security.didici.cc
Premera Blue Cross accused of destroying evidence in data breach lawsuit
2 hours agoClass-action lawsuit plaintiffs claim US health insurer Premera Blue Cross intentionally destroyed evidence despite ongoing litigation.
C&A suffers data leak in Brazil
2 hours agoThe gift card platform of the retail chain has been targeted by a cyberattack.
‘Five Eyes’ governments call on tech giants to build encryption backdoors — or else
5 hours agoA pact of five nation states dedicated to a global “collect it all” surveillance mission has issued a memo calling on their governments to demand tech companies build backdoor access to their users’ encrypted data — or face measures to force compa ...
New Hakai IoT botnet takes aim at D-Link, Huawei, and Realtek routers
8 hours agoSecurity researchers have spotted a new strain of IoT malware that has been growing in sophistication and silently infecting more and more devices online.
Google to tech-support scammers: We're about to get even tougher on your ads
9 hours agoA new verification system for all tech-support advertisers aims to block scammers.
Google cracks down on dodgy tech support ads
10 hours agoVerification programme aims to weed out the miscreants Google has placed restrictions on tech support ads after admitting it's increasingly hard to tell promos for legit services from deceptions.…
APT10 Under Close Scrutiny as Potentially Linked to Chinese Ministry of State Security
10 hours agoAn advanced threat actor has been associated with China’s Ministry of State Security via two individuals and a Chinese firm.
Apple looks to plug App Store privacy hole with new personal data policy
11 hours agoNew privacy policy comes into force on October 3, requiring developers to detail how they collect and use data.
Windows utility used by malware in new information theft campaigns
11 hours agoWMIC-based payloads highlight how attackers are turning to innocuous system processes to compromise Windows machines.
Wireshark fixes serious security flaws that can crash systems through DoS
12 hours agoProof-of-concept code detailing related exploits has been released to the public.
SonarSnoop attack can steal smartphone unlock patterns
13 hours agoSonarSnoop technique transforms smartphones into mini sonar systems to track a user's finger across the screen and steal phone unlock patterns.
Meet ransomware which wears the face of former president Barack Obama
13 hours agoThe peculiar malware asks victims for a "tip" in return for a decryption key.
Forget WannaCry, staff themselves pose a risk to healthcare data
14 hours agoAlmost 60% of breaches had an insider element in 2017 More than half of all healthcare data breaches reported during 2017 could be traced back to people on the inside of victim organisations, according to an annual study by Verizon.…
ANZ reveals deep business frustration with flaky digital promises
20 hours agoBack to spreadsheets after transformation.
Google to nix all tech support provider ads
21 hours agoCan't tell the difference between scammers and legit providers.
Five Eyes governments get even tougher on encryption
23 hours agoOfficial statements from the Five Country Ministerial meeting make it clear: Voluntarily build lawful access into encrypted messaging systems, or else. It's not a good look.
Linus Torvalds talks frankly about Intel security bugs
23 hours agoLinus Torvalds thinks Intel has gotten better about keeping the Linux open-source community in the loop with CPU security problems, but it started out really badly. And it's still not fair that Linux has to fix hardware problems.
Five-Eyes nations to force encryption backdoors
1 day agoTech companies get Faustian interception choice.
Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud
2 days agoAlso: Belarus barely brushes botnet builder's bankroll Another week has come and gone. This one included some Fortnite flaws, a nasty Intel bug, and a voting machine maker whining about hacking contests.…
Boffins trying to build a open source secure enclave on RISC-V
2 days agoOpen source trusted execution component expected this fall At some point this fall, a team of researchers from MIT's CSAIL and UC Berkeley's EECS aim to deliver an initial version of an open source, formally verified, secure hardware enclave based on RISC ...
DraftKings rides to court, asks to unmask 10 DDoS suspects
3 days agoFantasy sports outfit looks to hunt down group that bombarded its site A US sports gaming company is asking permission to unmask 10 people it believes were behind a massive DDoS attack on its website earlier this month.…
Friday Squid Blogging: Giant Squid Washes up on Wellington Beach
3 days agoAnother giant squid washed up on a beach, this time in Wellington, New Zealand. Is this a global trend? As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines he ...
Why is Google selling potentially compromised Chinese security keys?
3 days agoOpinion: To sign up for Google's Advanced protection program, you must buy security keys from a Chinese vendor. Security questions have since been raised considering current intelligence laws in China.
