security.didici.cc

Russian APT comes back to life with new US spear-phishing campaign

2 hours ago

Cozy Bear (APT29) makes a comeback after last year's Dutch and Norwegian hacking campaigns.

Friday Squid Blogging: Squid Sculptures

4 hours ago

Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

DHS Task Force Moves Forward on Playbooks for Supply Chain Security

4 hours ago

The public/private task force takes early steps toward securing the end-to-end supply chain.

Emoji Attack Can Kill Skype for Business Chat

4 hours ago

The "Kitten of Doom" denial-of-service attack is easy to carry out.

New Bluetooth Hack Affects Millions of Vehicles

4 hours ago

Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

5 hours ago

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency

6 hours ago

The US now has an official federal cybersecurity agency.

Mailing Tech Support a Bomb

6 hours ago

I understand his frustration, but this is extreme: When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ...

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

6 hours ago

The issue comes from how Gmail automatically files messages into the "Sent" folder.

Google Play Protect analyzes every Android app that it can find on the internet

7 hours ago

Play Protect, a security service included in the Play Store app, lives up to all the hype that Google created last year.

Critical WordPress Flaw Grants Admin Access to Any Registered Site User

8 hours ago

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.

26M Texts Exposed in Poorly Secured Vovox Database

8 hours ago

The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.

Lock-Screen Bypass Bug Quietly Patched in Handsets

9 hours ago

The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.

AWS rolls out new security feature to prevent accidental S3 data leaks

10 hours ago

New settings will prevent accidental S3 bucket leaks --if customers take the time to apply them.

95% of Organizations Have Cultural Issues Around Cybersecurity

10 hours ago

Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.

AI Poised to Drive New Wave of Exploits

11 hours ago

Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.

Black Hat Europe Speaker Q&A: SoarTech's Fernando Maymi on 'Synthetic Humans'

12 hours ago

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity.

Russian banks hit by major phishing attacks from two hacker groups

12 hours ago

The Silence and MoneyTaker hacking crews have been targeting Russian financial institutions.

BlackBerry absorbs Operation Cleaver beaver Cylance into threat detection unit

12 hours ago

$1.4bn match made in heaven BlackBerry has made its biggest acquisition ever, spending over half of its cash pile to bolster its threat detection unit.…

'Unjustifiably excessive': Not even London cops can follow law with their rubbish gang database

13 hours ago

Gangs Matrix led to 'multiple and serious' breaches of data protection rules, says watchdog London cops have broken data protection rules by using a controversial database that ranks people's likelihood of gang-related violence but fails to distinguish be ...

Most antivirus programs fail to detect this cryptocurrency-stealing malware

13 hours ago

Traditional antivirus software has a tough time detecting malware used in the campaign.

These AI-generated fake fingerprints can fool smartphone security

13 hours ago

Attackers no longer need your actual fingerprint to unlock your phone.

Hacking group returns, switches attacks from ransomware to trojan malware

14 hours ago

TA505 used to spam out ransomware - now it's returned with a focus on data-stealing remote access trojan malware attacks.

Hidden Cameras in Streetlights

14 hours ago

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights. According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight ...

Winter Olympic Games hackers are back with an updated arsenal

14 hours ago

The group behind Olympic Destroyer are back with an evolved toolkit and malware droppers.

BlackBerry is buying Cylance for $1.4 billion to continue its push into cybersecurity

15 hours ago

BlackBerry was best known for keyboard-totting smartphones, but their demise in recent years has seen the Canadia firm pivot towards enterprise services and in particular cybersecurity. That strategy takes a big step further forward today after BlackBerry ...

Malicious code hidden in advert images cost ad networks $1.13bn this year

15 hours ago

So-called steganography is rapidly becoming a favored tool of fraudsters.

Workers unaware of travel-related cybersecurity threats, survey finds

15 hours ago

This holiday season, over half of adults plan to travel with work devices. Most don't appreciate the risks.

