security.didici.cc

Hackers stole data from 1.7m Imgur users

52 minutes ago

Breach went unnoticed for three years.

Imgur confirms email addresses, passwords stolen in 2014 hack

2 hours ago

The hackers stole email addresses and passwords.

Friday Squid Blogging: Fake Squid Seized in Cambodia

3 hours ago

Falsely labeled squid snacks were seized in Cambodia. I don't know what food product it really was. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’

10 hours ago

A proof-of-concept attack demonstrates how adversaries can abuse Microsoft’s Active Directory Federation Services framework to go unnoticed and assume multiple user identities.

Linux creator Linus Torvalds: This is what drives me nuts about IT security

11 hours ago

Torvalds explains why he gets angry with security people.

Singapore C2C marketplace turns to AI to combat fraud, improve UX

1 day ago

Carousell is looking to use artificial intelligence and machine learning across the organisation, tapping the technology to mitigate fraud risks and enhance user experience.

Mozilla's Guide to Privacy-Aware Christmas Shopping

1 day ago

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more.

Singapore aims to drive up standards for autonomous vehicles with test centre

1 day ago

Spanning two hectares, the new test site will be used to trial communication and interaction between autonomous vehicles and other road vehicles.

Intel ME bug storm: Is your machine among 100s just named by Acer, Dell, HP, Lenovo?

1 day ago

Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Open source's big weak spot? Flawed libraries lurking in key apps

1 day ago

To avoid becoming the next Equifax, it could be a good idea to scan your apps for vulnerable open-source libraries.

HP patches severe code execution bug in enterprise printers

1 day ago

The vulnerability could be exploited to perform remote code execution.

3 Pillars of Cyberthreat Intelligence

1 day ago

Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.

Optus Business injects AU$3.5m in cybersecurity research centre

1 day ago

Optus will provide AU$2.1 million in cash and AU$1.4 million worth of expertise for development and training to the Cyber Security Cooperative Research Centre over the next seven years.

WA govt wants to release identifiable student data

2 days ago

For NAPLAN online, research purposes.

HP patches remote exploit bug in enterprise printers

2 days ago

Over 50 models affected by flaw reported in August.

Firefox wants to tell you if your data has been breached

2 days ago

Integration underway with haveibeenpwned.com.

Firefox will tell you if your data has been breached

2 days ago

Integration underway with haveibeenpwned.com.

Uber breach triggers global government probes

2 days ago

Investigations after ride-sharing firm reveals cover-up.

Time to Pull an Uber and Disclose your Data Breach Now

2 days ago

There is never a good time to reveal a cyber attack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.

HP to Patch Bug Impacting 50 Enterprise Printer Models

2 days ago

HP said dozens of enterprise-class printer models will receive a patch for an arbitrary code execution vulnerability sometime this week.

Uber Paid Hackers $100K to Conceal 2016 Data Breach

2 days ago

The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.

Intel Firmware Flaws Found

2 days ago

Another big firmware security issue affecting Intel processors, requires OEM updates.

Samsung Pay Leaks Mobile Device Information

2 days ago

Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.

Websites Use Session-Replay Scripts to Eavesdrop on Every Keystroke and Mouse Movement

2 days ago

The security researchers at Princeton are postingthe results of some very interesting research into web surveillance: You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lat ...

Uber says unauthorised transactions in Singapore not linked to global breach

2 days ago

Uber has dismissed suggestions that a spate of unauthorised transactions reported by customers in Singapore is related to its global data breach, which does not involve financial information.

Uber Reveals Breach of 57 Million Users, Admits to Covering Up Incident

2 days ago

Uber CEO Dara Khosrowshahi said a 2016 data breach that exposed 57 million Uber users and subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable.

Google admits tracking users' location even when setting disabled

2 days ago

After Quartz revealed Google was tracking the location of a user through cell tower connections, the search giant said the function improves the speed and performance of message delivery.

Uber hid hack of 57 million customers for a year

3 days ago

Allegedly paid hackers to keep quiet.

New OWASP Top 10 List Includes Three New Web Vulns

3 days ago

But dropping cross-site request forgeries from list is a mistake, some analysts say.

Uber concealed hack of 57 million accounts for more than a year

3 days ago

The company's chief security officer is accused of keeping details of the hacks a secret.

