security.didici.cc

Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket

4 hours ago

Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.

Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry

4 hours ago

The Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

5 hours ago

Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.

1.4 Million New Phishing Sites Launched Each Month

6 hours ago

The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.

New Verizon leak exposed confidential data on internal systems

6 hours ago

Dozens of documents reveal detailed maps and configurations of internal Verizon servers.

2016 SEC Hack May Have Benefited Insider Trading

8 hours ago

The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.

Samba Update Patches Two SMB-Related MiTM Bugs

8 hours ago

Samba released three security updates, including two related to SMB connections that could be abused by an attacker already on the network to hijack connections and manipulate traffic or data sent from a client.

Americans Rank Criminal Hacking as Their Number One Threat

8 hours ago

Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.

Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid

9 hours ago

Why healthcare organizations need a good strategy to find talent, or get left behind.

10 Security Product Flaw Scares

9 hours ago

CCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.

What’s New In Android 8.0 Oreo Security

9 hours ago

Google’s Android security team has turned a corner with 8.0 Oreo, reducing the attack surface, compartmentalizing components and beefing up protection against rogue apps.

1.4 million phishing websites are created every month: Here's who the scammers are pretending to be

10 hours ago

Criminals are replacing phishing websites every few hours in order to avoid detection - thus allowing them to scam more victims out of personal data

Where Do Security Vulnerabilities Come From?

10 hours ago

There are three major causes: code quality, complexity, and trusted data inputs.

Threatpost News Wrap, September 24, 207

10 hours ago

The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.

Threatpost News Wrap, September 22, 2017

10 hours ago

The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.

This new app can detect wireless credit card skimmers at gas pumps

11 hours ago

Credit card skimmers are getting more advanced - but that's making them easier to detect.

Boston Red Sox Caught Using Technology to Steal Signs

12 hours ago

The Boston Red Sox admitted to eavesdropping on the communications channel between catcher and pitcher. Stealing signs is believed to be particularly effective when there is a runner on second base who can both watch what hand signals the catcher is usin ...

Google's Project Zero fuzzed top browsers for bugs: Safari users won't like the results

13 hours ago

Google's Project Zero releases the open-source tool it used to find new bugs in major browsers.

ISP involvement suspected in latest FinFisher gov't spyware campaign

13 hours ago

ISPs in a number of countries are under suspicion for distributing the malware to government targets.

Joomla patches eight-year-old critical CMS bug

15 hours ago

The flaw could be exploited to steal administrator account details and hijack websites.

Govt, industry invest $140m for cybersecurity CRC

16 hours ago

Enterprise-focused, industry-led.

​Australian government trying to weed out the 'murky' areas of cyber insurance

18 hours ago

Before organisations in the country can head down the path of insuring against cyber incidents, the federal government needs to set the agenda, a senior government cyber adviser has said.

​Australian government pledges AU$50m for cybersecurity research centre

19 hours ago

The seven-year investment will see the launch of a cybersecurity cooperative research centre to deliver solutions that increase the security of critical infrastructure in Australia.

Tabcorp working with Telstra on security for gaming

20 hours ago

Telstra's new cybersecurity centres and services allow Tabcorp to better balance maintaining the security of customer data with its own drive for digital transformation, the gaming company has said.

OAIC investigating data leak in Qld, NT

22 hours ago

About 4000 people impacted.

OAIC investigates defunct firm's data leak in Qld, NT

22 hours ago

About 4000 people impacted.

Avast-spread CCleaner malware targeted tech companies

1 day ago

Cisco, Intel, Microsoft, Samsung, Vodafone on hit list.

Tech industry must secure against 'unintended consequences': Elop

1 day ago

Intentionality, creativity, and leadership is the only way the tech industry can protect the world against the 'perils of unintended consequences', Telstra head of Innovation Stephen Elop has said.

Facebook to turn over Russian-linked ads to Congress

1 day ago

CEO Mark Zuckerberg outlined several ways the social networking giant plans to tackle online interference in elections, including changes to its ad buying policies.

SEC Says Intruders May Have Accessed Insider Data for Illegal Trading

1 day ago

2016 breach of the Securities and Exchange Commission's EDGAR database dents its reputation as a federal cybersecurity enforcer.

CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft

1 day ago

The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.

Iranian APT33 Targets US Firms with Destructive Malware

1 day ago

APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill.

Joomla Patches Eight-Year-Old LDAP Injection Vulnerability

1 day ago

Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.

