security.didici.cc
Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report
28 minutes ago
Satan Ransomware Variant Exploits 10 Server-Side Flaws
44 minutes agoWindows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
New Google+ Breach Will Lead to Early Service Shutdown
48 minutes agoA breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
Nice phone account you have there - shame if something were to happen to it. Samsung fixes ID-theft flaws
1 hour agoIf Artem Moskowsky owes you money, its a good time to ask A recently-patched set of flaws in Samsung's mobile site was leaving users open to account theft.…
Japan's top three telcos to exclude Huawei, ZTE network equipment -Kyodo
1 hour agoPlan not to use current equipment and upcoming 5G gear .
Google+ shutdown speeds up, new privacy bug affected 52.5 million users
1 hour agoAllowed partner apps to access its users' private data.
'Dr. Shifro' Prescribes Fake Ransomware Cure
2 hours agoA Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
US tech giants decry Australia’s ‘deeply flawed’ new anti-encryption law
2 hours agoA group of U.S. tech giants, including Apple, Google and Microsoft, have collectively denounced the new so-called “anti-encryption” law passed by the Australian parliament last week. The bill was passed less than a day after the ruling coalition gove ...
Google+ hit by second API bug impacting 52.5 million users
2 hours agoGoogle moves Google+ sunset date forward, from August 2019 to April 2019.
Google Accelerates Google+ Shutdown After New Bug Discovered
2 hours agoThe consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.
Sextortion Emails Force Payment via GandCrab Ransomware
3 hours agoEmails say they contain a link with screenshots of victims' compromising activity. In reality, the link executes ransomware.
Google+ security bug gave developers access to non-public data from 52.5M users
4 hours agoGoogle+ was a bit of a disaster for the company when it was still alive, and now that it’s walking dead, it’s becoming even more of a stone around its neck. After disclosing a major security bug in October that affected just under half a million users ...
Old-School Bagle Worm Spotted in Modern Spam Campaigns
4 hours agoBagle.A and Bagle.B date back to 2004.
Half of the Tor Project's funding now comes from the private sector
5 hours agoTor Project reports $4.2 million income in 2017, of which only 51 percent came from government funds.
Volkswagen Giveaway Scam Peddles Ad Networks
5 hours agoThe scam is spread via Facebook and WhatsApp messages.
6 Cloud Security Predictions for 2019
6 hours agoHow the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
2018 Annual Report from AI Now
6 hours agoThe research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.
These Hackers Are Using Android Surveillance Malware To Target Opponents Of The Syrian Government
6 hours ago
Market volatility: Fake news spooks trading algorithms
6 hours agoStock trading algorithms know how to read news headlines, but they don't know what's real.
6 CISO Resolutions for 2019
7 hours agoThe ultimate to-do list for ambitious security leaders.
Australian government’s former digital chief blasts its new encryption busting laws
8 hours agoCompares power grab to debunked WMD claims.
Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'
8 hours agoYeah, how about you work for us... Digital minister Margot James reckons Brits need to "get over" their concerns about privacy and cyber security and let the government assign them with ID cards.…
These hackers are using Android surveillance malware to target opponents of the Syrian government
10 hours agoSilverHawk hacking campaign uses fake versions of secure messaging apps like WhatsApp and Telegram to plant spyware on devices.
Android adware tricks ad networks into thinking it's an iPhone to make more money
16 hours agoNew Android adware discovered in 22 apps downloaded over two million times.
ACCC goes after Google, Facebook in the name of fake news and data transparency
17 hours agoThe consumer watchdog wants to protect the integrity of news content in Australia by holding digital giants accountable over what is available and shared on their platforms. It also wants regulation and transparency around how they collect and use data.
What's actually in Australia's encryption laws? Everything you need to know
18 hours agoThe controversial Assistance and Access Bill was 176 pages long, then 67 pages of amendments were rushed through in the final hours of debate. This is what we've ended up with.
Australia's encryption laws are a cyber cane toad: Husic
20 hours agoShadow Minister for the Digital Economy Ed Husic continues to state problems with the Bill his party rolled over on and passed.
Labor slams Commonwealth's visa privatisation plan
22 hours agoLabor announces 'fight' against the privatisation of Australian border control.
