security.didici.cc

Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more

22 hours ago

A busy and bonkers week in security Roundup  Happy weekend, everyone. Here's a roundup of computer security news beyond everything we've already reported this week.…

Tor pedo's torpedo torpedoed: FBI spyware crossed the line but was in good faith, say judges

1 day ago

Playpen pervert fails to convince appeals court ANalysis  US judges have shut down an appeal from a convicted pedophile who claimed the FBI hacking of his computer was an unreasonable search.…

Friday Squid Blogging: The Symbiotic Relationship Between the Bobtail Squid and a Particular Microbe

1 day ago

This is the story of the Hawaiian bobtail squid and Vibrio fischeri. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Veil is private browsing for the ultra-paranoid

1 day ago

 If you’re worried about someone finding out what you’re pointing your browser at, there are plenty of options for keeping it secret, with varying levels of difficulty and effectiveness. Veil takes things further than perhaps any other anonymous brow ...

Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

1 day ago

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

93% of Cloud Applications Aren't Enterprise-Ready

1 day ago

The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.

'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers

1 day ago

The new malware also can turn bots into DDoS attack machines, says Fortinet.

FBI Warns of Spike in W-2 Phishing Campaigns

1 day ago

A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.

10 Can't-Miss Talks at Black Hat Asia

1 day ago

With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.

Visa: EMV Cards Drove 70% Decline in Fraud

1 day ago

Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.

Leveraging Security to Enable Your Business

1 day ago

When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.

Enabling Better Risk Mitigation with Threat Intelligence

1 day ago

In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.

Apple changes Safari's cookie killer to fix Facebook's Like buttons

1 day ago

Apple has made its anti-tracking feature in Safari friendlier to social media.

Supporters of Net Neutrality Vow to Fight Rule Changes

1 day ago

The FCC’s rollback of network neutrality regulations is set to be complete in April, but it won't happen without a fight.

Poor smart contract coding exposes millions of dollars in Ethereum

1 day ago

Researchers have discovered over 30,000 contracts are open to exploit.

1Password bolts on a ‘pwned password’ check

1 day ago

 Password management service 1Password has a neat new feature that lets users check whether a password they’re thinking of using has already been breached. At which point it will suggest they pick another. Read More

Election Security

1 day ago

I joined a letter supporting the Secure Elections Act (S. 2261): The Secure Elections Act strikes a careful balance between state and federal action to secure American voting systems. The measure authorizes appropriation of grants to the states to take i ...

Drupal patches critical CMS vulnerabilities

1 day ago

The bugs include incorrect code handling and access bypass security flaws.

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it

2 days ago

Letters to Congress detail the plan to keep CPU flaws secret Letters sent to the United States Congress by Intel and the other six companies in the Meltdown/Spectre disclosure cabal have revealed how and why they didn't inform the wider world about the da ...

OpenBSD releases Meltdown patch

2 days ago

And now to see it's an unwelcome imposition or a mere inconvenience OpenBSD's Meltdown patch has landed, in the form of a Version 11 code update that separates user memory pages from the kernel's – pretty much the same approach as was taken in the Linux ...

Intel kept US infosec officials in the dark about chip flaws

2 days ago

Until after Meltdown and Spectre were made public.

Best Practices for Recruiting and Retaining Women in Security

2 days ago

Gender diversity can help fill the security talent gap, new Forrester Research report says.

Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs

2 days ago

The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.

Overcoming the challenges: Back-up and storage for banks

2 days ago

Now is a good time for banks to think audit their back-up and storage to achieve both cost-savings and regulatory compliance.

Cryptojacking Attack Found on Los Angeles Times Website

2 days ago

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency.

It's Not What You Know, It's What You Can Prove That Matters to Investigators

2 days ago

Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.

SEC: Companies Must Disclose More Info on Cybersecurity Attacks and Risks

2 days ago

New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.

IRS Warns of Spike in W-2 Phishing Emails

2 days ago

The IRS reports an increase in reports of phishing emails asking for W-2 information.

US border officials haven't properly verified visitor passports for more than a decade

2 days ago

E-passports contain a cryptographic hash of a passport holders' details, designed to make it almost impossible to forge a travel document or steal someone's identity.

Anatomy of an Attack on the Industrial IoT

2 days ago

How cyber vulnerabilities on sensors can lead to production outage and financial loss.

Security Liability in an 'Assume Breach' World

2 days ago

Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.

