security.didici.cc

The case against behavioral advertising is stacking up

4 hours ago

No one likes being stalked around the Internet by adverts. It’s the uneasy joke you can’t enjoy laughing at. Yet vast people-profiling ad businesses have made pots of money off of an unregulated Internet by putting surveillance at their core. But what ...

Popular WordPress plugin hacked by angry former employee

9 hours ago

Hacker defaced the company's website and sent a mass email to all its customers, alleging unpatched security holes.

The social layer is ironically key to Bitcoin’s security

1 day ago

A funny thing happened in the second half of 2018. At some moment, all the people active in crypto looked around and realized there weren’t very many of us. The friends we’d convinced during the last holiday season were no longer speaking to us. They ...

Websites can steal browser data via extensions APIs

1 day ago

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.

DDoS sueball, felonious fonts, leaky Android file manager, blundering building security, etc etc

1 day ago

Plus, Safari security foiled by… a finger swipe? Roundup  This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…

The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings

1 day ago

Killer jailed for life after fitness kit data tips off plod Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…

2018's Most Common Vulnerabilities Include Issues New and Old

1 day ago

The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.

DNC says Russia tried to hack its servers again in November 2018

2 days ago

Democrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful.

Friday Squid Blogging: Squid Lollipops

2 days ago

Two squid lollipops, handmade by Shinri Tezuka. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

VC Investments in Cybersecurity Hit Record Highs in 2018

2 days ago

But rate of funding appears unsustainable, according to Strategic Cyber Ventures.

WiFi firmware bug affects laptops, smartphones, routers, gaming devices

2 days ago

List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.

Google Play Removes Malicious Malware-Ridden Apps

2 days ago

Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.

US midterms barely over when Russians came knocking on our servers (again), Democrats claim

2 days ago

Лучшая защита – нападение? Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…

Fallout EK Retools for a Fresh New 2019 Look

2 days ago

The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.

GDPR Suit Filed Against Amazon, Apple

2 days ago

An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

Verizon to roll out free robocoll spam protection to all customers

2 days ago

Call Filter service to be made available to all wireless and wired customers with compatible phones in March 2019.

Threatpost News Wrap Podcast For Jan. 18

2 days ago

Threatpost editors break down the top headlines from the week ended Jan. 18.

Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open

2 days ago

A default configuration allows full admin access to unauthenticated attackers.

Google starts pulling unvetted Android apps that access call logs and SMS messages

2 days ago

Google is removing apps from Google Play that request permission to access call logs and SMS text message data but haven’t been manually vetted by Google staff. The search and mobile giant said it is part of a move to cut down on apps that have access ...

PCI Council Releases New Software Framework for DevOps Era

2 days ago

The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.

The Rx for HIPAA Compliance in the Cloud

2 days ago

For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.

This malware spreading tool is back with some new tricks

2 days ago

The Fallout exploit kit is back delivering GandCrab ransomware after a brief hiatus.

Twitter Android Glitch Exposed Private Tweets for Years

2 days ago

Twitter has fixed the issue, which has been ongoing since 2014.

8 Tips for Monitoring Cloud Security

2 days ago

Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.

Microsoft partner portal 'exposes 'every' support request filed worldwide' today

2 days ago

No customer data visible but hell's bells, Redmond, what have you borked now? Exclusive  Alarmed Microsoft support partners can currently view support tickets submitted from all over the world, in what appears to be a very wide-ranging blunder by the Red ...

Evaluating the GCHQ Exceptional Access Proposal

2 days ago

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI­and some of their peer agencies in the U.K., Australia, and elsewhere­argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and th ...

These malicious Android apps will only strike when you move your smartphone

2 days ago

Apps containing the Anubis banking Trojan and an interesting motion sensor have been found in the Google Play store.

Temporary fix available for one of the two Windows zero-days released in December

2 days ago

Microsoft did not issue official fixes during the recent January Patch Tuesday update window.

I used to be a dull John Doe. Thanks to Huawei, I'm now James Bond!

