security.didici.cc

Freelancer.com alerts users to recycled compromised credentials in its database

3 hours ago

The online marketplace told users it detected login credentials matching its customers in a publicly accessible database.

Symantec distrust to begin in Chrome from April 2018

4 hours ago

Google's browser will start the process of removing trust from old Symantec TLS certificates in Chrome 66.

Broadpwn flaw allows for remote takeover of smartphones

6 hours ago

Makes self-propagating malware possible.

The Lazy Habits of Phishing Attackers

6 hours ago

Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.

Researchers Release Free Tool to Analyze ICS Malware

6 hours ago

CrashOverride/Industroyer malware used against Ukraine's power grid the inspiration for the reverse-engineering tool.

Singapore should not criminalise good intent to encourage data sharing in cybersecurity

7 hours ago

People who fear prosecution may be less willing to share threat information, which is vital in fending off attacks, and Singapore government should clearly define its proposed mandate for companies to report data breaches within 72 hours.

​US male arrested for string of DDoS attacks against Australia, North America

7 hours ago

The two-and-a-half year cross-border investigation has ended with the arrest of an Iranian-born male in the United States.

Broadcom Chipset Bug in Android and iOS Smartphones Allows Remote Attack

8 hours ago

Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.

Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack

8 hours ago

Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.

Inside the Investigation and Trial of Roman Seleznev

8 hours ago

The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.

Attack Uses Docker Containers To Hide, Persist, Plant Malware

9 hours ago

Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.

Police arrest alleged perpetrator of Fairfax DDoS

9 hours ago

Joint effort nabs Seattle resident.

Man arrested over DDoS attacks on Aussie businesses

9 hours ago

Joint effort nabs Seattle resident.

Get Ready for the 2038 'Epocholypse' (and Worse)!

10 hours ago

A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.

Easily guessed password led to downfall of Russian cybercriminal

11 hours ago

Bad opsec sends empire crashing.

ShadowBrokers Remain an Enigma

13 hours ago

As we approach the first anniversary of the ShadowBrokers, their true identity and source of their stolen NSA exploits remains a mystery.

Virgin America says a hacker broke into its network, forced staff to change passwords

13 hours ago

The attack happened days before the company was to be acquired by Alaska Air.

Google Study Quantifies Ransomware Profits

16 hours ago

A ransomware study released Google revealed the malware earned criminals $25 million over the past two years.

How these fake Facebook and LinkedIn profiles tricked people into friending state-backed hackers

16 hours ago

A hacking operation used photos from an unsuspecting victim's Instagram account as the lure in a campaign that lasted well over a year.

How to Build a Path Toward Diversity in Information Security

17 hours ago

Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.

The Right to Be Forgotten & the New Era of Personal Data Rights

18 hours ago

Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.

APT Group Uses Catfish Technique To Ensnare Victims

18 hours ago

APT Cobalt Gypsy or OilRig, used a fake persona called "Mia Ash" to ensnare tech-savvy workers in the oil and gas industry into downloading PupyRAT malware.

Can Your Risk Assessment Stand Up Under Scrutiny?

19 hours ago

Weak risk assessments have gotten a pass up until now, but that may be changing.

Can Your Risk Assessment Stand Up Under Scrutiny?

19 hours ago

Weak risk assessments have gotten a pass up until now, but that may be changing.

Downtime from Ransomware More Lethal to Small Businesses Than the Ransom

20 hours ago

New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.

This Android spyware can record calls, take screenshots and video, targets Gmail, LinkedIn, Snapchat data

21 hours ago

Google uncovers espionage conducting malware which monitors and steals information about the target - including emails, messages and calls.

No More Ransom project helps thousands of ransomware victims

21 hours ago

After only a year, the initiative has unlocked thousands of devices, but there is more work to do.

Firing a Locked Smart Gun

21 hours ago

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable.

​Google's Trusted Contacts safety app is now available for iOS

21 hours ago

Google updates Trusted Contacts with more control over location sharing.

13 technologies that are safer than passwords

21 hours ago

Vein scans, eye scans, fingerprint scans and more up the security game

Russian Bitcoin exchange chief arrested in connection to Mt. Gox 'hack'

21 hours ago

The Mt. Gox hack which left thousands of investors out of pocket may have connections to Russia.

Microsoft adds Windows bounty program that tops out at $250,000

1 day ago

Gaining remote code execution in Hyper-V will see researchers earn a quarter of a million dollars.

