security.didici.cc
Sofacy APT Targeting OS X Machines with Komplex Trojan
2 hours agoAPT gang Sofacy is targeting Mac OS X users with a Trojan that allows an attacker to execute remote commands on infected systems.
Russian 'Fancy Bear' Hackers Hit Mac OS X With New Trojan
3 hours agoAerospace victim hit by targeted attack that didn't even exploit a Mac vulnerability.
Brian Krebs DDoS
3 hours agoBrian Krebs writes about the massive DDoS attack against his site. In fact, the site is down as I post this.
Questions Mount Around Yahoo Breach
4 hours agoCrypto company Venafi points out potential holes in Yahoo's processes and policies around cryptography and digital certificates, any of which could have been exploited in the breach to move data off the Yahoo network.
Hancitor Downloader Abusing APIs, PowerShell Commands
5 hours agoDevelopers behind the malicious downloader Hancitor have bolstered the malware again, this time with new delivery approaches that make it more difficult to detect.
Ransomware: Coming To A Hospital Near You?
6 hours ago10 ways to protect healthcare systems from ransomware and other malware infections.
Cyber Risk Among Top Concerns For Business Leaders: Study
6 hours agoMore than 50% of business leaders surveyed in the Travelers Risk Index report cyber, computer, and technology risks are among their top concerns.
MarsJoke Ransomware Targets .EDU, .GOV Agencies
7 hours agoResearchers have identified a new ransomware strain that spoofs tracking services via spam messages and contain URLs that link to malicious files.
Sloppy programming leads to OpenSSL woes
7 hours agoSometimes security patches create bigger problems than the ones they solve. OpenSSL just made that blunder.
FBI Probes Dumping Of NSA Hack Tools On Public Site
8 hours agoNational Security Agency says tools left exposed by mistake - and dumping by presumably Russia-backed hackers Shadow Brokers.
OpenSSL Fixes Critical Bug Introduced by Latest Update
9 hours agoOpenSSL’s most recent update introduced a critical vulnerability in the crypto library, forcing an emergency update today.
Yahoo Breach Could Delay $4.8 Billion Verizon Takeover
9 hours agoVerizon may revisit contract with Yahoo on doubts of vulnerabilities in the system after 500 accounts were found hacked.
Meet Israel's Master Phone Crackers
10 hours ago
Meet The Hackers Who Drive The Porsches You Pay For
10 hours ago
What The WADA Hack Proves About Today's Threat Landscape
10 hours agoFancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.
Microsoft Launches Windows Defender App Guard For Its Edge Browser
10 hours agoMicrosoft debuts a new tool to strengthen security in its Edge browser for Windows Enterprise customers.
Adware Campaign Using Advanced Nation-State Obfuscation Techniques
10 hours agoNew report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora.
Thousands of Cisco devices still at risk of unpatched NSA zero-day flaws
10 hours agoThe tools may have been mistakenly left behind by the NSA following an operation.
Microsoft: Windows 10 now on 400 million devices
10 hours agoMicrosoft officials said Windows 10 has hit the 400 million 'active' device milestone, up from 300 million in early May.
State Of The Exploit Kit
11 hours agoExploit kit traffic is down considerably following the demise of Nuclear and Angler, but many researchers see it only as a temporary disruption.
That's not funny: MarsJoke ransomware threatens to wipe data if a ransom is not paid within 96 hours
12 hours agoNew ransomware family discovered by takes aim at government targets
Oops. Apple has seriously weakened iOS 10 backups against password hackers
13 hours agoA blunder that Apple made in iOS 10 has weakened the encryption of iPhone data when backed up to iTunes.
Google pulls Krebs on Security out of the abyss
18 hours agoGoogle's Project Shield has come to the rescue after a devastating DDoS attack prompted Akamai's pro bono support to end.
Hacker who leaked US military 'kill list' for ISIS sent behind bars
18 hours agoThe 20-year-old hacker leaked military data belonging to 1,300 US military and government staff in support of the Islamic extremist group.
