Home Affairs proposes simpler mechanism to get at data.
Vendor has patched two of five reported bugs. Three patches are in the works.
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
New curbs on online campaigning interference rushed through.
It starts with already-established trust, a new survey shows.
He tells investigators: 'I was hacked!' Microsoft's former director of sports marketing has been indicted on five counts of wire fraud, based on allegations that he created fake invoices to defraud the software giant and sold its property as his own.…
Thrown in the small house rather than the big house An Equifax executive – who knew the biz had been hacked before it was made public and banked over $75,000 in stock trades using this inside knowledge – has avoided jail.…
A custom malware used in a five-pronged APT espionage campaign was largely built from the defunct Comment Crew's proprietary code.
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Tumblr stressed that there is no evidence the security bug was being abused or that unprotected account data was accessed.
Some VestaCP servers were infected with a new malware strain named Linux/ChachaDDOS.
The group is a successor to BlackEnergy and a subset of the TeleBots gang--and its activity is potentially a prelude to a much more destructive attack.
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Posted by Dave Aitel on Oct 18[image: IMG_20181016_075725-EFFEC
TS.jpg] Come talk at INFILTRATE this year! CFP Here . Here is why you should: - This is the only conference where the audience is other exploit writers - You get a very valuable peer rev ...
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
But has a slew of security improvements.
GitHub also launches Token Scanning tool and new Security Advisory API.
This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.
Beneath an American flag, 20 people packed tight into a beige conference room are Facebook’s, and so too the Internet’s, first line of defence for democracy. This is Facebook election security war room. Screens visualize influxes of foreign political ...
Apple's privacy tools now go beyond Europe, so more now get to download the personal data it has collected.
Rubbishes report from defence thinktank ASPI.
Posted by InfoSec News on Oct 17https://www.theregister
ty_blunder/ By Chris Williams Editor in Chief The Register 17 Oct 2018 Now, now, America. Don't go overboard. Again. More than half a million folks' n ...
Posted by InfoSec News on Oct 17https://techcrunch.com/
-security/ By Ingrid Lunden Techcrunch Oct 17, 2018 On the heels of raising new funding on a $20 billion valuation, payments ...
Posted by InfoSec News on Oct 17https://www.zdnet.com/a
tices-for-ten-months/ By Catalin Cimpanu Zero Day ZDNet October 17, 2018 A security researcher from Colombia has found a way ...
Posted by InfoSec News on Oct 17https://www.ft.com/cont
41-759eee1efb74 By Peggy Hollinger Financial Times Oct 16, 2018 It took Robert Hickey and his team of researchers just two days to do what the aerospace industry had insisted ...
Posted by InfoSec News on Oct 17https://www.cyberscoop.
ne-sandworm-telebots/ By Sean Lyngaas CYBERSCOOP OCT 17, 2018 Ever since the seminal cyberattacks on the Ukrainian power grid in 2015 and 2016, researchers have traced the ev ...
A comprehensive review of Australia's centralised digital health record has recommended extending the opt-out period by another 12 months while privacy controls are significantly tightened.
The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands.
The new system could potentially prevent similar memory-based attacks from risking our PCs and global services.
Virtually every modern computer processor was thrown under the bus earlier this year when researchers found a fundamental design weakness in Intel, AMD and ARM chips, making it possible to steal sensitive data from the computer’s memory. The Meltdown ...
The Australian Parliament's own human rights watchdog committee has identified a raft of concerns with the Assistance and Access Bill 2018, and is 'seeking additional information'.
Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor People in the Googleplex need to talk to each other more: the Chocolate Factory has launched a third product with “Titan” in its name, and it's only related to one ...
Under the AU$17.3 million deal, Motorola is also providing the police force with in-car video technology.
'No evidence' vulnerability was abused, though, we're told Tumblr today reveal it has fixed a security bug in its website that quietly revealed private details of some of its bloggers.…
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
SEC said engineer figured out on its own that the website he was building was for his own company's security breach.
The software updates from Oracle address a record number of vulnerabilities.
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Leaky AWS S3 bucket fingered by infosec bods Now, now, America. Don't go overboard. Again.…
GreyEnergy linked to Russia's GRU military intelligence.
View, correct and delete what Big A has collected on you.
Bug hunter finds security flaw in Tumblr's "Recommended Blogs" widget.
Grubby Grubbs' grifting days are gone A programmer who wrote and sold software that backdoored PCs so they could be remotely controlled has been jailed for 30 months – and forced to give up his stash of 114 Bitcoins.…
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.