Cybercrime and malware, 2019 predictions
1 day agoExperts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.
Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix
1 day agoBug dealt with in Chrome and Edge, but still a problem for Firefox users.
'PowerSnitch' Hacks Androids via Power Banks
2 days agoResearcher demonstrates how attackers could steal data from smartphones while they charge up.
Bethesda blunders, IRS sounds the alarm, China ransomware, and more
2 days agoPlus, congress wants more cybersec training, better breach laws Roundup This week, we saw Linux get pwned, a teen hacker go down, and Julian Assange vowing to stay right where he is.…
Those annoying sextortion scams are redirecting users to ransomware now
2 days agoSextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.
In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes
2 days agoFirst proof-of-concept, SplitSpectre, requires fewer instructions in victim Analysis You've patched your Intel, AMD, Power, and Arm gear to crush those pesky data-leaking speculative execution processor bugs, right? Good, because IBM eggheads in Switzer ...
Identity stolen because of the Marriott breach? Come and claim your new passport
2 days agoIt's the least they could do. Really. The bare minimum Hotel-chain turned data faucet Marriott says it will help some customers cover the cost of replacing stolen documents.…
Senator blasts FTC for failing to crack down on Google's ad fraud problems
2 days agoUS Senator says Google is profiting off advertising fraud and has no interest in addressing it.
'Say hello to my little vacuum cleaner!' US drug squad puts spycams in cleaner's kit
2 days agoDEA gets down and dirty with new surveillance kit Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner.…
ThreatList: Gift Card-Themed BEC Holiday Scams Spike
2 days agoWatch out for emails about gift cards and corporate donations, researcher warn.
Problems with the Squid Emoji
2 days agoThe Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Criminals Use Locally Connected Devices to Attack, Loot Banks
3 days agoTens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Linux.org hacked and plastered with anti-transgender filth
3 days agoWeb admin blames public Whois and lack of 2FA Linux.org was hacked on Friday morning, with the hacker plastering the message "G3T 0WNED L1NUX N3RDZ" complete with expletives and a very NSFW image (a hairy asshole).…
'Simplify Everything': Google Talks Container Security in 2019
3 days agoGoogle Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
Here’s what caused yesterday’s O2 and SoftBank outages
3 days agoIt appears that most mobile carriers, including O2 and SoftBank, have recovered from yesterday’s cell phone network outage that was triggered by a shutdown of Ericsson equipment running on their networks. That shut down appears to have been triggered b ...
Australia Anti-Encryption Law Triggers Sweeping Backlash
3 days agoA newly-passed Australian law could allow the government to force tech companies to create backdoors in their products.
Iranian Nationals Charged for Atlanta Ransomware Attack
3 days agoThe March attack used SamSam ransomware to infect 3,789 computers.
DHS looking into tracking Monero and Zcash transactions
3 days agoDHS has had great success with tracking and analyzing Bitcoin transactions already. They are now looking for similar solutions for tracking "privacy coins."
TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns
3 days agoThreat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims.
Back Issues of the NSA's Cryptolog
3 days agoFive years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction.
Australia Passes Encryption-Breaking Laws
3 days ago
Someone Defaced Linux.org With Goatse
3 days ago
OpSec mistake brings down network of Dark Web money counterfeiter
3 days agoEuropean law enforcement conducts 300 house searches and makes 235 arrests.
Kubernetes Deployments Around the World Show Vulnerabilities
3 days agoKubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Banks Attacked through Malicious Hardware Connected to the Local Network
3 days agoKaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cyberth ...
Brit bomb hoax teen who fantasised about being a notorious hacker cops 3 years in jail
3 days agoSo much for the Apophis Squad's Twitter boasts A teenage bomb hoaxer from Watford who taunted the UK's National Crime Agency on Twitter while pretending to be a hacker crew called Apophis Squad has been jailed for three years.…
Using Fuzzing to Mine for Zero-Days
3 days agoInfosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today's security landscape.
Insider Threats & Insider Objections
3 days agoThe 'tyranny of the urgent' and three other reasons why it's hard for CISOs to establish a robust insider threat prevention program.
Microsoft Calls For Facial Recognition Tech Regulation
3 days agoMicrosoft and the AI Now Institute are both calling for regulation as facial recognition software picks up popularity.