The dog ate my Census, says ABS
19 hours agoThe Australian Bureau of Statistics blames everyone but itself for the failures of the 2016 Census. That's a sign of weak and out-of-touch management.
Cyber civil defence for the rest of us
22 hours agoWith the official bodies that respond to information security issues mainly focused on national security, should there be an equivalent for everyone else?
Apple iOS 10 backup security can be easily cracked
23 hours agoFlaw could unravel whole Keychain secure credentials storage.
ABS claims IBM's botched geoblocking failed the Census
1 day agoBlame game begins in post-survey hose down.
Yahoo Already Hit With Lawsuits Over Hack
2 days ago
7 New Rules For IoT Safety & Vuln Disclosure
2 days agoIn the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
Yahoo sued over 2014 mega hack
2 days ago"Gross negligence" alleged for leak of 500m accounts.
Spam Levels Spike, Thanks In Part To Ransomware
3 days agoBy shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry
3 days agoMeasures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says.
Friday Squid Blogging: Space Kraken
3 days agoA Lego model of a giant space kraken destroying a Destroyer from Star Wars. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
3 days agoOpenSSL patched a high-severity vulnerability in its deployment on the Online Certificate Status Protocol, and also mitigated the SWEET32 attack.
Researchers Find ‘Severe’ Password Security Hole with iOS 10 Backups
3 days agoSecurity firm claims to have found a new weakness in Apple’s iOS 10 that makes it possible to crack password-protected local backups of data for iOS 10 devices.
Threatpost News Wrap, September 23, 2016
3 days agoThe massive Yahoo breach, this week's Security of Things Forum, Mamba ransomware, and Google Allo are discussed.
An Open-Source Security Maturity Model
3 days agoOh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
D-FENSE! Using Research To Craft Effective Cyber Defenses
3 days agoA pair of experts from Imperva stops by the Dark Reading News Desk to chat.
iPhone 7 Jailbreak
3 days agoIt took 24 hours. Slashdot thread.
Medical Devices Should Withstand Rigor, Expert Says
3 days agoIn a keynote at the Internet of Things Forum Dr. Kevin Fu said that medical devices should be subjected to rigor so patients can make clinically relevant decisions.
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
3 days agoAs enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
FTC Releases Video With Data Breach Recovery Advice
3 days agoThe US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.
Top Democrats Tell Putin To Halt Hacking Of US Political Parties
3 days agoRussia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
We're told data breaches cost millions on average - but this security study disagrees
3 days agoNew research suggests that the average cost of data breaches is lower than many estimates and too low to drive greater investment in cybersecurity.
Krebs on Security booted off Akamai network after DDoS attack proves pricey
3 days agoThere's no rancour or bitterness, however, since Akamai hosted the security expert's blog pro bono.
Cybersecurity accelerator gives startups the chance to work with GCHQ spy agency
3 days agoNew government scheme designed to help protect the UK from cyberattacks
Google Safe Browsing beats rivals but still only flags up 10 percent of hacked sites
3 days agoAn analysis of hijacked websites suggests Google's Safe Browsing technology is only warning users about a small proportion of them.
Drupal patches multiple security flaws in core engine
3 days agoOne of the critical vulnerabilities allows attackers to remotely execute malicious code.
IBM lambasted by ABS for failing to handle Census DDoS
3 days agoThe Australian Bureau of Statistics has said IBM should have been able to handle the denial-of-service attack that hit Census systems on the night of August 9.
Optus Business adds cybersecurity capabilities to managed services
3 days agoLeveraging Palo Alto Networks' cybersecurity platform, Optus and Singtel will now provide enterprise and government customers with detection and prevention mechanisms against cyber attacks.
71 percent of Australian-used IoT devices failed privacy probe
3 days ago71 percent of devices and services used by Australians did not provide a privacy policy nor a notice explaining how personal information is collected, used, and stored.
