security.didici.cc

Slack Fixes Cross-Origin Token Theft Bug

7 minutes ago

The cloud-based collaboration tool Slack was quick to fix a bug earlier this month that could have let an attacker steal a user’s private Slack token.

New Cybersecurity Regulations Begin Today For NY Banks

1 hour ago

New York's new security regulations for financial industry viewed as potential model for other states.

Best Practices For Lowering Ransomware Risk

1 hour ago

The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.

Hacked Robots Present a New Insider Threat

2 hours ago

Robots and their control software are rife with critical and painfully obvious security flaws that make them easily hackable, new research shows.

Re: Improvements

3 hours ago

Posted by Laurens Vets on Mar 01See inline.https://github.com
/airbnb/streamalert There is a lot more that needs to be done to cover the broad range of capabilities needed for detection and response, but StreamAlert achieves something very important even ...

How zombie cameras took down Netflix... and an entire country's internet

3 hours ago

Here's how the Internet of Things botnet went from being Minecraft server nuisances to a billion dollar threat that disabled a country's internet infrastructure

Robots Rife With Cybersecurity Holes

3 hours ago

IOActive Labs released a report Wednesday warning that consumer, industrial, and service robots in use today have serious security vulnerabilities.

DNSSEC: Why Do We Need It?

4 hours ago

The number of signed domain names has grown considerably over the past two and a half years but some sectors are heavily lagging behind.

'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle

4 hours ago

These five steps can help your organizations limit the risks from disgruntled employees and user errors.

Hacking robots: Why it could be a lot easier than it should be

4 hours ago

Security researchers say they have found a number of security flaws across a range of robots.

Trump Names New Head of Economic Council for Cybersecurity, Technology

6 hours ago

Grace Koh will be special assistant to the President for technology, telecom, and cybersecurity.

Palo Alto Networks Acquires LightCyber

6 hours ago

Company will integrate LightCyber technology into its Next-Generation Security Platform.

Botnets

7 hours ago

Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets ...

"Proof Mode" for your Smartphone Camera

8 hours ago

ProofMode is an app for your smartphone that adds data to the photos you take to prove that they are real and unaltered: On the technical front, what the app is doing is automatically generating an OpenPGP key for this installed instance of the app itsel ...

Million-Plus WordPress Sites Exposed by Vulnerable Plugin

8 hours ago

The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.

ESET software allows Mac remote code execution attacks

9 hours ago

The flaw can be exploited to push root code execution through MiTM attacks.

Dridex Trojan updated with AtomBombing evasion techniques

10 hours ago

A major upgrade to the malware will potentially cause even more headaches for European banks.

Palo Alto Q3 outlook disappoints amid execution issues

21 hours ago

Sales for the second quarter were light relative to expectations and the outlook was well below Wall Street estimates.

Massive Necurs Spam Botnet Now Equipped to Launch DDoS Attacks

22 hours ago

With more than one million active bots at any time, a Necurs-enabled DDoS attack could dwarf such an attack by the Mirai botnet.

Siemens RUGGEDCOM NMS Equipment Vulnerable to CSRF, XSS

22 hours ago

Siemens line RUGGEDCOM NMS products suffers from vulnerabilities that could allow an attacker to perform administrative actions.

Labor calls out government for breaching privacy laws amid Centrelink fiasco

22 hours ago

The federal opposition has accused the Australian government of breaching privacy laws after it was revealed that personal information on a welfare recipient was deliberately leaked.

Dridex Trojan Gets A Major ‘AtomBombing’ Update

23 hours ago

Dridex has undergone a massive update and now sports a new injection method for evading detection based on the technique known as AtomBombing.

Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses

1 day ago

A recent Bitdefender survey of 250 US IT execs in companies with 1000 or more PCs paints a disturbing picture of cybersecurity preparedness in the enterprise.

How Security Pros Can Bridge The Skills Shortage

1 day ago

By paying it forward, we can help address the industry's exploding need for talent.

Unpatched SMB Zero Day Easily Exploitable

1 day ago

Researchers claim the unpatched SMB zero day that affects Windows can be exploited a number of ways.

