security.didici.cc

Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw

12 hours ago

Microsoft quietly patched a critical vulnerability found by Google's Project Zero team in the Malware Protection Engine.

StarHub buys controlling stake in Accel in cybersecurity boost

1 day ago

Singapore telco buys 51 percent stake in Accel Systems for S$19.38 million in a move it says will boost its cybersecurity offerings.

Friday Squid Blogging: Squid and Chips

2 days ago

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read ...

Hacking the Galaxy S8's Iris Biometric

2 days ago

It was easy: The hackers took a medium range photo of their subject with a digital camera's night mode, and printed the infrared image. Then, presumably to give the image some depth, the hackers placed a contact lens on top of the printed picture.

Mark Dowd on Exploit Mitigation Development

2 days ago

Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.

Pacemaker Ecosystem Fails its Cybersecurity Checkup

2 days ago

Pacemakers and pacemaker programmers lack authentication and are plagued with thousands of software vulnerabilities across leading manufacturers.

Amazon's app store puts millions of Android devices at risk

2 days ago

It's dangerous to go alone outside Google's protective walled garden, but it's the price you pay for free software.

FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info

2 days ago

Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.

Threatpost News Wrap, May 26, 2017

2 days ago

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Elections, Deceptions & Political Breaches

2 days ago

Political hacks have many lessons for the business world.

This is how much your share price falls when you get hacked

2 days ago

The impact of data breaches can be measured in a company's share price and customer churn.

Rash Of Phishing Attacks Use HTTPS To Con Victims

2 days ago

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they're visiting a safe site.

8 Most Overlooked Security Threats

2 days ago

Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.

Universities to share AU$5.7m for defence cybersecurity, autonomous systems

2 days ago

22 universities in Australia will have to share the AU$5.7 million funding injection from the federal government to develop tech-related defence capabilities.

It's not just Windows anymore, Samba has a major SMB bug

2 days ago

First, it was Microsoft's turn to deal with a terrible SMB security hole, WannaCry. Now, it's the open-source SMB server Samba's turn.

Samba patches remotely exploitable security hole

2 days ago

All versions from 3.5.0 vulnerable.

New Samba Bug Dangerous But No WannaCry

3 days ago

The administrators of the open-source Samba software have fixed a newly discovered vulnerability that lets attackers upload malicious files to vulnerable systems and servers.

Security and Human Behavior (SHB 2017)

3 days ago

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myse ...

In the Cloud, Evolving Infrastructure Means Evolving Alliances

3 days ago

New opportunities makes for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers and developers.

Keybase Extension Brings End-to-End Encrypted Chat To Twitter, Reddit, GitHub

3 days ago

A recently released extension for Chrome, developed by the public key crypto database Keybase, brought end-to-end encrypted messaging to several apps this week.

Revised Active Defense Bill Allows Victims to Recover or Destroy Stolen Data

3 days ago

Rep. Tom Graves has revised a draft of the Active Cyber Defense Certainty Act with new provisions that include mandatory notification and permission to recovery or destroy stolen data on the attacker’s computer.

3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison

3 days ago

Using love-struck girlfriends found on the Internet to help them carry out their schemes, three Nigerian cyberthieves and their cohorts made off with tens of millions of dollars in pilfered goods before they were ultimately sentenced to a collective total ...

WannaCry Ransom Note Written by Chinese, English Speaking Authors

3 days ago

A linguistics analysis of the 28 ransom notes included with WannaCry indicate that native Chinese and English speakers wrote the original note, Flashpoint said.

WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows

3 days ago

Flashpoint says the Chinese-language link doesn't shoot down theories of the North Korean Lazarus Group's involvement in the ransomware worm attacks, however.

WannaCry Gives Consumers a First Look into Ransomware

3 days ago

Although ransomware has been around for two years, it took the fast-moving and expansive WannaCry to provide a majority of consumers their first glimpse, according to a study released today.

Samba Patches Wormable Bug Exploitable With One Line Of Code

3 days ago

The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit.

You Have One Year to Make GDPR Your Biggest Security Victory Ever

3 days ago

The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.

Ransomware: Carding's Replacement for the Criminal Masses

3 days ago

Ransomware is not only here to stay, it's going to proliferate by orders of magnitude and cause substantial risk to businesses for the foreseeable future.