Where to implant my employee microchip? I have the ideal location

15 hours ago

Swipe – open toilet door – and swipe again Something for the Weekend, Sir?  "Work out loud," my prospective new employer tells me, adding that "we are a team, not a family". Sister Sledge need not apply.…

A leaky database of SMS text messages exposed password resets and two-factor codes

17 hours ago

Posted by InfoSec News on Nov 16https://techcrunch.com/
2018/11/15/millions-sms-t
ext-messages-leaked-two-f
actor-codes/ By Zack Whittaker TechCrunch 11.1
5.2018 A security lapse has exposed a massive database containing tens of millions of text messages, in ...

It's Time to Start Thinking About Election Security in 2020

17 hours ago

Posted by InfoSec News on Nov 16https://www.lawfareblog
.com/its-time-start-think
ing-about-election-securi
ty-2020 By Matt Tait Lawfareblog.com Nove
mber 13, 2018 Those hoping for some peace and quiet after the conclusion of the contentious 2018 midterm ele ...

HIPAA update inches closer to reality

17 hours ago

Posted by InfoSec News on Nov 16https://www.healthcarei
tnews.com/news/hipaa-upda
te-inches-closer-reality
By Diana Manos Healthcare IT News November 15, 2018 Federal regulatory efforts to upgrade HIPAA have taken a step toward reform. The Department of He ...

The Hail Mary Plan to Restart a Hacked US Electric Grid

17 hours ago

Posted by InfoSec News on Nov 16https://www.wired.com/s
tory/black-start-power-gr
id-darpa-plum-island/ By Lily Hay Newman Wired.com 11.14.18
IN HIS YEARS-LONG career developing software for power grids, Stan McHann had never before heard the ominous noise ...

System error: Japan cybersecurity minister admits he has never used a computer

17 hours ago

Posted by InfoSec News on Nov 16https://www.theguardian
.com/world/2018/nov/15/ja
pan-cyber-security-minist
ernever-used-computer-yos
hitaka-sakurada By Justin McCurry and agencies The Guardian 14 Nov 2018 A Japanese minister in charge of cybersecurity has pr ...

Most ATMs can be hacked in under 20 minutes

20 hours ago

Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking.

MIT to Oz: Crypto-busting laws risk banning security tests

1 day ago

I see the red team and I want it painted black Australia's government's crypto-busting legislation risks blocking security research, a leading Internet policy boffin has warned.…

7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge

1 day ago

Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.

A leaky database of SMS text messages exposed password resets and two-factor codes

1 day ago

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more. The exposed server belongs to Voxox (formerly Telcentris), a San Diego, Calif. ...

Super Micro chief bean counter: Bloomberg's 'unwarranted hardware hacking article' has slowed our server sales

1 day ago

CEO insists Chinese spy chip bombshell 'impossible' Super Micro Computer on Thursday reported net sales in the range of $952m to $962m for the first quarter of its fiscal 2019, which ended September 30, 2018. That's higher than company guidance of $810m t ...

tRat Emerges as New Pet for APT Group TA505

1 day ago

The modular malware seems to be in a testing phase, but TA505's interest made researchers take note.

Congress Passes Bill for New Federal Cybersecurity Agency

1 day ago

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

Congress Passes Bill for New Federal Cybersecurity Agency

1 day ago

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

Up to three million kids' GPS watches can be tracked by parents... and any miscreant: Flaws spill pick-and-choose catalog for perverts

1 day ago

Gadgets can be hacked to spy on, find youngsters – claim Parents could be unwittingly putting their children's safety and privacy at risk, thanks to security vulnerabilities in potentially millions of kids' GPS-tracker watches.…

Japan cybersecurity and Olympics minister - "I've never used a computer"

1 day ago

Responsible for preparations for the 2020 Tokyo Summer Games.

Cyber Crooks Diversify Business with Multi-Intent Malware

1 day ago

The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.

John McAfee is 'liable' for 2012 death of Belize neighbour, rules court

1 day ago

Default judgement for one-time antivirus bad boy Infosec personality John McAfee has been found legally "liable" via a default judgment for the death of his neighbour, who was found dead from a gunshot wound to the head in his Belize home in 2012.…

Facebook will pass off content policy appeals to a new independent oversight body

1 day ago

Facebook doesn’t want to be the arbiter of decency when it comes to content policy decisions, similar to how it looked to third-party fact checkers rather than becoming an arbiter of truth. Today on a press call with journalists, Mark Zuckerberg announ ...

Cloud, China, Generic Malware Top Security Concerns for 2019

1 day ago

FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.