I'm Doing a Reddit AMA
3 days agoOn Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit "Ask Me Anything" in association with the Ford Foundation. It's about my new book, but -- of course -- you can ask me anything. No promises that I will answer everything....
Upcoming Speaking Engagements
3 days agoThis is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a ...
Machine Identities Need Protection, Too
3 days agoA new study shows that device identities need a level of protection that they're not getting from most organizations.
MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites
3 days agoThe Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.
Threatpost News Wrap Podcast For Aug. 31
3 days agoThis week's news includes a Microsoft zero-day flaw and Yahoo's recent email privacy snafu.
C'mon, if you say your device is 'unhackable', you're just asking for it: Bitfi retracts edgy claim
3 days agoJohn McAfee-backed crypto-coin wallet eats humble pie Bitfi finally and reluctantly retracted its unhackable claim last night in the face of a new cold boot attack.…
Bucking the Norm, Mozilla to Block Tracking Cookies in Firefox
3 days agoUnlike its browser competitors, Firefox will soon start blocking tracking cookies by default in the name of consumer privacy.
Troll-killing internet software Trollteq arrives
3 days agoAuthenteq combines verified online identity with blockchain-based ID storage and end-to-end encryption to create the troll-killing Trollteq.
How Hackers Hit Printers
3 days agoNew Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
Why Automation Will Free Security Pros to Do What They Do Best
3 days agoThere are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Spies still butthurt they can't get at encrypted comms data
3 days agoFive Eyes to tech: We have ways of making you comply The Five Eyes nations have told the tech industry to help spy agencies by creating lawful access solutions to encrypted services – and warned that governments can always legislate if they don't.…
Fourth 'Fappening' celeb nude snap thief treated to 8 months in the clink
3 days agoPorridge for pic purloiner The last of the four hackers collared for stealing and leaking people's private nude photos from their online accounts back in 2014 has been sentenced to eight months' imprisonment.…
Cracking ransomware: RansomWarrior victims can now retrieve files for free
3 days agoResearchers at Check Point examined this recent form of ransomware and found it relatively easy to crack.
Eavesdropping on Computer Screens through the Webcam Mic
3 days agoYet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.
ThreatList: Security Pros Confident They Could Compromise Their Own Orgs
3 days agoOnly a third believe it would be difficult or impossible to carry out a successful insider attack.
Former Qualys exec charged with insider trading after protecting brothers from financial loss
3 days agoThe former Chief Commercial Officer tipped off his family in advance of poor financial results.
Cobalt cybercrooks phry up phishing campaign to phling at phinance orgs
3 days agoEmails hiding dodgy scripts designed to plant backdoors A notorious hacking group suspected in attacks across dozens of countries has launched a campaign against banks in eastern Europe and Russia.…
Bitfi finally gives up claim cryptocurrency wallet is unhackable
3 days agoColor me surprised.
One in five employees share their email password with co-workers
3 days agoNegligent employees remain the number one cause of data breaches at small businesses across America. So why do small businesses continue to struggle with good cyber security practices and what can they do to correct those habits?
Security bods: Android system broadcasts enable user tracking
3 days agoBypassing permission protection on network info Security researchers have found a way to sniff Android system broadcasts to expose Wi-Fi connection information to attackers.…
Snapchat Suffers Racist Map Hack
3 days ago
Card stealing malware hits +100 Aussie e-stores
3 days agoMagentocore.net scrapes payment data from site visitors.
John McAfee’s ‘unhackable’ Bitfi wallet got hacked — again
4 days agoIf the security community could tell you just one thing, it’s that “nothing is unhackable.” Except John McAfee’s cryptocurrency wallet, which was only unhackable until it wasn’t — twice. Security researchers have now developed a second attack ...
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
4 days agoCryptojacking miners and fileless malware see biggest growth in first half of 2018.
Lessons From the Black Hat USA NOC
4 days agoThe conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Botnets Serving Up More Multipurpose Malware
4 days agoAttackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Who's At Greatest Risk for BEC Attacks? Not the CEO
4 days agoCEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
New Threat Actor ‘Rocke’: A Rising Monero Cryptomining Menace
4 days agoA threat actor been spotted on a number of honeypots looking to download and execute malicious cryptomining malware.