Tumblr has disclosed a security vulnerability on its site that in some cases could have exposed account information. The bug was found in the part of the site that recommends other Tumblr blogs to users, according to a blog post. The blogging site said th ...
Local electoral court plays catch up in tackling the issue and seeks answers from tech giants - 11 days before citizens head to the polls.
A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release that a “ ...
Here we look at serverless usability - for both developers and admins
"RID Hijacking" technique lets hackers assign admin rights to guest and other low-level accounts.
The vendor only plans to patch two of the eight impacted devices, according to a researcher.
The datasets are bulky, but may give researchers some insight to how these information ops work on Twitter.
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
The update also features 23 security fixes.
Security researchers warn of cyber-espionage activity by group which has links to some of the most destructive cyber attacks of recent times.
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.
The deal is designed to boost Rapid7's Insight platform.
Plain text password storage? Check. Directory traversal? Check. SOHOpeless? Check Eight D-Link router variants are vulnerable to complete pwnage via a combination of security screwups, and only two are going to get patched.…
The RAT software was a popular choice for cyberattackers.
SIBOS puts global eyes on Australia’s payments rehab.
Vulnerability not as bad as it gets, as most servers use the openssh library to support server-side SSH logins.
Posted by InfoSec News on Oct 16https://motherboard.vic
d-of-its-users-data By Joseph Cox and Jason Koebler Motherboard.vice.
com Oct 15, 2018 "Make America Date Again," the website ...
Posted by InfoSec News on Oct 16https://www.washingtonp
help-solve-them/ By Craig Timberg and Elizabeth Dwoskin The Washington Post October 16, 2018 For two ...
Posted by InfoSec News on Oct 16https://www.engadget.co
y/ By Devindra Hardawar Engadget.com 10.
13.18 Window Snyder transformed how Microsoft, Apple and Mozilla dealt with software threats. She served as t ...
Posted by InfoSec News on Oct 16https://venturebeat.com
ps/ By CHRIS O'BRIEN Venture Beat OCTOBER 15, 2018 Rolls-Royce today announced that it would use Intel chips as it develops a ...
Posted by InfoSec News on Oct 16https://www.defenseone.
ns-voters-data/152051/ BY PATRICK TUCKER TECHNOLOGY EDITOR Defense One OCTOBER 15, 2018 Various data on up to 35 million U.S. ...
This wasn't Oracle's biggest patch ever. That title goes to the July 2018 CPU.
Malicious code in VMs can leap over ESXi, Workstation, Fusion hypervisor security Get busy, VMware admins and users: the virtualisation virtuoso has patched a programming blunder in ESXi, Workstation Pro and Player, and Fusion and Fusion Pro products that ...
The Office of the Australian Information Commissioner seeking greater transparency and judicial oversight to Australia's proposed Assistance and Access Bill.
Shanghai Hongqiao International Airport has unveiled facial recognition-powered self-service kiosks for flight and baggage check-in, security clearance, and boarding.
Guest-host escape on vSphere and desktop hypervisors.
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
But you'll definitely want to check out the libssh bug Oracle has released a wide-ranging security update to address more than 300 CVE-listed vulnerabilities in its various enterprise products.…
Chrome 70 also comes with support for the final version of the TLS 1.3 standard and the AV1 video format.
Support for PHP 5.6 drops on December 31 - but a recent report found that almost 62 percent of websites are still using version 5.
Store checkouts to be issued with tokens to thwart breaches.
Struggles with ground rules for attacks.
Hurricane-ravaged waterworks having to rebuild from scratch. A North Carolina water company already dealing with the aftermath of Hurricane Florence will now have to juggle a complete IT rebuild, thanks to a nasty ransomware infection.…
Investors sue over failure to 'fess up in financial filings Google's parent has been hit with a lawsuit for failing to disclose to investors a bug – secretly fixed in March – that could have exposed half a million users' data.…
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
A record fine and two new compromises kick off the autumn compromise season.
Posted by Dave Aitel on Oct 16Brainspace multi-language dogs vs cats video:https://vimeo.com/2
iting branch target prediction, Jann Horn, INFILTRATE 2018https://vimeo.com/270
442911 So I wanted to point people at the above videos to ...
The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority.
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
The purchase brings together a cloud security platform with a web application firewall.
Medtronic, a maker of medical devices and implants, has pulled the plug on its internet-based software update system, which security researchers had found had a dangerous security vulnerability The company said in a notice this week that it’s switching ...
Facebook has announced it rolled out a system of checks on political ads run on its platform in the UK which requires advertisers to verify their identity and location to try to make it harder for foreign actors to meddle in domestic elections and refere ...
