Hicurdismos drive-by download tries to trick people into tech support scams.
Almost everyone affected by the cyberattack had a part to play — from shipping shoddy devices to a consumer apathy towards security.
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
Yesterday's DDoS attacks against Dyn are being reported everywhere. I have received a gazillion press requests, but I am traveling in Australia and Asia and have had to decline most of them. That's okay, really, because we don't know anything much of any ...
Ten percent of the 550,000 IoT nodes in the Mirai botnet are involved in ongoing DDoS attacks against DNS provider Dyn and others.
Interesting article listing the squid species that can still be ethically eaten. The problem, of course, is that on a restaurant menu it's just labeled "squid." As usual, you can also use this squid post to talk about the security stories in the news th ...
You may never have heard of Dyn, but you know the sites it supports. These include Twitter, SoundCloud, Spotify, and Reddit. They are all disabled Friday because of a massive Distributed Denial of Service (DDoS) attack.
Enterprises should be taking notes as cyber warfare in U.S. election revealing the kill-shot tactics of hacking
Guardian, BBC, CNN, Twitter, Paypal unreachable.
Martin Thomson, a Principle Engineer at Mozilla confirmed TLS 1.3 will be turned on by default in Firefox 52.
When the internet fails you, have a backup plan.
Why cyber analysts spend nearly 75% if their time on false positives, and what to do about it.
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
A privilege escalation vulnerability, nicknamed Dirty Cow and present in Linux since 2007, has been used in public attacks against web-facing Linux servers.
Brief but widespread attack illuminated vulnerability of the Internet's Domain Name System (DNS) infrastructure.
The dangers of Skyping and typing, the fingerprint warrant story, hiding credit card numbers in images, and more are discussed.
Around 3.25 million debit cards affected by breach of 90 ATMs, prompting card replacement and PIN change.
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
DNS providers Dyn suffered a DDoS attack this morning that affected many of its major customers including Twitter, Spotify, Github and others. Services have been restored as of 9:36 a.m. today.
Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
Dyn, which offers DNS management services and other traffic tools to improve web site uptime, was hit by a distributed denial of service attack.
With attacks in the wild reported, you need to fix this Linux bug as soon as possible.
The UK's cyber defenders plan to make the country's government networks vastly more secure by strong, national enforcement of network protocols.
Auditor says state govt is leaving itself open to fraud.
50TB of data seized.
Dangerous local user privilege escalation possible.
Researchers from Israel's Ben-Gurion University of the Negev and two other universities show how attackers can exploit 3D manufacturing processes.
Users asked to reset passwords.
GoDaddy said the new add-on services will help SMBs transmit, store and protect business and customer data while also abiding by compliance standards.
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
A phishing campaign aimed at Apple users in China that relies heavily on typosquatting has resurfaced.
Microsoft malware researchers say Locky ransomware authors are changing tactics again to evade detection.
The government is preparing to charge the suspect under the Espionage Act.
Yahoo wrote DNI James Clapper asking the government to confirm and declassify an order to scan email for intelligence surveillance purposes.
Hackers targeted the sites as recently as February.
Microsoft has refreshed its Microsoft Update Catalog site, where it is making patch rollups for earlier versions of Windows and Windows Server, so it no longer works with Internet Explorer only.
Let's not perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.
An academic paper demonstrates a new ASLR bypass executed through a side-channel attack against the branch target buffer in an Intel Haswell CPU.
Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain.
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
Proposed standards will require financial firms to recover from any cyberattack within two hours.
A study finds risky apps leave mobile devices open to SMS denial-of-service attack and remote SIM card rooting.
The total number of ransomware attacks rose by 13 percent in September alone, say Check Point cybersecurity researchers.
Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge.
Facial-recognition databases used by the FBI and state police hold images of 117 million US adults, according to new research.
Interesting interview: Obama: Traditionally, when we think about security and protecting ourselves, we think in terms of armor or walls. Increasingly, I find myself looking to medicine and thinking about viruses, antibodies. Part of the reason why cybers ...
The FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks.
In one of the country's worst data breaches to date, 3.2 million debit cards have reportedly become compromised.
Yahoo came under fire after scanning millions of customer emails on behalf of the police and now wants these orders made public.
The company hopes to integrate the technology into the Malwarebytes malware cleaner over time.
Fourth 'transparency centre' to reinstill confidence in products.
NextGen, Vocus refute claims of error.
Australian Statistician David Kalisch has told Senate Estimates the ABS incurred AU$30 million in remediation costs due to the Census night stuff-up.
'Spend more time looking at humans, and not at pieces of paper', says Trend Micro's high-profile security researcher.
Czech judge to decide on US extradition request.
And what the Australian industry is doing about it.
Russia to fight extradition.
The CISO has traditionally reported to the CIO, but this is changing as security becomes more important. How will this change their relationship, and how can they better work together?
Researchers discover a clever attack that bypasses the address space layout randomization (ALSR) on Intel's CPUs. Here's the paper. It discusses several possible mitigation techniques.
The hacker, caught in Prague, may be extradited to the US.
A research paper explains how attackers can use recordings of keystroke sounds captured in a Skype conversation to guess what's being typed.
The region has become an autonomous business unit.
The proactive management of cybersecurity relies on an intelligence-led approach that can either prevent a breach from happening, or make sure that it is quickly detected and remediated. By Robert Anderson, Managing Director, Navigant, Cybersecurity Prac ...
Oracle fixed 253 vulnerabilities across 76 different products with its quarterly Critical Patch Update.