MobileIron lands reseller deal with Lenovo

1 day ago

Under the deal, Lenovo will resell MobileIron's security and management platform to enterprise customers purchasing Lenovo PCs, tablets, and smartphones.

Children’s Voice Messages Leaked in CloudPets Database Breach

1 day ago

Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.

Ghost apps live on to torment Android users

1 day ago

Even after they've been removed from the app store, rogue apps can still be causing hassles for the people that downloaded them.

Mac Malware Reaches New Highs

1 day ago

Two new malware threats in a week this past month, plus others in January, brings the 2017 Mac malware count up to 6 - and growing.

Torvalds Downplays SHA-1 Threat to Git

1 day ago

The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.

Zones of Trust: A New Way of Thinking about IoT Security

1 day ago

Recent attacks have focused attention on how to safely add "things"to enterprise networks, a topic that straddles IT and physical security. A zones-of-trust approach may be the answer.

Microsoft Opens Cybersecurity Center in Mexico

1 day ago

Microsoft launches a Mexican cybersecurity center and signs a Government Security Program to promote IT security research.

Kaspersky Expert's Treason Charge Linked To 2010 Complaint

1 day ago

A Russian businessman accused Kaspersky expert Ruslan Stoyanov, and Russian security officers, of leaking confidential data to US firms in 2010.

Kaspersky Lab Expert's Treason Charge Linked To 2010 Complaint

1 day ago

A Russian businessman accused Kaspersky Lab security expert Ruslan Stoyanov, and Russian security officers, of leaking confidential data to US firms in 2010.

Apparel, Food Delivery Hardest Hit by Online Fraud Attacks

1 day ago

New Forter-Merchant Research Council report confirms that EMV chips have moved fraudsters away from point-of-sale to online.

Stuffed toys database left personal data exposed, says security expert

1 day ago

Internet of Things database containing personal information was indexed by Shodan search engine.

EU Still Concerned about Windows 10 Privacy Settings

1 day ago

We all should be concerned about the privacy settings in Windows 10. And we should be glad that the EU has the regulatory authority to do something about it.

Singapore defense ministry suffers data breach affecting 850 users

1 day ago

Breach in Ministry of Defence's system compromised the personal data of 850 national servicemen and employees, whose identification and telephone numbers as well as birthdates were stolen.

Want to earn the big bucks? Become an IT architect

1 day ago

Seek reveals the most lucrative jobs.

Commissioner confirms privacy 'override' provisions exist

1 day ago

Following release of Centrelink data to media.

Australia is losing the innovation race

1 day ago

Is partnering the key to success for businesses?

Australia's international cyber plan will be unveiled this year

1 day ago

Bolstering security through diplomacy.

Australia's international cyber plan will be unveiled this year

1 day ago

Bolstering security through diplomacy.

Government to continue Census name and address collection

1 day ago

The federal government has held firm that names and addresses will be removed from Census responses no earlier than four years after submission.

DTA boss sheds 'disruptor' label

1 day ago

Says new digital agency is about more.

Testing reveals sad state of Android anti-malware apps

1 day ago

Ratings and reviews won't weed out badware.

Testing reveals sad state of Android anti-malware apps

1 day ago

Ratings and reviews won't weed out badware.

Cloudbleed: When security means living with complexity

1 day ago

[Blog post] It's difficult trying to do the right thing.

​Commonwealth Bank partners with Airtasker for identity verification

1 day ago

The bank has provided the online outsourcing company with a pilot identity verification solution for its customers.

Govt refuses to make name entry voluntary in Census

1 day ago

Won't implement additional privacy controls.

Toy maker's sensitive database exposed, held to ransom

1 day ago

Millions of kids' recordings leaked thanks to insecure MongoDB instance.

Toy maker's sensitive database exposed, held to ransom

1 day ago

Millions of kids' recordings leaked thanks to insecure MongoDB instance.

NAB lures Barclays IT exec as new CTO

1 day ago

Will report straight to Thorburn.