How Attackers Use Machine Learning to Predict BEC Success

1 day ago

Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.

Android Sypware Still Collects PII Despite Outcry

1 day ago

Spyware called Adups found on millions of low-end phones is still collecting personal identifiable information of users despite public outcry.

Vulnerable Radiation Monitoring Devices Won’t Be Patched

1 day ago

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Adobe's Move to Kill Flash Is Good for Security

1 day ago

In recent years, Flash became one of the buggiest widely used apps out there.

FBI Talks Avalanche Botnet Takedown

1 day ago

FBI unit chief Tom Grasso explains the takedown of Avalanche and how the agency approaches botnet infrastructures.

Facebook Security Boss: Empathy, Inclusion Must Come to Security

1 day ago

At Black Hat, Facebook CSO Alex Stamos' keynote message was one of bringing empathy and inclusion to security, and that it's time to stop being insular.

Hacking the Wind

1 day ago

A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.

The Wild West of Security Post-Secondary Education

1 day ago

Black Hat researchers will show how inconsistent security schooling is at the university level.

Security flaw in 3G, 4G LTE networks lets hackers track phone locations

1 day ago

The researchers say "very little" can be done to prevent stingray-style surveillance attacks.

Fictions we are not maniacal about.

1 day ago

Posted by dave aitel on Jul 26Ok, so not to draw a contrast to today's events with regards to the US Military's acceptance of the T in LGBT but Immunity is hiring penetration testers and exploit writers (DC/Miami), we do important work, and we do it in an ...

10 Critical Steps to Create a Culture of Cybersecurity

1 day ago

Businesses are more vulnerable than they need to be. Here's what you should do about it.

Majority of Consumer Believe IoT Needs Security Built In

1 day ago

Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.

Majority of Consumer Believe IoT Needs Security Built In

1 day ago

Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.

Windows SMB Zero Day to Be Disclosed During DEF CON

1 day ago

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.

Facebook to Give $1 Million in Prize Money to Security Researchers

1 day ago

The social media giant hopes the money will spur more research into ways to defend Internet users against the more prevalent and common methods of attack.

Facebook to Give $1 Million in Prize Money to Security Researchers

1 day ago

The social media giant hopes the money will spur more research into ways to defend Internet users against the more prevalent and common methods of attack.

Open Letter: Seriously, Roomba, now you're spying on us?

1 day ago

It's not just that iRobot might sell maps of our homes, it's the security implications of what can happen if this oh-so-private information gets into the wrong hands.

Visa expands transaction processing facilities in Singapore, UK

1 day ago

Payment company opens new data centres to meet growing demand for digital payments and support the development of new capabilities in this space.

APAC users not confident their online data is properly secured

1 day ago

More than 70 percent of online consumers in Asia-Pacific believe their personal data isn't adequately protected and 55 percent are unlikely to use online services that don't do so.

Petya ransomware: Free decryption tool released for the original versions of this nasty malware

1 day ago

Red Petya, Green Petya and GoldenEye can all be decrypted with this free tool - unfortunately it can't do anything about NotPetya or PetrWrap

Roombas will Spy on You

1 day ago

The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects.

Illegal Kodi plugins may compromise your personal security

1 day ago

Certain third-party add-ons used to find pirated material may no longer be trustworthy.

Kaspersky Lab hands out free anti-virus

2 days ago

In a bid to 'secure the whole world', the Russian security firm is offering up free anti-virus protection globally.

South Australia reportedly drafting laws to force passwords out of suspects

2 days ago

Suspected criminals will have to reveal their computer passwords to police under proposed new child protection laws in South Australia.

Kaspersky offers free anti-virus software

2 days ago

Looks for security data to power its machine learning.

Network security vendor Savvius expands into Australian market

2 days ago

A distribution deal with InTechnology will see the Savvius' products rolled out across NSW, Queensland, and Victoria.

Iranian Cyber Espionage Group CopyKittens Are Successful, But Not Skilled

2 days ago

Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.

Iranian Cyber Espionage Group CopyKittens are Successful, But Not Skilled

2 days ago

Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.

How 'Postcript' Exploits Networked Printers

2 days ago

At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.

Black Hat speaker denied entry to US in another needless hit to security research

2 days ago

One security researcher was set to give a Black Hat talk in Las Vegas.

Top tips to improve IoT smart home security

2 days ago

Take steps to protect your smart home gadgets by implementing and adopting a hardware-led approach that sees security embedded from the ground up.

