security.didici.cc
Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket
4 hours agoVerizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.
Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry
4 hours agoThe Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
EternalBlue Exploit Used in Retefe Banking Trojan Campaign
5 hours agoBanking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.
1.4 Million New Phishing Sites Launched Each Month
6 hours agoThe number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
New Verizon leak exposed confidential data on internal systems
6 hours agoDozens of documents reveal detailed maps and configurations of internal Verizon servers.
2016 SEC Hack May Have Benefited Insider Trading
8 hours agoThe U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.
Samba Update Patches Two SMB-Related MiTM Bugs
8 hours agoSamba released three security updates, including two related to SMB connections that could be abused by an attacker already on the network to hijack connections and manipulate traffic or data sent from a client.
Americans Rank Criminal Hacking as Their Number One Threat
8 hours agoGlobal warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
9 hours agoWhy healthcare organizations need a good strategy to find talent, or get left behind.
10 Security Product Flaw Scares
9 hours agoCCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.
What’s New In Android 8.0 Oreo Security
9 hours agoGoogle’s Android security team has turned a corner with 8.0 Oreo, reducing the attack surface, compartmentalizing components and beefing up protection against rogue apps.
1.4 million phishing websites are created every month: Here's who the scammers are pretending to be
10 hours agoCriminals are replacing phishing websites every few hours in order to avoid detection - thus allowing them to scam more victims out of personal data
Where Do Security Vulnerabilities Come From?
10 hours agoThere are three major causes: code quality, complexity, and trusted data inputs.
Threatpost News Wrap, September 24, 207
10 hours agoThe Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.
Threatpost News Wrap, September 22, 2017
10 hours agoThe Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.
This new app can detect wireless credit card skimmers at gas pumps
11 hours agoCredit card skimmers are getting more advanced - but that's making them easier to detect.
Boston Red Sox Caught Using Technology to Steal Signs
12 hours agoThe Boston Red Sox admitted to eavesdropping on the communications channel between catcher and pitcher. Stealing signs is believed to be particularly effective when there is a runner on second base who can both watch what hand signals the catcher is usin ...
Google's Project Zero fuzzed top browsers for bugs: Safari users won't like the results
13 hours agoGoogle's Project Zero releases the open-source tool it used to find new bugs in major browsers.
ISP involvement suspected in latest FinFisher gov't spyware campaign
13 hours agoISPs in a number of countries are under suspicion for distributing the malware to government targets.
Joomla patches eight-year-old critical CMS bug
15 hours agoThe flaw could be exploited to steal administrator account details and hijack websites.
Govt, industry invest $140m for cybersecurity CRC
16 hours agoEnterprise-focused, industry-led.
Australian government trying to weed out the 'murky' areas of cyber insurance
18 hours agoBefore organisations in the country can head down the path of insuring against cyber incidents, the federal government needs to set the agenda, a senior government cyber adviser has said.
Australian government pledges AU$50m for cybersecurity research centre
19 hours agoThe seven-year investment will see the launch of a cybersecurity cooperative research centre to deliver solutions that increase the security of critical infrastructure in Australia.
Tabcorp working with Telstra on security for gaming
20 hours agoTelstra's new cybersecurity centres and services allow Tabcorp to better balance maintaining the security of customer data with its own drive for digital transformation, the gaming company has said.
OAIC investigating data leak in Qld, NT
22 hours agoAbout 4000 people impacted.
OAIC investigates defunct firm's data leak in Qld, NT
22 hours agoAbout 4000 people impacted.
Avast-spread CCleaner malware targeted tech companies
1 day agoCisco, Intel, Microsoft, Samsung, Vodafone on hit list.
Tech industry must secure against 'unintended consequences': Elop
1 day agoIntentionality, creativity, and leadership is the only way the tech industry can protect the world against the 'perils of unintended consequences', Telstra head of Innovation Stephen Elop has said.
Facebook to turn over Russian-linked ads to Congress
1 day agoCEO Mark Zuckerberg outlined several ways the social networking giant plans to tackle online interference in elections, including changes to its ad buying policies.
SEC Says Intruders May Have Accessed Insider Data for Illegal Trading
1 day ago2016 breach of the Securities and Exchange Commission's EDGAR database dents its reputation as a federal cybersecurity enforcer.
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
1 day agoThe backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.
Iranian APT33 Targets US Firms with Destructive Malware
1 day agoAPT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill.
Joomla Patches Eight-Year-Old LDAP Injection Vulnerability
1 day agoJoomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.
Bigger than WannaCry: A giant cyber attack will happen unless we rethink security, says GCHQ
1 day agoA huge attack which makes WannaCry look like small fry will occur in the not to distant future - unless something changes.