Medical Devices Fall Short in Security Best Practices

3 days ago

More than half of medical device makers and healthcare delivery organizations anticipate an attack on their medical devices within the next 12 months, but only a smattering take significant steps to prevent it, according to a survey released today.

WannaCry: Ransom note analysis throws up new clues

3 days ago

Linguistic analysis of ransom notes by Flashpoint suggests the ransomware note writer speaks Chinese - and used Google Translate.

82% of Databases Left Unencrypted in Public Cloud

3 days ago

Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security.

Platform Risk

3 days ago

Posted by dave aitel on May 25COM SECURITY TALK from INFILTRATE 2017: https://vimeo.com/2148565
42 Ok, so I have a concept that I've tried to explain a bunch of times and failed every time. And it's how not just codebases decompose, but also whole platform ...

Crysis ransomware master keys released to the public

3 days ago

A total of 200 master keys can now be used by victims to decrypt and unlock their systems.

Botnets: Inside the race to stop the most powerful weapon on the internet

3 days ago

How security professionals stopped one botnet attack from getting much worse.

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

3 days ago

Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.

Ransomware and the Internet of Things

3 days ago

As devastating as the latest widespread ransomware attacks have been, it's a problem with a solution. If your copy of Windows is relatively current and you've kept it updated, your laptop is immune. It's only older unpatched systems on your computer that ...

Apple iCloud, Android Nvidia driver N-day exploit details revealed

3 days ago

Kernels can be exploited and iCloud account user information leaked due to the security flaws.

Queensland hospitals facing system failure after botched WannaCry patch

3 days ago

Five hospitals in Queensland are suffering from system failure caused by the security patches that were installed to protect the hospital from the global WannaCry ransomware attack.

Metadata breach the only time journalist source records have been accessed: AFP

3 days ago

The Australian Federal Police bungled the only time it handled a journalist's metadata, with the feds asserting that they have never made any journalist warrant applications.

Bogus anti-WannaCry apps appear in Google Play

3 days ago

Android not affected by Windows vulnerability.

Password Breaches Fueling Booming Credential Stuffing Business

4 days ago

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

WannaCry: The North Korea Debate

4 days ago

Researchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.

Unsanctioned Computer Support Costs Companies $88K per Year

4 days ago

A new survey of security professionals says that 83% of respondents help colleagues in other departments fix their privately-owned computers on company time.

Android Overlay and Accessibility Features Leave Millions at Risk

4 days ago

Researchers warn two features, not flaws, in Android can be used together to open devices up to attack.

What are "national security letters?" Here's everything you need to know

4 days ago

Here's everything you need to know about the secretive FBI's investigative powers.

Data Security & Privacy: The Risks of Not Playing by the Rules

4 days ago

Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach - and the regulators.

DDoS Attacks Fell 23% in First Quarter, Grew in Size

4 days ago

Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday.

Twitter Flaw Could Have Allowed Attacker to Tweet From Any Account

4 days ago

Twitter fixed a flaw in its Twitter Ads service could have allowed an attacker to tweet as any user.

Malware Network Communication Provides Better Early Warning Signal

4 days ago

An academic paper to be presented today at IEEE posits that analysis of network signals provides a better early warning of malware than infections than current practices.

Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls

4 days ago

Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.

4 Reasons the Vulnerability Disclosure Process Stalls

4 days ago

The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.

Ad fraud loss slides to $6.5 billion worldwide

4 days ago

Digital ad sales are up and vendors are clamping down on fraud schemes designed to siphon cash from the industry.

Now tech support scams are exploiting WannaCry ransomware fears

4 days ago

Police issue warning over fake support scams using WannaCry to scare PC users into paying up.

Hacking Fingerprint Readers with Master Prints

4 days ago

There's interesting research on using a set of "master" digital fingerprints to fool biometric readers. The work is theoretical at the moment, but they might be able to open about two-thirds of iPhones with these master prints. Definitely something to ke ...

Singapore government reaffirms $1.7B commitment to smart nation, digital transformation

4 days ago

First announced earlier this year as part of the country's 2017 budget, Singapore's IT office says it will put out S$2.4 billion in ICT tenders encompassing data analytics and Internet of Things sensors.

Facebook, WhatsApp, YouTube on work time? This cloud tech aims to block access

4 days ago

In September, more than 50 schools throughout Spain plan to employ IMT Lazarus' cloud-based mobile-device management platform.