'World's largest' DDoS sees infosec journo's site taken down
3 days agoAkamai's Prolexic puts packet flood at 620 Gbps.
Turnbull calls for cyber education of public in wake of Census debacle
3 days agoAustralian Prime Minister Malcolm Turnbull has used the Census fiasco to call for new ways of talking about cybersecurity during a speech in Washington DC.
Biometric Skimmers Pose Emerging Threat To ATMs
4 days agoEven as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
Probe of NSA hacking tools leak points to an own goal
4 days agoCareless operative blamed for fumble three years ago.
OpenSSL patches high-severity vulnerability
4 days agoCould be abused for denial-of-service attacks.
Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users
4 days agoBut still unconfirmed is whether the newly revealed attack is related to recently dumped Yahoo user credentials in an online cybercrime forum.
Yahoo confirms mega user account data breach
4 days agoSays 500m accounts stolen in 2014 attack.
500 Million Yahoo Accounts Stolen By State-Sponsored Hackers
4 days agoYahoo confirmed that in 2014 state-sponsored hackers stole information associated with 500 million accounts from its network.
7 Factors That Make Security Organizations More Effective
4 days ago(ISC)2 members have plenty of technical chops, but IANS research found they need to focus more on how info sec aligns with the business.
Yahoo confirms data breach affecting 500 million accounts, claims state actor behind attack
4 days agoYahoo confirmed a breach going back to 2014. A bevy of passwords and other information were stolen, but payment and bank information stayed safe.
Drupal Patches Three Vulnerabilities in Core Engine
4 days agoThree vulnerabilities were patched Wednesday in the Drupal content management system’s core engine, two of which were rated critical.
500 million Yahoo users hacked: How to protect yourself
4 days agoThe odds are excellent that your Yahoo account is now open for attack to the highest bidder.
Amtrak Security Awareness
4 days agoI like this Amtrak security awareness campaign. Especially the use of my term "security theater" and the link (in the article) to my TED talk on the subject.
Cisco Warns of Command Injection Flaw in Cloud Platform
4 days agoCisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
4 days agoOliver Stone's movie shows us that while most of us have nothing to hide, we all have information worth protecting - both technically and constitutionally.
7 Ways Cloud Alters The Security Equation
4 days agoWould-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.
DHS Announces Intent to Draft IoT Security Framework
4 days agoThe Department of Homeland Security formally announced its plan to develop a set of strategic principles for the Internet of Things.
Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials
4 days agoYahoo is expected to confirm a data breach that exposed hundreds of millions of credentials dating back to 2012.
10 Ways To Lock Down Third-Party Risk
4 days agoExperts share ideas for closing potential security holes that leave organizations open to attack.
Edward Snowden Says Don't Use Google Allo
4 days ago
Massive DDoS Attack Launched At Brian Krebs
4 days ago
Even A False Positive Can Be Valuable
4 days agoSharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
SWIFT CISO: Cyber Threat 'Persistent'
4 days agoAlain Desausoi describes threat as persistent, and says there's been progress in combating it via new SWIFT initiatives.
NYSE Deals Blow To John McAfee's MGT Capital
4 days agoMGT searches for alternatives as share listing approval denied, causing deep plunge in share price.
Malware Evades Detection with Novel Technique
4 days agoDocument-based macro malware flies under the security radar by first detecting existing documents on PC.
Hackers in the house: Why your IoT devices may have already joined a botnet
4 days agoHackers are taking advantage of lax security attitudes around connected devices to hijack them for malicious means, warn Symantec researchers
Google Allo: Don't use it, says Edward Snowden
4 days agoGoogle has come under fire again for the privacy choices its made for its new smart chat app, Allo.
SWIFT says bank cyberattacks 'here to stay'
4 days agoAttacks targeting the financial messaging system are not going anywhere -- and are evolving to become even more difficult to combat.
Census funding uncertainty meant ABS was underprepared: Union
4 days agoRelentless cuts to the ABS and an uncertain funding future spelt doom for the Australian 2016 Census, the Community and Public Sector Union has said.
