security.didici.cc

Sofacy APT Targeting OS X Machines with Komplex Trojan

2 hours ago

APT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.

Russian 'Fancy Bear' Hackers Hit Mac OS X With New Trojan

3 hours ago

Aerospace victim hit by targeted attack that didn't even exploit a Mac vulnerability.

Brian Krebs DDoS

3 hours ago

Brian Krebs writes about the massive DDoS attack against his site. In fact, the site is down as I post this.

Questions Mount Around Yahoo Breach

4 hours ago

Crypto company Venafi points out potential holes in Yahoo's processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.

Hancitor Downloader Abusing APIs, PowerShell Commands

5 hours ago

Developers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect.

Ransomware: Coming To A Hospital Near You?

6 hours ago

10 ways to protect healthcare systems from ransomware and other malware infections.

Cyber Risk Among Top Concerns For Business Leaders: Study

6 hours ago

More than 50% of business leaders surveyed in the Travelers Risk Index report cyber, computer, and technology risks are among their top concerns.

MarsJoke Ransomware Targets .EDU, .GOV Agencies

7 hours ago

Researchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files.

​Sloppy programming leads to OpenSSL woes

7 hours ago

Sometimes security patches create bigger problems than the ones they solve. OpenSSL just made that blunder.

FBI Probes Dumping Of NSA Hack Tools On Public Site

8 hours ago

National Security Agency says tools left exposed by mistake - and dumping by presumably Russia-backed hackers Shadow Brokers.

OpenSSL Fixes Critical Bug Introduced by Latest Update

9 hours ago

OpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today.

Yahoo Breach Could Delay $4.8 Billion Verizon Takeover

9 hours ago

Verizon may revisit contract with Yahoo on doubts of vulnerabilities in the system after 500 accounts were found hacked.

What The WADA Hack Proves About Today's Threat Landscape

10 hours ago

Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.

Microsoft Launches Windows Defender App Guard For Its Edge Browser

10 hours ago

Microsoft debuts a new tool to strengthen security in its Edge browser for Windows Enterprise customers.

Adware Campaign Using Advanced Nation-State Obfuscation Techniques

10 hours ago

New report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora.

Thousands of Cisco devices still at risk of unpatched NSA zero-day flaws

10 hours ago

The tools may have been mistakenly left behind by the NSA following an operation.

Microsoft: Windows 10 now on 400 million devices

10 hours ago

Microsoft officials said Windows 10 has hit the 400 million 'active' device milestone, up from 300 million in early May.

State Of The Exploit Kit

11 hours ago

Exploit kit traffic is down considerably following the demise of Nuclear and Angler, but many researchers see it only as a temporary disruption.

That's not funny: MarsJoke ransomware threatens to wipe data if a ransom is not paid within 96 hours

12 hours ago

New ransomware family discovered by takes aim at government targets

Oops. Apple has seriously weakened iOS 10 backups against password hackers

13 hours ago

A blunder that Apple made in iOS 10 has weakened the encryption of iPhone data when backed up to iTunes.

Google pulls Krebs on Security out of the abyss

18 hours ago

Google's Project Shield has come to the rescue after a devastating DDoS attack prompted Akamai's pro bono support to end.

Hacker who leaked US military 'kill list' for ISIS sent behind bars

18 hours ago

The 20-year-old hacker leaked military data belonging to 1,300 US military and government staff in support of the Islamic extremist group.

The dog ate my Census, says ABS

19 hours ago

The Australian Bureau of Statistics blames everyone but itself for the failures of the 2016 Census. That's a sign of weak and out-of-touch management.

Cyber civil defence for the rest of us

22 hours ago

With the official bodies that respond to information security issues mainly focused on national security, should there be an equivalent for everyone else?

Apple iOS 10 backup security can be easily cracked

23 hours ago

Flaw could unravel whole Keychain secure credentials storage.

ABS claims IBM's botched geoblocking failed the Census

1 day ago

Blame game begins in post-survey hose down.

7 New Rules For IoT Safety & Vuln Disclosure

2 days ago

In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!

Yahoo sued over 2014 mega hack

2 days ago

"Gross negligence" alleged for leak of 500m accounts.

Spam Levels Spike, Thanks In Part To Ransomware

3 days ago

By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.

Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry

3 days ago

Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says.

Friday Squid Blogging: Space Kraken

3 days ago

A Lego model of a giant space kraken destroying a Destroyer from Star Wars. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

3 days ago

OpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.

Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups

3 days ago

Security firm claims to have found a new weakness in Apple’s iOS 10 that makes it possible to crack password-protected local backups of data for iOS 10 devices.

Threatpost News Wrap, September 23, 2016

3 days ago

The massive Yahoo breach, this week's Security of Things Forum, Mamba ransomware, and Google Allo are discussed.

An Open-Source Security Maturity Model

3 days ago

Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.

D-FENSE! Using Research To Craft Effective Cyber Defenses

3 days ago

A pair of experts from Imperva stops by the Dark Reading News Desk to chat.

iPhone 7 Jailbreak

3 days ago

It took 24 hours. Slashdot thread.

Medical Devices Should Withstand Rigor, Expert Says

3 days ago

In a keynote at the Internet of Things Forum Dr. Kevin Fu said that medical devices should be subjected to rigor so patients can make clinically relevant decisions.

On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem

3 days ago

As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.

FTC Releases Video With Data Breach Recovery Advice

3 days ago

The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.

Top Democrats Tell Putin To Halt Hacking Of US Political Parties

3 days ago

Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.

We're told data breaches cost millions on average - but this security study disagrees

3 days ago

New research suggests that the average cost of data breaches is lower than many estimates and too low to drive greater investment in cybersecurity.

Krebs on Security booted off Akamai network after DDoS attack proves pricey

3 days ago

There's no rancour or bitterness, however, since Akamai hosted the security expert's blog pro bono.

Cybersecurity accelerator gives startups the chance to work with GCHQ spy agency

3 days ago

New government scheme designed to help protect the UK from cyberattacks

Google Safe Browsing beats rivals but still only flags up 10 percent of hacked sites

3 days ago

An analysis of hijacked websites suggests Google's Safe Browsing technology is only warning users about a small proportion of them.

Drupal patches multiple security flaws in core engine

3 days ago

One of the critical vulnerabilities allows attackers to remotely execute malicious code.

IBM lambasted by ABS for failing to handle Census DDoS

3 days ago

The Australian Bureau of Statistics has said IBM should have been able to handle the denial-of-service attack that hit Census systems on the night of August 9.

Optus Business adds cybersecurity capabilities to managed services

3 days ago

Leveraging Palo Alto Networks' cybersecurity platform, Optus and Singtel will now provide enterprise and government customers with detection and prevention mechanisms against cyber attacks.

71 percent of Australian-used IoT devices failed privacy probe

3 days ago

71 percent of devices and services used by Australians did not provide a privacy policy nor a notice explaining how personal information is collected, used, and stored.

'World's largest' DDoS sees infosec journo's site taken down

3 days ago

Akamai's Prolexic puts packet flood at 620 Gbps.

Turnbull calls for cyber education of public in wake of Census debacle

3 days ago

Australian Prime Minister Malcolm Turnbull has used the Census fiasco to call for new ways of talking about cybersecurity during a speech in Washington DC.

Biometric Skimmers Pose Emerging Threat To ATMs

4 days ago

Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.

Probe of NSA hacking tools leak points to an own goal

4 days ago

Careless operative blamed for fumble three years ago.

OpenSSL patches high-severity vulnerability

4 days ago

Could be abused for denial-of-service attacks.

Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users

4 days ago

But still unconfirmed is whether the newly revealed attack is related to recently dumped Yahoo user credentials in an online cybercrime forum.

Yahoo confirms mega user account data breach

4 days ago

Says 500m accounts stolen in 2014 attack.

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

4 days ago

Yahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.

7 Factors That Make Security Organizations More Effective

4 days ago

(ISC)2 members have plenty of technical chops, but IANS research found they need to focus more on how info sec aligns with the business.

Yahoo confirms data breach affecting 500 million accounts, claims state actor behind attack

4 days ago

Yahoo confirmed a breach going back to 2014. A bevy of passwords and other information were stolen, but payment and bank information stayed safe.

Drupal Patches Three Vulnerabilities in Core Engine

4 days ago

Three vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.

​500 million Yahoo users hacked: How to protect yourself

4 days ago

The odds are excellent that your Yahoo account is now open for attack to the highest bidder.

Amtrak Security Awareness

4 days ago

I like this Amtrak security awareness campaign. Especially the use of my term "security theater" and the link (in the article) to my TED talk on the subject.

Cisco Warns of Command Injection Flaw in Cloud Platform

4 days ago

Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.

Snowden: Hollywood Highlights 2 Persistent Privacy Threats

4 days ago

Oliver Stone's movie shows us that while most of us have nothing to hide, we all have information worth protecting - both technically and constitutionally.