Bigger than WannaCry: A giant cyber attack will happen unless we rethink security, says GCHQ

1 day ago

A huge attack which makes WannaCry look like small fry will occur in the not to distant future - unless something changes.

Why Size Doesn't Matter in DDoS Attacks

1 day ago

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."

SMBs Paid $301 Million to Ransomware Attackers

1 day ago

But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.

OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal

1 day ago

A judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.

SEC admits data breach, suggests illicit trading was key

1 day ago

The commission says that "illicit gain through trading" may have been the key motivator.

ISO Rejects NSA Encryption Algorithms

1 day ago

The ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It's because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, ...

iOS 11's Control Center may say Bluetooth, Wi-Fi are off, but that's just not true

1 day ago

For Handoff's sake, no doesn't mean no in iOS 11.

CCleaner malware operators targeted tech firms including Cisco, Microsoft, Samsung

1 day ago

It is believed the threat actor behind the campaign is after intellectual property.

NSA backs down in encryption row

1 day ago

After pressure from distrustful US allies.

Hackers breached SEC's financial filing system

1 day ago

May have profited by accessing non-public documents.

​OAIC and Data61 offer up data de-identification framework

1 day ago

The Office of the Australian Information Commissioner and Data61 have released a guide to assist organisations to appropriately de-identify data to meet requirements such as those mandated under the Privacy Act.

TNT Express pegs Petya losses at $374m

1 day ago

IT systems 'substantially' restored after June attack.

Australia looks to deny encryption to terrorists

1 day ago

Australia Foreign Minister Julie Bishop has used a United Nations speech to thank Facebook, Microsoft, Twitter, Google, and YouTube for their help in identifying terrorists online.

Iranian Cyberspy Group Targets Aerospace, Energy Firms

2 days ago

APT33 focused on gathering information to bolster Iran's aviation industry and military decision-making capability, FireEye says.

Cisco SMI Still Exposing Network Switches Online

2 days ago

The high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.

Mobile Ransomware Hits Browsers with Old-School Techniques

2 days ago

Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.

FireEye identifies alleged Iran govt-linked hacking group

2 days ago

APT33 left tracks in malware launched at aviation, energy firms.

Artificial Intelligence: Getting the Results You Want

2 days ago

Finding a vendor that doesn't claim to do AI is hard these days. But getting the benefits you need and expect is even harder.

Unisys: Micro-segmentation and AI in the security wake of Equifax

2 days ago

The Chief Trust Officer of Unisys explains what business leaders and technologists need to know about next-generation network security practices. Read carefully to protect your organization.

What’s Triggers HTTPS Chrome Browser Warnings?

2 days ago

Researchers combed through 2,000 Chrome error reports to better classify HTTPS error warnings.

Software Assurance: Thinking Back, Looking Forward

2 days ago

Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.

Malware Steals Data From Air-Gapped Network via Security Cameras

2 days ago

Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.

Deep-Learning PassGAN Tool Improve Password Guessing

2 days ago

A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.

Deep-Learning PassGAN Tool Improves Password Guessing

2 days ago

A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.

NotPetya cyber attack on TNT Express cost FedEx $300m

2 days ago

Falling victim to global ransomware attack "posed significant operational challenges", the company says in its latest financial report.

Black Hat Europe 2017: First Briefings Announced

2 days ago

We are pleased to announce the first Briefings selected for presentation at Black Hat Europe 2017!

SecureAuth to Merge with Core Security

2 days ago

K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.

Kaspersky Lab secures contract with Brazilian Armed Forces

2 days ago

The Russian firm won a tender to supply cybersecurity tools to the three military organizations in the Latin American country.

​Ransomware and cyber-attacks: We need a defence plan, says Europe

2 days ago

The EU sets out a strategy to improve its cyber-defences against criminals and nation states.

Get Serious about IoT Security

2 days ago

These four best practices will help safeguard your organization in the Internet of Things.

1.9 Billion Data Records Exposed in First Half of 2017

2 days ago

Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.

Too noisy, low-level and unethical: Why some cybercriminals hate ransomware

2 days ago

"We are digging our own grave," warn some online criminals who are worried how high-profile ransomware attacks like WannaCry are boosting awareness and cyber security knowledge.

10 Hot Cybersecurity Funding Rounds in Q3

2 days ago

The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.