Deloitte estimates cybercrime costs to reach $6 trillion annually -- but companies still lag in preparedness.
The social network will crack down on those spreading disinformation in an effort to keep people away from the polls.
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
As more states take cybersecurity and privacy issues into their own hands, experts worry that big tech will push for preemption.
Nixing 139k phishing sites is pretty good going to be fair Despite companies "hanging up" when GCHQ rings them to say they've been hacked (true story), "the UK has avoided a category 1 [infosec incident]", according to National Cyber Security Centre chief ...
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
These attacks cost the average organization millions and SMBs are the worst affected.
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
EFF argues Epson's practice is making users avoid installing firmware updates, leaving millions of printers and companies vulnerable to cyber attacks.
As the demand for high-power graphics cards continues to surge, some sellers are seeking to cash in on Nvidia's name.
More people are wary of unsolicited contact from tech firms but tens of thousands still fall victim.
The insurer will shell out to settle a privacy violations case issued by the US government.
Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. ...
The cybersecurity consulting firm was created by former members of Israel's 8200 unit.
A new campaign is spreading information-stealing malware including Agent Tesla and Loki.
Some of the most sensitive U.S. government departments and agencies still aren’t using a basic email security feature that would significantly cut down on incoming spam or phishing emails. Fifteen percent of all U.S. government domains still aren’t em ...
Merchants to be issued with tokens to thwart breaches.
The UK has faced hundreds of cyber incidents in the past two years, but the biggest test is probably still to come.
Posted by InfoSec News on Oct 16https://techcrunch.com/
dards/ By Devin Coldewey Techcrunch.com O
ct 15, 2018 Firefox, Chrome, Edge, Internet Explorer and Safari are all dropping su ...
Posted by InfoSec News on Oct 16https://www.zdnet.com/a
tegies/ By Charlie Osborne Zero Day ZDNet October 15, 2018 IBM has launched IBM Security Connect, a new platform designed to ...
Posted by InfoSec News on Oct 16https://chicago.suntime
massive-data-breach/ By Ricardo Alonso-Zaldivar Associate
d Press 10/15/2018 WASHINGT
ON -- The nation's second-largest health insurer has agreed to pay ...
Posted by InfoSec News on Oct 16https://www.healthcarei
ans-are-weakest-link By Tom Sullivan Healthcare IT News October 15, 2018 BOSTON - The time has come to move beyond the security mantra "don't click o ...
Posted by InfoSec News on Oct 16https://www.nbcconnecti
er-Lab-497289001.html By Heather Burian nbcconnecticut.com
Oct 12, 2018 A brand-new cyber lab at the Coast Guard Academy in N ...
IE, Edge, Safari, Firefox, Chrome, all planning to deprecate lousy old versions by 2020 Sysadmins and netizens, it's time to get serious about killing off old, buggy and insecure versions of Transport Layer Security (TLS) – the encryption used to secure ...
Japanese tech vendor puts its digital token Link on its recently launched exchange Bitbox, making it available for trade with three cryptocurrencies: Bitcoin, Ethereum, and Tether.
Hezbollah agents used Facebook profiles for attractive women to trick targets into installing spyware-infected apps.
Canadian Prime Minister Justin Trudeau has reportedly been warned by two US senators to exclude Huawei from taking part in nationwide 5G mobile network deployments.
Takes training and response rig on the road.
Donald Daters application more insecure than the president A much-hyped dating site for Donald Trump supporters in the US is being blasted for shoddy security that may have exposed all of its users to eavesdropping and account theft.…
A new dating app for Trump supporters that wants to “make America date again” has leaked its entire database of users — on the day of its launch. The app, called “Donald Daters,” is aimed at “American-based singles community connecting lovers, ...
Death from a-bug. Dr Strange-bug. Top Bug. We could do this all day... Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them.…
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
Facebook is expanding its ban on false and misleading posts that aim to deter citizens from voting in the upcoming midterm elections. The social media giant is adding two more categories of false information to its existing policy, which it introduced i ...
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Firefox, Chrome, Edge, Internet Explorer, and Safari are all dropping support for older versions of the the online security protocol TLS, used in practically any encrypted exchange online. While few people or machines are using the long-unsafe TLS 1.0 and ...
And cause users to distrust automatic updates.
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
Cross-platform manageability should mean more thing updates, more often.
Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web.
IBM hopes to bring AI, data, and cybersecurity vendors together to tackle ongoing and new threats through the launch of a new open platform.
IBM AI OpenScale, Multi-cloud Manager and IBM Security Connect equate to a strategic push by Big Blue to be the agnostic integrator and platform provider for key enterprise technologies.