens greater control over their personal data and hold companies accountable on matters such as data use consent, data anonymization, breach notification, cross-border data transfer, and appointment of data protection officers. For example, organizations will have to honor ...

Posted on 17 December 2017 | 7:11 pm

Don't be fooled by agenda-driven commissioners

Massive data was accessed from Target's system when a hacker gained the remote access account from a vendor's computer. Others include: Walmart Canada, the Army National Guard, Expedia, Equifax, Sonic, Visa, MasterCard, the Department of Veterans Affairs, etc. The majority of data breaches are ...

Posted on 17 December 2017 | 6:37 pm

Greens call for limits on open data

“Given 10 per cent of Australian's are included in this historical data this public release can effectively be viewed as a data breach on the grandest scale,” the Greens' digital rights spokesperson, Senator Jordon Steele-John, said in a statement after the research was published. “Whilst I would agree that ...

Posted on 17 December 2017 | 6:03 pm

Week in review: Keylogger in HP laptops, ICS-tailored malware, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Keylogger found in Synaptics driver on HP laptops For the second time this year, a security researcher unearthed a keylogger in a driver used on a number of HP laptops. US man is behind the 2015 Hacking Team hack? Who’s behind the 2015 Hacking Team hack? According to a notice received by Guido Landi, one of the former Hacking Team employees that … More

Posted on 17 December 2017 | 5:39 pm

Health record details exposed as 'de-identification' of data fails

Privacy analyst and Lockstep consultant Stephen Wilson said the breach damaged public confidence in health policy makers and data custodians. "It's a huge breach of trust," he said.

Posted on 17 December 2017 | 5:07 pm

Only 1 reason DNC destroyed server, says US intel expert

Yet, Brazile insisted “killing” the server was critical after the data was breached because the server would continue to be affected by spyware had it not been destroyed. “In the last two weeks of the election, we had to make another decision as to whether or not to shut down that server – to actually kill it ...

Posted on 17 December 2017 | 4:45 pm

Report Alleges North Korean Hacking Group's Involvement in Phishing scam

SecureWorks' Counter Threat Unit (CTU) went on to state that with the rising prices of major cryptocurrencies, it is likely that North Korean interest in them is at an all-time high and any related activities will not cease anytime soon. Lazarus, the hacking group in question, is suspected of being responsible ...

Posted on 17 December 2017 | 2:18 pm

See the world get hacked in real time

Every day, the world is under constant threat of cyberattacks. Data breaches, spam emails, identity theft - there are probably millions of attacks going off at any given minute. One attack, in particular, can be devastating since it targets critical web services and can shut down the internet for a vast majority ...

Posted on 17 December 2017 | 1:00 pm

Microsoft Edge for Android now works with LastPass Password Manager

Microsoft Edge is designed for Windows 10, now works with Android phones too. You browse the web with Edge browser and pick up where you left off by seamlessly moving content between your mobile device and PC. You can download Microsoft Edge and LastPass Password Manager from the ...

Posted on 17 December 2017 | 11:07 am

French Aerospace Giant Thales Acquires SIM Maker Gemalto

French aerospace and defence group Thales said Sunday it has bought European SIM manufacturer Gemalto in a bid to become a global leader in digital security.

read more

Posted on 17 December 2017 | 9:43 am

Microsoft Disables Dynamic Update Exchange Protocol in Word

In an attempt to prevent cybercriminals from abusing the Dynamic Update Exchange protocol (DDE) for nefarious operations, Microsoft has disabled the feature in all supported versions of Word.

The DDE protocol was designed to allow Windows applications to transfer data between each other and consists of a set of messages and guidelines.

read more

Posted on 16 December 2017 | 3:11 pm

Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords

If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’

Posted on 16 December 2017 | 12:36 am

Attackers disrupt plant operations with ICS-tailored malware

Security researchers from FireEye and Dragos have analyzed and detailed a new piece of malware targeting industrial control systems (ICS). Dubbed “TRITON” and “TRISIS” by the two groups of researchers, the malware was discovered after it was deployed against a victim in the Middle Easy, and inadvertently led to an automatically shutdown of the industrial process. About the malware The malware has been specifically designed to target Schneider Electric’s Triconex Safety Instrumented System (SIS) – … More

Posted on 15 December 2017 | 12:27 pm

FCC Just Killed Net Neutrality—What Does This Mean? What Next?