7 Ways Cloud Alters The Security Equation

4 days ago

Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.

DHS Announces Intent to Draft IoT Security Framework

4 days ago

The Department of Homeland Security formally announced its plan to develop a set of strategic principles for the Internet of Things.

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

4 days ago

Yahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.

10 Ways To Lock Down Third-Party Risk

4 days ago

Experts share ideas for closing potential security holes that leave organizations open to attack.

Even A False Positive Can Be Valuable

4 days ago

Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.

SWIFT CISO: Cyber Threat 'Persistent'

4 days ago

Alain Desausoi describes threat as persistent, and says there's been progress in combating it via new SWIFT initiatives.

NYSE Deals Blow To John McAfee's MGT Capital

4 days ago

MGT searches for alternatives as share listing approval denied, causing deep plunge in share price.

Malware Evades Detection with Novel Technique

4 days ago

Document-based macro malware flies under the security radar by first detecting existing documents on PC.

Hackers in the house: Why your IoT devices may have already joined a botnet

4 days ago

Hackers are taking advantage of lax security attitudes around connected devices to hijack them for malicious means, warn Symantec researchers

Google Allo: Don't use it, says Edward Snowden

4 days ago

Google has come under fire again for the privacy choices its made for its new smart chat app, Allo.

SWIFT says bank cyberattacks 'here to stay'

4 days ago

Attacks targeting the financial messaging system are not going anywhere -- and are evolving to become even more difficult to combat.

Census funding uncertainty meant ABS was underprepared: Union

4 days ago

Relentless cuts to the ABS and an uncertain funding future spelt doom for the Australian 2016 Census, the Community and Public Sector Union has said.

Telstra explores blockchain, biometrics to secure smart home IoT devices

4 days ago

Telstra's efforts to blockchain IoT are being augmented by identity verification using voice, fingerprint, and facial biometrics.

Finish Census, ABS pleads

4 days ago

Friday is the deadline to complete the Census and there's just a small group of Australians who've yet to finish the job.

Crims place booby-trapped USB drives in letter boxes

4 days ago

Victorians warned not to plug in malware-laden devices.

National Health ISAC Calls For Collaborative Vuln Disclosure

5 days ago

NH-ISAC also to hold medical device vulnerability info sharing workshop, hosted by St. Jude Medical.

Majority Of Major Corporations Have User Credentials Stolen And Exposed

5 days ago

Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.

SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool

5 days ago

SWIFT's chief information security officer said Wednesday that the cooperative is still seeing cases in which its customers' environments have been compromised.

Google Retreats on Some Allo Privacy Promises

5 days ago

Google released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried.

iSpy Keylogger Targets Passwords, Skype, Webcams

5 days ago

Zscater identified a keylogger on steroids that targets passwords, webcam and software licenses.

How Cloud, Mobile Are Changing IT, Security Management: Study

5 days ago

The evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks.

Tick, tock, tick, tock: New malware is hitting your network every four seconds

5 days ago

Check Point report suggests organisations haven't kept up with security to meet a nine times rise in malicious software

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack

5 days ago

This slightly modified model is a practical way to keep attackers out of your systems.

How Windows 10 Stops Script-Based Attacks On The Fly

5 days ago

Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.

Rand Study: Average Data Breach Costs $200K, Not Millions

5 days ago

Rand taps insurance data and other sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.

Microsoft's new datacenters aim to put customer data beyond the reach of US snooping

5 days ago

New German datacenters aim to provide additional protections for customer data by giving control to an independent data trustee.

RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware

5 days ago

Researchers said they’ve seen an uptick in RIG Exploit Kit traffic and that attackers have begun using the kit to peddle CrypMIC ransomware.

Florida Man Charged With Hacking Linux Servers

5 days ago

Donald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.

Chinese Researchers Hack Tesla S Models, Expose Bugs

5 days ago

Automaker fixes security risks after Tencent Holdings uncover vulnerabilities in both parking and drive mode.

Mozilla Patches Certificate Pinning Vulnerability in Firefox

5 days ago

A remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4.

Majority of consumers fear compromise of their personal data, survey says

5 days ago

Survey shows 83% of respondents share concern over ID theft within 1-2 years

Tesla Model S Hack

5 days ago

Impressive remote ,a href="http://www.pcw
orld.com/article/3121999/
security/researchers-demo
nstrate-remote-attack-aga
inst-tesla-model-s.html&q
uot;>hack of the Tesla Model S. Details. Video. The vulnerability is fixed. Remember, a modern car isn't an automo ...