Why Size Doesn't Matter in DDoS Attacks
1 day agoCompanies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
1 day agoBut small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
1 day agoA judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.
SEC admits data breach, suggests illicit trading was key
1 day agoThe commission says that "illicit gain through trading" may have been the key motivator.
ISO Rejects NSA Encryption Algorithms
1 day agoThe ISO has decided not to approve two NSA-designed block encryption algorithms: Speck and Simon. It's because the NSA is not trusted to put security ahead of surveillance: A number of them voiced their distrust in emails to one another, seen by Reuters, ...
iOS 11's Control Center may say Bluetooth, Wi-Fi are off, but that's just not true
1 day agoFor Handoff's sake, no doesn't mean no in iOS 11.
CCleaner malware operators targeted tech firms including Cisco, Microsoft, Samsung
1 day agoIt is believed the threat actor behind the campaign is after intellectual property.
NSA backs down in encryption row
1 day agoAfter pressure from distrustful US allies.
Hackers breached SEC's financial filing system
1 day agoMay have profited by accessing non-public documents.
OAIC and Data61 offer up data de-identification framework
1 day agoThe Office of the Australian Information Commissioner and Data61 have released a guide to assist organisations to appropriately de-identify data to meet requirements such as those mandated under the Privacy Act.
NotPetya Cost TNT At Least $300 Million
1 day ago
TNT Express pegs Petya losses at $374m
1 day agoIT systems 'substantially' restored after June attack.
Australia looks to deny encryption to terrorists
1 day agoAustralia Foreign Minister Julie Bishop has used a United Nations speech to thank Facebook, Microsoft, Twitter, Google, and YouTube for their help in identifying terrorists online.
Iranian Cyberspy Group Targets Aerospace, Energy Firms
2 days agoAPT33 focused on gathering information to bolster Iran's aviation industry and military decision-making capability, FireEye says.
Cisco SMI Still Exposing Network Switches Online
2 days agoThe high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.
Mobile Ransomware Hits Browsers with Old-School Techniques
2 days agoSeveral types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.
FireEye identifies alleged Iran govt-linked hacking group
2 days agoAPT33 left tracks in malware launched at aviation, energy firms.
Artificial Intelligence: Getting the Results You Want
2 days agoFinding a vendor that doesn't claim to do AI is hard these days. But getting the benefits you need and expect is even harder.
Unisys: Micro-segmentation and AI in the security wake of Equifax
2 days agoThe Chief Trust Officer of Unisys explains what business leaders and technologists need to know about next-generation network security practices. Read carefully to protect your organization.
What’s Triggers HTTPS Chrome Browser Warnings?
2 days agoResearchers combed through 2,000 Chrome error reports to better classify HTTPS error warnings.
Software Assurance: Thinking Back, Looking Forward
2 days agoTen personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
Malware Steals Data From Air-Gapped Network via Security Cameras
2 days agoProof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.
Deep-Learning PassGAN Tool Improve Password Guessing
2 days agoA deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.
Deep-Learning PassGAN Tool Improves Password Guessing
2 days agoA deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.
NotPetya cyber attack on TNT Express cost FedEx $300m
2 days agoFalling victim to global ransomware attack "posed significant operational challenges", the company says in its latest financial report.
Black Hat Europe 2017: First Briefings Announced
2 days agoWe are pleased to announce the first Briefings selected for presentation at Black Hat Europe 2017!
SecureAuth to Merge with Core Security
2 days agoK1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
Kaspersky Lab secures contract with Brazilian Armed Forces
2 days agoThe Russian firm won a tender to supply cybersecurity tools to the three military organizations in the Latin American country.
Ransomware and cyber-attacks: We need a defence plan, says Europe
2 days agoThe EU sets out a strategy to improve its cyber-defences against criminals and nation states.
Get Serious about IoT Security
2 days agoThese four best practices will help safeguard your organization in the Internet of Things.
1.9 Billion Data Records Exposed in First Half of 2017
2 days agoEvery second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.
Too noisy, low-level and unethical: Why some cybercriminals hate ransomware
2 days ago"We are digging our own grave," warn some online criminals who are worried how high-profile ransomware attacks like WannaCry are boosting awareness and cyber security knowledge.
10 Hot Cybersecurity Funding Rounds in Q3
2 days agoThe first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
IT admin sentenced after blackmailing business, redirecting website to porn
2 days agoThe admin demanded $10,000 from a company after sabotaging their website.
iOS 11 upgrade tips: Here's how to get your iPhone or iPad ready
2 days agoHere's what you need to do to make sure that your upgrade goes smoothly and you don't lose any data.