Net neutrality is DEAD—3 out of 5 federal regulators voted Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs

Posted on 15 December 2017 | 11:58 am

New infosec products of the week​: December 15, 2017

EventTracker 9: New UI and faster threat hunting EventTracker released a new version of its SIEM, which enables faster threat hunting and simplified compliance auditing. The new platform, EventTracker 9, improves productivity instantly with a modern interface that is intuitive and customizable; enhances common workflows with more efficient storage and search technology; and expands its capability to scale to the very large and diverse data sets needed for today’s enterprise IT infrastructures. Digital Safe 10: … More

Posted on 15 December 2017 | 11:55 am

Yes, that Netflix tweet is creepy — and raises serious privacy questions

Netflix's ability to extrapolate detailed and specific viewing habits from its vast data set leaves troubling questions about its employees' access to personal customer information.

Posted on 15 December 2017 | 11:54 am

Security company Fox-IT reveals, details MitM attack they suffered in September

Dutch IT security consultancy/service provider Fox-IT has revealed on Thursday that it has suffered a security breach, which resulted in some files and emails sent by the company’s customers to be intercepted by an unknown attacker. The attack On September 19, the attacker accessed the DNS records for the Fox-IT.com domain at their third party domain registrar, modified them to point to a server in their possession, and intercepted and then forwarded the traffic to … More

Posted on 15 December 2017 | 10:48 am

Iran Used "Triton" Malware to Target Saudi Arabia: Researchers

The recently uncovered malware known as “Triton” and “Trisis” was likely developed by Iran and used to target an organization in Saudi Arabia, according to industrial cybersecurity and threat intelligence firm CyberX.

read more

Posted on 15 December 2017 | 9:32 am

Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’

On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company's chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running 'Darkode," until recently the world's most bustling English-language cybercrime forum.

Posted on 15 December 2017 | 8:48 am

Facebook Releases New Certificate Transparency Tools

Following the release of the read more

Posted on 15 December 2017 | 7:32 am

Our smart future and the threat of cyber-kinetic attacks

A growing number of today’s entertainment options show protagonists battling cyber-attacks that target the systems at the heart of our critical infrastructure whose failure would cripple modern society. It’s easy to watch such shows and pass off their plots as something that could never happen. The chilling reality is that those plots are often based on real cyberthreats that either have already happened, are already possible, or are dangerously close to becoming reality. Cyber attacks … More

Posted on 15 December 2017 | 7:24 am

Study Examines Value of Data

IP is Valued Above Email but Below PII, Survey Finds

read more

Posted on 15 December 2017 | 7:19 am

New "PRILEX" ATM Malware Used in Targeted Attacks

Trend Micro security researchers recently discovered a highly targeted piece of malware designed to steal information from automated teller machines (ATMs).

read more

Posted on 15 December 2017 | 6:59 am

Consumers are ready to say goodbye to passwords

A new survey of 1,000 Americans exploring awareness and perceptions of biometric authentication confirms that consumers continue to have a strong interest in new biometric technologies that make their lives easier. New forms of authentication, such as fingerprint, facial, and voice recognition, can make unlocking accounts and payments much easier and more convenient than traditional passwords or PINs – which are difficult to type onto tiny keyboards, easy to forget, and can be stolen. “For … More

Posted on 15 December 2017 | 5:26 am

Hackers use Triton malware to shut down plant, industrial systems

The malware has been designed to target industrial systems and critical infrastructure.

Posted on 15 December 2017 | 1:54 am

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that

Posted on 15 December 2017 | 12:49 am

Google Releases Security Update for Chrome

Original release date: December 14, 2017

Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 14 December 2017 | 6:09 pm

Three Hackers Plead Guilty to Creating IoT-based Mirai DDoS Botnet

The U.S. federal officials have arrested three hackers who have pleaded guilty to computer-crimes charges for creating and distributing Mirai botnet that crippled some of the world's biggest and most popular websites by launching the massive DDoS attacks last year. According to the federal court documents unsealed Tuesday, Paras Jha (21-year-old from New Jersey), Josiah White (20-year-old

Posted on 14 December 2017 | 2:15 am

Connected car security outfit Upstream Security snags $9 million in funding

The company wants to use the cash to expand in the US and Europe.