Hackers are selling legitimate code-signing certificates to evade malware detection

2 days ago

Code-signed apps are harder to detect by network security appliances, making it easier to sneak malware onto a vulnerable system. The downside? Certificates aren't cheap — and hackers usually are.

Android P will stop apps from silently using your phone's camera and mic

2 days ago

Android P gets a privacy boost by preventing backgrounded apps from recording or taking pictures.

Vectra raises $36 million in AI-based threat detection push

2 days ago

The startup's Series D round highlights investor interest in AI cybersecurity systems.

Harassment By Package Delivery

2 days ago

People harassing women by delivering anonymous packages purchased from Amazon. On the one hand, there is nothing new here. This could have happened decades ago, pre-Internet. But the Internet makes this easier, and the article points out that using prepa ...

First Intel, now AMD also faces multiple class-action suits over Spectre attacks

2 days ago

Customers accuse the chip maker of charging premium prices for a faulty product.

UK Companies House strips company director info to combat identity theft

2 days ago

Company directors are being targeted en masse by identity fraudsters in the UK.

Hacking group used Facebook lures to trick victims into downloading Android spyware

2 days ago

At least three fake social media accounts posing as young women have encouraged victims into downloading highly invasive Android malware.

Lack of funding exposes US federal agencies to high data breach risks

3 days ago

Budget cuts and other restraints are hampering the government from effectively protecting itself against cyberattacks.

uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

3 days ago

Don't say we didn't warn you Users of uTorrent should grab the latest versions of the popular torrenting tools: serious security bugs, which malicious websites can exploit to commandeer PCs, were squashed this week in the software.…

Hey, you. App dev. You like secure software? Let's learn from Tinder, Facebook's blunders

3 days ago

API holes would let miscreants spy on sexting lovers App developers should take a long, hard look at how they use Facebook's Account Kit for identifying users – after a flaw in the system, and Tinder's use of the toolkit, left shag-seekers open to accou ...

Australia's Notifiable Data Breaches scheme is now in effect

3 days ago

Within the first 100 days of the Netherlands scheme, the Dutch Data Protection Authority received 1,000 data breach notifications. Will Australia see the same impact?

DTA to add cyber security to its $7bn govt watchlist

3 days ago

Spending comes under the spotlight.

DTA adds cyber security to its $7bn govt watchlist

3 days ago

Spending comes under the spotlight.

Global Cybercrime Costs Top $600 Billion

3 days ago

More than 50% of attacks result in damages of over $500K, two reports show.

GitLab fixes security issue that let anyone hijack custom domains

3 days ago

A security researcher hijacked 700 domains and subdomains in less than a minute.

Guys, you're killing us! LA Times homicide site hacked to mine crypto-coins on netizens' PCs

3 days ago

And they say there's no money to be made in newspapers A Los Angeles Times' website is right now silently mining crypto-coins using visitors' web browsers and PCs – after hackers snuck mining code onto its webpages.…

Guess who else Spectre is haunting? Yes, it's AMD. Four class-action CPU flaw lawsuits filed

3 days ago

Punters not happy with handling of vulnerability confessions It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the c ...

Australian government still pushing decryption magic bullet

3 days ago

Seven months after Prime Minister Malcolm Turnbull told ZDNet the laws of Australia will trump the laws of mathematics, Minister for Home Affairs Peter Dutton has discussed looming legislation that would force companies to help the government access commu ...

Intel ships update for newest Spectre-affected chips

3 days ago

 Intel has announced that the fix is out for its latest chips affected by Spectre, the memory-leakage flaw affecting practically all computing hardware. The patch is for the Skylake generation (late 2015) and newer, though most users will still have to w ...

uTorrent Users Warned of Remote Code Execution Vulnerability

3 days ago

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client.

Intel Issues Updated Spectre Firmware Fixes For Newer Processors

3 days ago

Intel has issued a firmware fix to help its Kaby Lake, Coffee Lake and Skylake processors address the Spectre security flaw.

Signal expands into the Signal Foundation with $50M from WhatsApp co-founder Brian Acton

3 days ago

 Perhaps the most surprising thing I learned about Signal when I spoke with Moxie Marlinspike, the app’s creator, last year at Disrupt, was that it was essentially running on a shoestring budget. An tool used by millions and feared by governments world ...

The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk

3 days ago

Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.

Trucking Industry Launches Info Sharing, Cybercrime Reporting Service

3 days ago

American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.