What the NSA Collects via 702
2 days agoNew York Times reporter Charlie Savage writes about some bad statistics we're all using: Among surveillance legal policy specialists, it is common to cite a set of statistics from an October 2011 opinion by Judge John Bates, then of the FISA Court, about ...
Cloud-Focused Firms Earn High Marks for Software Security in BSIMM8 Report
2 days agoBusinesses that are cloud-focused tend to run the most secure software, while the healthcare sector is struggling the most when it comes to accomplishing the same goal, according to the BSIMM8 Report.
CCTV cameras enslaved to infiltrate air-gap networks
2 days agoSurveillance camera lighting systems can create a web of light for leaking and extracting data from networks.
Telstra spending 'a lot of time on 5G': Penn
2 days agoTelstra's 5G NR trials with Ericsson and Qualcomm are going well, Telstra CEO Andy Penn has said, with Telstra to host a 3GPP standards meeting in a year after a live trial of its 5G network in April.
Apache patches 'OptionsBleed' web server info leak bug
3 days agoHeartbleed-like but not as serious.
iOS 11 Update includes Patches for Eight Vulnerabilities
3 days agoApple released a number of patches, including a security update for iOS 11, which is available today.
Viacom left keys to its kingdom exposed on AWS
3 days agoCredentials leak could have seen media company hijacked.
Avast-Owned Piriform Releases CCleaner Security Update
3 days agoThe Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.
New Spam Campaign Literally Doubles Down on Ransomware
3 days agoAn upgraded spam campaign alternates Locky and FakeGlobe ransomware, forcing victims to pay twice or lose all their data.
Twitter suspends 299,000 accounts linked to terrorism in past six month
3 days agoThe company said 75 percent of the infringing accounts were suspended before their first tweet.
Equifax lesson: It's time for tougher rules, regulations, fines to combat breaches
3 days agoCan oversight and stiff punishments spur enterprises to prioritize cybersecurity and secure their data?
GDPR & the Rise of the Automated Data Protection Officer
3 days agoCan artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Viacom's Secret Cloud Keys Exposed
3 days agoThe entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Equifax Suffered Earlier Breach in March
3 days agoEquifax suffered another breach of its systems, back in March, the company revealed Monday.
The political challenges of implementing smart city solutions
3 days agoAndy Berke, mayor of Chattanooga, Tennessee, talks about balancing the political demand for short-term results with long-term goals.
New to iOS 11? Change these privacy and security settings right now
3 days agoBefore you do anything on your iPhone or iPad, you should lock it down. This is how you do it.
Siemens' New ICS/SCADA Security Service a Sign of the Times
3 days agoMajor ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
Risks Limited With Latest Apache Bug Optionsbleed
3 days agoThe risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.
Low-cost tools making cybercrime more accessible: SecureWorks
3 days agoA report from the security vendor has said the increasing affordability of cybercrime tools is providing budding criminals with a low barrier of entry into the game.
New alliance advocates the blockchain to improve IoT security, trust
3 days agoThe Trusted IoT Alliance hopes to "set the standard" for IoT blockchain protocols worldwide.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
3 days agoExpect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Hackers reveal leading enterprise security blind spots
3 days agoMobile devices and facial recognition software have made the list this year.
Double trouble: This ransomware campaign could infect your PC with two types of file-locking malware
3 days agoVictims around the world hit by criminals who can switch the malicious payload of emails between Locky and FakeGlobal on a whim.
Apple's FaceID
3 days agoThis is a good interview with Apple's SVP of Software Engineering about FaceID. Honestly, I don't know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can't be hacked with fake faces. I dislike the ...
Enterprise IT security planning: Five ways to build a better strategy
3 days agoStruggling to get the boss to take security seriously? Here are some pointers that can help the board get on-board.
Phishing: These are the days of the week when you're most at risk
3 days agoSecurity threats vary by the day of the week, with more malicious software detected on Mondays.
Pirate Bay uses your PC to mine cryptocurrency in quest to become ad-free
3 days agoCould CPU usage replace adverts in the future?
NBN Co gets more time to connect sensitive govt sites
3 days agoSites can also keep existing services intact longer.
EFF resigns from W3C in wake of EME DRM standardisation
3 days agoFailure to protect researchers and abandonment of consensus has seen the digital rights organisation walk away from the W3C consortium.
China Cracks Down On Bitcoin
3 days ago
400,000 Brits Caught Up In Equifax Breach
3 days ago
Piriform's CCleaner Found Backdoored
3 days ago
How to use Let's Encrypt to secure your websites
3 days agoLet's Encrypt is easy to use and free -- no wonder it's the most popular Certificate Authority for securing websites. Here's how you can use it.
Equifax Exec Departures Raise Questions About Responsibility for Breach
4 days agoDisclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.