Posted on 14 December 2017 | 1:58 am

Zero-Day Remote 'Root' Exploit Disclosed In AT&T DirecTV WVB Devices

Security researchers have publicly disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after trying to get the device manufacturer to patch this easy-to-exploit flaw over the past few months. The problem is with a core component of the Genie DVR system that's shipped free of cost with DirecTV and can be easily exploited by hackers to gain root access and take

Posted on 14 December 2017 | 1:20 am

Apple Releases Security Updates

Original release date: December 13, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 13 December 2017 | 2:51 pm

Freeze your credit after the Equifax hack? Get ready to face Healthcare.gov hurdles

A surge in Americans enrolling in health insurance plans is expected before the Friday deadline.

Posted on 13 December 2017 | 1:48 pm

Maker of sneaky Mac adware sends security researcher cease-and-desist letters

"If there's code that's mining data and hiding itself on a computer without any way of removing it, that's malware, plain and simple."

Posted on 13 December 2017 | 11:17 am

Security researcher says DirecTV hardware can be easily hacked

The flaw was privately disclosed to the device maker in June, but six months later, there's still no patch.

Posted on 13 December 2017 | 9:00 am

Mirai IoT Botnet Co-Authors Plead Guilty

The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site).

Posted on 13 December 2017 | 8:23 am

Transport Layer Security (TLS) Vulnerability

Original release date: December 13, 2017

CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU #144389.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 13 December 2017 | 7:46 am

The risky business of bitcoin: High-profile cryptocurrency catastrophes of 2017

As Bitcoin lurches toward mainstream acceptance, ZDNet reviews the high-profile disasters, data breaches, vulnerabilities, and criminal cases that shook up digital currency in 2017.

Posted on 13 December 2017 | 7:40 am

Mirai botnet attackers plead guilty for roles in cyberattacks

The Mirai botnet threw vast swathes of the US internet offline in a cyberattack last year.

Posted on 13 December 2017 | 6:43 am

ROBOT exploit from 1998 resurrected, leaves top websites' crypto vulnerable

The 19-year-old vulnerability impacts websites from Facebook to Paypal as well as popular software.

Posted on 13 December 2017 | 3:20 am

Password Stealing Apps With Over A Million Downloads Found On Google Play Store

Even after so many efforts by Google like launching bug bounty program and preventing apps from using Android accessibility services, malicious applications somehow manage to get into Play Store and infect people with malicious software. The same happened once again when security researchers discovered at least 85 applications in Google Play Store that were designed to steal credentials from

Posted on 13 December 2017 | 2:57 am

Almost one billion video stream users exposed to secret cryptocurrency mining

Popular video streaming and ripping services are secretly mining crypto through visitor PC power.

Posted on 13 December 2017 | 2:20 am

Adobe patches Business Logic error in Flash

This Patch Tuesday is minimal, with only one bug resolved.

Posted on 13 December 2017 | 1:01 am

Apple Releases Security Updates

Original release date: December 12, 2017

Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security pages for AirPort Base Station Firmware Update 7.6.9 and Firmware Update 7.7.9 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 12 December 2017 | 4:38 pm

Patch Tuesday, December 2017 Edition

The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe's got another security update available for its Flash Player software.

Posted on 12 December 2017 | 12:57 pm

Microsoft Releases December 2017 Security Updates

Original release date: December 12, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's December 2017 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 12 December 2017 | 12:29 pm

ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages. Dubbed ROBOT (Return of Bleichenbacher's Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on

Posted on 12 December 2017 | 11:10 am

Collection of 1.4 Billion Plain-Text Leaked Passwords Found Circulating Online

Hackers always first go for the weakest link to quickly gain access to your online accounts. Online users habit of reusing the same password across multiple services gives hackers opportunity to use the credentials gathered from a data breach to break into their other online accounts. Researchers from security firm 4iQ have now discovered a new collective database on the dark web (released

Posted on 12 December 2017 | 6:36 am

MoneyTaker hacking group steals millions from US, UK, Russian banks

Researchers say the cyberattackers have been able to steal potentially millions of dollars in the past two years alone.

