security.didici.cc

Satan Ransomware Variant Exploits 10 Server-Side Flaws

44 minutes ago

Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.

New Google+ Breach Will Lead to Early Service Shutdown

48 minutes ago

A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.

Nice phone account you have there - shame if something were to happen to it. Samsung fixes ID-theft flaws

1 hour ago

If Artem Moskowsky owes you money, its a good time to ask A recently-patched set of flaws in Samsung's mobile site was leaving users open to account theft.…

Japan's top three telcos to exclude Huawei, ZTE network equipment -Kyodo

1 hour ago

Plan not to use current equipment and upcoming 5G gear .

Google+ shutdown speeds up, new privacy bug affected 52.5 million users

1 hour ago

Allowed partner apps to access its users' private data.

'Dr. Shifro' Prescribes Fake Ransomware Cure

2 hours ago

A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.

US tech giants decry Australia’s ‘deeply flawed’ new anti-encryption law

2 hours ago

A group of U.S. tech giants, including Apple, Google and Microsoft, have collectively denounced the new so-called “anti-encryption” law passed by the Australian parliament last week. The bill was passed less than a day after the ruling coalition gove ...

Google+ hit by second API bug impacting 52.5 million users

2 hours ago

Google moves Google+ sunset date forward, from August 2019 to April 2019.

Google Accelerates Google+ Shutdown After New Bug Discovered

2 hours ago

The consumer version of Google+ will now be shut down in April instead of August after a bug was found that impacts at least 50 million users.

Sextortion Emails Force Payment via GandCrab Ransomware

3 hours ago

Emails say they contain a link with screenshots of victims' compromising activity. In reality, the link executes ransomware.

Google+ security bug gave developers access to non-public data from 52.5M users

4 hours ago

Google+ was a bit of a disaster for the company when it was still alive, and now that it’s walking dead, it’s becoming even more of a stone around its neck. After disclosing a major security bug in October that affected just under half a million users ...

Old-School Bagle Worm Spotted in Modern Spam Campaigns

4 hours ago

Bagle.A and Bagle.B date back to 2004.

Half of the Tor Project's funding now comes from the private sector

5 hours ago

Tor Project reports $4.2 million income in 2017, of which only 51 percent came from government funds.

Volkswagen Giveaway Scam Peddles Ad Networks

5 hours ago

The scam is spread via Facebook and WhatsApp messages.

6 Cloud Security Predictions for 2019

6 hours ago

How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.

2018 Annual Report from AI Now

6 hours ago

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.

Market volatility: Fake news spooks trading algorithms

6 hours ago

Stock trading algorithms know how to read news headlines, but they don't know what's real.

6 CISO Resolutions for 2019

7 hours ago

The ultimate to-do list for ambitious security leaders.

Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'

8 hours ago

Yeah, how about you work for us... Digital minister Margot James reckons Brits need to "get over" their concerns about privacy and cyber security and let the government assign them with ID cards.…

These hackers are using Android surveillance malware to target opponents of the Syrian government

10 hours ago

SilverHawk hacking campaign uses fake versions of secure messaging apps like WhatsApp and Telegram to plant spyware on devices.

Android adware tricks ad networks into thinking it's an iPhone to make more money

16 hours ago

New Android adware discovered in 22 apps downloaded over two million times.

ACCC goes after Google, Facebook in the name of fake news and data transparency

17 hours ago

The consumer watchdog wants to protect the integrity of news content in Australia by holding digital giants accountable over what is available and shared on their platforms. It also wants regulation and transparency around how they collect and use data.

What's actually in Australia's encryption laws? Everything you need to know

18 hours ago

The controversial Assistance and Access Bill was 176 pages long, then 67 pages of amendments were rushed through in the final hours of debate. This is what we've ended up with.

Australia's encryption laws are a cyber cane toad: Husic

20 hours ago

Shadow Minister for the Digital Economy Ed Husic continues to state problems with the Bill his party rolled over on and passed.

​Labor slams Commonwealth's visa privatisation plan

22 hours ago

Labor announces 'fight' against the privatisation of Australian border control.

Cybercrime and malware, 2019 predictions

1 day ago

Experts weigh in on what they believe will happen to the world of cybercrime, malware, and botnets in the coming year.

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix

1 day ago

Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

'PowerSnitch' Hacks Androids via Power Banks

2 days ago

Researcher demonstrates how attackers could steal data from smartphones while they charge up.

