security.didici.cc
The case against behavioral advertising is stacking up
4 hours agoNo one likes being stalked around the Internet by adverts. It’s the uneasy joke you can’t enjoy laughing at. Yet vast people-profiling ad businesses have made pots of money off of an unregulated Internet by putting surveillance at their core. But what ...
Popular WordPress plugin hacked by angry former employee
9 hours agoHacker defaced the company's website and sent a mass email to all its customers, alleging unpatched security holes.
The social layer is ironically key to Bitcoin’s security
1 day agoA funny thing happened in the second half of 2018. At some moment, all the people active in crypto looked around and realized there weren’t very many of us. The friends we’d convinced during the last holiday season were no longer speaking to us. They ...
Websites can steal browser data via extensions APIs
1 day agoResearcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
DDoS sueball, felonious fonts, leaky Android file manager, blundering building security, etc etc
1 day agoPlus, Safari security foiled by… a finger swipe? Roundup This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…
The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings
1 day agoKiller jailed for life after fitness kit data tips off plod Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…
2018's Most Common Vulnerabilities Include Issues New and Old
1 day agoThe most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
DNC says Russia tried to hack its servers again in November 2018
2 days agoDemocrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful.
Friday Squid Blogging: Squid Lollipops
2 days agoTwo squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.
VC Investments in Cybersecurity Hit Record Highs in 2018
2 days agoBut rate of funding appears unsustainable, according to Strategic Cyber Ventures.
WiFi firmware bug affects laptops, smartphones, routers, gaming devices
2 days agoList of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.
Google Play Removes Malicious Malware-Ridden Apps
2 days agoTwo apps on Google Play were infecting devices with the Anubis mobile banking trojan.
US midterms barely over when Russians came knocking on our servers (again), Democrats claim
2 days agoЛучшая защита – нападение? Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…
Fallout EK Retools for a Fresh New 2019 Look
2 days agoThe Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.
GDPR Suit Filed Against Amazon, Apple
2 days agoAn Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
Verizon to roll out free robocoll spam protection to all customers
2 days agoCall Filter service to be made available to all wireless and wired customers with compatible phones in March 2019.
Threatpost News Wrap Podcast For Jan. 18
2 days agoThreatpost editors break down the top headlines from the week ended Jan. 18.
Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
2 days agoA default configuration allows full admin access to unauthenticated attackers.
Shutdown Threatens More Government Websites
2 days ago
Google starts pulling unvetted Android apps that access call logs and SMS messages
2 days agoGoogle is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff. The search and mobile giant said it is part of a move to cut down on apps that have access ...
PCI Council Releases New Software Framework for DevOps Era
2 days agoThe PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
2 days agoFor medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
This malware spreading tool is back with some new tricks
2 days agoThe Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus.
Twitter Android Glitch Exposed Private Tweets for Years
2 days agoTwitter has fixed the issue, which has been ongoing since 2014.
8 Tips for Monitoring Cloud Security
2 days agoCloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Microsoft partner portal 'exposes 'every' support request filed worldwide' today
2 days agoNo customer data visible but hell's bells, Redmond, what have you borked now? Exclusive Alarmed Microsoft support partners can currently view support tickets submitted from all over the world, in what appears to be a very wide-ranging blunder by the Red ...
Evaluating the GCHQ Exceptional Access Proposal
2 days agoThe so-called Crypto Wars have been going on for 25 years now. Basically, the FBIand some of their peer agencies in the U.K., Australia, and elsewhereargue that the pervasive use of civilian encryption is hampering their ability to solve crimes and th ...
These malicious Android apps will only strike when you move your smartphone
2 days agoApps containing the Anubis banking Trojan and an interesting motion sensor have been found in the Google Play store.
Temporary fix available for one of the two Windows zero-days released in December
2 days agoMicrosoft did not issue official fixes during the recent January Patch Tuesday update window.
I used to be a dull John Doe. Thanks to Huawei, I'm now James Bond!
2 days agoWe'll know for sure when Huawei reveals a shoe-shaped smartphone Something for the Weekend, Sir? The name's McLeod. Alessandro McLeod. I am a spy for the secret services.…
Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer
2 days agoThe Redmond giant is keenly interested in remote code execution and privilege escalation flaws.
Australia to harden GPS infrastructure cyber defences
2 days agoWants to address risks with $161m augmentation project.
Microsoft blue biz bug bounty bonanza beckons
2 days agoAzure DevOps Services invites hackers to test its limits There's more money to be made from bug hunting in Microsoft code after Redmond announced its 10th active bug hunting reward scheme, the Azure DevOps Bounty Program.…
Black Hat USA
2 days ago
Old bugs, new bugs, red bugs … yes, it's Oracle mega-update day again
2 days agoOut of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are r ...