New BEC Spam Campaign Targets Fortune 500 Businesses

3 days ago

A new business email compromise campaign targets financial transactions tied to Fortune 500 firms.

RootedCON Security Conference - 1-3 March, Madrid (Spain)

3 days ago

Posted by omarbv on Feb 21On the occasion of the ninth edition of RootedCON, the most important computer security conference in the country, around 2,000 hackers will meet to discuss new questions and researchs about the cybersecurity world, with its ris ...

Google launches enterprise Android device recommendation program, omits Samsung

3 days ago

Google's Android Enterprise Recommended program includes a big chunk of the Android device field, but omits Samsung. Here's a look at Google's requirements.

Vectra raises $36M for its AI-based approach to cybersecurity intrusion detection

3 days ago

 With the trend of growing cybercrime showing no indication of abating, a startup called Vectra that has built an artificial intelligence-based system called Cognito to detect cyberattacks and mobilise security systems to respond to them has raised $36 m ...

Intel hurls Spectre 2 microcode patch fix at world

3 days ago

Mitigation for chip design vuln For the second time of asking, Intel has issued microcode updates to OEMs that it prays says will mitigate the Spectre variant two design flaw impacting generations of CPUs spewed out over previous decades.…

Intel hurls Spectre 2 microcode patch fix at world

3 days ago

Mitigation for chip design vuln For the second time of asking, Intel has issued microcode updates to OEMs that it prays says will mitigate the Spectre variant two design flaw impacting generations of CPUs spewed out over previous decades.…

Takeaways from the Russia-Linked US Senate Phishing Attacks

3 days ago

The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.

7 Cryptominers & Cryptomining Botnets You Can't Ignore

3 days ago

Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.

Brazil hit by 30 DDoS attacks per hour in 2017

3 days ago

The country is part of a global ranking of the five nations most targeted by cybercriminals, says study.

Windows 10 bug: Google again reveals code for 'important' unpatched flaw

3 days ago

For the second time in a week, Google reveals another unpatched Windows 10 vulnerability.

C-Suite Divided Over Security Concerns

3 days ago

Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.

Getting Started with IoT Security in Healthcare

3 days ago

There's a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.

Cybercrime drains $600 billion a year from the global economy, says report

3 days ago

According to McAfee and the Center for Strategic and International Studies, nearly one percent of global GDP is lost to cybercrime each year.

World's cyber attacks hit us much harder in past year – major infosec chief survey

3 days ago

Cisco report: Smacked orgs forked out $500k due to attacks Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…

World's cyber attacks hit us much harder in past year – major infosec chief survey

3 days ago

Cisco report: Smacked orgs forked out $500k due to attacks Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (£356,00) per business, according to an extensive survey of CISOs across the globe.…

New Spectre/Meltdown Variants

3 days ago

Researchers have discovered new variants of Spectre and Meltdown. The software mitigations for Spectre and Meltdown seem to block these variants, although the eventual CPU fixes will have to be expanded to account for these new attacks.

Intel's new Spectre fix: Skylake, Kaby Lake, Coffee Lake chips get stable microcode

3 days ago

Intel makes progress on reissuing stable microcode updates against the Spectre attack.

North Korean Reaper APT uses zero-day vulnerabilities to spy on governments

3 days ago

The often-overlooked hacking group appears to be backed by the North Korean government.

Phishing schemes net hackers millions of dollars from Fortune 500

3 days ago

IBM has uncovered sophisticated campaigns which are successfully targeting Fortune 500 companies.

Bad news: 43% of login attempts 'malicious' Good news: Er, umm...

4 days ago

Also bad: Unpatched systems, unsecured APIs, IoT gear, anthrax candy, bottomless pits An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.…

Dutton says facial recognition in lieu of passports 'very close' to reality

4 days ago

The country's newly crowned Minister for Home Affairs Peter Dutton has said facial recognition at airports in Australia is merely a few 'technology generations' away from being rolled out.

Tesla left its cloud servers open to cryptomining hackers

4 days ago

Kubernetes admin console exposed.

Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

4 days ago

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.

Researcher to Release Free Attack Obfuscation Tool

4 days ago

Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.

Facebook Aims to Make Security More Social

4 days ago

Facebook's massive user base creates an opportunity to educate billions on security.

SWIFT Network Used in $2 Million Heist at Indian Bank

4 days ago

The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.