Marriott to reimburse some guests for new passports after massive data breach
3 days agoHotel chain responds to US senator. Says it will foot the bill for some users' passport replacement costs.
Microsoft: Here's why we need AI facial-recognition laws right now
3 days agoMicrosoft wants new laws to put some constraints on the use and development of facial recognition.
UK Supreme Court considers whether spy court should be immune to legal probes
3 days agoPrivacy International lays out its case to El Reg The UK's highest court has this week heard arguments in Privacy International's long-running attempt to challenge decisions made by Britain's shadowy spying oversight court, the Investigatory Powers Tribun ...
The Technology 202: More than 200 companies are calling for a national privacy law. Here's an inside look at their proposal.
3 days agoPosted by InfoSec News on Dec 07https://www.washingtonp
ost.com/news/powerpost/pa
loma/the-technology-202/2
018/12/06/the-technology-
202-more-than-200-compani
es-are-calling-for-a-nati
onal-privacy-law-here-s-a
n-inside-look-at-their-pr
oposal/5c0819be1b326b60d1 ...
Eastern European banks lose tens of millions of dollars in Hollywood-style hacks
3 days agoPosted by InfoSec News on Dec 07https://www.zdnet.com/a
rticle/eastern-european-b
anks-lose-tens-of-million
s-of-dollars-in-hollywood
-style-hacks/
By Catalin Cimpanu
Zero Day
ZDNet
December 7, 2018
Cyber-criminal gangs are believed to have stolen tens of mil ...
Senators Introduce Bill to Let Hackers Reports Bugs to DHS
3 days agoPosted by InfoSec News on Dec 07https://www.nextgov.com
/cybersecurity/2018/12/se
nators-introduce-bill-let
-hackers-reports-bugs-dhs
/153337/
By Heather Kuldell
Managing Editor
Nextgov
12/06/2018
A bipartisan pair of senators introduced a bill that would req ...
Claiming 'hacking' of network, Lebanon condemns IDF warnings to its civilians
3 days agoPosted by InfoSec News on Dec 07https://www.timesofisra
el.com/claiming-hacking-o
f-network-lebanon-condemn
s-idf-warnings-to-its-civ
ilians/
By TOI Staff
The Times of Israel
December 7, 2018
Lebanon's ambassador to the United Nations on Thursday accused Isra ...
22 apps with 2 million+ Google Play downloads had a malicious backdoor
3 days agoPosted by InfoSec News on Dec 07https://arstechnica.com
/information-technology/2
018/12/google-play-ejects
-22-backdoored-apps-with-
2-million-downloads/
By Dan Goodin
Ars Technica
December 6, 2018
Almost two dozen apps with more than 2 million downloads hav ...
Google, Apple, Facebook face world-first encryption laws in Australia
3 days agoPosted by InfoSec News on Dec 07https://www.cnet.com/ne
ws/australia-passes-encry
ption-assistance-access-l
aws-facebook-google-twitt
er-apple-amazon/
By Claire Reilly
CNet News
December 6, 2018
Australia passed new laws that allow law enforcement to access e ...
Japan government to halt buying Huawei, ZTE equipment: sources
3 days agoPosted by InfoSec News on Dec 07https://www.reuters.com
/article/us-japan-china-h
uawei/japan-to-ban-huawei
-zte-from-government-cont
racts-sources-idUSKBN1O60
0X
By Yoshiyasu Shida, Yoshifumi Takemoto
Reuters.com
12/0
6/2018
TOKYO (Reuters) - Japan plans to ba ...
Japan looking at banning Huawei and ZTE from government deals
3 days agoLand of the Rising Sun could be the next nation to exclude Chinese telco vendors.
Microsoft adopts ethical principles aiming to bar misuse of face recognition technology
3 days agoBans use for unlawful discrimination.
Stop making cyber security so boring, difficult and inaccessible: ANZ CISO
3 days ago“Complex language which scares people…”
Stop making cyber security so scary, difficult and inaccessible: ANZ CISO
3 days agoComplex language frightens.
Eastern European banks lose tens of millions of dollars in Hollywood-style hacks
3 days agoCybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.
Industrial espionage fears arise over Chrome extension caught stealing browsing history
3 days agoCompany test runs own traffic analysis service and finds malicious Chrome extension in its own backyard. Ooops!
