Early Warning System Hunts Election Hackers

7 Nigerians Indicted for Fraud Operation on Dating Sites

Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.

Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry

Business accounts worth their weight in gold to scammers Business email accounts remain a lucrative way for scammers to get into companies and turn a quick buck.…

Trump wants to work with Russia on infosec. Security experts: lol no

Thanks for Putin that out there Security experts have poured scorn on plans by US president Donald Trump to work more closely with Russia on cybersecurity.…

Kodak KashMiner 'scam' halted: Report

A report by the BBC has said the Kodak-branded KashMiner scheme has been halted by the US SEC.

Revealed in detail: World powers stuff spyware kit, how-to guides in dodgy nations' pockets

And tech industry doesn't get off lightly in civil rights probe The world's most powerful governments are today accused of bankrolling surveillance kit and training for smaller and dubious nations – and the tech industry stands to benefit.…

Putin proposes a joint cybersecurity group with the US to investigate Russian election meddling

Over the course of Monday’s controversial Helsinki summit, Russian President Vladimir Putin pushed an agenda that would ostensibly see the U.S. and Russia working side by side as allies. The two countries make stranger bedfellows than ever as just days ...

Russian National Vulnerability Database Operation Raises Suspicions

Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.

Thousands of Mega logins dumped online, exposing user files

Exclusive: File names of 15,500 accounts was exposed, including purportedly illegal content.

Sad Nav: How a cheap GPS spoofer gizmo can tell drivers to get lost

Eggheads reveal designs for causing navigation mischief for folks unsure of surroundings Researchers have developed kit that masquerades as GPS satellites to deceive nearby GPS receivers and thus potentially trick drivers into heading off in the wrong dir ...

Trump Dismisses Russian Interference Indictments in Presser with Putin

Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.

IBM's new Nabla containers are designed for security first

IBM claims its new container design is more secure than Docker or other containers by cutting operating system calls to the bare minimum and thereby reducing its attack surface as small as possible.

DanaBot Trojan Targets Bank Customers In Phishing Scam

A new phishing scam purports to be MYOB invoices - but really contains a novel banking trojan.

Who is the weakest link in software security?

Tell us your views on responsibilities, skills and tools in the modern delivery process Study  In the early years of software development, you would often design it, build it, and only then think about how to secure it.…

Time to Yank Cybercrime into the Light

Too many organizations are still operating blindfolded, research finds.

After Indictment, Russian Hackers' Lives Changed Forever, Ex-Ambassador Says

Reasonably Clever Extortion E-mail Based on Password Theft

Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail t ...

Hacking campaign targets iPhone users with data-stealing, location-tracking malware

Campaign delivers fake versions of WhatsApp and Telegram to victims - and those behind it have tried to make it look like a Russian attack when it isn't.

GitHub to Pythonistas: Let us save you from vulnerable code

Third language added to security scanner GitHub's added Python to the list of programming languages it can auto-scan for known vulnerabilities.…

My Health Record systems collapse under more opt-outs than expected

When citizens rush to opt out of an Australian government service, it says something about their levels of trust. When the system falls over under heavy load, it proves them right.

Containers or virtual machines: ​Which is more secure? The answer will surprise you

IBM Research has created a new way to measure software security, Horizontal Attack Profile, and it's found a properly secured container can be almost as secure as a virtual machine.

Hope for Hutchins, Navy sinks contractor, there's another Russian hacking scandal, and more

Also, make sure you update your Juniper kit quickly Roundup  This week, when we weren't watching the football and sobbing uncontrollably, we saw security headaches at NPM and Ticketmaster, and a priest in hot water with cybercrime charges.…

Thought two-factor auth completely locks down Office 365? Not quite

A network's only as strong as its weakest link or worker Hackers are developing new techniques to obtain access to corporate emails and calendars, even if multi-factor-authenticati
on defenses are in place.…

US drug cops peddled pre-cracked Blackberry mobes to crooks – and that's just the start

Same technique being used against ordinary US citizens? Back in 2013, Canadian John Darrel Krokos got 11.5 years in a US jail for leading a massive cocaine smuggling ring. Two years later, his colleague Zaid Wakil was given a 20-year sentence.…

Indictment bombshell: 'Kremlin intel agents' hacked, leaked Hillary's emails same day Trump asked Russia for help

Charges filed against dozen suspected Russian spies American prosecutors have accused 12 suspected Russian spies of hacking Democrat and Hillary Clinton campaign officials to leak their sensitive emails and swing the 2016 US Presidential Election.…

GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet

Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.

Justice Department Indicts 12 Russian Nationals Tied to 2016 Election Hacking

Indictments are part of special counsel Robert Mueller's investigation of Russian interference in the 2016 elections.

Indian iPhone Spy Campaign Used Fake MDM Platform

Cyberattackers have used a bogus mobile device management (MDM) system to target a small – but presumably high-value – set of iPhones in India in a cyberespionage campaign that has some unusual hallmarks.

Bogus MDM System Used To Hack iPhones In India

Chrome Adds Ambitious Browser Mitigation For Spectre

Cisco Patches High-Severity Bug In VoIP Phones

Ukraine Claims It Blocked VPNFilter Attack At Chemical Plant

How to Structure an Enterprise-Wide Threat Intelligence Strategy

To keep an organization safe, you must think about the entire IT ecosystem.