Cyber attackers are cashing in on cryptocurrency mining - but here's why they're avoiding bitcoin

4 days ago

Cryptocurrency mining malware has emerged as a key methof of criminal hackers making money - so why aren't they targeting the most valuable blockchain-based currency of them all?

Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat

4 days ago

These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.

Tresorit adds file restore to its e2e encrypted cloud storage service

4 days ago

 Europe-based cloud storage startup Tresorit which mainly focuses on selling to small to medium size businesses has added a file restore feature to its e2e encrypted cloud storage platform which it’s touting as a helpful feature if you’re trying to ...

Flight simulator dev: Sorry for installing password-stealing tool on your PC

4 days ago

Developer embeds Chrome password dump tool in official installer to combat pirates.

Tesla cloud systems exploited by hackers to mine cryptocurrency

4 days ago

Researchers have discovered that Tesla's AWS cloud systems were compromised for the purpose of cryptojacking.

Proactive Threat Hunting: Taking the Fight to the Enemy

4 days ago

Pulling together everything your security team needs to be effective at threat hunting is not easy but it's definitely worthwhile. Here's why.

Vulnerabilities Broke Records Yet Again in 2017

4 days ago

Meanwhile, organizations still struggle to manage remediation.

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

4 days ago

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers.

UK local gov: 37 cyber attacks a minute but little mandatory training

4 days ago

Campaigners blame gov bods' growing hunger for big data Local government was hit by almost 100 million cyber attacks in the last five years, while one in four councils’ systems were successfully breached, according to research.…

Chef InSpec 2.0 helps automate security compliance in cloud apps

4 days ago

 How many times do you hear about a company exposing sensitive data because they forgot to lock down a data repository on Amazon? It happens surprisingly often. Chef wants to help developers and operations teams prevent that kind of incident. Today, the ...

Meet Coldroot, a nasty Mac trojan that went undetected for years

4 days ago

The malware can remotely steal passwords by logging everything a user types, and more.

Facebook Will Verify the Physical Location of Ad Buyers with Paper Postcards

4 days ago

It's not a great solution, but it's : The process of using postcards containing a specific code will be required for advertising that mentions a specific candidate running for a federal office, Katie Harbath, Facebook's global director of policy program ...

Australia needs more cyber in the middle

5 days ago

Government cybersecurity programs usually aim to help big, critical enterprises directly, or improve the cyber awareness of families and consumers. What about all the small and medium businesses?

Is PayID look-up no more a breach of privacy than a phonebook?

5 days ago

Being able to find someone's name and mobile number through the New Payments Platform PayID system shouldn't be used as a function creep, but it is, and NPP Australia says it's the user's choice to opt-in.

Australia re-enters Information and Privacy Commissioner limbo

5 days ago

A little over a year after being permanently appointed, Information Commissioner Timothy Pilgrim is set to retire on March 24.

Year-old vuln turns Jenkins servers into Monero mining slaves

5 days ago

The hip world of continuous integration meets the dark world of crypto-jacking Here's a salutary reminder why it pays to patch promptly: a Jenkins bug patched last year became the vector for a multi-million-dollar cryptocurrency mining hijack.…

Google reveals Edge bug that Microsoft has had trouble fixing

5 days ago

Oh great - because Google's explained how to make Edge run dodgy code Google has again decided to disclose a flaw in Microsoft software before the latter company could deliver a fix. Indeed, Microsoft has struggled to fix this problem.…

On the Security of Walls

5 days ago

Interesting history of the security of walls: Dún Aonghasa presents early evidence of the same principles of redundant security measures at work in 13th century castles, 17th century star-shaped artillery fortifications, and even "defense in depth" secu ...

​Bogus Linux vulnerability gets publicity

5 days ago

No, there's not a new security hole that gives attackers complete control over Linux servers. But, if you use a poor password, yes, you can still get hacked. Imagine!

UN chief urges global rules for cyber warfare

5 days ago

Warns next war will begin with 'massive cyber attack'.

Meltdown-Spectre: Now the class action suits against Intel are starting to mount up

5 days ago

Intel faces 32 class action lawsuits over its processor flaws and says more may be in the pipeline.

Lawsuits threaten infosec research — just when we need it most

5 days ago

Security researchers and reporters have something in common: both hold the powerful accountable. But doing so has painted a target on their backs — and looming threats of legal action and lawsuits have many concerned.