Bethesda blunders, IRS sounds the alarm, China ransomware, and more

2 days ago

Plus, congress wants more cybersec training, better breach laws Roundup  This week, we saw Linux get pwned, a teen hacker go down, and Julian Assange vowing to stay right where he is.…

Those annoying sextortion scams are redirecting users to ransomware now

2 days ago

Sextortion emails take a dark turn and are now trying to infect users with the GandCrab ransomware.

In case you're not already sick of Spectre... Boffins demo Speculator tool for sniffing out data-leaking CPU holes

2 days ago

First proof-of-concept, SplitSpectre, requires fewer instructions in victim Analysis  You've patched your Intel, AMD, Power, and Arm gear to crush those pesky data-leaking speculative execution processor bugs, right? Good, because IBM eggheads in Switzer ...

Identity stolen because of the Marriott breach? Come and claim your new passport

2 days ago

It's the least they could do. Really. The bare minimum Hotel-chain turned data faucet Marriott says it will help some customers cover the cost of replacing stolen documents.…

Senator blasts FTC for failing to crack down on Google's ad fraud problems

2 days ago

US Senator says Google is profiting off advertising fraud and has no interest in addressing it.

'Say hello to my little vacuum cleaner!' US drug squad puts spycams in cleaner's kit

2 days ago

DEA gets down and dirty with new surveillance kit Next time you're closing a big drug deal you may want to watch the cleaner. Or more specifically their vacuum cleaner.…

ThreatList: Gift Card-Themed BEC Holiday Scams Spike

2 days ago

Watch out for emails about gift cards and corporate donations, researcher warn.

Problems with the Squid Emoji

2 days ago

The Monterey Bay Aquarium has some problems with the squid emoji. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Criminals Use Locally Connected Devices to Attack, Loot Banks

3 days ago

Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.

Linux.org hacked and plastered with anti-transgender filth

3 days ago

Web admin blames public Whois and lack of 2FA Linux.org was hacked on Friday morning, with the hacker plastering the message "G3T 0WNED L1NUX N3RDZ" complete with expletives and a very NSFW image (a hairy asshole).…

'Simplify Everything': Google Talks Container Security in 2019

3 days ago

Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.

Here’s what caused yesterday’s O2 and SoftBank outages

3 days ago

It appears that most mobile carriers, including O2 and SoftBank, have recovered from yesterday’s cell phone network outage that was triggered by a shutdown of Ericsson equipment running on their networks. That shut down appears to have been triggered b ...

Australia Anti-Encryption Law Triggers Sweeping Backlash

3 days ago

A newly-passed Australian law could allow the government to force tech companies to create backdoors in their products.

Iranian Nationals Charged for Atlanta Ransomware Attack

3 days ago

The March attack used SamSam ransomware to infect 3,789 computers.

DHS looking into tracking Monero and Zcash transactions

3 days ago

DHS has had great success with tracking and analyzing Bitcoin transactions already. They are now looking for similar solutions for tracking "privacy coins."

TA505 Crooks are Now Targeting US Retailers with Personalized Campaigns

3 days ago

Threat group moves away from “smash-and-grab” attacks and adopts a boutique approach to targeting victims.

Back Issues of the NSA's Cryptolog

3 days ago

Five years ago, the NSA published 23 years of its internal magazine, Cryptolog. There were lots of redactions, of course. What's new is a nice user interface for the issues, noting highlights and levels of redaction.

OpSec mistake brings down network of Dark Web money counterfeiter

3 days ago

European law enforcement conducts 300 house searches and makes 235 arrests.

Kubernetes Deployments Around the World Show Vulnerabilities

3 days ago

Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.

Banks Attacked through Malicious Hardware Connected to the Local Network

3 days ago

Kaspersky is reporting on a series of bank hacks -- called DarkVishnya -- perpetrated through malicious hardware being surreptitiously installed into the target network: In 2017-2018, Kaspersky Lab specialists were invited to research a series of cyberth ...

Brit bomb hoax teen who fantasised about being a notorious hacker cops 3 years in jail

3 days ago

So much for the Apophis Squad's Twitter boasts A teenage bomb hoaxer from Watford who taunted the UK's National Crime Agency on Twitter while pretending to be a hacker crew called Apophis Squad has been jailed for three years.…

Using Fuzzing to Mine for Zero-Days

3 days ago

Infosec Insider Derek Manky discusses how new technologies and economic models are facilitating fuzzing in today's security landscape.