IT admin sentenced after blackmailing business, redirecting website to porn

2 days ago

The admin demanded $10,000 from a company after sabotaging their website.

iOS 11 upgrade tips: Here's how to get your iPhone or iPad ready

2 days ago

Here's what you need to do to make sure that your upgrade goes smoothly and you don't lose any data.

What the NSA Collects via 702

2 days ago

New York Times reporter Charlie Savage writes about some bad statistics we're all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about ...

Cloud-Focused Firms Earn High Marks for Software Security in BSIMM8 Report

2 days ago

Businesses that are cloud-focused tend to run the most secure software, while the healthcare sector is struggling the most when it comes to accomplishing the same goal, according to the BSIMM8 Report.

CCTV cameras enslaved to infiltrate air-gap networks

2 days ago

Surveillance camera lighting systems can create a web of light for leaking and extracting data from networks.

Telstra spending 'a lot of time on 5G': Penn

2 days ago

Telstra's 5G NR trials with Ericsson and Qualcomm are going well, Telstra CEO Andy Penn has said, with Telstra to host a 3GPP standards meeting in a year after a live trial of its 5G network in April.

Apache patches 'OptionsBleed' web server info leak bug

3 days ago

Heartbleed-like but not as serious.

iOS 11 Update includes Patches for Eight Vulnerabilities

3 days ago

Apple released a number of patches, including a security update for iOS 11, which is available today.

Viacom left keys to its kingdom exposed on AWS

3 days ago

Credentials leak could have seen media company hijacked.

Avast-Owned Piriform Releases CCleaner Security Update

3 days ago

The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.

New Spam Campaign Literally Doubles Down on Ransomware

3 days ago

An upgraded spam campaign alternates Locky and FakeGlobe ransomware, forcing victims to pay twice or lose all their data.

Twitter suspends 299,000 accounts linked to terrorism in past six month

3 days ago

The company said 75 percent of the infringing accounts were suspended before their first tweet.

Equifax lesson: It's time for tougher rules, regulations, fines to combat breaches

3 days ago

Can oversight and stiff punishments spur enterprises to prioritize cybersecurity and secure their data?

GDPR & the Rise of the Automated Data Protection Officer

3 days ago

Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?

Viacom's Secret Cloud Keys Exposed

3 days ago

The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.

Equifax Suffered Earlier Breach in March

3 days ago

Equifax suffered another breach of its systems, back in March, the company revealed Monday.

The political challenges of implementing smart city solutions

3 days ago

Andy Berke, mayor of Chattanooga, Tennessee, talks about balancing the political demand for short-term results with long-term goals.

New to iOS 11? Change these privacy and security settings right now

3 days ago

Before you do anything on your iPhone or iPad, you should lock it down. This is how you do it.

Siemens' New ICS/SCADA Security Service a Sign of the Times

3 days ago

Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.

Risks Limited With Latest Apache Bug Optionsbleed

3 days ago

The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.

Low-cost tools making cybercrime more accessible: SecureWorks

3 days ago

A report from the security vendor has said the increasing affordability of cybercrime tools is providing budding criminals with a low barrier of entry into the game.

New alliance advocates the blockchain to improve IoT security, trust

3 days ago

The Trusted IoT Alliance hopes to "set the standard" for IoT blockchain protocols worldwide.

How Apple's New Facial Recognition Technology Will Change Enterprise Security

3 days ago

Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

Hackers reveal leading enterprise security blind spots

3 days ago

Mobile devices and facial recognition software have made the list this year.

Double trouble: This ransomware campaign could infect your PC with two types of file-locking malware

3 days ago

Victims around the world hit by criminals who can switch the malicious payload of emails between Locky and FakeGlobal on a whim.

Apple's FaceID

3 days ago

This is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the ...

Enterprise IT security planning: Five ways to build a better strategy

3 days ago

Struggling to get the boss to take security seriously? Here are some pointers that can help the board get on-board.

Phishing: These are the days of the week when you're most at risk

3 days ago

Security threats vary by the day of the week, with more malicious software detected on Mondays.

Pirate Bay uses your PC to mine cryptocurrency in quest to become ad-free

3 days ago

Could CPU usage replace adverts in the future?

NBN Co gets more time to connect sensitive govt sites

3 days ago

Sites can also keep existing services intact longer.

EFF resigns from W3C in wake of EME DRM standardisation

3 days ago

Failure to protect researchers and abandonment of consensus has seen the digital rights organisation walk away from the W3C consortium.

How to use Let's Encrypt to secure your websites

3 days ago

Let's Encrypt is easy to use and free -- no wonder it's the most popular Certificate Authority for securing websites. Here's how you can use it.