Tens of thousands of Chromebooks fail because of Symantec BlueCoat problem

1 day ago

Did your web access just go badly wrong when you upgraded to the Chrome web browser 56 or Chrome OS 56? The problem is probably in your web proxy.

Leaked documents reveal airport's catalog of security lapses

1 day ago

Exclusive: One document details how a New York airport's security screeners failed to check names against the government's "no-fly" list.

Google's Ease-of-Use Email Encryption Project Goes Open Source

1 day ago

E2Email, together with open source Key Transparency project, are meant to take on the challenges that have dogged end-to-end email encryption adoption for decades.

Boeing Notifies 36,000 Employees Following Breach

1 day ago

A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse.

Apple, SAP to release tool to build business apps

1 day ago

SAP Cloud Platform SDK for iOS coming next month.

Telstra preps nationwide LTE broadcast service

1 day ago

Apple not on board with 4G broadcast tech.

Adm. Rogers Talks about Buying Cyberweapons

1 day ago

At a talk last week, the head of US Cyber Command and the NSA Mike Rogers talked about the US buying cyberweapons from arms manufacturers. "In the application of kinetic functionality -- weapons -- we go to the private sector and say, 'Build this thing w ...

Microsoft Adds Technical Updates to SDL Site

2 days ago

Microsoft releases a new round of updates and technical content additions to its Security Development Lifecycle website.

Tomorrow on Dark Reading: Your Costs, Risks & Metrics Questions Answered

2 days ago

First up on the Dark Reading upcoming events calendar is our Dark Reading Virtual Event Tuesday, Feb. 28.

Today on Dark Reading: Your Costs, Risks & Metrics Questions Answered

2 days ago

First up on the Dark Reading upcoming events calendar is our Dark Reading Virtual Event Tuesday, Feb. 28.

20 Questions for SecOps Platform Providers

2 days ago

Security operations capabilities for the masses is long overdue. Here's how to find a solution that meets your budget and resources.

Google Discloses Another ‘High Severity’ Microsoft Bug

2 days ago

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers.

Microsoft prepares to roll out new update options for Windows 10

2 days ago

In the Creators Update, this spring's big Windows 10 release, Microsoft is adding some new knobs and levers for managing updates, including an option to delay feature updates by up to a year. Here's what you can expect.

Two Charged In Gas Station Card-Skimming Scheme

2 days ago

Two individuals face federal charges for skimming debit card information from gas station pumps across multiple states.

Katie Moussouris on Bug Bounty Programs, Hack the Army, and Wassenaar

2 days ago

Katie Moussouris on how bug bounty programs have gone mainstream, the success of Hack the Pentagon and Hack the Army, and where things stand with the Wassenaar Arrangement.

Google Releases E2EMail to Open Source

2 days ago

Google’s E2EMail Chrome extension brings OpenPGP encryption to Gmail users.

Google: We're puzzled Windows 10's Edge, IE flaw hasn't been patched by Microsoft

2 days ago

Google's Project Zero security researchers express surprise at Microsoft's failure to patch this bug before it reached its 90-day deadline.

The real cost of ransomware: Attacks take most victims offline for at least a week

2 days ago

Lack of coherent strategies about what to do when attacked by ransomware is costing organisations dear.

Windows 10 to permit block on apps installing if they're not from Microsoft Store

2 days ago

Microsoft is testing a new feature that offers the option of preventing non-Windows 10 Store apps being installed.

In Cybersecurity, Language Is a Source of Misunderstandings

2 days ago

To successfully fight threats across industries, we must all use the same terminology.

A Survey of Propaganda

2 days ago

This is an excellent survey article on modern propaganda techniques, how they work, and how we might defend ourselves against them. Cory Doctorow summarizes the techniques on BoingBoing: ...in Russia, it's about flooding the channel with a mix of lies a ...

Necurs Botnet Learns New DDoS Trick

2 days ago

Researchers say Necurs malware has been updated with a module that adds SOCKS/HTTP proxy and DDOS capabilities to this malware.

Singapore mulls national identity system to fully encompass all services

2 days ago

Prime Minister Lee Hsien Loong reveals possible plans for a nationwide system that will enable access to both government and private services, expanding the existing SingPass e-government login account.