Education Now Suffers The Most Ransomware Attacks

5 days ago

New data shows ransomware rates worldwide doubling and tripling in past 12 months.

​Victorian police warn of harmful letterbox USB drives

5 days ago

Police in Victoria have issued a warning to residents following recent reports of malicious USB drives left in letterboxes.

​North Korea internet access leak shows only 28 sites

5 days ago

North Korea's top-level DNS data has leaked, showing that the Stalanist state only has 28 websites that use the .kp domain name.

Raum turns the most popular torrents on the web into malware spreading weapons

5 days ago

InfoArmor says the tool weaponizes torrents to spread malicious code through data analysis.

Matchlight Dark Web data leak detection software available worldwide

5 days ago

Terbium Labs' software can now be used to detect when data belonging to companies is being flogged in the underground.

Tesla patches remote attack vulnerability

5 days ago

Researchers could brake, turn on windscreen wipers.

Apple Squashes 68 Security Bugs With Sierra Release

6 days ago

With the introduction of macOS Sierra 10.12, Apple has patched dozens of security vulnerabilities and also tackled a few Safari 10 bugs to boot.

Zscaler Warns Of New iSpy Commercial Keylogger

6 days ago

Malware steals user data, license keys to popular applications.

Lack Of Funding Stymies State CISOs

6 days ago

Governors, other state officials more aware of cyber threats, but confidence gap exists between IT and business managers, new Deloitte-National State Chief Information Officers (NASCIO) study finds.

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

6 days ago

GitHub's Jamesha Fisher discusses how GitHub is bringing the power of security to the uninitiated and how a predominately white and male infosec industry can better support women and people of color in the workforce.

Mamba Ransomware Encrypts Hard Drives Rather Than Files

6 days ago

A new ransomware strain called Mamba opts to encrypts hard drives rather than individual files and folders stored on the local disk.

Experts Want Transparency From Government’s Vulnerabilities Equities Process

6 days ago

Security and policy experts make another call for additional transparency around the government's Vulnerabilities Equities Process and the zero days it has in its possession.

Rise Of Machine Learning: Advancing Security With ML

6 days ago

Hal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.

BooleBox: The Top Secure Solution To Protect Your Company's Sensitive Data

6 days ago

[Black Hat Europe 2016 Sponsor Content]

Hacking 'Forward' With Weaponized Intelligence

6 days ago

Instead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?

Tesla Fixes Critical Remote Hack Vulnerability

6 days ago

Researchers were able to remotely brake Tesla model cars as well as freeze control panels and open the rear hatch while driving.

2016 On Track To See Over 1 Billion Records Breached

6 days ago

New report shows first half breach statistics put organizations on pace to beat last year's breach numbers by a wide margin.

Android Banking Trojan First to Gain Root Privileges

6 days ago

The first mobile banking Trojan that obtains root privileges on Android devices has been seen in the wild.

Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads

6 days ago

A vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.

Data-stealing Qadars Trojan malware takes aim at 18 UK banks

6 days ago

Sophisticated malware has been discovered, capable of tricking users into giving away admin rights to their entire system, as well as stealing their bank details.

Smartphone Infections Rise 96% In H1-2016: Malware Study

6 days ago

Nokia report reveals April 2016 saw new all-time high in mobile infections with one out of every 120 smartphone affected.

Scientist Clones Chip To Unlock iPhone, Proves FBI Wrong

6 days ago

Dr. Sergei Skorobogatov of Cambridge University spent $100 on a process that may have cost FBI $1 million.

CloudFlare tackles unencrypted Internet with new features

6 days ago

The company says that there will no longer be any excuse to remain unencrypted online.

Over 554M data records breached, with identity theft most common

6 days ago

More than 970 data breaches were reported worldwide in the first half of 2016, up 15 percent from the previous six months, according to Gemalto's Breach Level Index.

More on the Equities Debate

6 days ago

This is an interesting back-and-forth: initial post by Dave Aitel and Matt Tait, a reply by Mailyn Filder, a short reply by Aitel, and a reply to the reply by Filder.

Microsoft opens Beijing center to allow governments review its source code

6 days ago

Transparency Center will allow governments to check the security of products and services -- but not alter what is delivered to customers.

Structure Security: Is IoT bane or boon to security pros?

6 days ago

A bevy of speakers at Structure Security will outline the promise and perils of security in the age of the Internet of things.