Equifax Exec Departures Raise Questions About Responsibility for Breach

4 days ago

Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.

Avast CCleaner Compromised Amid Rise in Supply Chain Threats

4 days ago

Attackers somehow hacked the build system of Avast's CCleaner to deliver malware, potentially affecting millions of users.

Attackers Use Undocumented MS Office Feature to Leak System Profile Data

4 days ago

An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

Pirate Bay Spotted Hosting Monero Cryptocurrency Miner

4 days ago

A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.

As wearables have evolved to standalone IoT devices, security demands have changed too

4 days ago

Samsung's Eric McCarty on how the evolution of wearables has changed the security imperative.

The security factors behind AT&T's decision to deploy LTE-M

4 days ago

Chris Penrose, the president of IoT solutions at AT&T, explains how IoT network standards can influence security.

Equifax Hit with Lawsuit

4 days ago

Victims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.

How IOT network standards can influence security

4 days ago

Chris Penrose, president of IOT solutions at AT&T, explains the security factors that influenced AT&T's decision to deploy LTE-M networks.

So many bugs...

4 days ago

Posted by dave aitel on Sep 18Seriously - it is like the Cambrian explosion up in here. Every platform seems to have dissolved - be it Java, or Windows, or various forms of "Secure Computing" now protected by a combination of platitudes and useless aphori ...

HP's Aruba announces 360 Secure Fabric analytics security solution

4 days ago

Aruba says the new offering will simplify and improve enterprise security.

iOS 11 release date is tomorrow - Here's how to get your iPhone or iPad ready

4 days ago

Here's what you need to do to make sure that your upgrade goes smoothly and you don't lose any data.

To Be Ready for the Security Future, Pay Attention to the Security Past

4 days ago

It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.

Azure confidential computing: ​Microsoft boosts security for cloud data

4 days ago

Microsoft is rolling out new secure enclave technology for protecting data in use.

Why free VPNs are not a risk worth taking

4 days ago

Here's a question. If you're not paying for your VPN service, where is the provider getting the money to run it? The answer might cause you to lose some sleep.

Bluetooth Vulnerabilities

4 days ago

A bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. Th ...

Hackers hid malware in CCleaner PC tool for nearly a month

4 days ago

Popular utility from a company owned by Avast was compromised to spread malware to potentially millions of PCs.

Microsoft extends Office bug bounty program

4 days ago

The company is offering up to $15,000 per bounty.

BT launches Sydney cybersecurity centre

4 days ago

The BT cybersecurity R&D centre will provide more than 170 jobs across cybersecurity, machine learning, data analytics, big data engineering, cloud computing, and software engineering, the NSW government said.

APNIC-sponsored proposal could vastly improve DNS resilience against DDoS

4 days ago

Denial of service attacks can be reduced by replying to DNS requests with a huge range of nothing, and remembering it.

Fake Python packages proffered to programmers

4 days ago

Check package names carefully.

Security.txt standard may help researchers report flaws

4 days ago

Follows example of robots.txt.

Public, Hybrid Cloud Security Fears Abound

6 days ago

Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.

OurMine Claims Vevo Hack, Releases 3.12TB of Data

6 days ago

Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.

Equifax CIO, CSO Step Down

1 week ago

Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.

Equifax CIO, CSO step down

1 week ago

One week after revealing a massive data breach, Equifax announced two of its executives are "retiring," effective immediately.

Friday Squid Blogging: Using Squid Ink to Detect Gum Disease

1 week ago

A new dental imagery method, using squid ink, light, and ultrasound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

​Check Point's bogus Windows Subsystem for Linux attack

1 week ago

If you deliberately set out to make your Windows system open to attack via WSL, yes, you could be attacked by Bashware.

200K WordPress Sites Exposed to Rogue Version of ‘Display Widgets’

1 week ago

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.

Senators Propose US Elections Cybersecurity Commission

1 week ago

The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.

Google, Spotify Build Open-Source Community for GCP Security

1 week ago

Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.

Equifax: 400,000 UK consumers could be affected by data breach

1 week ago

'Process failure' led to UK data being held in US, company said.

How the evolution of wearables has changed security requirements

1 week ago

As wearables have evolved to standalone IOT devices, and as different enterprise use cases have emerged, security demands have changed, explains Samsung's Eric McCarty.

VMware Patches Bug That Allows Guest to Execute Code on Host

1 week ago

Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.