Telstra explores blockchain, biometrics to secure smart home IoT devices
4 days agoTelstra's efforts to blockchain IoT are being augmented by identity verification using voice, fingerprint, and facial biometrics.
Finish Census, ABS pleads
4 days agoFriday is the deadline to complete the Census and there's just a small group of Australians who've yet to finish the job.
Crims place booby-trapped USB drives in letter boxes
4 days agoVictorians warned not to plug in malware-laden devices.
National Health ISAC Calls For Collaborative Vuln Disclosure
5 days agoNH-ISAC also to hold medical device vulnerability info sharing workshop, hosted by St. Jude Medical.
Majority Of Major Corporations Have User Credentials Stolen And Exposed
5 days agoCompanies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
5 days agoSWIFT's chief information security officer said Wednesday that the cooperative is still seeing cases in which its customers' environments have been compromised.
Google Retreats on Some Allo Privacy Promises
5 days agoGoogle released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried.
iSpy Keylogger Targets Passwords, Skype, Webcams
5 days agoZscater identified a keylogger on steroids that targets passwords, webcam and software licenses.
Should Hacking A Tor User Require A Warrant?
5 days ago
How Cloud, Mobile Are Changing IT, Security Management: Study
5 days agoThe evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks.
Tick, tock, tick, tock: New malware is hitting your network every four seconds
5 days agoCheck Point report suggests organisations haven't kept up with security to meet a nine times rise in malicious software
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
5 days agoThis slightly modified model is a practical way to keep attackers out of your systems.
How Windows 10 Stops Script-Based Attacks On The Fly
5 days agoMove over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
Rand Study: Average Data Breach Costs $200K, Not Millions
5 days agoRand taps insurance data and other sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.
Microsoft's new datacenters aim to put customer data beyond the reach of US snooping
5 days agoNew German datacenters aim to provide additional protections for customer data by giving control to an independent data trustee.
RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware
5 days agoResearchers said they’ve seen an uptick in RIG Exploit Kit traffic and that attackers have begun using the kit to peddle CrypMIC ransomware.
Florida Man Charged With Hacking Linux Servers
5 days agoDonald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.
Chinese Researchers Hack Tesla S Models, Expose Bugs
5 days agoAutomaker fixes security risks after Tencent Holdings uncover vulnerabilities in both parking and drive mode.
Mozilla Patches Certificate Pinning Vulnerability in Firefox
5 days agoA remote code execution in Firefox caused by the expiration of certificate pins was patched by Mozilla in Firefox 49 and Firefox ESR 45.4.
Majority of consumers fear compromise of their personal data, survey says
5 days agoSurvey shows 83% of respondents share concern over ID theft within 1-2 years
Tesla Model S Hack
5 days agoImpressive remote ,a href="http://www.pcw
orld.com/article/3121999/
security/researchers-demo
nstrate-remote-attack-aga
inst-tesla-model-s.html&q
uot;>hack of the Tesla Model S.
Details. Video.
The vulnerability is fixed.
Remember, a modern car isn't an automo ...
Education Now Suffers The Most Ransomware Attacks
5 days agoNew data shows ransomware rates worldwide doubling and tripling in past 12 months.
Victorian police warn of harmful letterbox USB drives
5 days agoPolice in Victoria have issued a warning to residents following recent reports of malicious USB drives left in letterboxes.
North Korea internet access leak shows only 28 sites
5 days agoNorth Korea's top-level DNS data has leaked, showing that the Stalanist state only has 28 websites that use the .kp domain name.
Raum turns the most popular torrents on the web into malware spreading weapons
5 days agoInfoArmor says the tool weaponizes torrents to spread malicious code through data analysis.
Matchlight Dark Web data leak detection software available worldwide
5 days agoTerbium Labs' software can now be used to detect when data belonging to companies is being flogged in the underground.
Tesla patches remote attack vulnerability
5 days agoResearchers could brake, turn on windscreen wipers.