Bogus Mobile Device Management system used to hack iPhones in India

Baker's dozen pwned by tricksy attack Enterprise iPhone users in India have been targeted through a sophisticated and highly targeted attack run through bogus Mobile Device Management (MDM) servers.…

SmartFrame aims to replace jpegs to help companies protect and monetize images

SmartFrame Technologies Ltd has launched a system for publishing and monetizing images while making them harder to steal than standard jpegs. Some photographers are already using the system but it could have wider appeal for advertising, marketing and cor ...

SOCs Use Automation to Compensate for Training, Technology Issues

Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.

Commonwealth switches on critical infrastructure powers

Utilities still have six months to report.

Party like it's 1999: Packets of death, code exec menace Cisco gear

Annoying flaws found, patched in Fabric Services, NX-OS, StarOS, VOIP kit Cisco has advised net admins using switches that run its Fabric Services on FXOS, or NX-OS software, to update their boxes following the discovery of a critical security flaw.…

WordPress Sites Targeted in World Cup-Themed Spam Scam

Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.

Ticketmaster Breach Part Of Massive Card Skimming Campaign

What's Cooking With Caleb Sima

Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura - and a new baby food business venture with his wife and famed chef, Kathy Fang.

Friday Squid Blogging: Antifungal Squid-Egg Coating

The Hawaiian bobtail squid coats its eggs with antifungal bacteria. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Novel malware attack used mobile device management

Beware of installing additional certificates on devices.

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders

Tokens killed after eslint-scope JavaScript utility compromised An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers' NPM login tokens.…

ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat

Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat.

Chrome Now Features Site Isolation to Defend Against Spectre

A new feature called site isolation is being tapped to protect Chrome users against Spectre.

Australian Signals Directorate returns fire over Microsoft removal claims

IRAP irate.

ASD returns fire over Microsoft removal claims

IRAP irate.

Palo Alto Networks rattles tin, wants $1.5bn for, er, stuff and things

Loan notes to build war chest – yet firm denies it's eyeing up a fresh buyout Palo Alto Networks is trying to raise $1.5bn in cash for "potential acquisitions" and "strategic transactions", the company said today – though it claims not to have any buy ...

Your 2018 guide to cyber insurance is here

CISOs need every risk mitigation technique they can get, and cyber insurance is a great tool to mitigate and transfer cyber risk but there are some key pain points they should know about.

Hackers are selling backdoors into PCs for just $10

"This is definitely not something you want to discover on a Russian underground RDP shop," warn researchers.

IBM: A data breach will now cost your organization $3.86 million, if you're lucky

There are hidden costs over time which make the bill far larger than you may expect.

Google: Chrome now protects you from Spectre password-stealing attacks

Chrome 67 for Mac, Windows has just added extra defences against Spectre-style data-stealing attacks.

Another hack rocks cryptocurrency trading: Bancor loses $13.5 million

The alleged hack has raised questions over the validity of the start-up's "decentralized" system.

ASD restructure: Trouble at t' cyber mill?

Differing views within the recently restructured Australian Signals Directorate, described in one media report as an 'internal brawl' and 'internal frictions', could highlight a deeper, more challenging division.

Ticketmaster breach 'part of massive card-skimming campaign

It gets worse The Ticketmaster breach was not a one-off, but part of a massive digital credit card-skimming campaign.…

FBI for the Apple guy: bloke stealing Cupertino car kit collared

Engineer facing trade secrets theft rap for allegedly trying to defect with tech A former Apple engineer has been hit with federal trade secrets theft charges after trying to lift Cupertino's car tech on behalf of Alibaba.…

Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data

A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.

Newly Found Spectre Variants Bring New Concerns

Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.

Like my new wheels? All I did was squash a bug, and they gave me $72k

Bug bounty platform reports that vuln hunters are making bank Vuln hunters brought home the bacon last year, according to figures released today by bug bounty platform HackerOne.…

​The return of Spectre

Two new ways to assault computers using Spectre-style attacks have been discovered. These can be used against any operating system running on AMD, ARM, and Intel processors.

Deceased Patient Data Being Sold on Dark Web

Why are hackers selling medical records of deceased patients?

Getting Safe, Smart & Secure on S3

AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.

Newsmaker Interview: Scott Helme on Securing the Web

Scott Helme, the well-known security researcher, international speaker and the founder of the securityheaders.com and report-uri.com free tools for web security, has devoted himself to improving the security environment of the internet for the past decade ...

Facial recognition startup Kairos acquires Emotion Reader

Kairos, the face recognition technology used for brand marketing, has announced the acquisition of EmotionReader. EmotionRea
der is an Limerick, Ireland-based startup that uses algorithms to analyze facial expressions around video content. The startup allo ...

Major International Airport System Access Sold for $10 on Dark Web

Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.

A Curious Tale Of The Priest, The Broker, The Hacked Newswires, And $100 Million Of Insider Trades

The Crypto Currencies That Die Before They Have Bloomed

What We Talk about When We Talk about Risk

Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.

Android security: Password-stealing malware sneaks in Google Play store in bogus apps

At least ten apps were found to be delivering banking trojan malware to victims.

Apple Releases Wave of Security Updates

Apple updates software for nearly every hardware platform, though one big new feature almost steals the security show.

Department of Commerce Report on the Botnet Threat

Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that ...