Facebook reports a massive spike in government demands for data, including secret orders

1 day ago

Facebook has published the details of 13 historical national security letters it’s received for user data. The embattled social media giant said that the letters dated between 2014 and 2017 for several Facebook and Instagram accounts. These demands for ...

Managing the Risk of IT-OT Convergence

1 day ago

Why manufacturing and logistics are especially challenged.

DOD disables file sharing service due to 'security risks'

1 day ago

AMRDEC SAFE portal had been to handle the transfer of classified and non-classified materials.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

1 day ago

"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost.

Japan Cyber Minister Says He Has Never Used a Computer

1 day ago

Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.

Facebook’s weapon amid chaos and controversy: misdirection

1 day ago

The New York Times’ bombshell report into the past three years at Facebook paint a grotesque picture of the company’s attempts to navigate a string of high profile controversies by using unsavory, unethical and dark PR tactics. The Times’ report, ci ...

Facebook under pressure over Soros smear tactics

1 day ago

Facebook is facing calls to conduct an external investigation into its own lobbying and PR activities by an aide to billionaire George Soros. BuzzFeed reports that Michael Vachon, an advisor to the chairman at Soros Fund Management, made the call in a le ...

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers

1 day ago

As consumers skip the store crowds in favor of online deals, cyberattackers have geared up to victimize them.

More Than 50% of Free Mobile VPN Apps Have Chinese Ties

1 day ago

In addition, most have "unacceptable" privacy policies and "non-existent user support."

From Reactive to Proactive: Security as the Bedrock of the SDLC

1 day ago

Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.

Gift ideas? Perhaps check Mozilla's gadget security, creepiness ratings before you buy

1 day ago

Mozilla's buyers' guide rates the security and privacy of 70 connected things, ranging from toys to smart speakers.

Learn How to Better Protect your Network at Black Hat Europe

1 day ago

Whether you're sussing out vulnerabilities or defending enterprise networks, Black Hat Europe's lineup of Briefings, Trainings, and Arsenal tools will help you take things to the next level.

Tech giants take seats on Homeland Security’s new supply chain task force

1 day ago

Homeland Security’s supply chain task force is finally off the ground.. The public-private coalition, set up earlier this year, now has representatives from more than two dozen companies and industry groups signed up to help the government try to combat ...

Mozilla: Firefox will start alerting you to recently breached sites

1 day ago

Mozilla brings Firefox Monitor to Firefox on the desktop.

Chip Cards Fail to Reduce Credit Card Fraud in the US

1 day ago

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signatu ...

Japanese cybersecurity minister finds computers a mystery

1 day ago

The man in charge of cybersecurity not only said he does not use a PC but seemed stumped when asked about risks associated with USB drives.

Mozilla adds website breach notifications to Firefox

1 day ago

Mozilla is adding a new security feature to its Firefox Quantum web browser that will alert users when they visit a website that has recently reported a data breach. When a Firefox user lands on a website with a breach in its recent past they’ll see a ...

Windows 10 1809's new rollout: Mapped drives broken, AMD issues, Trend Micro clash

1 day ago

Steer clear of the rereleased Windows 10 October 2018 Update, IT pro warns. Meanwhile, Microsoft promises fix for buggy mapped drives at some point next year.

The threat to your org's data lies betwixt chair and keyboard. Join us live on the internet for expert advice on tackling issue

1 day ago

Beware the trusted insider Webcast  If you like true crime stories, you already know that at the end the criminal is usually revealed to be someone the victim knew well.…

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

1 day ago

Posted by InfoSec News on Nov 15https://www.theregister
.co.uk/2018/11/14/opm_hac
k_failure/ By Shaun Nichols The Register 14 Nov 2018 More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel ...

Exclusive: Dragos Raises $37 Million to Secure Industrial Systems

1 day ago

Posted by InfoSec News on Nov 15http://fortune.com/2018
/11/14/dragos-raise-fundi
ng-venture-capital-energy
-grid-security/ By Robert Hackett Fortune.com 11/14
/2018 Two years ago when Rob Lee first sought funding for his cybersecurity startup Dragos, most v ...