Shorten defends process of passing encryption laws and reviewing later
3 days agoOpposition leader Bill Shorten has said he will take half a win.
Trudeau denies involvement in Huawei arrest
3 days agoThe Canadian government was given a few days' notice of the imminent arrest of Huawei's CFO on behalf of US authorities, with Wanzhou Meng facing a bail hearing on Friday.
Kubernetes Vulnerability Hits Top of Severity Scale
3 days agoThe security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
Adobe Flash Zero-Day Spreads via Office Docs
4 days agoAdobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
Clues in Marriott hack implicate China
4 days agoGovernment intelligence gathering operation.
Arrest of Huawei 'heiress' throws rare spotlight on family
4 days agoA mysterious figure even in her home country.
US probe of China's Huawei includes bank fraud accusations
4 days agoAlleged scheme to use global banking system to evade US sanctions.
ESET Discovers 21 New Linux Malware Variants
4 days ago
Bringing Compliance into the SecDevOps Process
4 days agoApplication security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
Infected WordPress Sites Are Attacking Other WordPress Sites
4 days agoResearchers identified a widespread campaign of brute force attacks against WordPress websites.
Apple Issues 13 Security Fixes
4 days agoSoftware updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
Apple Issues Security Fixes Across Mac, iOS
4 days agoSoftware updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
55% of Companies Don't Offer Mandatory Security Awareness Training
4 days agoEven those that provide employee training do so sparingly, a new study finds.
7 Common Breach Disclosure Mistakes
4 days agoHow you report a data breach can have a big impact on its fallout.
Evidence in Starwood/Marriott Breach May Point to China
4 days agoAttackers used methods, tools previously used by known Chinese hackers.
Boosting SOC IQ Levels with Knowledge Transfer
4 days agoDespite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.
Facebook Defends Data Policies On Heels of Incriminating Internal Docs
4 days agoThe company allegedly tried to hide away new policy changes that would collect Android app users' call and message logs.
Too little, too late? Should we be faster to point the finger of blame at cyber attackers?
4 days agoNations need to come together to condemn hostile cyber activity much sooner, says former Foreign Secretary of Estonia.
ESET discovers 21 new Linux malware families
4 days agoAll malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.
UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved'...
4 days agoAdmit they are upping their use of mass snooping UK spies are planning to increase their use of bulk equipment interference, as the range of encrypted hardware and software applications they can't tap into increases.…
Your Personal Data is Already Stolen
4 days agoIn an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may ...
Apple killing off web passwords? Safari trials WebAuthn logins on macOS
4 days agoSafari could join Firefox, Chrome, and Edge support for Web Authentication.
Windows 10 security question: How do miscreants use these for post-hack persistence?
4 days agoInfosec duo worked out how to remotely set their own answers Black Hat Crafty infosec researchers have figured out how to remotely set answers to Windows 10’s password reset questions “without even executing code on the targeted machine”.…
VPN services 2018: The ultimate guide to protecting your data on the internet
4 days agoWhether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.
The best VPN services: Our 10 favorite vendors for protecting your privacy
4 days agoWhether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet. One of these could be your best bet.
More data joy: Email scammers are buying marks' info from legit biz intelligence firms
4 days agoLondon Blue gang probably has your firm's org chart Black Hat A Nigerian email scammer gang has evolved to the point where it has corporate-style specialist departments and uses commercial business intelligence data brokers to help plan its attacks.…
TSA Unveils Cybersecurity Roadmap
4 days agoPosted by InfoSec News on Dec 06https://www.nextgov.com
/cybersecurity/2018/12/ts
a-unveils-cybersecurity-r
oadmap/153295/
By Frank Konkel
Executive Editor
Nextgov
12/05/2018
The Transportation Security Administration this week released a
cybersecurity road ...
Marriott CFO Says Too Early to Estimate Cyber Breach Costs
4 days agoPosted by InfoSec News on Dec 06https://www.insurancejo
urnal.com/news/national/2
018/12/05/511070.htm
By Patrick Clark
Insurance Journal
December 5, 2018
It's too soon for Marriott International Inc. to estimate the cost of the
massive cyber breach that t ...