Windows 10 tip: Create direct shortcuts to shared network folders

4 days ago

Why waste time browsing through File Explorer folders to find shared resources on your local network? Use these two tricks to create mapped shortcuts, with or without drive letters.

How to protect your laptop in cargo when you fly

4 days ago

In this guide, learn about current regulations and how to deal with theft, insurance problems and hardware damage.

How to protect your laptop in cargo when you fly (in pictures)

4 days ago

Here are some ways to lower the risk of theft and hardware damage when you travel.

Twitter flaw allowed you to tweet from any account

4 days ago

All this time, a rather simple Twitter bug could have caused chaos on the platform.

Vic Health tackles infosec after pathology malware infection

4 days ago

Sets up working group to push new controls statewide.

Data Breach, Vulnerability Data on Track to Set New Records in 2017

4 days ago

There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.

Data Breach, Vulnerability Data on Track to Set New Records in 2017

4 days ago

There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.

CSIRO uses kinetic harvesting on wearables to open gait security

4 days ago

Collecting energy from a person's movement has the potential to use walking as an authentication option, the CSIRO has said.

APAC firms see data security as key barrier to digital transformation

4 days ago

Some 35 percent of Asia-Pacific companies view the potential failure of securing sensitive data as a top barrier to digital transformation, while others cite rigid IT systems and inability to migrate to the cloud.

Aussie researchers want to use your walk to authenticate you

4 days ago

Walk and unlock more secure than passwords.

Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution

5 days ago

Attackers can remotely execute code on targeted systems via specially crafted subtitle files for videos.

Credential-Stuffing Threat Intensifies Amid Password Reuse

5 days ago

Employees who reuse logins on multiple websites drive the impact of third-party breaches as hackers use credential stuffing to compromise more accounts.

Credential-Stuffing Threat Intensifies Amid Password Reuse

5 days ago

Employees who reuse logins on multiple websites drive the impact of third-party breaches as hackers use credential stuffing to compromise more accounts.

9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR

5 days ago

Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing - now.

9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR

5 days ago

Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing - now.

Google Elevates Security in Android O

5 days ago

Android O, due in the third quarter, figures to elevate the security of the mobile OS with new features focused on improved third-party patching, a new permission model and hardening of existing features.

ICE is Using Stingray to Track Illegal Immigrants

5 days ago

According to court documents, US Immigration and Customs Enforcement is using Stingray cell-site simulators to track illegal immigrants.

Yahoo Retires ImageMagick After Bugs Leak Server Memory

5 days ago

Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets.

Staying a Step Ahead of Internet Attacks

5 days ago

There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.

Staying a Step Ahead of Internet Attacks

5 days ago

There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.

Apple Receives First National Security Letter, Reports Spike in Requests for Data

5 days ago

Apple revealed this week that it received at least one National Security Letter from the U.S. government for user data during the last six months of 2016

Fresh wave of mutating Qakbot malware brings down enterprise networks

5 days ago

The malware is able to lock out companies from accessing their networks as well as infecting neighboring systems.

Singapore lets telcos test 5G services for free

5 days ago

Government waives frequency fees for 5G trials until December 2019, in a move aimed at driving the market and uncovering potential use cases for the next-generation network.

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

5 days ago

Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

5 days ago

Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.

Bogus movie subtitles could let hackers take over your device, warn security researchers

5 days ago

Whole devices can be taken over by hackers exploiting a fragmented, community-driven subtitle ecosystem, in what researchers call "the most severe category of vulnerability".

After the ransomware attack: Hospitals are still recovering from the WannaCry infection

5 days ago

While most services have returned to normal, London's Barts Health NHS Trust is still cancelling some appointments and operations in order to "run all services safely".

UK authorities want 'direct access' to internet providers' systems, say critics

5 days ago

The government wants to install black box-type devices on telecoms networks for unfettered access to UK metadata, which one rights group says will "become central to the new surveillance regime."

'Ultrasecure' Samsung Galaxy S8 iris scanner can be easily tricked, say hackers

5 days ago

White-hat hackers in Germany argue it's disturbingly simple to create a 'dummy eye' to dupe the Galaxy S8's biometric security.

The Future of Ransomware

5 days ago

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step ...