US asks London court to hand over two alleged hackers

1 day ago

Posted by InfoSec News on Nov 15https://www.bbc.com/new
s/technology-46206614 By Sajid Iqbal Community affairs specialist BBC.com 11/04/
2018 The two men are accused of being members of a 36-strong group said to have been behind a dark web forum responsibl ...

Security breach at Nordstrom exposed sensitive employee data

1 day ago

Posted by InfoSec News on Nov 15https://www.seattletime
s.com/business/retail/sec
urity-breach-at-nordstrom
-exposed-sensitive-employ
ee-data/ By Benjamin Romano Seattle Times business reporter November 9, 2018 Updated November 11, 2018 Seattle-based retailer ...

Experts: Cyberattacks Could Threaten Entire Countries, Not Just Energy Assets

1 day ago

Posted by InfoSec News on Nov 15https://oilprice.com/La
test-Energy-News/World-Ne
ws/Experts-Cyberattacks-C
ould-Threaten-Entire-Coun
tries-Not-Just-Energy-Ass
ets.html By Tsvetana Paraskova Oilprice.com No
v 14, 2018 Cyber attacks have grown bolder and increas ...

US China-watcher warns against Middle Kingdom tech dominance

1 day ago

5G, IoT, and tech supply chains should go under spotlight Another US government panel has warned of the dangers of over-reliance on Chinese tech vendors: the US-China Economic and Security Review Commission.…

One in five Magecart-infected stores get reinfected within days

1 day ago

A large number of reinfections take place within a day or week. Average reinfection time is 10.5 days.

My Health Record remains opt-out as Senate passes privacy amendments

1 day ago

The Australian government's version of improved health data privacy controls will be implemented after only minimal Senate debate.

CISA's Palace: Congress backs new cybersecurity nerve-center for cyber-America's cyber-future

2 days ago

CISA heads off for Trump's signature – no, not that CISA, the good one The US House of Representatives has unanimously passed a bipartisan bill that would create a new agency to lead the federal government's cybersecurity efforts.…

Dutch government report says Microsoft Office telemetry collection breaks GDPR

2 days ago

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Tencent's WeChat steps up censorship to clear undesirable content

2 days ago

WeChat's is purging undesirable content on its platform to maintain a 'healthy' reading environment as required by the government.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

2 days ago

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

2 days ago

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.

Small-Time Cybercriminals Landing Steady Low Blows

2 days ago

High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.

Another Meltdown, Spectre scare: Data-blabbing holes continue to haunt Intel, AMD, Arm

2 days ago

CPU slingers insist existing defenses will stop attacks – but eggheads disagree Computer security researchers have uncovered yet another set of transient execution attacks on modern CPUs that allow a local attacker to gain access to privileged data, ful ...

More Spectre/Meltdown-Like Attacks

2 days ago

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that micro ...

Security Teams Struggle with Container Security Strategy

2 days ago

Fewer than 30% of firms have more than a basic container security plan in place.

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

2 days ago

Government audit finds office still hasn't cleaned up from Obama-era megabreach More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel Management has yet to adopt dozens of the security mea ...

Elephants and information leaks

2 days ago

Posted by Dave Aitel on Nov 14https://immunityproduct
s.blogspot.com/2018/11/re
cent-kernel-memory-disclo
sure-bugs-in.html We don't usually detail publicly the amount of engineering that goes into a CANVAS exploit. But above is a blogpost about some of our ...

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

2 days ago

At the same time, criminal organizations continue to look for new ways to attack their victims.

Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues

2 days ago

Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data - and are fearful of a near-term breach of critical infrastructure.

Understanding Evil Twin AP Attacks and How to Prevent Them

2 days ago

The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.

Airlines Have a Big Problem with Bad Bots

2 days ago

Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.

Many free mobile VPN apps are based in China or have Chinese ownership

2 days ago

Chinese affiliation raises a sign of alarm in light of China's recent clampdown of "unauthorized" VPN services.

Siemens Patches Firewall Flaw That Put Operations at Risk

2 days ago

The industrial company on Tuesday released mitigations for eight vulnerabilities overall.

Judge orders Amazon to turn over Echo recordings in double murder case

2 days ago

A New Hampshire judge has ordered Amazon to turn over two days of Amazon Echo recordings in a double murder case. Prosecutors believe that recordings from an Amazon Echo in a Farmington home where two women were murdered in January 2017 may yield further ...