Insider Threats & Insider Objections

3 days ago

The 'tyranny of the urgent' and three other reasons why it's hard for CISOs to establish a robust insider threat prevention program.

Microsoft Calls For Facial Recognition Tech Regulation

3 days ago

Microsoft and the AI Now Institute are both calling for regulation as facial recognition software picks up popularity.

Marriott to reimburse some guests for new passports after massive data breach

3 days ago

Hotel chain responds to US senator. Says it will foot the bill for some users' passport replacement costs.

Microsoft: Here's why we need AI facial-recognition laws right now

3 days ago

Microsoft wants new laws to put some constraints on the use and development of facial recognition.

UK Supreme Court considers whether spy court should be immune to legal probes

3 days ago

Privacy International lays out its case to El Reg The UK's highest court has this week heard arguments in Privacy International's long-running attempt to challenge decisions made by Britain's shadowy spying oversight court, the Investigatory Powers Tribun ...

The Technology 202: More than 200 companies are calling for a national privacy law. Here's an inside look at their proposal.

3 days ago

Posted by InfoSec News on Dec 07https://www.washingtonp
ost.com/news/powerpost/pa
loma/the-technology-202/2
018/12/06/the-technology-
202-more-than-200-compani
es-are-calling-for-a-nati
onal-privacy-law-here-s-a
n-inside-look-at-their-pr
oposal/5c0819be1b326b60d1 ...

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks

3 days ago

Posted by InfoSec News on Dec 07https://www.zdnet.com/a
rticle/eastern-european-b
anks-lose-tens-of-million
s-of-dollars-in-hollywood
-style-hacks/ By Catalin Cimpanu Zero Day ZDNet December 7, 2018 Cyber-criminal gangs are believed to have stolen tens of mil ...

Senators Introduce Bill to Let Hackers Reports Bugs to DHS

3 days ago

Posted by InfoSec News on Dec 07https://www.nextgov.com
/cybersecurity/2018/12/se
nators-introduce-bill-let
-hackers-reports-bugs-dhs
/153337/ By Heather Kuldell Managing Editor Nextgov 12/06/2018
A bipartisan pair of senators introduced a bill that would req ...

Claiming 'hacking' of network, Lebanon condemns IDF warnings to its civilians

3 days ago

Posted by InfoSec News on Dec 07https://www.timesofisra
el.com/claiming-hacking-o
f-network-lebanon-condemn
s-idf-warnings-to-its-civ
ilians/ By TOI Staff The Times of Israel December 7, 2018 Lebanon's ambassador to the United Nations on Thursday accused Isra ...

22 apps with 2 million+ Google Play downloads had a malicious backdoor

3 days ago

Posted by InfoSec News on Dec 07https://arstechnica.com
/information-technology/2
018/12/google-play-ejects
-22-backdoored-apps-with-
2-million-downloads/ By Dan Goodin Ars Technica December 6, 2018 Almost two dozen apps with more than 2 million downloads hav ...

Google, Apple, Facebook face world-first encryption laws in Australia

3 days ago

Posted by InfoSec News on Dec 07https://www.cnet.com/ne
ws/australia-passes-encry
ption-assistance-access-l
aws-facebook-google-twitt
er-apple-amazon/ By Claire Reilly CNet News December 6, 2018 Australia passed new laws that allow law enforcement to access e ...

Japan government to halt buying Huawei, ZTE equipment: sources

3 days ago

Posted by InfoSec News on Dec 07https://www.reuters.com
/article/us-japan-china-h
uawei/japan-to-ban-huawei
-zte-from-government-cont
racts-sources-idUSKBN1O60
0X By Yoshiyasu Shida, Yoshifumi Takemoto Reuters.com 12/0
6/2018 TOKYO (Reuters) - Japan plans to ba ...

Japan looking at banning Huawei and ZTE from government deals

3 days ago

Land of the Rising Sun could be the next nation to exclude Chinese telco vendors.

Stop making cyber security so boring, difficult and inaccessible: ANZ CISO

3 days ago

“Complex language which scares people…”

Eastern European banks lose tens of millions of dollars in Hollywood-style hacks

3 days ago

Cybercriminals leave laptops, Raspberry Pi boards, and USB thumb drives connected to banks IT networks.

Industrial espionage fears arise over Chrome extension caught stealing browsing history

3 days ago

Company test runs own traffic analysis service and finds malicious Chrome extension in its own backyard. Ooops!

Shorten defends process of passing encryption laws and reviewing later

3 days ago

Opposition leader Bill Shorten has said he will take half a win.