Got a Drupal-powered website? You may want to get patching now...
2 days agoOpen-source CMS gets a pair of critical fixes Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in ca ...
Twitter. Android. Private tweets. Pick two... Account bug unlocked padlocked accounts
3 days agoCock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder ha ...
Hacker behind 'Football Leaks' arrested in Hungary
3 days agoHacker is a 30-year-old Portuguese man. Police haven't released his name, but several news outlets claim he's named Rui Pinto, a man they've identified and have been tracking for years.
You want cash with that? ANZ plugs Apple Pay into eftpos
3 days agoOther Australian banks set to follow.
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
3 days agoData appears to be from multiple breaches over past few years, says researcher who discovered it.
Microsoft Launches Azure DevOps Bug Bounty Program
3 days agoMicrosoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.
VC funding of cybersecurity companies hits record $5.3B in 2018
3 days ago2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies. According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity ...
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
3 days agoFacebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Microsoft Launches New Azure DevOps Bug Bounty Program
3 days agoA new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
Twitter bug revealed private tweets for some Android users for almost five years
3 days agoSome Twitter for Android users had their private tweets exposed to non-followers and search engines.
New Attacks Target Recent PHP Framework Vulnerability
3 days agoMultiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
Apple CEO Demands Federal Data Privacy Legislation
3 days agoApple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
3 days agoThe network no longer provides an air gap against external threats, but access devices can take up the slack.
Twitter bug revealed some Android users’ private tweets
3 days agoTwitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who ...
Online stores for governments and multinationals hacked via new security flaw
3 days agoLittle-known database management tool allowed hackers to take over sites and inject malicious code that steals payment card details.
These are all the federal HTTPS domains that’ll expire soon because of the US government shutdown
3 days agoWe like to think of ourselves as nerds here at TechCrunch, which is why we’re bring you this. During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights u ...
Top GP: Medical app Your.MD's data security wasn't my remit
3 days agoProf Maureen Baker told tribunal info security and clinical safety are two separate things The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by ...
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
3 days agoNew global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
West African banks hit by multiple hacking waves last year
3 days agoBanks in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit.
Cyber-Jackpot: 773M Credentials Dumped on the Dark Web
3 days agoThousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.
Simulating Lateral Attacks Through Email
3 days agoA skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
Some Android GPS apps are just showing ads on top of Google Maps
3 days agoApps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.
Cryptomining Malware Uninstalls Cloud Security Products
3 days agoNew samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.
This cryptocurrency mining malware now disables security software to help remain undetected
3 days agoCryptojacking campaign targets Linux servers that haven't had patches for known vulnerabilities applied.
Go Hands-On with New Security Tricks at Black Hat Asia
3 days agoGet up close and personal with the latest tools and techniques for testing (and breaking) everything from HTTPS to deep neural networks to Microsoft Office!
Windows 10 19H1: Microsoft pushes its services with 'Make Windows even better' prompt
3 days agoMicrosoft wants you to "make Windows even better" by setting up Microsoft Account services on Windows 10 devices.
Oklahoma gov data leak exposes FBI investigation records, millions of department files
3 days agoAn Oklahoma Department of Securities server allowed anyone to download government files.
Decrypted Telegram bot chatter revealed as new Windows malware
3 days agoSometimes it take a small bug in one thing to find something massive elsewhere. During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the en ...
Prices for Zero-Day Exploits Are Rising
3 days agoCompanies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iO ...
Facebook removes propaganda network linked to Russian media group Sputnik
3 days agoFacebook says Sputnik employees ran hundreds of Facebook pages and accounts, some posing as politicians in other countries.
Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach
3 days agoNow is a good time to get a password manager app Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number of plain text passwords.…
Facebook finds and kills another 512 Kremlin-linked fake accounts
3 days agoTwo years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools. In a blog post today the company reveals another tranche of Kremlin-linked fake activity — ...
GoFundMe for a Computer for CyberSecurity BSD-OS
3 days agoPosted by InfoSec News on Jan 17https://www.gofundme.co
m/computer-for-cybersecur
ity-bsdos
[I saw this on InfoSec Twitter and figured they're in need a signal boost of
their message. Spend enough time in this community, you might have
the opportunity in 1 ...
The American Military Sucks at Cybersecurity
3 days agoPosted by InfoSec News on Jan 17https://motherboard.vic
e.com/en_us/article/7xy5k
y/the-american-military-s
ucks-at-cybersecurity
By Matthew Gault
Motherboard.vice.co
m
Jan 15 2019
The Department of Defense is terrible at cybersecurity. That's the assessment ...