Security experts are reporting popular adult website Adult FriendFinder has been compromised by hackers who have gained access to the site's backend servers.
Learn the two watershed moments for IT in the military over the past 50 years and the four most important domains of cybersecurity, according to former DoD chief Robert Gates at Gartner Symposium.
Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched: profitsoverpatients.com.
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly - and what online publishers and security leaders need to do about it.
Tripwire research indicates smart grids and transportation among the services most exposed to cyberattack risks.
Combining Dell Data Security Solutions, Mozy by Dell, RSA, and VMware AirWatch, Dell Technologies has released a new product suite focused on endpoint data security.
The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety.
Even if your code is hacker proof, there's still one way into your systems and it's much tougher to patch.
Level 3 Communications said the Mirai botnet has recruited close to 500,000 IoT devices since the malware’s source code was released.
For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds.
Lance Spitzner looks at the safety features of a power saw and tries to apply them to Internet security: By the way, here are some of the key safety features that are built into the DeWalt Mitre Saw. Notice in all three of these the human does not have t ...
The FruityArmor APT group was using one of the Windows zero days patched by Microsoft last week to escape sandboxes and carry out targeted attacks.
The open-source encryption software contains severe security problems -- and not all of them can be patched immediately.
Third time might be the charm as Australia could get data breach notification laws if they are not stranded in Parliament again.
In a region that spans the gamut of 'world leading' to trailing nations in the use of technology, it is in Australia's interest to help those fallen behind to catch up, the head of the International Cyber Policy Centre at the Australian Strategic Policy I ...
Expands on actions that could reduce need to notify.
Brisbane to get first pilot facility.
Researchers find 15,000 vulnerable web servers.
When managing a business based mainly on trust and reputation, Australia's iSelect believes it is best practice to partner with a security vendor rather than tackling threats internally.
Given a choice between security and free Wi-Fi, almost all of us will use the free internet connection.
In addition to government assistance, ID theft victims frequently seek financial support from friends, family, and faith-based organizations, according to a study by the Identity Theft Resource Center.
The huge theft of customer data affected over 500 million users.
Legal scholars say the government is testing the limits of the Fifth Amendment in a landmark search warrant case.
The new 2016 State of Software Security Report from Veracode shows the hazards of buggy libraries and applications.
Researchers say attackers are embedding malicious code in poorly configured Magento sites that hides stolen payment card data in images.
These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity.
Users need to be vigilant about the sites they visit and actions they take online, Zscaler warns
Former NSA attorneys John DeLong and Susan Hennessay have written a fascinating article describing a particular incident of oversight failure inside the NSA. Technically, the story hinges on a definitional difference between the NSA and the FISA court mea ...
Ransomware has existed in various forms for decades, but in the last three years, cybercriminals have perfected its key components. Here's what you need to know now. By Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks
The security researcher was swiftly attacked by Trump supporters who couldn't understand that the information was publicly accessible.
An audit of open source file and disk encryption software VeraCrypt wrapped up and a number of critical vulnerabilities uncovered in the assessment were patched.
Malware found on the website allowed hackers to siphon off your credit card data.
Developers who focus on secure development skills find themselves in high demand.
Dutch researcher finds NRSC web store among 5,900 e-commerce sites infected with malware designed to steal payment card details.
Survey says although 91% of the respondents admit that public Wi-Fi is insecure, 89% still use it.
Metropolitan Police Service plans to give cameras to 22,000 officers in London's capital.
The Justice Dept. is becoming increasingly desperate when it comes to unlocking smartphones that come with full-disk encryption.
Malwarebytes gives a peek at the anatomy of a tech support scam; scammers at one time were selling $25 versions of Malwarebytes software for as much as $1,000.
Hard-to-patch bugs in Java applications are proving a difficult problem to solve.
Tech-support scammers are having good luck reaching young victims with pop-up ads.
The old Dyre crew appear to have contributed to a new Trojan with updated, more devastating features.
UNSW cybersecurity professor Jill Slay has criticised the Australian IoT industry for failing to incorporate security into the core design of IoT products, and bemoaned what she sees as a significant lack of cybersecurity leadership in Australia.
Senators from the Nick Xenophon Team have raised the idea of removing the word 'children' from the name of the eSafety office, saying it limits young adults from going to it for advice.
Three top IT roles now vacant at telco.
The Senate Estimates committee focus on the security of WhatsApp missed two key issues. Secure communications is a people problem. And does it even have to be 'secure' in the first place?
Forced internet censorship backfires.
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law
New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.
Tune in to Dark Reading Radio on Wednesday, Oct. 19 at 1pmET, when we'll discuss what specific efforts in industry, academia, and government, are under way to fill the cybersecurity skills gap.
Researchers at Fidelis report there are similarities in coding and behavior between a new banking Trojan called TrickBot and the notorious Dyre malware.
For the first time, more than half of traffic on the Internet is encrypted, and experts say free SSL certificate providers are playing a big role.
In honor of National Cyber Security Awareness Month, a look at that five-step process developed by the BBB and NCSA.
U.S. representatives are asking Yahoo for clarity around a surveillance program mentioned in reports earlier this month.
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
UBS predicts flat corporate spending on IT as cloud computing service providers look set to take over cybersecurity customers.
Unmanned Warrior showcases autonomous boats, drones and submersibles as the Royal Navy looks at the future of warfare.
Hacker, who exposed private email server of Hillary Clinton, will return to US in 2018 to serve 52-month jail term.