Trudeau denies involvement in Huawei arrest

3 days ago

The Canadian government was given a few days' notice of the imminent arrest of Huawei's CFO on behalf of US authorities, with Wanzhou Meng facing a bail hearing on Friday.

Kubernetes Vulnerability Hits Top of Severity Scale

3 days ago

The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.

Adobe Flash Zero-Day Spreads via Office Docs

4 days ago

Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.

Clues in Marriott hack implicate China

4 days ago

Government intelligence gathering operation.

Arrest of Huawei 'heiress' throws rare spotlight on family

4 days ago

A mysterious figure even in her home country.

US probe of China's Huawei includes bank fraud accusations

4 days ago

Alleged scheme to use global banking system to evade US sanctions.

Bringing Compliance into the SecDevOps Process

4 days ago

Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.

Infected WordPress Sites Are Attacking Other WordPress Sites

4 days ago

Researchers identified a widespread campaign of brute force attacks against WordPress websites.

Apple Issues 13 Security Fixes

4 days ago

Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.

Apple Issues Security Fixes Across Mac, iOS

4 days ago

Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.

55% of Companies Don't Offer Mandatory Security Awareness Training

4 days ago

Even those that provide employee training do so sparingly, a new study finds.

7 Common Breach Disclosure Mistakes

4 days ago

How you report a data breach can have a big impact on its fallout.

Evidence in Starwood/Marriott Breach May Point to China

4 days ago

Attackers used methods, tools previously used by known Chinese hackers.

Boosting SOC IQ Levels with Knowledge Transfer

4 days ago

Despite shortages of skills and staff, these six best practices can improve analysts' performance in a security operations center.

Facebook Defends Data Policies On Heels of Incriminating Internal Docs

4 days ago

The company allegedly tried to hide away new policy changes that would collect Android app users' call and message logs.

Too little, too late? Should we be faster to point the finger of blame at cyber attackers?

4 days ago

Nations need to come together to condemn hostile cyber activity much sooner, says former Foreign Secretary of Estonia.

ESET discovers 21 new Linux malware families

4 days ago

All malware strains are trojanized versions of the OpenSSH server or client apps that include keylogger and backdoor capabilities.

UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved'...

4 days ago

Admit they are upping their use of mass snooping UK spies are planning to increase their use of bulk equipment interference, as the range of encrypted hardware and software applications they can't tap into increases.…

Your Personal Data is Already Stolen

4 days ago

In an excellent blog post, Brian Krebs makes clear something I have been saying for a while: Likewise for individuals, it pays to accept two unfortunate and harsh realities: Reality #1: Bad guys already have access to personal data points that you may ...

Apple killing off web passwords? Safari trials WebAuthn logins on macOS

4 days ago

Safari could join Firefox, Chrome, and Edge support for Web Authentication.

Windows 10 security question: How do miscreants use these for post-hack persistence?

4 days ago

Infosec duo worked out how to remotely set their own answers Black Hat  Crafty infosec researchers have figured out how to remotely set answers to Windows 10’s password reset questions “without even executing code on the targeted machine”.…

VPN services 2018: The ultimate guide to protecting your data on the internet

4 days ago

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

The best VPN services: Our 10 favorite vendors for protecting your privacy

4 days ago

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet. One of these could be your best bet.

More data joy: Email scammers are buying marks' info from legit biz intelligence firms

4 days ago

London Blue gang probably has your firm's org chart Black Hat  A Nigerian email scammer gang has evolved to the point where it has corporate-style specialist departments and uses commercial business intelligence data brokers to help plan its attacks.…

TSA Unveils Cybersecurity Roadmap

4 days ago

Posted by InfoSec News on Dec 06https://www.nextgov.com
/cybersecurity/2018/12/ts
a-unveils-cybersecurity-r
oadmap/153295/ By Frank Konkel Executive Editor Nextgov 12/05/2018
The Transportation Security Administration this week released a cybersecurity road ...

Marriott CFO Says Too Early to Estimate Cyber Breach Costs

4 days ago

Posted by InfoSec News on Dec 06https://www.insurancejo
urnal.com/news/national/2
018/12/05/511070.htm By Patrick Clark Insurance Journal December 5, 2018 It's too soon for Marriott International Inc. to estimate the cost of the massive cyber breach that t ...