To raise security awareness, researchers spent months hacking mock building systems
3 days agoPosted by InfoSec News on Jan 17https://www.cyberscoop.
com/raise-security-awaren
ess-researchers-spent-mon
ths-hacking-mock-building
-systems/
By Sean Lyngaas
CyberScoop
JAN 15, 2019
Security experts have in recent months warned that building-automation lags ...
SCP implementations impacted by 36-years-old security flaws
3 days agoPosted by InfoSec News on Jan 17https://www.zdnet.com/a
rticle/scp-implementation
s-impacted-by-36-years-ol
d-security-flaws/
By Catalin Cimpanu
ZDNet News
January 14, 2019
All SCP (Secure Copy Protocol) implementations from the last 36 years, since
1983, a ...
How a young man hacked the Mumbai Police website, became notorious, and got caught
3 days agoPosted by InfoSec News on Jan 17https://scroll.in/artic
le/909663/how-a-young-man
-hacked-the-mumbai-police
-website-became-notorious
-and-got-caught
By Bhupen Patel
Scroll.in
January 16, 2019
In early June 2001, I started receiving anonymous calls from someo ...
Hong Kong's smaller businesses think 'we're too small to be hacked' despite hacking experience, insurer finds
3 days agoPosted by InfoSec News on Jan 17https://www.scmp.com/bu
siness/companies/article/
2182473/hong-kongs-smalle
r-businesses-think-were-t
oo-small-be-hacked
By Linda Lew
South China Morning Post
17 January, 2019
Hacking is on the rise in Hong Kong. But many small ...
Hacking attempts made on 30 computers of defense acquisition agency
3 days agoPosted by InfoSec News on Jan 17http://english.donga.co
m/Home/3/all/26/1610238/1
By Kwan-Seok Jang
The Dong-A Ilbo
January. 15, 2019
It has been turned out that 30 computers installed on the internal system of the
Defense Acquisition Program Administratio ...
A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts
3 days agoA popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the sou ...
Zix acquires AppRiver in $275 million deal
3 days agoIt seems like 2019 is the year to purchase cloud security companies.
Mastercard crackdown on 'free trial' and recurring payment tricks
3 days agoMandates "clear instructions on how to cancel".
Mastercard online billing crackdown hits 'free trial' and recurring payment tricks
3 days agoMandates "clear instructions on how to cancel".
South Korea says mystery hackers cracked advanced weapons servers
3 days agoNo idea who could have been behind this one... The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…
Bipartisan Bill introduced to ban sale of US tech to Huawei and ZTE
3 days agoUS lawmakers introduce bipartisan Bill that, if passed, would ban the export of US chips and other components to the two Chinese tech companies.
Germany considering ways to exclude Huawei from 5G auction
3 days agoStricter security requirements.
Malware Built to Hack Building Automation Systems
3 days agoResearchers dig into vulnerabilities in popular building automation systems, devices.
$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?
4 days agoLawsuit claims coin thief was part of a gang targeting crypto whales The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…
Google Chrome extension that steals card numbers still available on Web Store
4 days agoFake "Flash Player" extension has been available since February 2018, was installed by roughly 400 users.
Over 87GB of email address and passwords exposed in Collection 1 dump
4 days agoSecurity researcher Troy Hunt has found an 87GB dump of email address and passwords.
Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS
4 days agoOur reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.
Oklahoma Data Leak Compromises Years of FBI Data
4 days agoThe Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
US .gov sites dropping like flies as certs expire
4 days agoScuppered by government shutdown.
US lawmakers introduce bipartisan bills targeting Huawei and ZTE
4 days agoWould ban the sale of US chips or other components to companies that violate US sanctions.
Marriott looks to reboot loyalty plan after cyber attack
4 days agoNew brand name after millions of customer records stolen.
Millions of Oklahoma Gov Files Exposed by Wide-Open Server
4 days agoThe storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.
Hackers breach and steal data from South Korea's Defense Ministry
4 days agoGovernment says hackers breached 30 computers and stole data from 10.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
4 days agoWhen it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
BEC Groups Ramp Up Payroll Diversion Attacks
4 days agoCriminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Lowjax city: Researchers crack open notorious Fancy Bear rootkit
4 days agoUEFI malware has been in the wild for more than two years The Fancy Bear hacking group's Lojax rootkit is far from a one-off tool, and may have been active in the wild for years before it was first reported.…
Fortnite Players at Risk Via Epic Games Vulnerability
4 days agoBugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Fortnite Players at Risk Via Epic Games Vulnerability
4 days agoBugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
U.S. Issues Multiple Charges For 2016 SEC Hack
4 days agoThe two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.