2 days ago

We'll know for sure when Huawei reveals a shoe-shaped smartphone Something for the Weekend, Sir?  The name's McLeod. Alessandro McLeod. I am a spy for the secret services.…

Microsoft launches Azure DevOps bug bounty program, $20,000 rewards on offer

2 days ago

The Redmond giant is keenly interested in remote code execution and privilege escalation flaws.

Australia to harden GPS infrastructure cyber defences

2 days ago

Wants to address risks with $161m augmentation project.

Microsoft blue biz bug bounty bonanza beckons

2 days ago

Azure DevOps Services invites hackers to test its limits There's more money to be made from bug hunting in Microsoft code after Redmond announced its 10th active bug hunting reward scheme, the Azure DevOps Bounty Program.…

Black Hat USA

2 days ago

Old bugs, new bugs, red bugs … yes, it's Oracle mega-update day again

2 days ago

Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are r ...

Got a Drupal-powered website? You may want to get patching now...

2 days ago

Open-source CMS gets a pair of critical fixes Drupal has issued a pair of updates to address two security vulnerabilities in its online publishing platform. The vulns are a little esoteric, and will not affect most sites, but it's good to patch just in ca ...

Twitter. Android. Private tweets. Pick two... Account bug unlocked padlocked accounts

3 days ago

Cock-up went unnoticed for two Olympics, one World Cup, an EU referendum, and a US presidential election Twitter has fessed up to a flaw in its Android app that, for more than four years, was making twits' private tweets public. The programming blunder ha ...

Hacker behind 'Football Leaks' arrested in Hungary

3 days ago

Hacker is a 30-year-old Portuguese man. Police haven't released his name, but several news outlets claim he's named Rui Pinto, a man they've identified and have been tracking for years.

You want cash with that? ANZ plugs Apple Pay into eftpos

3 days ago

Other Australian banks set to follow.

773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum

3 days ago

Data appears to be from multiple breaches over past few years, says researcher who discovered it.

Microsoft Launches Azure DevOps Bug Bounty Program

3 days ago

Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.

VC funding of cybersecurity companies hits record $5.3B in 2018

3 days ago

2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies. According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity ...

Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation

3 days ago

Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.

Microsoft Launches New Azure DevOps Bug Bounty Program

3 days ago

A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.

Twitter bug revealed private tweets for some Android users for almost five years

3 days ago

Some Twitter for Android users had their private tweets exposed to non-followers and search engines.

New Attacks Target Recent PHP Framework Vulnerability

3 days ago

Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.

Apple CEO Demands Federal Data Privacy Legislation

3 days ago

Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.

The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter

3 days ago

The network no longer provides an air gap against external threats, but access devices can take up the slack.

Twitter bug revealed some Android users’ private tweets

3 days ago

Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who ...

Online stores for governments and multinationals hacked via new security flaw

3 days ago

Little-known database management tool allowed hackers to take over sites and inject malicious code that steals payment card details.

These are all the federal HTTPS domains that’ll expire soon because of the US government shutdown

3 days ago

We like to think of ourselves as nerds here at TechCrunch, which is why we’re bring you this. During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights u ...

Top GP: Medical app Your.MD's data security wasn't my remit

3 days ago

Prof Maureen Baker told tribunal info security and clinical safety are two separate things The founders of medical symptom-checker app Your.MD knew that a number of key medical information databases were "open to anyone who knows the URL", emails seen by ...

'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers

3 days ago

New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.

West African banks hit by multiple hacking waves last year

3 days ago

Banks in Cameroon, Congo (DR), Equatorial Guinea, Ghana, and the Ivory Coast have been hit.

Cyber-Jackpot: 773M Credentials Dumped on the Dark Web

3 days ago

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

Simulating Lateral Attacks Through Email

3 days ago

A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.

Some Android GPS apps are just showing ads on top of Google Maps

3 days ago

Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.

Cryptomining Malware Uninstalls Cloud Security Products

3 days ago

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.

This cryptocurrency mining malware now disables security software to help remain undetected

3 days ago

Cryptojacking campaign targets Linux servers that haven't had patches for known vulnerabilities applied.