Exclusive: Emails of top NRCC officials stolen in major 2018 hack
4 days agoPosted by InfoSec News on Dec 06https://www.politico.co
m/story/2018/12/04/exclus
ive-emails-of-top-nrcc-of
ficials-stolen-in-major-2
018-hack-1043309
By Alex Isenstadt and John Bresnahan
POLITICO
12/04/
2018
The House GOP campaign arm suffered a major hack du ...
Australia gets world-first encryption busting laws
4 days agoLabor passes bill without changes it claimed were needed.
Brits' DNA data sent to military base after 'foreign' hack attacks – report
4 days ago100,000 Genomes Project is secure, insists chair An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire.…
Australia now has encryption-busting laws as Labor capitulates
4 days agoSo-called protections in the Bill are necessary, Opposition leader Bill Shorten has said.
Pencil manufacturers rejoice: Oz government doesn't like e-voting
4 days agoPaper's safer, says parliamentary committee An Australian parliamentary committee has nixed the idea of internet voting for federal elections Down Under, for now.…
Google kills off Allo to focus on Messages
4 days agoGoogle has said it will bring all of Allo's best features to Messages, with the former to be killed off in March 2019.
Twelve US states join for the first time to file multistate data breach lawsuit
4 days agoLawsuit details a long list of security fails on MIE's part.
Huawei chief financial officer arrested in Vancouver
4 days agoFaces extradition to the US over Iran sanctions busting allegations.
Govt to green-light 'selectively' targeted vulnerabilities
4 days agoUnder its encryption bill.
It's December 2018, and your Mac's kernel can be pwned by a rogue app
4 days agoApple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of updates for its Mac and iOS platforms.…
It's December 2018, and a rogue application can tell your Apple Mac: I'm your El Capitan now
4 days agoApple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of security updates for its Mac and iOS software.…
Huawei CFO reportedly arrested in Canada for breaking US-Iran trade sanctions
4 days agoHuawei's chief financial officer has reportedly been arrested in Vancouver and is facing extradition to the US over allegations of violating trade sanctions with Iran.
BT avoids Huawei for 5G after stripping tech from EE mobile network
4 days agoBT is removing Huawei equipment from its mobile carrier EE's existing 3G and 4G LTE networks, saying it will also not use the Chinese tech giant for its upcoming 5G network deployment.
Symantec Intros USB Scanning Tool for ICS Operators
4 days agoICSP Neural is designed to address USB-borne malware threats security.
A botnet of over 20,000 WordPress sites is attacking other WordPress sites
4 days agoBotnet is still up and running but law enforcement has been notified.
Boffins confirm AI GAN see through your text CAPTCHA test
4 days agoAttack bots unleashed as major sites left wide open to abuse If you're one of those people who hates picking out cars, street signs and other objects in CAPTCHA image grids, then get used to it because the days of text-based alternatives are numbered.…
Toyota Builds Open-Source Car-Hacking Tool
5 days ago'PASTA' testing platform specs will be shared via open-source.
Flash zero-day... leveraging ActiveX…embedded in Office Doc...BINGO!
5 days agoIt's like a greatest hits album of terrible security policies Stop us if you've heard this one: A Flash zero-day vulnerability is being actively targeted in the wild.…
White House Facial Recognition Pilot Raises Privacy Alarms
5 days agoThe facial recognition pilot will identify “subjects of interest" around the White House.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
5 days agoGetting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Starwood Breach Reaction Focuses on 4-Year Dwell
5 days agoThe unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
BeatStars discloses security breach in Twitter live stream
5 days agoBeatStars website mass-defaced after hacker intrusion. Website back up and running again.
Google's Cloud Security Command Center gets beta release
5 days agoCloud Security Command Center is Google's dashboard for assessing and remediating security risks in a GCP environment.
Google Cloud Security Command Center Now in Beta
5 days agoThe beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
Republican Committee Email Hacked During Midterms
5 days agoThe National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
5 days agoNew research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy
5 days agoNations must band together to face nation-state cyberattack threats, said Marina Kaljurand.
Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
5 days agoAdobe issued a patch for the zero-day on Wednesday.
Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments
5 days agoHackers can steal data, sabotage cloud deployments and more.
The Case for a Human Security Officer
5 days agoWanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.