Posted on 12 December 2017 | 5:51 am

Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak

As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption

Posted on 11 December 2017 | 11:42 pm

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker, which has been

Posted on 11 December 2017 | 10:24 am

Get the Ultimate 2018 Hacker Bundle – Pay What You Want

Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical

Posted on 11 December 2017 | 4:37 am

THN Weekly Roundup — Top 10 Stories You Should Not Miss

Here we are with our weekly roundup, briefing this week's top cybersecurity threats, incidents, and challenges, just in case you missed any of them. Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft's Windows operating

Posted on 11 December 2017 | 1:45 am

Bangladesh minister: We want to 'wipe out' Philippines bank after $80 million heist

The finance minister said he wants to "wipe out Rizal Bank from Earth" due to the cyberattack.

Posted on 11 December 2017 | 1:38 am

Keylogger uncovered on hundreds of HP PCs

For the second time this year, HP has been forced to issue an emergency fix for pre-installed keylogger software.

Posted on 11 December 2017 | 1:02 am

Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability

Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim's PC. Enabled by default, Microsoft Malware Protection Engine offers the core cybersecurity capabilities, like scanning, detection, and cleaning, for the company's

Posted on 10 December 2017 | 7:48 am

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

HP has an awful history of 'accidentally' leaving keyloggers onto its customers' laptops. At least two times this year, HP laptops were caught with pre-installed keylogger or spyware applications. I was following a tweet made by a security researcher claiming to have found a built-in keylogger in several HP laptops, and now he went public with his findings. A security researcher who goes by

Posted on 9 December 2017 | 2:57 am

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus, the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to

Posted on 9 December 2017 | 1:30 am

Phishers Are Upping Their Game. So Should You.

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections -- complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Posted on 7 December 2017 | 4:35 pm

Mozilla Releases Security Updates

Original release date: December 07, 2017

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR 52.5.2 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 7 December 2017 | 3:50 pm

Microsoft Releases Security Updates for its Malware Protection Engine

Original release date: December 07, 2017

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 7 December 2017 | 2:52 pm

Security: Making yourself a hard target for hackers is easier than you think

Even following the most basic advice can provide a barrier to stop hackers and cyberattacks.

Posted on 7 December 2017 | 11:40 am

US says it doesn't need secret court's approval to ask for encryption backdoors

Critics have long argued that the government has wide latitude to conduct surveillance under broad approvals from the Foreign Intelligence Surveillance Court.

Posted on 7 December 2017 | 11:32 am

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. The vulnerability was discovered by researchers of the Security and Privacy Group at the University of Birmingham, who tested hundreds of different banking apps—both iOS and Android—and found that several of

Posted on 7 December 2017 | 11:31 am

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader. Ensilo security researchers Tal

Posted on 7 December 2017 | 8:03 am

Bitcoin exchange NiceHash hacked, $68 million stolen

Users are watching the attacker's wallet address like hawks, waiting for any movement of their stolen coins.

Posted on 7 December 2017 | 2:42 am

Uber paid 20-year-old man to hide hack, destroy data

A hacker from Florida was allegedly paid $100,000 to keep his mouth shut and delete stolen user data.

Posted on 7 December 2017 | 2:15 am

Largest Crypto-Mining Exchange Hacked; Over $70 Million in Bitcoin Stolen

Bitcoin is breaking every record—after gaining 20% jump last week, Bitcoin price just crossed the $14,800 mark in less than 24 hours—and there can be no better reason for hackers to put all of their efforts to steal skyrocketing cryptocurrency. NiceHash, the largest Bitcoin mining marketplace, has been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at

Posted on 7 December 2017 | 1:28 am

Uber Paid 20-Year-Old Florida Hacker $100,000 to Keep Data Breach Secret

Last year, Uber received an email from an anonymous person demanding money in exchange for the stolen user database. It turns out that a 20-year-old Florida man, with the help of another, breached Uber's system last year and was paid a huge amount by the company to destroy the data and keep the incident secret. Just last week, Uber announced that a massive data breach in October 2016 exposed

Posted on 6 December 2017 | 11:49 pm

Apple Releases Security Updates

Original release date: December 06, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 6 December 2017 | 2:15 pm

Google Releases Security Update for Chrome

Original release date: December 06, 2017

Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 6 December 2017 | 2:08 pm

New TeamViewer Hack Could Allow Clients to Hijack Viewers' Computer

Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other's PC without permission. TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of

Posted on 6 December 2017 | 8:28 am

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to steal files and execute malicious code on vulnerable systems remotely. The issue was discovered by

Posted on 6 December 2017 | 3:54 am

Securing Mobile Devices During Holiday Travel

Original release date: December 05, 2017

As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.