​Eugene Kaspersky shrugs his shoulders at use of Windows XP

5 days ago

Amid the WannaCry deluge and security vendors offering their own postmortem, ​Eugene Kaspersky seems more concerned over why people are still running Windows XP.

386 WannaCry ransomware samples discovered in the wild

5 days ago

The destructive ransomware has caused chaos and it may be that cyberattackers want to continue capitalizing on the malware.

Europol cracks down on ATM black box attack scheme

5 days ago

The "black box" attacks compromise ATMs to dispense cash.

Hacker Hit with 30-Month Prison Term in Securities Case

5 days ago

Ukrainian hacker sentenced for his role stealing press releases about upcoming stock trades that generated roughly $30 million in illegal profits.

Hacker Hit with 30-Month Prison Term in Securities Case

5 days ago

Ukrainian hacker sentenced for his role stealing press releases about upcoming stock trades that generated roughly $30 million in illegal profits.

Apple reveals it received a secret national security letter

5 days ago

Authorities demanded data from twice as many Macs, iPhones, iPads in the second-half of last year than the first-half, despite fewer overall requests.

DTA cyber advisory office to follow and implement ASD policy advice

5 days ago

Despite the creation of the Cyber Security Advisory Office, the Australian Signals Directorate will still be tasked with advising government bodies of information security threats.

New malware worm spreads using leaked NSA exploits

5 days ago

EternalRocks features seven spy tools.

WannaCry Hit Windows 7 Machines Most

6 days ago

More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.

WannaCry Hit Windows 7 Machines Most

6 days ago

More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.

Trump’s Cybersecurity Boss Talks Priorities

6 days ago

The country's top cybersecurity boss said the country is headed the wrong way when it comes to cybersecurity.

Verizon Patches XSS Issues in its Messaging Client

6 days ago

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user's session.

North Korean Cyberwar Capabilities

6 days ago

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better.

Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts

6 days ago

Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.

Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts

6 days ago

Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.

EternalRocks Worm Spreads Seven NSA SMB Exploits

6 days ago

A worm called EternalRocks has been spreading seven Windows SMB exploits leaked by the ShadowBrokers, including EternalBlue, which was used to spread WannaCry.

Ransomware: WannaCry was basic, next time could be much worse

6 days ago

Some researchers suggest WannaCry was a a basic piece of ransomware - what damage that could be done with more advanced code?

Emerging Threats to Add to Your Security Radar Screen

6 days ago

The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.

Emerging Threats to Add to Your Security Radar Screen

6 days ago

The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.

Blockchain explained in plain English

6 days ago

Understanding how blockchain works and identifying myths about its powers are the first steps to developing blockchain technologies

Chinese Man Pleads Guilty to Espionage, Theft from US Firm

6 days ago

Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.

Chinese Man Pleads Guilty to Espionage, Theft from US Firm

6 days ago

Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.

Jaya Baloo on WannaCry and Defending Against Advanced Attacks

6 days ago

Jaya Baloo, CISO of KPN, the Netherlands’ leading telecommunications provider, talks to Mike Mimoso about the WannaCry ransomware outbreak and how large network providers and enterprises must contend with advanced attacks.

WannaCry ransomware deadline passes, but few pay up

6 days ago

Despite the chaos caused by the recent ransomware attack, the criminals behind it have netted a relatively small amount of cash.

In Search of an Rx for Enterprise Security Fatigue

6 days ago

Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

In Search of an Rx for Enterprise Security Fatigue

6 days ago

Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

Extending the Airplane Laptop Ban

6 days ago

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effecti ...

Facebook prying: Watchdogs hit back on excessive harvesting of your data

6 days ago

Amid concerns over Facebook's use of tracking users with pixels, Belgium joins the Netherlands, France, and EC in legal moves.

CIA's Windows XP to Windows 10 malware: WikiLeaks reveals Athena

6 days ago

WikiLeaks says the CIA's Athena malware can be used to spy on Windows XP through to Windows 10 computers.

Facebook's secret guide on sex, violence, and hate speech leaked

6 days ago

The internal documents lay out the social media giant's stance on moral and ethical decisions related to user content.

Yahoo retires ImageMagick library after 18-byte exploit leaks user email content

6 days ago

The simple line of code made it possible for attackers to view private Yahoo Mail images.