Windows ASLR bug is intended feature: Microsoft

3 days ago

No vulnerability from configuration issue.

A Call for Greater Regulation of Digital Currencies

3 days ago

A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.

Dozens of Aus govt agencies remain exposed to cyber attack

3 days ago

Extent of compliance struggles revealed.

Iranian Nation-State Hacker Indicted for HBO Hack, Extortion

3 days ago

'Winter is coming,' DoJ official says of overseas hackers such as the alleged HBO hacker who steal intellectual property from the US.

Intel Patches CPU Bugs Impacting Millions of PCs, Servers

3 days ago

Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.

Half of Americans Unsure of Online Shopping Safety

3 days ago

Consumers struggle to determine the safety of online shopping websites, putting them at risk for holiday hacking.

Let's Take a Page from the Credit Card Industry's Playbook

3 days ago

Internal security departments would do well to follow the processes of major credit cards.

6 Real Black Friday Phishing Lures

3 days ago

As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.

6 Real Black Friday Phishing Lures

3 days ago

As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.

Microsoft warns: Bogus Apple, Windows tech support sites open your phone app

3 days ago

Tech-support scam sites now contain click-to-call to "help" victims more easily contact their sham hotlines.

Cisco, Interpol team up to share cybercriminal threat data

3 days ago

The tech giant and law enforcement agency will share intelligence on the latest cyberthreats.

Amazon Creates Classified US Cloud

3 days ago

Amazon has a cloud for U.S. classified data. The physical and computer requirements for handling classified information are considerable, both in terms of technology and procedure. I am surprised that a company with no experience dealing with classified ...

Intel: We've found severe bugs in secretive Management Engine, affecting millions

3 days ago

An attacker can use Intel's flaws to run malware that's invisible to the operating system.

Intel patches processor flaw that left millions of PCs vulnerable

4 days ago

After holes found in Management Engine.

US-CERT Warns of ASLR Implementation Flaw In Windows

4 days ago

US-CERT is warning of a vulnerability in Microsoft’s implementation of Address Space Layout Randomization that affects Windows 8, Windows 8.1 and Windows 10.

Palo Alto Networks reports strong Q1 results, appoints new CFO

4 days ago

The security company beat market expectations, crediting its "land and expand" strategy for the strong quarter.

Researcher Finds Hole in Windows ASLR Security Defense

4 days ago

A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.

AWS launches 'secret' region for US spy agencies

4 days ago

Expands spook cloud offerings.

North Korea's Lazarus Group Evolves Tactics, Goes Mobile

4 days ago

The group believed to be behind the Sony breach and attacks on the SWIFT network pivots from targeted to mass attacks.

CENTCOM Says Massive Data Cache Found on Leaky Server is Benign

4 days ago

Pentagon contractor left 1.8 billion mostly benign publicly accessible social-media posts scraped from the internet on a publicly accessible Amazon storage bucket.

DDoS Attack Attempts Double in 6 Months

4 days ago

Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.

New Guide for Political Campaign Cybersecurity Debuts

4 days ago

The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.

3 Ways to Retain Security Operations Staff

4 days ago

Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.

Is Germany right to tell parents to destroy kids' smartwatches over snooping fears?

4 days ago

After banning smart dolls, Germany now says no to smartwatches that allow parents to listen in on classrooms.

Four methods hackers use to steal data from air-gapped computers

4 days ago

Air-gapped computers are seen as high-value targets, so considerable research has gone into taking data from them -- without a network connection. Here's what you need to know.

The First Threatpost Alumni Podcast

4 days ago

With Mike Mimoso leaving Threatpost, it was high time to get many of the people responsible for the site's success throughout the years together for a podcast. Founding editors Ryan Naraine and Dennis Fisher along with Mike, Chris Brook, Brian Donohue and ...

Vulnerability in Amazon Key

4 days ago

Amazon Key is an IoT door lock that can enable one-time access codes for delivery people. To further secure that system, Amazon sells Cloud Cam, a camera that watches the door to ensure that delivery people don't abuse their one-time access privilege. Cl ...

Key Windows 10 defense is 'worthless' and bug dates back to Windows 8

4 days ago

Microsoft's anti-exploitation technology has a flaw that makes it "worthless" in some cases.