This product is provided subject to this Notification and this Privacy & Use policy.


Posted on 5 December 2017 | 1:12 pm

Anti-Skimmer Detector for Skimmer Scammers

Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology.

Posted on 5 December 2017 | 12:37 pm

Massive Breach Exposes Keyboard App that Collects Personal Data On Its 31 Million Users

In the digital age, one of the most popular sayings is—if you're not paying, then you're not the customer, you're the product. While downloading apps on their smartphones, most users may not realize how much data they collect on you. Believe me; it’s way more than you can imagine. Nowadays, many app developers are following irresponsible practices that are worth understanding, and we don't

Posted on 5 December 2017 | 8:08 am

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms. <!--

Posted on 5 December 2017 | 4:34 am

Hacked Password Service Leakbase Goes Dark

Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year.

Posted on 3 December 2017 | 9:39 pm

Former NSA Employee Pleads Guilty to Taking Classified Data

A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government.

Posted on 2 December 2017 | 11:44 am

Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty

Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo.

Posted on 1 December 2017 | 5:15 pm

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's […]

Posted on 29 November 2017 | 12:33 pm

MacOS High Sierra Users: Change Root Password Now

A newly-discovered flaw in macOS High Sierra -- Apple's latest iteration of its operating system -- allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful "root" user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account's password now.

Posted on 28 November 2017 | 2:34 pm

Necurs’ Business Is Booming In A New Partnership With Scarab Ransomware

Necurs’ spam botnet business is doing well as it is seemingly acquiring new customers. The Necurs botnet is the biggest deliverer of spam with 5 to 6 million infected hosts online monthly, and is responsible for the biggest single malware spam campaigns. Its service model provides the whole infection chain: from spam emails with malicious […]

Posted on 23 November 2017 | 6:16 am

Oracle Security Alert for CVE-2017-10269 - 14 November 2017

Posted on 14 November 2017 | 12:00 pm

RickRolled by none other than IoTReaper

IoT_Reaper overview IoT_Reaper, or the Reaper in short, is a Linux bot targeting embedded devices like webcams and home router boxes. Reaper is somewhat loosely based on the Mirai source code, but instead of using a set of admin credentials, the Reaper tries to exploit device HTTP control interfaces. It uses a range of vulnerabilities […]

Posted on 3 November 2017 | 5:39 am

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 1 November 2017 | 4:50 pm

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to […]

Posted on 31 October 2017 | 7:20 am

Facebook Phishing Targeted iOS and Android Users from Germany, Sweden and Finland

Two weeks ago, a co-worker received a message in Facebook Messenger from his friend. Based on the message, it seemed that the sender was telling the recipient that he was part of a video in order to lure him into clicking it. The shortened link was initially redirecting to Youtube.com, but was later on changed […]

Posted on 30 October 2017 | 11:19 am

The big difference with Bad Rabbit

Bad Rabbit is the new bunny on the ransomware scene. While the security community has concentrated mainly on the similarities between Bad Rabbit and EternalPetya, there’s one notable difference which has not yet gotten too much attention. The difference is that Bad Rabbit’s disk encryption works. EternalPetya re-used the custom disk encryption method from the […]

Posted on 26 October 2017 | 11:41 pm

Following The Bad Rabbit

On October 24th, media outlets reported on an outbreak of ransomware affecting various organizations in Eastern Europe, mainly in Russia and Ukraine. Identified as “Bad Rabbit”, initial reports about the ransomware drew comparisons with the WannaCry and NotPetya (EternalPetya) attacks from earlier this year. Though F-Secure hasn’t yet received any reports of infections from our […]