Exclusive: Emails of top NRCC officials stolen in major 2018 hack

4 days ago

Posted by InfoSec News on Dec 06https://www.politico.co
m/story/2018/12/04/exclus
ive-emails-of-top-nrcc-of
ficials-stolen-in-major-2
018-hack-1043309 By Alex Isenstadt and John Bresnahan POLITICO 12/04/
2018 The House GOP campaign arm suffered a major hack du ...

Australia gets world-first encryption busting laws

4 days ago

Labor passes bill without changes it claimed were needed.

Brits' DNA data sent to military base after 'foreign' hack attacks – report

4 days ago

100,000 Genomes Project is secure, insists chair An ambitious project to map the DNA of a million Brits has experienced such sustained hack attacks that officials have had to shift the data to a Ministry of Defence (MoD) facility in Wiltshire.…

Australia now has encryption-busting laws as Labor capitulates

4 days ago

So-called protections in the Bill are necessary, Opposition leader Bill Shorten has said.

Pencil manufacturers rejoice: Oz government doesn't like e-voting

4 days ago

Paper's safer, says parliamentary committee An Australian parliamentary committee has nixed the idea of internet voting for federal elections Down Under, for now.…

Google kills off Allo to focus on Messages

4 days ago

Google has said it will bring all of Allo's best features to Messages, with the former to be killed off in March 2019.

Twelve US states join for the first time to file multistate data breach lawsuit

4 days ago

Lawsuit details a long list of security fails on MIE's part.

Huawei chief financial officer arrested in Vancouver

4 days ago

Faces extradition to the US over Iran sanctions busting allegations.

It's December 2018, and your Mac's kernel can be pwned by a rogue app

4 days ago

Apple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of updates for its Mac and iOS platforms.…

It's December 2018, and a rogue application can tell your Apple Mac: I'm your El Capitan now

4 days ago

Apple moves to shore up a baker's dozen weak points in macOS Apple has released a fresh set of security updates for its Mac and iOS software.…

Huawei CFO reportedly arrested in Canada for breaking US-Iran trade sanctions

4 days ago

Huawei's chief financial officer has reportedly been arrested in Vancouver and is facing extradition to the US over allegations of violating trade sanctions with Iran.

BT avoids Huawei for 5G after stripping tech from EE mobile network

4 days ago

BT is removing Huawei equipment from its mobile carrier EE's existing 3G and 4G LTE networks, saying it will also not use the Chinese tech giant for its upcoming 5G network deployment.

Symantec Intros USB Scanning Tool for ICS Operators

4 days ago

ICSP Neural is designed to address USB-borne malware threats security.

A botnet of over 20,000 WordPress sites is attacking other WordPress sites

4 days ago

Botnet is still up and running but law enforcement has been notified.

Boffins confirm AI GAN see through your text CAPTCHA test

4 days ago

Attack bots unleashed as major sites left wide open to abuse If you're one of those people who hates picking out cars, street signs and other objects in CAPTCHA image grids, then get used to it because the days of text-based alternatives are numbered.…

Toyota Builds Open-Source Car-Hacking Tool

5 days ago

'PASTA' testing platform specs will be shared via open-source.

Flash zero-day... leveraging ActiveX…embedded in Office Doc...BINGO!

5 days ago

It's like a greatest hits album of terrible security policies Stop us if you've heard this one: A Flash zero-day vulnerability is being actively targeted in the wild.…

White House Facial Recognition Pilot Raises Privacy Alarms

5 days ago

The facial recognition pilot will identify “subjects of interest" around the White House.

A Shift from Cybersecurity to Cyber Resilience: 6 Steps

5 days ago

Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.

Starwood Breach Reaction Focuses on 4-Year Dwell

5 days ago

The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.

BeatStars discloses security breach in Twitter live stream

5 days ago

BeatStars website mass-defaced after hacker intrusion. Website back up and running again.

Google's Cloud Security Command Center gets beta release

5 days ago

Cloud Security Command Center is Google's dashboard for assessing and remediating security risks in a GCP environment.

Google Cloud Security Command Center Now in Beta

5 days ago

The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.

Republican Committee Email Hacked During Midterms

5 days ago

The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.

Windows 10 Security Questions Prove Easy for Attackers to Exploit

5 days ago

New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.

Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy

5 days ago

Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign

5 days ago

Adobe issued a patch for the zero-day on Wednesday.

Kubernetes Flaw is a “Huge Deal,” Lays Open Cloud Deployments

5 days ago

Hackers can steal data, sabotage cloud deployments and more.

The Case for a Human Security Officer

5 days ago

Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.