Fortnite Hacked Via Insecure Single Sign-On
4 days agoLeaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.
Are You Listening to Your Kill Chain?
4 days agoWith the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Triton/Trisis Attack Was More Widespread Than Publicly Known
4 days agoSigns of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
Magecart Returns with Advertising Library Tactic
4 days agoThe threat group also has a new subsidiary, Magecart Group 12.
Cyber security: This giant blind spot will cost us dear
4 days agoCyber attacks are one of the biggest risks facing the world. Our inability to address the underlying issues risks disaster.
Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept
4 days agoA tale of XSS, SQL injection and OAuth implementation Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to ...
Advertising network compromised to deliver credit card stealing code
4 days agoHundreds of online stores confirmed to be impacted, thousands of more under investigation.
VOIPO Database Exposes Millions of Texts, Call Logs
4 days agoVOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
Two Ukrainians Charged With 2016 Hack Of SEC
4 days ago
Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean
4 days agoWhoa - is that an Access 97 iceberg dead ahead? Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows Insider build.…
VOIPO database exposed millions of call and SMS logs, system data
4 days agoThe database was used for development purposes but the data on offer to the public was valid.
El Chapo's Encryption Defeated by Turning His IT Consultant
4 days agoImpressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he tol ...
Fortnite bugs put accounts at risk of takeover
4 days agoWith one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed. Researchers at Check Point say the three vulnerabilities chained together could have affected any ...
NanoCore Trojan is protected in memory from being killed off
4 days agoIf you are infected with this malware, you might find it is more difficult to eradicate than standard Trojans.
Wrest control from a snooping smart speaker with this teachable “parasite”
4 days agoWhat do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karman ...
Fortnite security issue would have granted hackers access to accounts
4 days agoCheck Point recommends that Fortnite players enable two-factor authentication (2FA) for their accounts.
Data breaches, cyberattacks are top global risks alongside natural disasters and climate change
4 days agoIncreased connectivity in society and rapidly evolving threats are leaving the world open to damaging large-scale cyberattacks, warns the World Economic Forum.
Researcher shows how popular app ES File Explorer exposes Android device data
4 days agoWhy is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it ...
Huawei looks up to Apple in terms of privacy: Founder Ren Zhengfei
4 days agoHistory will judge whether Huawei adhered to its claims to not harm the interests of customers, its founder has said.
Hijacking a PLC Using its Own Network Features
4 days agoResearcher to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
North Korean hackers infiltrate Chile's ATM network after Skype job interview
4 days agoRedbanc employee applied for a LinkedIn job and got a call from the world's most active hacker crews.
New Ethereum version postponed after discovery of serious security flaw
5 days agoEthereum Constantinople Upgrade hits last minute snag that saves many users from catastrophic losses.
EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam
5 days agoCrooks banked $270,000 in just one move, it is claimed A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…
IDenticard Zero-Days Allow Corporate Building Access, Location Recon
5 days agoMultiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.
'It's like they took a rug and covered it'... Flight booking web app used by scores of airlines still vuln to attack – claim
5 days agoSecurity hole can be exploited to tamper with journeys A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerab ...
Report: Bots Add Volume to Account Takeover Attacks
5 days agoBots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian
5 days agoJanuary is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.
US charges Ukrainian for SEC 2016 hack, others for insider trading
5 days agoHacker also participated in the notorious hack of three newswire services in 2014.
Microsoft continues to build government security credentials ahead of JEDI decision
5 days agoWhile the DoD is in the process of reviewing the $10 billion JEDI cloud contract RFPs (assuming the work continues during the government shutdown), Microsoft continues to build up its federal government security bona fides, regardless. Today the company a ...
Metasploit, popular hacking and security tool, gets long-awaited update
5 days agoAfter seven years, Metasploit Framework, the popular open-source hacking and security tool, has been given a major update.
Online Fraud: Now a Major Application Layer Security Problem
5 days agoThe explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
Judge: Law Enforcement Can’t Force Suspects to Unlock iPhones with FaceID
5 days agoA ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.
US Judge: Police Can't Force Biometric Authentication
5 days agoLaw enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
7 Privacy Mistakes That Keep Security Pros on Their Toes
5 days agoWhen it comes to privacy, it's the little things that can lead to big mishaps.
ThreatList: $1.7M is the Average Cost of a Cyber-Attack
5 days agoBrand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.
Another huge database exposed millions of call logs and SMS text messages
5 days agoAn unprotected server storing millions of call logs and text messages was left open for months before they were found by a security researcher. If you thought you’d heard this story before, you’re not wrong. Back in November, another massive exposed d ...