Posted on 26 October 2017 | 7:43 am

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 12:30 pm

Common Internet of Things Devices May Expose Consumers to Cyber Exploitation

Posted on 17 October 2017 | 9:30 am

Booter and Stresser Services Increase the Scale and Frequency of Distributed Denial of Service Attacks

Posted on 17 October 2017 | 9:30 am

Twitter Forensics From The 2017 German Election

Over the past month, I’ve pointed Twitter analytics scripts at a set of search terms relevant to the German elections in order to study trends and look for interference. Germans aren’t all that into Twitter. During European waking hours Tweets in German make up less than 0.5% of all Tweets published. Over the last month, […]

Posted on 25 September 2017 | 7:59 am

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 12:30 pm

Revised: Internet-Connected Toys Could Present Privacy and Contact Concerns for Children

Posted on 21 September 2017 | 1:00 pm

Fraudsters Capitalize on Natural Disasters

Posted on 20 September 2017 | 6:30 am

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this […]

Posted on 19 September 2017 | 3:17 pm

TrickBot In The Nordics, Episode II

The banking trojan TrickBot is not retired yet. Not in the least. In a seemingly never ending series of spam campaigns – not via the Necurs botnet this time – we’ve spotted mails written in Norwegian that appear to be sent by DNB, Norway’s largest bank. The mail wants the recipient to believe that they […]

Posted on 14 September 2017 | 6:01 am

Working Around Twitter API Restrictions To Identify Bots

Twitter is by far the easiest social media platform to work with programmatically. The Twitter API provides developers with a clean and simple interface to query Twitter’s objects (Tweets, users, timelines, etc.) and bindings to this API exist for many languages. As an example, I’ve been using Tweepy to write Python scripts that work with Twitter data. […]

Posted on 31 August 2017 | 4:45 am

Trump Hating South Americans Hacked HBO

Last week – I read the message “Mr. Smith” reportedly sent to HBO… and it brought up a few questions. And also, it offered some “answers” to questions that I’m often asked. Questions such as “how much money do cyber criminals make?” Here’s the start of the message. First, let’s examine Mr. Smith and his […]

Posted on 24 August 2017 | 8:39 am

Online Scammers Require Payment Via Music Application Gift Cards

Posted on 1 August 2017 | 11:25 am

Break your own product, and break it hard

Hello readers, I am Andrea Barisani, founder of Inverse Path, which is now part of F-Secure. I lead the Hardware Security consulting team within F-Secure’s Cyber Security Services. You may have heard of our USB armory product, an innovative compact computer for security applications that is 100% open hardware, open source and Made in Italy. […]

Posted on 19 July 2017 | 7:49 am

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 12:30 pm

Retefe Banking Trojan Targets Both Windows And Mac Users

Based on our telemetry, customers (mainly in the region of Switzerland and Germany) are being targeted by a Retefe banking trojan campaign which uses both Windows and macOS-based attachments. Its massive spam run started earlier this week and peaked yesterday afternoon (Helsinki time). TrendMicro did a nice writeup on this threat earlier this week. The […]

Posted on 14 July 2017 | 7:03 am

How EternalPetya Encrypts Files In User Mode

On Thursday of last week (June 29th 2017), just after writing about EternalPetya, we discovered that the user-mode file encryption-decryption mechanism would be functional, provided a victim could obtain the correct key from the malware’s author. Here’s a description of how that mechanism works. EternalPetya malware uses the standard Win32 crypto API to encrypt data. […]

Posted on 4 July 2017 | 4:26 am

What Good Is A Not For Profit (Eternal) Petya?

Following up on our post from yesterday, as an intellectual thought experiment, let’s take the position that there’s something to the idea of (Eternal) Petya not being motivated by money/profit. Let’s also just go ahead and imagine that it’s been developed by a nation state. In my mind, it raises the following question: WTF WHY? […]

Posted on 30 June 2017 | 5:09 am

(Eternal) Petya From A Developer’s Perspective

In our previous post about Petya, we speculated that the short-cuts, design flaws, and non-functional mechanisms observed in the  malware could have arisen due to it being developed under a tight deadline. I’d now like to elaborate a little on what we meant by that. As a recap, this is what the latest version of Petya […]

Posted on 30 June 2017 | 3:29 am

Petya: “I Want To Believe”