Linus Torvalds: 'I don't trust security people to do sane things'

4 days ago

The prominent Linux engineer has suggested models used to approach kernel security are entirely wrong.

How many must be killed in the Internet of Deadly Things train wrecks?

4 days ago

History tells us that technology doesn't get regulated properly until people start to die. Why will IoT be any different?

StartCom to shut down, all certificates revoked in 2020

5 days ago

Embattled Chinese certificate authority could not recover from blacklistings by browser makers.

Bankwest sends broker site to the public cloud with AWS Lambda

5 days ago

The latest initiative in Bankwest's 'cloud-first' approach to service delivery has seen the security gateway for its broker website delivered via Lambda.

Your biggest threat is inside your organisation and probably didn't mean it

5 days ago

Threat of the malicious insider is very real, but accidental data leakage is a bigger problem.

Pentagon exposed huge internet surveillance data cache

5 days ago

Yet another AWS data bucket spill.

Singapore CIOs believe machine learning can improve speed, security ops

5 days ago

Some 87 percent of IT decision makers in Singapore say machine learning will speed up decision-making process as well as facilitate automation in security operations.

Friday Squid Blogging: Peru and Chile Address Squid Overfishing

1 week ago

Peru and Chile have a new plan. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks

1 week ago

Hackers using a specially crafted XLS files can trigger several remote code execution vulnerabilities in the LibXL library.

Amazon Promises Fix for Wireless Key Hack

1 week ago

Amazon said it will offer a fix for its Amazon Key delivery service that allows hackers to tamper with a home security camera.

Businesses Can't Tell Good Bots from Bad Bots: Report

1 week ago

Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.

Mobile Malware Incidents Hit 100% of Businesses

1 week ago

Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.

Tips to Protect the DNS from Data Exfiltration

1 week ago

If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.

IBM, Nonprofits Team Up in New Free DNS Service

1 week ago

Quad9 blocks malicious sites used in phishing, other nefarious activity.

GitHub to devs: Now you'll get security alerts on flaws in popular software libraries

1 week ago

GitHub's new service will help developers clean up vulnerable project dependencies.

We're Still Not Ready for GDPR? What is Wrong With Us?

1 week ago

The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.

Amazon: We're fixing flaw that leaves Key security camera open to Wi-Fi jamming

1 week ago

A malicious courier could easily freeze the Key's Cloud Cam and roam a customer's house unmonitored.

New White House Announcement on the Vulnerability Equities Process

1 week ago

The White House has released a new version of the Vulnerabilities Equities Process (VEP). This is the inter-agency process by which the US government decides whether to inform the software vendor of a vulnerability it finds, or keep it secret and use it t ...

ID card security: Spain is facing chaos over chip crypto flaws

1 week ago

With the security of its 60 million national ID smartcards in question, Spain faces some tough choices.

Bug bounty hunter reveals DJI SSL, firmware keys have been public for years

1 week ago

Opinion: The researcher has discarded $30,000 to ensure there is full public disclosure of the drone maker's poor security and revealing how not every bug bounty hunt ends well.

Australian Broadcasting Corporation confirms S3 data leak

1 week ago

The government-backed broadcaster has confirmed that data from an unsecured repository was exposed.

'JOLTandBLEED' flaw leaves PeopleSoft ERP wide open

1 week ago

Oracle releases out-of-band patches.

ABC exposes sensitive data in S3 bungle

1 week ago

Logins, passwords, backups among leaked data.

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

1 week ago

Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol.

Free Quad9 DNS service aims to make threat intel more accessible

1 week ago

IBM Security, the Global Cyber Alliance and Packet Clearing House are offering the automated security solution for free with individuals and SMBs in mind.

Crooks Turn to Delivering Ransomware via RDP

1 week ago

In a new twist to an old attack, threats actors are increasingly using the remote access protocol to install ransomware, Sophos says

NSA staffer's backdoored computer may have leaked secrets

1 week ago

Kaspersky report refutes allegations it helped Russia.

White House Releases VEP Disclosure Rules

1 week ago

The White House released a charter document on Wednesday outlining how the U.S. government will disclose cyber security flaws and when it will keep them secret.

Terdot Banking Trojan Spies on Email, Social Media

1 week ago

Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.

121 Pieces of Malware Flagged on NSA Employee's Home Computer

1 week ago

Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.