Adobe to say rest in peace to Flash in 2020

2 days ago

Adobe's Flash, a pioneering yet often derided piece of the interactive web, will be phased out with end of life coming in 2020. Move to open formats developers.

Academia’s Role in Security Skills Gap Examined

2 days ago

At Black Hat, two RIT professors are expected to deliver a talk about the professional skills gap in security and how academic programs are falling short.

Microsoft commits to eliminating Flash support in Windows by 2020

2 days ago

Microsoft is going public with its step-by-step plan for removing Adobe Flash support in Windows by the end of 2020.

Pwning the mainframe: How to hack the "most secure" platform on Earth

2 days ago

A researcher found a security flaw that granted him access to a mainframe's vital, sensitive data.

Novel Attack Tricks Servers to Cache, Expose Personal Data

2 days ago

Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.

How Women Can Raise Their Profile within the Cybersecurity Industry

2 days ago

Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.

This ransomware lets crooks spot their victim on a map

2 days ago

Ransomware has always been sinister - now it's creepy too.

Using AI to Break Detection Models

2 days ago

Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.

Black Hat USA 2017 Preview

2 days ago

Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas.

Lessons from Verizon: Managing Cloud Security for Partners

2 days ago

The recent Verizon breach - data exposed by an insecure Amazon S3 bucket - highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.

CrowdStrike launches Falcon MalQuery cybersecurity engine capabilities

2 days ago

The search engine has a new malware search and detection component for threat indexing.

Alternatives to Government-Mandated Encryption Backdoors

2 days ago

Policy essay: "Encryption Substitutes," by Andrew Keane Woods: In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. ...

Nasdaq acquires UK security startup Sybenetix

2 days ago

The startup combines behavioral analytics and cognitive computing to keep financial markets safe from underhanded trading.

Regulators Question Wells Fargo Regarding Data Breach

2 days ago

Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.

Custom Source Code Accounts for 93% of App Vulnerabilities

2 days ago

A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.

IBM patent uses printed circuit boards to protect cryptographic codes

2 days ago

Big Blue's new patent aims to protect cryptographic keys and make them tamper-resistant.

Another Queensland police officer charged with computer hacking

3 days ago

A 39-year-old senior constable is due to appear in court on August 14 on charges of computer hacking and unauthorised use of information.

Bitdefender: Organisations must empower IT staff to mitigate cyber threats

3 days ago

Despite two large cyber attacks making headlines in the first six months of 2017, the security firm is still finding cybersecurity responsibility lies solely with the underfunded IT team.

Voter Registration Data from 9 States Available for Sale on Dark Web

3 days ago

Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.

G Suite customers leak internal data via Groups

3 days ago

Tick a box configuration mistake.

Weather.com, Fusion Expose Data Via Google Groups Config Error

3 days ago

Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages

Snopes is in danger of closing its doors due to a business dispute

3 days ago

The well-known fact-checking site claims it's being held hostage by an outside vendor. But under the surface, there's a fight between contending ownership groups.

Dashlane, Researcher at Odds Over Potential Privilege Escalation Vulnerability

3 days ago

Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application.

Hacker Admits to Mirai Attack Against Deutsche Telekom

3 days ago

A hacker that goes by the name “BestBuy” admitted to a German court that he was behind an attack last year that knocked over a million Deutsche Telekom customers offline.

7 Hardware & Firmware Hacks Highlighted at Black Hat 2017

3 days ago

Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.

Hundreds of companies expose PII, private emails through Google Groups error

3 days ago

Oversight, not flaws, has led to some serious data exposure for firms including IBM's Weather Company and SpotX.

No more ransomware: How one website is stopping the crypto-locking crooks in their tracks

3 days ago

No More Ransom launched a year ago: here's the story of how cybersecurity firms and law enforcement are working together to bring down ransomware.

Majority of Security Pros Let Productivity Trump Security

3 days ago

A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.

Bots Make Lousy Dates, But Not Cheap Ones

3 days ago

The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.

macOS Fruitfly Backdoor Analysis Renders New Spying Capabilities

3 days ago

This week at Black Hat, Mac malware expert Patrick Wardle will describe how he used a custom-built command and control server to analyze new spying capabilities in a variant of the FruitFly backdoor.

Checkmarx snaps up Codebashing to boost secure coding development

3 days ago

The deal will give Checkmarx interactive teaching tools for the changing IT landscape.

Qualys unveils CloudView app framework for public cloud security

3 days ago

The solution aims to prevent misconfigurations, malware, and noncompliance threatening enterprise networks.