There’s been a lot of speculation and conjecture around this “Petya” outbreak. A great deal of it seems to have been fueled by confirmation bias (to us, at least). Many things about this malware don’t add up (at first glance). But it wouldn’t be the first time that’s happened. And yet everyone seems to have […]

Posted on 29 June 2017 | 9:21 am

Processing Quote Tweets With Twitter API

I’ve been writing scripts to process Twitter streaming data via the Twitter API. One of those scripts looks for patterns in metadata and associations between accounts, as streaming data arrives. The script processes retweets, and I decided to add functionality to also process quote Tweets. Retweets “echo” the original by embedding a copy of the […]

Posted on 23 June 2017 | 3:41 am

Super Awesome Fuzzing, Part One

An informative guide on using AFL and libFuzzer. Posted on behalf of Atte Kettunen (Software Security Expert) & Eero Kurimo (Lead Software Engineer) – Security Research and Technologies. The point of security software is to make a system more secure. When developing software, one definitely doesn’t want to introduce new points of failure, or to […]

Posted on 22 June 2017 | 4:00 am

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 12:30 pm

TrickBot Goes Nordic… Once In A While

We’ve been monitoring the banking trojan TrickBot since its appearance last summer. During the past few months, the malware underwent several internal changes and improvements, such as more generic info-stealing, support for Microsoft Edge, and encryption/randomization techniques to make analysis and detection more difficult. Unlike the very fast expansion of banks targeted during the first […]

Posted on 13 June 2017 | 3:58 am

OSINT For Fun And Profit: Hung Parliament Edition

The 2017 UK general election just concluded, with the Conservatives gaining the most votes out of all political parties. But they didn’t win enough seats to secure a majority. The result is a hung parliament. Both the Labour and Conservative parties gained voters compared to the previous general election. Some of those wins came from […]

Posted on 8 June 2017 | 11:09 pm

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

Posted on 16 May 2017 | 3:39 pm

WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]

Posted on 15 May 2017 | 9:02 am

Business E-mail Compromise E-mail Account Compromise The 5 Billion Dollar Scam

Posted on 4 May 2017 | 11:10 am

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 12:30 pm

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]

Posted on 6 March 2017 | 9:53 am

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. […]

Posted on 26 January 2017 | 11:34 am

Employment Scam Targeting College Students Remains Prevalent

Posted on 18 January 2017 | 7:55 am

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 11:30 am

WordPress 4.7.1 Security and Maintenance Release

WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues: […]

Posted on 10 January 2017 | 7:53 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 12:30 pm

WordPress 4.6.1 Security and Maintenance Release

WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in […]

Posted on 7 September 2016 | 8:52 am

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 12:30 pm

WordPress 4.5.3 Maintenance and Security Release

WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported […]

Posted on 18 June 2016 | 2:38 am

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 12:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 12:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 11:30 am

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 11:30 am

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 12:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 12:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 12:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 12:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 11:30 am

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 11:30 am

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 12:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 12:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 12:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 12:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 12:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 11:30 am

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 12:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 12:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 12:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 12:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 12:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 11:30 am

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 11:30 am

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 11:30 am

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 11:30 am

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 11:30 am

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 12:26 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 12:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 12:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 12:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 3:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 1:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 1:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 8:40 am

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 12:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 1:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 12:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 11:33 am

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 2:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 3:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 3:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 1:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 2:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 11:40 am

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 9:07 am

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 12:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 2:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 12:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 10:05 am

Critical Patch Update - October 2009

Posted on 20 October 2009 | 8:39 am

Critical Patch Update - July 2009

Posted on 15 July 2009 | 6:00 pm

Critical Patch Update - April 2009

Posted on 14 April 2009 | 3:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 3:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 11:53 am

Critical Patch Update - July 2008

Posted on 15 July 2008 | 1:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 3:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 2:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 1:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 1:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 8:57 am

Critical Patch Update - January 2007

Posted on 16 January 2007 | 3:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 11:37 am

Critical Patch Update - April 2006

Posted on 18 April 2006 | 1:42 pm

Critical Patch Update - January 2006

Posted on 17 January 2006 | 4:20 pm

Critical Patch Update - January 2005

Posted on 18 October 2005 | 3:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 3:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 3:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 12:46 pm