Go Hands-On with New Security Tricks at Black Hat Asia

3 days ago

Get up close and personal with the latest tools and techniques for testing (and breaking) everything from HTTPS to deep neural networks to Microsoft Office!

Windows 10 19H1: Microsoft pushes its services with 'Make Windows even better' prompt

3 days ago

Microsoft wants you to "make Windows even better" by setting up Microsoft Account services on Windows 10 devices.

Oklahoma gov data leak exposes FBI investigation records, millions of department files

3 days ago

An Oklahoma Department of Securities server allowed anyone to download government files.

Decrypted Telegram bot chatter revealed as new Windows malware

3 days ago

Sometimes it take a small bug in one thing to find something massive elsewhere. During an investigation recent, security firm Forcepoint Labs said it found a new kind of malware that was found taking instructions from a hacker sending commands over the en ...

Prices for Zero-Day Exploits Are Rising

3 days ago

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iO ...

Facebook removes propaganda network linked to Russian media group Sputnik

3 days ago

Facebook says Sputnik employees ran hundreds of Facebook pages and accounts, some posing as politicians in other countries.

Happy Thursday! 770 MEEELLLION email addresses and passwords found in yuge data breach

3 days ago

Now is a good time to get a password manager app Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around “a popular hacker forum” - along with a very large number of plain text passwords.…

Facebook finds and kills another 512 Kremlin-linked fake accounts

3 days ago

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools. In a blog post today the company reveals another tranche of Kremlin-linked fake activity — ...

GoFundMe for a Computer for CyberSecurity BSD-OS

3 days ago

Posted by InfoSec News on Jan 17https://www.gofundme.co
m/computer-for-cybersecur
ity-bsdos [I saw this on InfoSec Twitter and figured they're in need a signal boost of their message. Spend enough time in this community, you might have the opportunity in 1 ...

The American Military Sucks at Cybersecurity

3 days ago

Posted by InfoSec News on Jan 17https://motherboard.vic
e.com/en_us/article/7xy5k
y/the-american-military-s
ucks-at-cybersecurity By Matthew Gault Motherboard.vice.co
m Jan 15 2019 The Department of Defense is terrible at cybersecurity. That's the assessment ...

To raise security awareness, researchers spent months hacking mock building systems

3 days ago

Posted by InfoSec News on Jan 17https://www.cyberscoop.
com/raise-security-awaren
ess-researchers-spent-mon
ths-hacking-mock-building
-systems/ By Sean Lyngaas CyberScoop JAN 15, 2019 Security experts have in recent months warned that building-automation lags ...

SCP implementations impacted by 36-years-old security flaws

3 days ago

Posted by InfoSec News on Jan 17https://www.zdnet.com/a
rticle/scp-implementation
s-impacted-by-36-years-ol
d-security-flaws/ By Catalin Cimpanu ZDNet News January 14, 2019 All SCP (Secure Copy Protocol) implementations from the last 36 years, since 1983, a ...

How a young man hacked the Mumbai Police website, became notorious, and got caught

3 days ago

Posted by InfoSec News on Jan 17https://scroll.in/artic
le/909663/how-a-young-man
-hacked-the-mumbai-police
-website-became-notorious
-and-got-caught By Bhupen Patel Scroll.in January 16, 2019 In early June 2001, I started receiving anonymous calls from someo ...

Hong Kong's smaller businesses think 'we're too small to be hacked' despite hacking experience, insurer finds

3 days ago

Posted by InfoSec News on Jan 17https://www.scmp.com/bu
siness/companies/article/
2182473/hong-kongs-smalle
r-businesses-think-were-t
oo-small-be-hacked By Linda Lew South China Morning Post 17 January, 2019 Hacking is on the rise in Hong Kong. But many small ...

Hacking attempts made on 30 computers of defense acquisition agency

3 days ago

Posted by InfoSec News on Jan 17http://english.donga.co
m/Home/3/all/26/1610238/1
By Kwan-Seok Jang The Dong-A Ilbo January. 15, 2019 It has been turned out that 30 computers installed on the internal system of the Defense Acquisition Program Administratio ...