Optiv Acquires Decision Lab to Expand Big Data Services

1 week ago

Deal enhances Optiv's big data, automation, and orchestration efforts.

CA Technologies plots big bet on DevSecOps

1 week ago

At CA World, CA Technologies launched a bevy of products and integrations that add up to what it hopes will be a software factory.

NASA spent $1.4 billion on IT, but governance and security issues remain

1 week ago

NASA in its annual report recounted years of challenges with IT governance, security and the problems with managing about 500 IT systems.

Forget APTs: Let's Talk about Advanced Persistent Infrastructure

1 week ago

Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.

Oracle pushes emergency patch for critical Tuxedo server vulnerabilities

1 week ago

Two of the vulnerabilities have achieved a rating of 10 and 9.9 in severity.

This banking malware wants to scoop up your email and social media accounts, too

1 week ago

Spin-off from Zeus malware adds features which make it look more like an espionage tool rather than malware for just stealing bank details.

What is GDPR? Everything you need to know about the new general data protection regulations

1 week ago

General Data Protection Regulation, or GDPR, is coming. Here's what it means, how it'll impact individuals and businesses.

'Reaper': The Professional Bot Herder's Thingbot

1 week ago

Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that we'd better figure out how to secure the Internet of Things.

Death of the Tier 1 SOC Analyst

1 week ago

Say goodbye to the entry-level security operations center (SOC) analyst as we know it.

​Google Home and Amazon Echo hit by big bad Bluetooth flaws

1 week ago

Google and Amazon patch 20 million smart speakers that were vulnerable to serious Bluetooth attack.

OnePlus: We'll fix flawed app that lets attackers root our phones

1 week ago

OnePlus will roll out a fix for a serious flaw in a diagnostics app that some argue shouldn't even be on devices.

Motherboard Digital Security Guide

1 week ago

This digital security guide by Motherboard is very good. I put alongside EFF's "Surveillance Self-Defense" and John Scott-Railton's "Digital Security Low Hanging Fruit." There's also "Digital Security and Privacy for Human Rights Defenders." There are to ...

Parity shakes up wallet audits, but funds remain frozen

1 week ago

After a user accidentally stole and froze funds in over 500 wallets, a solution is yet to be found.

Government reveals draft digital identity framework

1 week ago

A series of documents outlining the security and usability standards by which Australians' digital identity information is to be collected, stored, and used has been released by the government.

Cisco Warns of Critical Flaw in Voice OS-based Products

1 week ago

Cisco Systems issued patch that fixes a critical vulnerability impacting 12 products running the Cisco Voice Operating System software.

White House Releases New Charter for Using, Disclosing Security Vulnerabilities

1 week ago

Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.

Fred Kwong: The Psychology of Being a CISO

1 week ago

Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current rol ...

McAfee's own anti-hacking service exposed users to banking malware

1 week ago

The purportedly safe link pointed users to a malicious Word document, laden with Emotet banking malware.

Stealthy Android Malware Found in Google Play

1 week ago

Eight apps found infected with a new Trojan family that ups the ante in obfuscation with four payload stages.

Session replay is a major threat to privacy on the web

1 week ago

"As if someone is looking over your shoulder."

Who Am I? Best Practices for Next-Gen Authentication

1 week ago

By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.

Forever 21 Informs Shoppers of Data Breach

1 week ago

Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores.

Microsoft Patches 17-Year-Old Office Bug

1 week ago

Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday.

NSA Veterans Land $1.5 Million in Funding for Startup

1 week ago

ReFirm Labs' launches Centrifuge Platform, which aims to automatically detect security vulnerabilities in IoT firmware.

Android security: Sneaky three-stage malware found in Google Play store

1 week ago

Tens of thousands of users have downloaded two newly uncovered forms of malware.

Insider Threats: Red Flags and Best Practices

1 week ago

Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.

Trump administration releases rules on disclosing security flaws

1 week ago

The White House's cybersecurity coordinator said the rules are "vital" to ensuring a balance between public disclosure and retaining flaws for intelligence operations.

Fileless attacks surge in 2017, security solutions are not stopping them

1 week ago

By 2018, they are expected to account for 35 percent of all cyberattacks.

Deception Technology: Prevention Reimagined

1 week ago

How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.

Apple FaceID Hacked

1 week ago

It only took a week: On Friday, Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in co ...