Can Businesses Stand Up to Cybercrime? Only 61% Say Yes

2 days ago

While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.

Mozilla ranks dozens of popular ‘smart’ gift ideas on creepiness and security

2 days ago

If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security a ...

Just because you're paranoid doesn't mean hackers aren't going to nuke your employer into the ground tomorrow

2 days ago

Black Hat survey probes infosec's deepest, darkest fears The number one thing worrying infosec bods right now is… yup, you guessed it, a giant targeted attack that KOs their employers' systems.…

To Click or Not to Click: The Answer Is Easy

2 days ago

Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.

Guilty of your roots: Why Kaspersky believes tech nationalism is on our doorstep

2 days ago

The answer lies in why Kaspersky has now moved core systems from Russia to Switzerland.

Researchers discover seven new Meltdown and Spectre attacks

2 days ago

Experiments showed that processors from AMD, ARM, and Intel are affected.

Upcoming Speaking Engagements

2 days ago

This is a current list of where and when I am scheduled to speak: I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018. I'm appearing on IBM Resilient's End of Year Review webinar on "The Top Cyber Security Trends in 2018 and Predicti ...

Why cryptojacking malware is a bigger threat to your PC than you realise

2 days ago

Cryptocurrency-mining malware might seem like a low risk, but it rarely arrives without more dangerous baggage.

Want to hack an ATM for free cash? It's as easy as Windows XP

2 days ago

Bank machines pen testing reveals alarming results ATM machines are vulnerable to an array of basic attack techniques that would allow hackers to lift thousands in cash.…

Cathay Pacific cyberattack far worse than thought after airline admits facing intense hack for more than three months

2 days ago

Posted by InfoSec News on Nov 14https://www.scmp.com/ne
ws/hong-kong/law-and-crim
e/article/2172796/cathay-
pacific-cyberattack-far-w
orse-previously-thought B
y Danny Lee with additional reporting by Karen Zhang, Alvin Lum and Simone McCarthy South China Morn ...

Cylance researchers discover powerful new nation-state APT

2 days ago

Posted by InfoSec News on Nov 14https://www.csoonline.c
om/article/3319787/advanc
ed-persistent-threats/cyl
ance-researchers-discover
-powerful-new-nation-stat
e-apt.html By J.M. Porup Senior Writer CSO Nov 12, 2018 When a Belgian locksmith attacked the Pakist ...

Drive-by shooting suspect remotely wipes iPhone X, catches extra charges

2 days ago

Posted by InfoSec News on Nov 14https://appleinsider.co
m/articles/18/11/12/drive
-by-shooting-suspect-remo
tely-wipes-iphone-x-catch
es-extra-charges By Roger Fingas appleinsider Novem
ber 12, 2018 Police suspect Juelle Grant as the driver in the Oct. 23 shoo ...

Moody's is going to start building the risk of a business-ending hack into its credit ratings

2 days ago

Posted by InfoSec News on Nov 14https://www.cnbc.com/20
18/11/12/moodys-to-build-
business-hacking-risk-int
o-credit-ratings.html By Kate Fazzini CNBC.com 12 Nov 2018 Moody's will soon start using its credit-rating expertise to evaluate organizations on the ...

US Air Force moves to fortify F-35 weak points against hacking

2 days ago

Posted by InfoSec News on Nov 14https://www.defensenews
.com/air/2018/11/14/us-ai
r-force-moves-to-fortify-
f-35-weak-points-against-
hacking/ By Sebastian Sprenger DefenseNews Nove
mber 14, 2018 BERLIN -- The U.S. Air Force is devoting fresh energy to pluggin ...

Oracle and "Responsible Disclosure"

2 days ago

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to withhold their work until software companies fix the vulnerabil ...

SAM nabs $12M for cybersecurity aimed at home routers and devices connected to them

2 days ago

A wave of security startups have built solutions for enterprises that are meeting the challenges of “consumerization”, where IT organizations are tasked with securing a range of devices and apps — some brought in by employees, not issued by IT — t ...

Oz telcos' club asks: Why the hell does Australia Post, rando councils, or Taxi Services Commission want comms metadata?