Russian cybersecurity expert charged with treason over US data-sharing claims

2 days ago

Charges brought against a Kaspersky expert and state security offers stem from allegations of state secret leaks.

Google End-to-End encrypted email code goes open-source

2 days ago

Programmers can now get their hands on the E2EMail code to bolster email encryption services.

Qld to buy a new set of mainframes

2 days ago

Even as it looks to shut down data centres.

Re: SHA1

2 days ago

Posted by Kristian Erik Hermansen on Feb 26I think almost all versions of OpenVPN clients for mobile devices (windows phone?, Android, iOS) didn't traditionally support anything greater than sha1 crypto, so all openvpn mobile clients affected? OpenVPN tra ...

Westpac outage downs branches

2 days ago

Services unavailable nationwide.

Two of Australia's biggest IT providers to merge

2 days ago

DWS to take over SMS M&T in $124m deal.

QBE deploys drones to assess insurance claims

2 days ago

Following natural disasters.

Linus Torvalds on SHA-1 and Git: 'The sky isn't falling'

2 days ago

Yes, SHA-1 has been cracked, but that doesn't mean your code in Git repositories is in any real danger of being hacked.

Google's Waymo sues Uber over alleged sensor tech theft

2 days ago

Trade theft lawsuit kicks off.

Russian cyber experts' treason charges linked to seven-year-old accusations

2 days ago

Accused of passing secrets to Verisign, CIA.

Russian cyber experts' treason charges linked to seven-year-old accusations

2 days ago

Accused of passing secrets to Verisign, CIA.

Telstra to upgrade optical network, trial 5G and IoT

2 days ago

To cater to expected traffic growth.

NBN Co reinstates fixed-line tech type in rollout maps

3 days ago

‘Major update’ also adds availability dates for Telstra HFC footprint.

MySQL instances attacked by database blackmailers

3 days ago

Copycats delete databases without dumping them.

MySQL instances attacked by database blackmailers

3 days ago

Copycats delete databases without dumping them.

Cyber Insurance Uptake Hampered By Skewed Data, Poor Communication

4 days ago

Only 29% of US businesses have cyber insurance; Deloitte outlines steps for insurance companies to improve risk models, communication, and policy sales.

Friday Squid Blogging: Squid Short Story

4 days ago

A short SF story in a tweet. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Researchers Uncover New Leads Behind Shamoon2

4 days ago

Researchers from Arbor Networks' Security Engineering and Response Team (ASERT) say they have unearthed fresh leads on the tools and techniques used in the most recent wave of Shamoon attacks.

Cloudflare Leaked Web Customer Data For Months

4 days ago

Potential scope of issue evokes comparisons to Heartbleed.

My TEDMED Talk on Medical Data Privacy

5 days ago

Last November, I gave a talk at the TEDMED Conference on health and medical data privacy. The talk is online

20 Cybersecurity Startups To Watch In 2017

5 days ago

VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.

IaaS: The Next Chapter In Cloud Security

5 days ago

Organizations adopting IaaS must update their approach to security by using the shared responsibility model.

It's the end of SHA-1 and I feel fine

5 days ago

Google has proven SHA-1 cryptography is no longer safe, but then we've known this day had been coming for years.

Threatpost News Wrap, February 24, 2017

5 days ago

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare's "Cloudbleed" bug, Google breaking SHA-1, and more.

Suspect Arrested In Connection With Mirai Botnet

5 days ago

One million Deutsche Telekom customers were knocked offline in a November 2016 cyberattack.

Florida Man Pleads Guilty To Clinton Foundation Hack Attempts

5 days ago

Timothy Sedlak also convicted in child pornography case and sentenced to 42 years in jail, Reuters reports.

Cloudflare Bug Leaks Sensitive Data

5 days ago

Cloudflare has fixed an issue where its customer traffic was leaking memory that included sensitive information including authentication cookies, POST data and more.

Re: Improvements

5 days ago

Posted by Dominique Brezinski on Feb 24inline...https://github
.com/airbnb/streamalert T
here is a lot more that needs to be done to cover the broad range of capabilities needed for detection and response, but StreamAlert achieves something very important e ...