Avast CCleaner Compromised Amid Rise in Supply Chain Threats
4 days agoAttackers somehow hacked the build system of Avast's CCleaner to deliver malware, potentially affecting millions of users.
Attackers Use Undocumented MS Office Feature to Leak System Profile Data
4 days agoAn undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.
Security vendor Avast distributed malware-infested utility
4 days agoCCleaner 5.33 hacked.
Pirate Bay Spotted Hosting Monero Cryptocurrency Miner
4 days agoA cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.
As wearables have evolved to standalone IoT devices, security demands have changed too
4 days agoSamsung's Eric McCarty on how the evolution of wearables has changed the security imperative.
The security factors behind AT&T's decision to deploy LTE-M
4 days agoChris Penrose, the president of IoT solutions at AT&T, explains how IoT network standards can influence security.
Equifax Hit with Lawsuit
4 days agoVictims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.
How IOT network standards can influence security
4 days agoChris Penrose, president of IOT solutions at AT&T, explains the security factors that influenced AT&T's decision to deploy LTE-M networks.
So many bugs...
4 days agoPosted by dave aitel on Sep 18Seriously - it is like the Cambrian explosion up in here. Every platform seems to have dissolved - be it Java, or Windows, or various forms of "Secure Computing" now protected by a combination of platitudes and useless aphori ...
HP's Aruba announces 360 Secure Fabric analytics security solution
4 days agoAruba says the new offering will simplify and improve enterprise security.
iOS 11 release date is tomorrow - Here's how to get your iPhone or iPad ready
4 days agoHere's what you need to do to make sure that your upgrade goes smoothly and you don't lose any data.
To Be Ready for the Security Future, Pay Attention to the Security Past
4 days agoIt's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Azure confidential computing: Microsoft boosts security for cloud data
4 days agoMicrosoft is rolling out new secure enclave technology for protecting data in use.
Why free VPNs are not a risk worth taking
4 days agoHere's a question. If you're not paying for your VPN service, where is the provider getting the money to run it? The answer might cause you to lose some sleep.
Bluetooth Vulnerabilities
4 days agoA bunch of Bluetooth vulnerabilities are being reported, some pretty nasty. BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. Th ...
Hackers hid malware in CCleaner PC tool for nearly a month
4 days agoPopular utility from a company owned by Avast was compromised to spread malware to potentially millions of PCs.
Microsoft extends Office bug bounty program
4 days agoThe company is offering up to $15,000 per bounty.
BT launches Sydney cybersecurity centre
4 days agoThe BT cybersecurity R&D centre will provide more than 170 jobs across cybersecurity, machine learning, data analytics, big data engineering, cloud computing, and software engineering, the NSW government said.
APNIC-sponsored proposal could vastly improve DNS resilience against DDoS
4 days agoDenial of service attacks can be reduced by replying to DNS requests with a huge range of nothing, and remembering it.
Fake Python packages proffered to programmers
4 days agoCheck package names carefully.
Security.txt standard may help researchers report flaws
4 days agoFollows example of robots.txt.
Equifax's top tech execs leave 'effective immediately'
5 days agoCIO and CSO gone.
The NSA's 12-Year Struggle To Follow The Law
5 days ago
Public, Hybrid Cloud Security Fears Abound
6 days agoMost CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
OurMine Claims Vevo Hack, Releases 3.12TB of Data
6 days agoGroup known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.
Equifax CIO, CSO Step Down
1 week agoEmbattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.
Equifax CIO, CSO step down
1 week agoOne week after revealing a massive data breach, Equifax announced two of its executives are "retiring," effective immediately.
Friday Squid Blogging: Using Squid Ink to Detect Gum Disease
1 week agoA new dental imagery method, using squid ink, light, and ultrasound. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
Check Point's bogus Windows Subsystem for Linux attack
1 week agoIf you deliberately set out to make your Windows system open to attack via WSL, yes, you could be attacked by Bashware.
200K WordPress Sites Exposed to Rogue Version of ‘Display Widgets’
1 week agoA rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.
Senators Propose US Elections Cybersecurity Commission
1 week agoThe proposed commission would aim to review the 2016 election process and safeguard future elections from interference.
Google, Spotify Build Open-Source Community for GCP Security
1 week agoGoogle and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
Equifax: 400,000 UK consumers could be affected by data breach
1 week ago'Process failure' led to UK data being held in US, company said.
How the evolution of wearables has changed security requirements
1 week agoAs wearables have evolved to standalone IOT devices, and as different enterprise use cases have emerged, security demands have changed, explains Samsung's Eric McCarty.
VMware Patches Bug That Allows Guest to Execute Code on Host
1 week agoUsers who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.
Chrome To Label FTP Sites Insecure
1 week ago