Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
If Artem Moskowsky owes you money, its a good time to ask A recently-patched set of flaws in Samsung's mobile site was leaving users open to account theft.…
Plan not to use current equipment and upcoming 5G gear .
Allowed partner apps to access its users' private data.
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
A group of U.S. tech giants, including Apple, Google and Microsoft, have collectively denounced the new so-called “anti-encryption” law passed by the Australian parliament last week. The bill was passed less than a day after the ruling coalition gove ...
Google moves Google+ sunset date forward, from August 2019 to April 2019.
The consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.
Emails say they contain a link with screenshots of victims' compromising activity. In reality, the link executes ransomware.
Google+ was a bit of a disaster for the company when it was still alive, and now that it’s walking dead, it’s becoming even more of a stone around its neck. After disclosing a major security bug in October that affected just under half a million users ...
Bagle.A and Bagle.B date back to 2004.
Tor Project reports $4.2 million income in 2017, of which only 51 percent came from government funds.
The scam is spread via Facebook and WhatsApp messages.
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.
Stock trading algorithms know how to read news headlines, but they don't know what's real.
The ultimate to-do list for ambitious security leaders.
Compares power grab to debunked WMD claims.
Yeah, how about you work for us... Digital minister Margot James reckons Brits need to "get over" their concerns about privacy and cyber security and let the government assign them with ID cards.…
SilverHawk hacking campaign uses fake versions of secure messaging apps like WhatsApp and Telegram to plant spyware on devices.
New Android adware discovered in 22 apps downloaded over two million times.
The consumer watchdog wants to protect the integrity of news content in Australia by holding digital giants accountable over what is available and shared on their platforms. It also wants regulation and transparency around how they collect and use data.
The controversial Assistance and Access Bill was 176 pages long, then 67 pages of amendments were rushed through in the final hours of debate. This is what we've ended up with.
Shadow Minister for the Digital Economy Ed Husic continues to state problems with the Bill his party rolled over on and passed.
Labor announces 'fight' against the privatisation of Australian border control.
Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.
Bug dealt with in Chrome and Edge, but still a problem for Firefox users.
Researcher demonstrates how attackers could steal data from smartphones while they charge up.
Plus, congress wants more cybersec training, better breach laws Roundup This week, we saw Linux get pwned, a teen hacker go down, and Julian Assange vowing to stay right where he is.…
Sextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.
First proof-of-concept, SplitSpectre, requires fewer instructions in victim Analysis You've patched your Intel, AMD, Power, and Arm gear to crush those pesky data-leaking speculative execution processor bugs, right? Good, because IBM eggheads in Switzer ...
It's the least they could do. Really. The bare minimum Hotel-chain turned data faucet Marriott says it will help some customers cover the cost of replacing stolen documents.…
US Senator says Google is profiting off advertising fraud and has no interest in addressing it.
DEA gets down and dirty with new surveillance kit Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner.…
Watch out for emails about gift cards and corporate donations, researcher warn.
The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Web admin blames public Whois and lack of 2FA Linux.org was hacked on Friday morning, with the hacker plastering the message "G3T 0WNED L1NUX N3RDZ" complete with expletives and a very NSFW image (a hairy asshole).…
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
It appears that most mobile carriers, including O2 and SoftBank, have recovered from yesterday’s cell phone network outage that was triggered by a shutdown of Ericsson equipment running on their networks. That shut down appears to have been triggered b ...
A newly-passed Australian law could allow the government to force tech companies to create backdoors in their products.
The March attack used SamSam ransomware to infect 3,789 computers.
DHS has had great success with tracking and analyzing Bitcoin transactions already. They are now looking for similar solutions for tracking "privacy coins."
Threat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims.
Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction.
European law enforcement conducts 300 house searches and makes 235 arrests.
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cyberth ...
So much for the Apophis Squad's Twitter boasts A teenage bomb hoaxer from Watford who taunted the UK's National Crime Agency on Twitter while pretending to be a hacker crew called Apophis Squad has been jailed for three years.…
Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today's security landscape.
The 'tyranny of the urgent' and three other reasons why it's hard for CISOs to establish a robust insider threat prevention program.
Microsoft and the AI Now Institute are both calling for regulation as facial recognition software picks up popularity.
Hotel chain responds to US senator. Says it will foot the bill for some users' passport replacement costs.
Microsoft wants new laws to put some constraints on the use and development of facial recognition.
Privacy International lays out its case to El Reg The UK's highest court has this week heard arguments in Privacy International's long-running attempt to challenge decisions made by Britain's shadowy spying oversight court, the Investigatory Powers Tribun ...
Posted by InfoSec News on Dec 07https://www.washingtonp
Posted by InfoSec News on Dec 07https://www.zdnet.com/a
-style-hacks/ By Catalin Cimpanu Zero Day ZDNet December 7, 2018 Cyber-criminal gangs are believed to have stolen tens of mil ...
Posted by InfoSec News on Dec 07https://www.nextgov.com
/153337/ By Heather Kuldell Managing Editor Nextgov 12/06/2018
A bipartisan pair of senators introduced a bill that would req ...