Qld follows feds with new biometrics sharing laws

6 days ago

Ahead of the Commonwealth Games.

Crims pull another SWIFT-ie, Indian bank stung for nearly US$2m

6 days ago

City Union Bank now reckons it has ‘adequate enhanced security’ A year after the SWIFT international bank transfer system enhanced its security, another breach has emerged: an Indian bank has confirmed that criminals gained access to its systems and m ...

Australia's new insta-pay scheme has insta-lookup of any user's phone number

6 days ago

PayID operator says it's a feature that sends money to the right person. It's a bug that harvests data, say others The brand-new app implementing Australia’s New Payment Platform (NPP) system has a user enumeration flaw, but the organisation responsible ...

Government agrees to up Medicare card privacy and security controls

6 days ago

Scrapping PKI certificates in favour of PRODA is one of 14 recommendations the Australian government has accepted following a review into health providers' access to Medicare card numbers.

Hackers stole $7.6m from Russian bank via SWIFT

6 days ago

Digital heists becoming more frequent.

Intel hit with 32 lawsuits over Spectre, Meltdown

6 days ago

Mostly customer class actions.

Sqreen wants to become the IFTTT of web app security

1 week ago

 French startup Sqreen recently launched a Security Hub with dozens of plugins to put you in control of the security of your web app. In many ways, it feels like enabling tasks on popular automation service IFTTT. Sqreen participated in TechCrunch’s St ...

Facebook didn’t mean to send spam texts to two-factor authentication users

1 week ago

 Facebook Chief Security Officer Alex Stamos apologized for spam texts that were incorrectly sent to users who had activated two-factor authentication. The company is working on a fix, and you won’t receive non-security-related text messages if you nev ...

Global security crackdown, a host of code nasties, Brit cops mocked, and more

1 week ago

It's the week in security Roundup  Here's a summary of this week's security news beyond what we've already reported.…

Hands up who HASN'T sued Intel over Spectre, Meltdown chip flaws

1 week ago

Chipzilla says class-action lawsuit tally stands at 32 Intel says it is facing 32 separate class-action lawsuits following the revelations it shipped millions of processors with security design flaws dubbed Meltdown and Spectre.…

People are trolling iPhone users with the ‘killer symbol’ that crashes their apps

1 week ago

 Surprise! Assorted jerks on the internet have weaponized the unicode-based bug we reported yesterday to insta-crash apps running on an iPhone or a Mac. The result is somewhere between the old Alt + F4 trick and a script kiddie stunt and it ranges from b ...

Friday Squid Blogging: Squid Pin

1 week ago

There's a squid pin on Kickstarter. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Mueller bombshell: 13 Russians charged with allegedly meddling in US presidential election

1 week ago

Ruskies stole US citizens' identities to spread discord – indictment Robert Mueller, the special prosecutor investigating foreign agents tampering in the 2016 US presidential election, has indicted 13 Russian nationals for conspiracy against the United ...

13 Russians Indicted for Massive Operation to Sway US Election

1 week ago

Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.

Apple Rushes Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

1 week ago

Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters.   

Oracle grabs Zenedge as it continues to beef up its cloud security play

1 week ago

 Oracle announced yesterday that it intends to acquire Zenedge, a 4-year old hybrid security startup. They didn’t reveal a purchase price. With Zenedge, Oracle gets a security service to add it to its growing cloud play. In this case, the company has p ...

Special counsel Robert Mueller indicts Russian bot farm for election meddling

1 week ago

 Special Counsel Robert Mueller has just handed down a set of indictments, charging 13 Russian citizens and three Russian organizations with interference in the U.S. presidential election in efforts dating back to 2014. The indictment names the Internet ...

US special counsel indicts 13 members of Russia's election meddling troll farm

1 week ago

Special Counsel Robert Mueller's office said Friday that a grand jury has indicted 13 Russian nationals and three Russian entities accused of election meddling.

Siemens Leads Launch of Global Cybersecurity Initiative

1 week ago

The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.

FedEx Customer Data Exposed on Unsecured S3 Server

1 week ago

Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.

Rise of the 'Hivenet': Botnets That Think for Themselves

1 week ago

These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.

New National Academies Report on Crypto Policy

1 week ago

The National Academies has just published "Decrypting the Encryption Debate: A Framework for Decision Makers." It looks really good, although I have not read it yet. Not much news or analysis yet. Please post any links you find in the comments, and I wil ...