A popular WordPress plugin leaked access tokens capable of hijacking Twitter accounts

3 days ago

A popular WordPress plugin, installed on thousands of websites to help users share content on social media sites, left linked Twitter accounts exposed to compromise. The plugin, Social Network Tabs, was storing so-called account access tokens in the sou ...

Zix acquires AppRiver in $275 million deal

3 days ago

It seems like 2019 is the year to purchase cloud security companies.

Mastercard crackdown on 'free trial' and recurring payment tricks

3 days ago

Mandates "clear instructions on how to cancel".

Mastercard online billing crackdown hits 'free trial' and recurring payment tricks

3 days ago

Mandates "clear instructions on how to cancel".

South Korea says mystery hackers cracked advanced weapons servers

3 days ago

No idea who could have been behind this one... The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…

Bipartisan Bill introduced to ban sale of US tech to Huawei and ZTE

3 days ago

US lawmakers introduce bipartisan Bill that, if passed, would ban the export of US chips and other components to the two Chinese tech companies.

Germany considering ways to exclude Huawei from 5G auction

3 days ago

Stricter security requirements.

Malware Built to Hack Building Automation Systems

3 days ago

Researchers dig into vulnerabilities in popular building automation systems, devices.

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?

4 days ago

Lawsuit claims coin thief was part of a gang targeting crypto whales The victim of a $24m cryptocurrency heist is suing his assailants in what is believed to be the first ever RICO claim involving digital currency.…

Google Chrome extension that steals card numbers still available on Web Store

4 days ago

Fake "Flash Player" extension has been available since February 2018, was installed by roughly 400 users.

Over 87GB of email address and passwords exposed in Collection 1 dump

4 days ago

Security researcher Troy Hunt has found an 87GB dump of email address and passwords.

Threatpost Survey Says: 2FA is Just Fine, But Go Ahead and Kill SMS

4 days ago

Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.

Oklahoma Data Leak Compromises Years of FBI Data

4 days ago

The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.

US .gov sites dropping like flies as certs expire

4 days ago

Scuppered by government shutdown.

US lawmakers introduce bipartisan bills targeting Huawei and ZTE

4 days ago

Would ban the sale of US chips or other components to companies that violate US sanctions.

Marriott looks to reboot loyalty plan after cyber attack

4 days ago

New brand name after millions of customer records stolen.

Millions of Oklahoma Gov Files Exposed by Wide-Open Server

4 days ago

The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.

Hackers breach and steal data from South Korea's Defense Ministry

4 days ago

Government says hackers breached 30 computers and stole data from 10.

How the US Chooses Which Zero-Day Vulnerabilities to Stockpile

4 days ago

When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.

BEC Groups Ramp Up Payroll Diversion Attacks

4 days ago

Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.

Lowjax city: Researchers crack open notorious Fancy Bear rootkit

4 days ago

UEFI malware has been in the wild for more than two years The Fancy Bear hacking group's Lojax rootkit is far from a one-off tool, and may have been active in the wild for years before it was first reported.…

Fortnite Players at Risk Via Epic Games Vulnerability

4 days ago

Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.

Fortnite Players at Risk Via Epic Games Vulnerability

4 days ago

Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.

U.S. Issues Multiple Charges For 2016 SEC Hack

4 days ago

The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.

Fortnite Hacked Via Insecure Single Sign-On

4 days ago

Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.

Are You Listening to Your Kill Chain?

4 days ago

With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.

Triton/Trisis Attack Was More Widespread Than Publicly Known

4 days ago

Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.

Magecart Returns with Advertising Library Tactic

4 days ago

The threat group also has a new subsidiary, Magecart Group 12.

Cyber security: This giant blind spot will cost us dear

4 days ago

Cyber attacks are one of the biggest risks facing the world. Our inability to address the underlying issues risks disaster.

Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept

4 days ago

A tale of XSS, SQL injection and OAuth implementation Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to ...

Advertising network compromised to deliver credit card stealing code

4 days ago

Hundreds of online stores confirmed to be impacted, thousands of more under investigation.

