The federal government said the new headquarters of Australia's cybersecurity centre will be a central hub for cybersecurity information, advice, and assistance to all Australians.
The new rules will be enforced in 18 months, when public and private sector organizations collecting data should be fully compliant.
New threat and advice website cyber.gov.au created.
Web Security says there's nothing nefarious to its URL collection A security plug-in for the Firefox browser is under fire after users discovered it was collecting and uploading their online activity.…
10 users controlling the bulk of cryptocoin generator funds Mining internet currency on websites with Coinhive scripts is a lucrative endeavor, but only for a handful of people.…
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
Security or operational incidents cut customers off.
The tricky Cortana flaw, CVE-2018-8253, was addressed by Microsoft during Patch Tuesday.
In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
Report points finger at North Korea for cyber-heist Cosmos Bank in India says that hackers made off with $13.4m in stolen funds over the weekend.…
Ancient issue causing new ones Security gaps have been identified in widely used implementations of the IPsec protocol, which is used in the set up of Virtual Private Networks (VPNs).…
Michael Terpin not happy about funds-draining SIM swap fraud A bitcoin investor is suing AT&T for $240m after it allegedly ported his phone number to a hacker, allowing the criminal to steal $24m in cryptocurrency.…
Chinese internet giant talks up new product releases such as Anti-Bot Service and its datacentre footprint in Asia-Pacific as key differentiators against cloud rivals, Amazon Web Services and Google.
As DNA testing becomes more common, more and more of us are spitting saliva. But what exactly is a DNA test? How does it work? What are the implications? We try to answer these questions here.
Here are the capabilities that security and risk professionals should prioritize when selecting a Digital Risk Protection solution.
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
Researchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.
The engineer was neck-deep in laundering proceeds from Reveton ransomware victims.
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
PHP unserialization can be triggered by other vulnerabilities previously considered low-risk.
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
RunSafe, a Mclean Virginia startup, got started doing research for DARPA on how to defend critical infrastructure. They built a commercial product based on that initial research that they claim eliminates an entire class of attacks. Today, the company rel ...
In addition to traditional phishing, fraudulent cryptocurrency offers is a rising trend.
As the world shifts to a cloud native approach, the way you secure applications as they get deployed is changing too. Twistlock, a company built from the ground up to secure cloud native environments, announced a $33 million Series C round today led by Ic ...
Two vulnerabilities in Acrobat and Reader are considered critical.
Windows Server admins using Hyper-V have some complicated choices to make about how best to mitigate Foreshadow on Intel hardware.
Report fingers online fraudsters' current habits Rogue mobile apps have become the most common fraud attack vector, according to the latest quarterly edition of RSA Security's global fraud report.…
Cryptocurrency-generating malware has been on a rampage this year - but some organisations still haven't done much to defend against it.
Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when th ...
Bugcrowd's CTO and founder Casey Ellis talked to Threatpost about the recently launched HP printer bug bounty program.
El Reg talks to Dr Yuval Yarom about Intel's memory leaking catastrophe Interview In the wake of yet another collection of Intel bugs, The Register had the chance to speak to Foreshadow co-discoverer and University of Adelaide and Data61 researcher Dr Y ...
A total of 19 vulnerabilities are deemed critical, including two zero-day flaws being actively used in the wild.
ID fraud drops to four-year low New figures reveal UK identity fraud dropped during the first six months of 2018 to reach a four-year low.…
Recovery options are being changed to .ru addresses by an unknown threat actor.
Despite all the hype and expectations surrounding 5G, Huawei has said there is no urgency on waiting for the Australian government's decision, because the technology will evolve slowly.
Former network engineer gets 18 months in the clink A former Microsoft network engineer will be spending a sojourn behind bars after pleading guilty to conspiracy to commit money laundering.…
Summertiiiiiime, and the hacking is easy Microsoft and Adobe have teamed up to deliver more than 70 patches with this month's Patch Tuesday batch released today.…
Keeps baking security into code creation for cloud.
Microsoft rolled out 60 patches for its Patch Tuesday release, impacting 19 critical flaws and 39 important flaws.
Core and Xeon affected.
In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address.
PTC adopts a shared responsibility model to security as it aims to shore up its ThingWorx ecosystem and court researchers looking into IoT.
Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Researchers have broken Intel's Software Guard Extensions, System Management Mode, and x86-based virtual machines.