Qualys launches CertView security certificate handler for the enterprise

3 days ago

The new solution is aimed at enterprise players which need a way to manage SSL/TLS certificates.

IBM launches new security testing services for IoT, automotive

3 days ago

As the number of connected devices proliferates, security testing should occur completely through development to deployment, IBM says.

New details emerge on Fruitfly, a near-undetectable Mac backdoor

3 days ago

The malware went largely undetected for several years and is only detectable on a handful of security products, but the "fully featured" Mac backdoor can take control of an entire computer.

Weak Docker security could lead to magnified cybersecurity threat due to efficiency of containers

3 days ago

Unsecured instances of Docker can lead to potentially large vulnerabilities inside the data center. Here's what you need to know right now.

US Army Researching Bot Swarms

3 days ago

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement: The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of l ...

Petya ransomware: Companies are still dealing with aftermath of global cyberattack

3 days ago

Weeks after the ransomware attack that rippled across the globe, companies are still trying to deal with the damage.

Writing Windows or Linux apps? Microsoft just launched a cloud-powered bug hunter to find the flaws in your code

3 days ago

Microsoft's enterprise customers can soon use its Azure-hosted fuzzing service to ferret out bugs in their own Windows and Linux applications.

John McAfee reportedly lands in hospital after attack

3 days ago

The colorful security head says he was in an incident where someone attempted to allegedly "off" him.

Every Swedish car owners' details may have leaked in explosive IT failure

4 days ago

Driving license data has potentially been leaked due to carelessness in an outsourcing deal.

32M employees offered biochip hand implants for work monitoring, payments

4 days ago

The chips can be used to login to PCs, use company machines, and make purposes -- but how many will sign up?

Sweden exposed sensitive data on citizens, military personnel

4 days ago

Sent unredacted drivers licence database to marketers.

Microsoft rolls out cloud-based fuzzing tool

4 days ago

"Project Springfield" comes alive.

Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

6 days ago

It's the second in two months. Video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

iCloud security flaw put iPhone, Mac passwords at risk

6 days ago

The security researcher said the bug could've gained access to an entire account's iCloud Keychain.

Microsoft Rolls Out AI-based Security Risk Detection Tool

6 days ago

Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.

Trickbot Malware Now Targets US Banks

6 days ago

Researchers with IBM and Flashpoint warn the Trickbot Trojan is growing more potent and now targeting U.S. banks.

Dump the snake oil and show security researchers some respect

6 days ago

Hacker Summer Camp kicks off this weekend, and with many conferences, there's a very noticeable "race to first" by marketing teams. In that race, marketers need to first revere the research and respect the researchers, especially heading into the next 10 ...

Motivation Mystery Behind WannaCry, ExPetr

6 days ago

A shift in APT tactics is emerging as characterized by the destructive ExPetr attacks hidden in ransomware, and WannaCry, which also failed to turn a profit.

Dark Reading News Desk Live at Black Hat USA 2017

6 days ago

Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).

Speed of Windows 10 Adoption Not Affected by WannaCry

6 days ago

WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.

20 Questions for Improving SMB Security

6 days ago

Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.

Hacking a Segway

6 days ago

The Segway has a mobile app. It is hackable: While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used ...

Cyberwar looms as diplomats dither

1 week ago

Simulations at ANU's National Security College suggest that the world is sleepwalking towards war. Meanwhile, international cyber negotiations could be set back a decade.

Symantec tricked into revoking SSL certs with fake keys

1 week ago

Journo tests legitimacy processes.

Symantec tricked into removing legit certificates by security researcher

1 week ago

Hanno Böck forged incorrect private keys to test if Symantec would revoke his legitmate certificate, and sure enough, they did.

Thou shalt be secure: RSA says you can't force private sector to break encryption

1 week ago

RSA's VP and GM of Global Public Sector Practice Mike Brown believes there's a better way to thwart terrorism than breaking end-to-end encryption, as recently proposed by the Australian government.

Using DevOps to Move Faster than Attackers

1 week ago

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.

Russian National Receives 5 Years In Jail For Role In 'Citadel' Attacks

1 week ago

Mark Vartanyan is the second individual to be sent to prison in connection with Citadel.

#HackTor: Tor Opens up its Bug Bounty Program

1 week ago

The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.

Healthcare Industry Lacks Awareness of IoT threat, Survey Says

1 week ago

Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.

US Banks Targeted with Trickbot Trojan

1 week ago

Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.