Apple Squashes 68 Security Bugs With Sierra Release
6 days agoWith the introduction of macOS Sierra 10.12, Apple has patched dozens of security vulnerabilities and also tackled a few Safari 10 bugs to boot.
Zscaler Warns Of New iSpy Commercial Keylogger
6 days agoMalware steals user data, license keys to popular applications.
Lack Of Funding Stymies State CISOs
6 days agoGovernors, other state officials more aware of cyber threats, but confidence gap exists between IT and business managers, new Deloitte-National State Chief Information Officers (NASCIO) study finds.
How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have
6 days agoGitHub's Jamesha Fisher discusses how GitHub is bringing the power of security to the uninitiated and how a predominately white and male infosec industry can better support women and people of color in the workforce.
Mamba Ransomware Encrypts Hard Drives Rather Than Files
6 days agoA new ransomware strain called Mamba opts to encrypts hard drives rather than individual files and folders stored on the local disk.
Experts Want Transparency From Government’s Vulnerabilities Equities Process
6 days agoSecurity and policy experts make another call for additional transparency around the government's Vulnerabilities Equities Process and the zero days it has in its possession.
Two Good Essays on the NSA's "Upstream" Data Collection under Section 702
6 days agoBoth are worth reading.
Rise Of Machine Learning: Advancing Security With ML
6 days agoHal Lonas of Webroot drops by the Dark Reading News Desk at Black Hat.
BooleBox: The Top Secure Solution To Protect Your Company's Sensitive Data
6 days ago[Black Hat Europe 2016 Sponsor Content]
Hacking 'Forward' With Weaponized Intelligence
6 days agoInstead of hacking back and taking the fight to your adversary, what if your organization hacked forward by unearthing breach scenarios before the hackers do?
Tesla Fixes Critical Remote Hack Vulnerability
6 days agoResearchers were able to remotely brake Tesla model cars as well as freeze control panels and open the rear hatch while driving.
Qadars Trojan Takes Aim At 18 UK Banks
6 days ago
2016 On Track To See Over 1 Billion Records Breached
6 days agoNew report shows first half breach statistics put organizations on pace to beat last year's breach numbers by a wide margin.
Android Banking Trojan First to Gain Root Privileges
6 days agoThe first mobile banking Trojan that obtains root privileges on Android devices has been seen in the wild.
Vulnerability Patched in WordPress Theme That Allows Unrestricted Uploads
6 days agoA vulnerability has been patched in a popular WordPress theme called Neosense that allows an attacker to upload code without authentication.
Data-stealing Qadars Trojan malware takes aim at 18 UK banks
6 days agoSophisticated malware has been discovered, capable of tricking users into giving away admin rights to their entire system, as well as stealing their bank details.
Smartphone Infections Rise 96% In H1-2016: Malware Study
6 days agoNokia report reveals April 2016 saw new all-time high in mobile infections with one out of every 120 smartphone affected.
Scientist Clones Chip To Unlock iPhone, Proves FBI Wrong
6 days agoDr. Sergei Skorobogatov of Cambridge University spent $100 on a process that may have cost FBI $1 million.
CloudFlare tackles unencrypted Internet with new features
6 days agoThe company says that there will no longer be any excuse to remain unencrypted online.
Over 554M data records breached, with identity theft most common
6 days agoMore than 970 data breaches were reported worldwide in the first half of 2016, up 15 percent from the previous six months, according to Gemalto's Breach Level Index.
More on the Equities Debate
6 days agoThis is an interesting back-and-forth: initial post by Dave Aitel and Matt Tait, a reply by Mailyn Filder, a short reply by Aitel, and a reply to the reply by Filder.
Microsoft opens Beijing center to allow governments review its source code
6 days agoTransparency Center will allow governments to check the security of products and services -- but not alter what is delivered to customers.
Structure Security: Is IoT bane or boon to security pros?
6 days agoA bevy of speakers at Structure Security will outline the promise and perils of security in the age of the Internet of things.