Posted by InfoSec News on Dec 07https://www.timesofisra
ilians/ By TOI Staff The Times of Israel December 7, 2018 Lebanon's ambassador to the United Nations on Thursday accused Isra ...
Posted by InfoSec News on Dec 07https://arstechnica.com
2-million-downloads/ By Dan Goodin Ars Technica December 6, 2018 Almost two dozen apps with more than 2 million downloads hav ...
Posted by InfoSec News on Dec 07https://www.cnet.com/ne
er-apple-amazon/ By Claire Reilly CNet News December 6, 2018 Australia passed new laws that allow law enforcement to access e ...
Posted by InfoSec News on Dec 07https://www.reuters.com
0X By Yoshiyasu Shida, Yoshifumi Takemoto Reuters.com 12/0
6/2018 TOKYO (Reuters) - Japan plans to ba ...
Land of the Rising Sun could be the next nation to exclude Chinese telco vendors.
Bans use for unlawful discrimination.
“Complex language which scares people…”
Complex language frightens.
Cybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.
Company test runs own traffic analysis service and finds malicious Chrome extension in its own backyard. Ooops!
Opposition leader Bill Shorten has said he will take half a win.
The Canadian government was given a few days' notice of the imminent arrest of Huawei's CFO on behalf of US authorities, with Wanzhou Meng facing a bail hearing on Friday.
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
Government intelligence gathering operation.
A mysterious figure even in her home country.
Alleged scheme to use global banking system to evade US sanctions.
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
Researchers identified a widespread campaign of brute force attacks against WordPress websites.
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
Even those that provide employee training do so sparingly, a new study finds.
How you report a data breach can have a big impact on its fallout.
Attackers used methods, tools previously used by known Chinese hackers.
Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
The company allegedly tried to hide away new policy changes that would collect Android app users' call and message logs.
Nations need to come together to condemn hostile cyber activity much sooner, says former Foreign Secretary of Estonia.
All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.
Admit they are upping their use of mass snooping UK spies are planning to increase their use of bulk equipment interference, as the range of encrypted hardware and software applications they can't tap into increases.…
In an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may ...
Safari could join Firefox, Chrome, and Edge support for Web Authentication.
Infosec duo worked out how to remotely set their own answers Black Hat Crafty infosec researchers have figured out how to remotely set answers to Windows 10’s password reset questions “without even executing code on the targeted machine”.…
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet. One of these could be your best bet.
London Blue gang probably has your firm's org chart Black Hat A Nigerian email scammer gang has evolved to the point where it has corporate-style specialist departments and uses commercial business intelligence data brokers to help plan its attacks.…
Posted by InfoSec News on Dec 06https://www.nextgov.com
oadmap/153295/ By Frank Konkel Executive Editor Nextgov 12/05/2018
The Transportation Security Administration this week released a cybersecurity road ...
Posted by InfoSec News on Dec 06https://www.insurancejo
018/12/05/511070.htm By Patrick Clark Insurance Journal December 5, 2018 It's too soon for Marriott International Inc. to estimate the cost of the massive cyber breach that t ...
Posted by InfoSec News on Dec 06https://www.politico.co
018-hack-1043309 By Alex Isenstadt and John Bresnahan POLITICO 12/04/
2018 The House GOP campaign arm suffered a major hack du ...
Labor passes bill without changes it claimed were needed.
100,000 Genomes Project is secure, insists chair An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire.…
So-called protections in the Bill are necessary, Opposition leader Bill Shorten has said.
Paper's safer, says parliamentary committee An Australian parliamentary committee has nixed the idea of internet voting for federal elections Down Under, for now.…
Google has said it will bring all of Allo's best features to Messages, with the former to be killed off in March 2019.
Lawsuit details a long list of security fails on MIE's part.
Faces extradition to the US over Iran sanctions busting allegations.
Under its encryption bill.
Apple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of updates for its Mac and iOS platforms.…
Apple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of security updates for its Mac and iOS software.…
Huawei's chief financial officer has reportedly been arrested in Vancouver and is facing extradition to the US over allegations of violating trade sanctions with Iran.
BT is removing Huawei equipment from its mobile carrier EE's existing 3G and 4G LTE networks, saying it will also not use the Chinese tech giant for its upcoming 5G network deployment.
ICSP Neural is designed to address USB-borne malware threats security.
Botnet is still up and running but law enforcement has been notified.
Attack bots unleashed as major sites left wide open to abuse If you're one of those people who hates picking out cars, street signs and other objects in CAPTCHA image grids, then get used to it because the days of text-based alternatives are numbered.…
'PASTA' testing platform specs will be shared via open-source.
It's like a greatest hits album of terrible security policies Stop us if you've heard this one: A Flash zero-day vulnerability is being actively targeted in the wild.…
The facial recognition pilot will identify “subjects of interest" around the White House.
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
BeatStars website mass-defaced after hacker intrusion. Website back up and running again.
Cloud Security Command Center is Google's dashboard for assessing and remediating security risks in a GCP environment.
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.
Adobe issued a patch for the zero-day on Wednesday.
Hackers can steal data, sabotage cloud deployments and more.
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.