Re: Improvements

5 days ago

Posted by Oliver Friedrichs on Feb 24Since I’m on this list and rarely get to contribute it seems like a good time to jump in (although Phantom coincidentally almost started by focusing on offense – google “Phantom Access” if you are curious wher ...

Re: SHA1

5 days ago

Posted by Ryan Kiser on Feb 24While I’m probably not qualified to answer this question in a totally comprehensive way, the following technet article is illuminating if you ever find yourself wondering what SHA1 is still valid for in Microsoft land.http ...

Re: SHA1

5 days ago

Posted by William Reyor on Feb 24I believe this affects mostly certificates and ipsec configurations.

Security lapse exposed New York airport servers for a year

5 days ago

Exclusive: The files included gigabytes of emails, sensitive government files, and a password list, which researchers say could give hackers 'full access' to the airport's systems.

Palantir and the NSA

5 days ago

The Intercept has a long article on the relationship between Palantir Technologies and the NSA, based on the Snowden documents.

Google breaks SHA-1 web crypto for good but Torvalds plays down impact on Git

5 days ago

Researchers' SHA-1 collision spells the end of the cryptographic hashing algorithm for the web, but Linux kernel creator Linus Torvalds says not to worry about Git's reliance on SHA-1.

US military to open its own GitHub repository

5 days ago

Prepares for unusual legal obstacles.

Sentinel Labs, SpyChatter, Vir2us settle with FTC over fake security certificate claims

5 days ago

The trio has been accused of lying to customers about the security standards of their services.

Telstra-built national cancer register running months behind schedule

5 days ago

Delays impact bowel cancer, cervical screens.

Are users 'gaming' myTax to get bigger deductions?

5 days ago

Accountants fear nudge system could backfire.

​Your cyber defences are probably wrong, again

5 days ago

If you thought cybersecurity looked bad from inside organisations, try looking in from the outside. From the hackers' perspective, it's even worse.

Cloudflare reveals 'bad' data leakage bug

5 days ago

'Cloudbleed' exposed customer HTTPS sessions.

Cloudflare reveals 'bad' data leakage bug

5 days ago

'Cloudbleed' exposed customer HTTPS sessions.

DTA expands digital marketplace

5 days ago

Government's pitching portal evolves.

​Government launches first of AU$47m Joint Cyber Security Centres in Brisbane

5 days ago

The Australian government has launched its first of five Joint Cyber Security Centres which will see industry, government, and law enforcement work together to develop new approaches to cybersecurity.

Digital transformation will expose Asia to higher fraud risk

5 days ago

As more processes and transactions are moved to the digital realm, organisations must realise their increased risk exposure and safeguard all customer and data channels.

Chef CEO to keynote at Cloud & DC Edge 2017

5 days ago

[Blog post] More international speakers announced.

'Technical issues' delay Billabong's ecommerce rollout

5 days ago

Roadblock greets new NetSuite platform.

​Cloudflare found leaking customer HTTPS sessions for months

5 days ago

Customer information from Uber, 1Password, and online dating site OkCupid is amongst the SSL data leaked by Cloudflare.

First Aussie cyber threat sharing centre opens in Brisbane

5 days ago

Co-locates private, public sector experts.

First Aussie cyber threat sharing centre opens in Brisbane

5 days ago

Co-locates private, public sector experts.

RSA and the expanding hole in cybersecurity

5 days ago

The recent RSA conference drew more than 43,000 people — a record number as the cybersecurity hole continues to widen with new exploits.

All roads lead to cyber

5 days ago

Just give me a curious person who loves security -- we can teach them the rest.

Police arrest bot herder behind attack on millions of routers

5 days ago

Faces up to a decade in prison if found guilty.

Police arrest bot herder behind attack on millions of routers

5 days ago

Faces up to a decade in prison if found guilty.

Russia Top Source Of Nefarious Internet Traffic

5 days ago

Honeypot research from F-Secure shows majority of illicit online activity coming from IP addresses in Russia - also where ransomware is a hot commodity.