But it requires custom hardware, firmware and access to your Wi-Fi DEF CON Hackers have managed to hack Amazon's Echo digital assistant and effectively turn it into a listening device, albeit through a complex and hard-to-reproduce approach.…
'Foreshadow" and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds.
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
Both adult and kid hackers demonstrated at DEF CON how the hackable voting machine may be the least of our worries in the 2018 elections.
Flaw in House Larry's flagship product allows 'complete compromise' of servers Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability.…
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
A recent report found that Google services - with functions like checking maps, the weather, and search - are tracking users even when they deny permission.
Apps, kernels, virtual machines, SGX, SMM at risk from attack Intel will today disclose three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memo ...
The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.
Expect wide and fast adoption of the latest web encryption protocol after engineers finalise Transport Layer Security (TLS) version 1.3.
Infosec firm fingers 'decentralised' reporting The first half of 2018 saw a record haul of reported software vulnerabilities yet a high proportion of these won’t appear in any mainstream flaw-tracking lists, researcher Risk Based Security (RBS) has clai ...
A guilty plea brings 18-month sentence on money laundering charges.
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
Adobe's August Patch Tuesday release impacts Flash Player, and Acrobat DC and Reader.
Sonatype helps enterprises identify and remediate vulnerabilities in open source library dependencies and release more secure code. Today, they announced a free tool called DepShield that offers a basic level of protection for GitHub developers. The produ ...
Exabeam uses data and AI to detect and respond to cyber threats.
Armis' CTO discusses the top IoT security issues in the marketplace today - and whether device manufacturers will start to prioritize security.
Respondents in a survey from Venafi said they believe voting machines, encrypted communications from polling stations and databases that store voter registration data are all vulnerable.
New form of file-locking ransomware has a 'manual' option for more sophisticated attacks.
Google is tracking you, even if you turn off tracking: Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, t ...
New attack threatens enterprise VPN and could enable target networks to be impersonated or allow a man-in-the-middle attack.
The Threatpost team debriefs on the top news and topics from last week's Black Hat and DEF CON conferences.
It is possible that crucial recordings could be modified or deleted due to vulnerabilities in body cam software.
The novel attack technique relies on Android developers which use lazy storage protocols.
20th Century tech causing problems in the 21st Video Corporations are open to hacking via a booby-trapped image data sent by fax, a hacker demo at DEF CON suggests.…
Switchzilla issues update for authentication bypass flaw Cisco has pushed out an update for its internetwork operating system (IOS) and IOS XE firmware in advance of a Usenix presentation on circumventing cryptographic key protocol.…
Draft legislation intended to give cops and spooks access to encrypted communications should keep encryption strong. But the powers it proposes aren't just about fighting paedophiles, terrorists, and organised criminals.
Concerned mainly with the opt-out element of the contentious My Health Record, the federal opposition has said it will lead a 'comprehensive' Senate inquiry into the government initiative.
Network-throttling modem bug finally gets a write-up and CVE More than 18 months after the issue was first brought to light, Intel is still working to fix the problems caused by its buggy Puma modem chipsets.…
Attack of the cloned cards.
A researcher proves that it's possible to break the most fundamental security on some CPUs.
Now all you lot have to actually implement it An overhaul of a critical internet security protocol has been completed, with TLS 1.3 becoming an official standard late last week.…
The Australian government is still committed to 'no backdoors', publishing draft legislation that will force internet companies to assist law enforcement in decrypting messages sent with end-to-end encryption.
Can compel providers to build own tools, but not use vulnerabilities.
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor a ...
$80K in payouts went to hand-picked hackers in nine-hour event during DEF CON in Las Vegas.
Posted by Dave Aitel on Aug 13From:https://web.archiv
m:8010/29/2002 - Fishing for Obscurity Some sharks and fish have a unique sixth sense – they can generate and detect electrical fields, even minute on ...
Samples of the malware have been found in an array of countries, including Brazil and Vietnam.
Posted by Dave Aitel on Aug 13https://www.usatoday.co
75121002/ So I don't know a ton about the details of voting machines, but I'm pretty sure what happene ...
Last Friday, the Internet Engineering Task Force released the final version of TLS 1.3. This is a major update to TLS 1.2, the security protocol that secures much of the web by, among other things, providing the layer that handles the encryption of every ...