2 days ago

Tells gov.au: There's your scope creep. Now can we talk about busting cryptography? When Australia implemented its telecommunications data retention regime, privacy wonks worried about the potential for scope creep. The same warnings have been made about ...

This remote access trojan just popped up on malware's most wanted list

2 days ago

FlawedAmmyy RAT is a potent family of malware giving hackers full remote access to PCs.

Greens flag AU$1.5 billion NBN policy, Aussie GDPR, data retention repeal

2 days ago

The Greens party wants to invest AU$1.5 billion to make the NBN more equitable, AU$100 million in video game development, and AU$63 million in digital inclusiveness, as well as repealing data retention and setting up a Digital Rights Commissioner and GDPR ...

Hunt finally submits to My Health Record arm-twists as opt-out window extended

2 days ago

Health minister Greg Hunt has confirmed the opt-out period now ends January 31. The government has also proposed a Data Governance Board to oversee the secondary use of health data.

Call of Duty swatting killer pleads guilty to 47 criminal charges

2 days ago

Another two awaiting trial over sad death of Andrew Finch One of three people charged over the December 2017 “swatting” death of 28-year-old Andrew Finch has entered a guilty plea.…

Scumbag who called a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

2 days ago

Another two awaiting trial over slaying of Andrew Finch One of three people charged over the December 2017 “swatting” death of 28-year-old Andrew Finch has pleaded guilty in the US.…

Senate votes to extend My Health Record opt-out to January 31

3 days ago

An amendment put forward by Pauline Hanson has been agreed to by the Senate, less than 48 hours before the legislated opt-out period was due to end.

Card skimming malware removed from Infowars online store

3 days ago

Infowars online store hit by brief Magecart incident that lasted around 24 hours. Less than 1,600 users may have been affected.

It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

3 days ago

Look, we're tired of doing these headlines too, but for there's patching to do Microsoft and Adobe have delivered the November edition of Patch Tuesday with another sizable bundle of security fixes.…

Microsoft closes actively exploited Windows zero-day

3 days ago

Remotely code execution bugs in Edge taken care of too.

Meet the Magecart hackers, a persistent credit card skimmer group of groups you’ve never heard of

3 days ago

There have been few hacker groups that have been responsible for as many headlines this year as Magecart. You might not know the name, but you probably haven’t missed their work — highly targeted credit card skimming attacks, hitting Ticketmaster and ...

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

3 days ago

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed

3 days ago

Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.

Russia: We did not hack the US Democrats. But IF we did, we're immune from prosecution (lmao)

3 days ago

Hackers are lethal weapons, as in diplomatic... oh forget it The Russian government has denied having anything to do with hacking the US Democratic party in 2016, although in a court filing this week stressed that even if it did break into the DNC's serve ...

Microsoft patches Windows zero-day used by multiple cyber-espionage groups

3 days ago

Kaspersky: Windows zero-day exploited by multiple cyber-espionage groups.

MetaCert’s Cryptonite can catch phishing links in your email

3 days ago

MetaCert, founded by Paul Walsh, originally began as a way to watch chat rooms for fake Ethereum scams. Walsh, who was an early experimenter in cryptocurrencies, grew frustrated when he saw hackers dumping fake links into chat rooms, resulting in users re ...

Getting to Know Magecart: An Inside Look at 7 Groups

3 days ago

A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.

Empathy: The Next Killer App for Cybersecurity?

3 days ago

The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.

Google’s G Suite, Search and Analytics Traffic Taken Down in Hijacking

3 days ago

Google cloud business customers were impacted by a Border Gateway Protocol hijacking.

Google Traffic Temporarily Rerouted via Russia, China

3 days ago

The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.

Unpatched Android OS Flaw Allows Adversaries to Track User Location

3 days ago

The vulnerability is one of many with the same root cause: Cross-process information leakage.

Google’s Project Fi gets an improved VPN service

3 days ago

Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between WiFi and cellular connections. By default, Fi already uses a VPN service to protect users when th ...

Sharpen Your Malware-Fighting Skills at Black Hat Europe

3 days ago

Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.

Sharpen Your Malware-Fighting Skills at Black Hat Europe

3 days ago

Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

3 days ago

Overall, the company released only three patches as part of its regularly-scheduled November update.