VOIPO Database Exposes Millions of Texts, Call Logs

4 days ago

VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean

4 days ago

Whoa - is that an Access 97 iceberg dead ahead? Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows Insider build.…

VOIPO database exposed millions of call and SMS logs, system data

4 days ago

The database was used for development purposes but the data on offer to the public was valid.

El Chapo's Encryption Defeated by Turning His IT Consultant

4 days ago

Impressive police work: In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he tol ...

Fortnite bugs put accounts at risk of takeover

4 days ago

With one click, any semi-skilled hacker could have silently taken over a Fortnite account, according to a cybersecurity firm who says the bug is now fixed. Researchers at Check Point say the three vulnerabilities chained together could have affected any ...

NanoCore Trojan is protected in memory from being killed off

4 days ago

If you are infected with this malware, you might find it is more difficult to eradicate than standard Trojans.

Wrest control from a snooping smart speaker with this teachable “parasite”

4 days ago

What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karman ...

Fortnite security issue would have granted hackers access to accounts

4 days ago

Check Point recommends that Fortnite players enable two-factor authentication (2FA) for their accounts.

Data breaches, cyberattacks are top global risks alongside natural disasters and climate change

4 days ago

Increased connectivity in society and rapidly evolving threats are leaving the world open to damaging large-scale cyberattacks, warns the World Economic Forum.

Researcher shows how popular app ES File Explorer exposes Android device data

4 days ago

Why is one of the most popular Android apps running a hidden web server in the background? ES File Explorer claims it has over 500 million downloads under its belt since 2014, making it one of the most used apps to date. It’s simplicity makes it what it ...

Huawei looks up to Apple in terms of privacy: Founder Ren Zhengfei

4 days ago

History will judge whether Huawei adhered to its claims to not harm the interests of customers, its founder has said.

Hijacking a PLC Using its Own Network Features

4 days ago

Researcher to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.

North Korean hackers infiltrate Chile's ATM network after Skype job interview

4 days ago

Redbanc employee applied for a LinkedIn job and got a call from the world's most active hacker crews.

New Ethereum version postponed after discovery of serious security flaw

5 days ago

Ethereum Constantinople Upgrade hits last minute snag that saves many users from catastrophic losses.

EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam

5 days ago

Crooks banked $270,000 in just one move, it is claimed A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…

IDenticard Zero-Days Allow Corporate Building Access, Location Recon

5 days ago

Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.

'It's like they took a rug and covered it'... Flight booking web app used by scores of airlines still vuln to attack – claim

5 days ago

Security hole can be exploited to tamper with journeys A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerab ...

Report: Bots Add Volume to Account Takeover Attacks

5 days ago

Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.

Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian

5 days ago

January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.

US charges Ukrainian for SEC 2016 hack, others for insider trading

5 days ago

Hacker also participated in the notorious hack of three newswire services in 2014.

Microsoft continues to build government security credentials ahead of JEDI decision

5 days ago

While the DoD is in the process of reviewing the $10 billion JEDI cloud contract RFPs (assuming the work continues during the government shutdown), Microsoft continues to build up its federal government security bona fides, regardless. Today the company a ...

Metasploit, popular hacking and security tool, gets long-awaited update

5 days ago

After seven years, Metasploit Framework, the popular open-source hacking and security tool, has been given a major update.

Online Fraud: Now a Major Application Layer Security Problem

5 days ago

The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.

Judge: Law Enforcement Can’t Force Suspects to Unlock iPhones with FaceID

5 days ago

A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.

US Judge: Police Can't Force Biometric Authentication

5 days ago

Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.

7 Privacy Mistakes That Keep Security Pros on Their Toes

5 days ago

When it comes to privacy, it's the little things that can lead to big mishaps.

ThreatList: $1.7M is the Average Cost of a Cyber-Attack

5 days ago

Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.

Another huge database exposed millions of call logs and SMS text messages

5 days ago

An unprotected server storing millions of call logs and text messages was left open for months before they were found by a security researcher. If you thought you’d heard this story before, you’re not wrong. Back in November, another massive exposed d ...