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
A "wave of litigation over IoT liability is on the horizon," according to an attorney who has represented plaintiffs in the 2015 Jeep hack.
Configuration data for GoDaddy servers could be used as a reconnaissance tool for malicious actors to uncover ripe targets.
Sloppy Android developers not following security guidelines for external storage opens the door to device takeover and more.
One of the largest botnets was taken out by the authorities last year - but large numbers of PCs remain infected.
Spear-phishing techniques are breathing new life into an old scam.
Hackers at DefCon have exposed new security concerns around smart speakers. Tencent’s Wu HuiYu and Qian Wenxiang spoke at the security conference with a presentation called Breaking Smart Speakers: We are Listening to You, explaining how they hacked int ...
Mike Murray, vice president of security intelligence at Lookout, discusses how mobile is redefining phishing, taking it out of the traditional inbox and into SMS and Facebook messages.
Good luck voting in November, folks in US, you're going to need it DEF CON Hackers of all ages have been investigating America’s voting machine tech and the results aren’t good - one enterprising 11 year-old named Emmet managed to hack a simulated S ...
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
IT security professionals believe that nation states will begin to exploit smart, connected devices in the next 12 months.
The Vote Hacking Village invited attendees – including kids as young as six – to hack the voting infrastructure, including ballot machines, a voter database and more.
Trade secrets are trumping personal liberty DEF CON American police and the judiciary are increasingly relying on software to catch, prosecute and sentence criminal suspects, but the code is untested, unavailable to suspects' defense teams, and in some ...
Tampering with two lines of code unveiled a serious bug which could lead to full system compromise.
The region's been investing heavily in tackling cybercrime but remains disproportionately affected.
Staffer learns hard way: boss jokes don't mix well with infosec demos Who, Me? Welcome again to Who, Me?, where we invite Reg readers to begin the week crossing their fingers it will be better than those of our featured techies.…
Researchers say that the swathe of bugs impacts major vendors.
Carefully omits to mention the Land of the Free DEF CON Rob Joyce, the former head of the NSA’s Tailored Access Operations hacking team, has spilled the beans on which nations are getting up to mischief online.…
Police seek mentor-like techies to help talented kids UK police are looking to cybersecurity firms to help implement a strategy of steering youngsters away from a life in online crime.…
Accurate timing data about votes, and the order in which they're cast, can be enough to reveal individual voters' secret ballots.
A malicious fax sent to an HP Inc. OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment.
Fax machines are still widely used by businesses and a communications protocol vulnerability is leaving them exposed to cyberattacks.
"InPrivate Desktop" mode to ensure unexpected code can't touch OS.
Apple 0-Day allows hackers to mimic mouse-clicks for kernel access, despite mitigations.
LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other g ...
Analytics, advertising and other web scripts can capture information housed in user confirmations for flight bookings, food delivery, medical testing and more.
New zero-day vendor opens up shop, and more in infosec this week Roundup This week, the infosec world descended on Las Vegas for BlackHat and DEF CON to share stories of bug hunting, malware neural nets, hefty payout offers, and more.…
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
Interesting video of a robot grabber that's delicate enough to capture squid (and even jellyfish) in the ocean. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guide ...
Dive into a weird and wonderful 'feature' of Via's embedded hardware chips Black Hat A forgotten family of x86-compatible processors still used in specialist hardware, and touted for "military-grade security features," has a backdoor that malware and ro ...
Famous car hackers Chris Valasek and Charlie Miller returned to Black Hat to discuss how manufacturers can secure autonomous vehicles.
Thousands of hackers were eager to hear the latest from the world of nation-state cybersecurity.
Federacy, a member of the Y Combinator Summer 2018 class, has a mission to make bug bounty programs available to even the smallest startup. Traditionally, bug bounty programs from players like BugCrowd and HackerOne have been geared toward larger organiza ...
Funny and true.
Facebook today announced it’s implementing a new measure to secure Facebook Pages with large U.S. followings in order to make it harder for people to administer a Page using a “fake or compromised account.” Beginning with those that have large U.S. ...
The bottom line is simple: Flying a drone near a wildfire could cause catastrophic damage. Don't do it.
Researchers crack voice authentication systems by recreating any voice using under ten minutes of sample audio.
We've only seen the beginning of what artificial intelligence can do for information security.
Staff opened phishing email Holiday camp and British institution Butlin's has admitted 34,000 visitor records have been compromised.…