Cryptojacking isn't a path to riches - payout is a lousy $5.80 a day
4 days agoHackers shouldn't quit their day scams if they want to eat Cryptojacking, the hijacking of computing resources to mine cryptocurrency, turns out to be both relatively widespread and not particularly profitable, according to a paper published by code boffi ...
Watchdog says 2020 Census systems are riddled with security flaws
4 days agoWith a census just two years away, the Census Bureau has a cybersecurity problem. That’s a key takeaway from the congressional watchdog, the Government Accountability Office, which oversees the government’s spending. In a new report published Thursday ...
Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks
4 days agoLatest campaign by the hard-to-kill cybercrime group hides malicious code behind legitimate files, Windows processes.
New Pentest Tool Tricks Targets with Microsoft WCX Files
4 days agoThe open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors
4 days agoArmed with the information, adversaries can explore and attack the local WiFi network, or identify and physically track any Android device.
Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic
4 days agoThe campaign uses double infection points and two command-and-control servers.
Hackers latch onto new Apache Struts megavuln to mine cryptocurrency
4 days agoUnderground forums alight with Struts chat, we hear A recently uncovered critical vulnerability in Apache Struts is already being exploited in the wild.…
Notorious cyber crime gang behind global bank hacking spree returns with new attacks
4 days agoThe Cobalt Group is suspected of vast numbers of attacks which have caused over a billion in damages -- and they're not done yet.
4 Benefits of a World with Less Privacy
4 days agoThe privacy issue is a problem for a lot of people. I see it differently.
Google Says Trump's Bias Claims Are Not True
4 days ago
Hackers Faked Cosmos Backend To Steal $13.5m
4 days ago
Won’t patch systems? Never run malware scans? Welcome to the US State Department!
4 days agoDon’t worry, they’re only in charge of catching visa and passport fraud A branch of the US State Department charged with detecting visa fraud was found to ignoring basic information security practices.…
Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety
4 days agoThe Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson Alaris TIVA Syringe Pump allow remote access without authentication.
'Celebgate' Hacker Heading to Prison
4 days agoNearly 250 iCloud accounts, including those of several celebrities, were compromised in the 2014 attack.
Travel Breaches Hit Air Canada and Asia-Pac Hotelier
4 days agoAir Canada said 20,000 mobile app users have had passport information exposed; and millions have been affected by a breach at Asian hotel giant Huazhu.
Cheating in Bird Racing
4 days agoI've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved ...
Misfortune Cookie vulnerability returns to impact medical devices
4 days agoThe four-year-old security flaw has reared its head once again but this time medical equipment, and not routers, are at risk.
Android 'API breaking' vulnerability leaks device data, allows user tracking
4 days agoA vulnerability in the Android operating system can be used to track users without their knowledge.
Welcome! Mimecast finds interesting door policies on email filters
4 days agoMicrosoft and Proofpoint servers ushered in 15,656 malware attachments Inhouse email filters still miss millions of attacks – including malware attachments, impersonation and malicious links – the latest quarterly stats from cloud provider Mimecast ha ...
Air Canada reveals mobile data breach, passport numbers potentially exposed
4 days agoPassport details belonging to thousands of customers may have been exposed in the incident.
This is Google’s Titan security key
4 days agoGoogle isn’t one to shy away from bold claims. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told TechCrunch. And it’s probably true. Think of a security key as like a two-fact ...
Chinese police investigating major security breach of hotel group
4 days agoSome 500 million pieces of customer data is believed to have been compromised, including that of 150 million accounts currently on sale in the dark web for 8 Bitcoins.
How Data Breaches Affect the Enterprise
4 days agoThis report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Chinese hotel chain warns of massive customer data theft
4 days ago130 million could be impacted by Huazhu Group hack China’s largest hotel chain is investigating an apparent data theft that is said to involve as many as half a billion pieces of information.…
'Security Fatigue' Could Put Business at Risk
5 days agoThe relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
IT Professionals Think They're Better Than Their Security
5 days agoMore than half of professionals think they have a good shot at a successful insider attack.
DTA shows Microsoft cloud is ready for 'protected' govt data
5 days agoThe key security controls, and the effort to create them.
BusyGasper Malware Packs a Simple but Potent Punch
5 days agoBusyGasper is rudimentary spyware with a bevy of novel twists that is highly effective at collecting and exfiltrating data from Android phones.
Yahoo Persists in Scanning Emails for In-Depth Ad-Targeting
5 days agoThe service gleans information from receipts, travel itineraries, trade confirmations for online brokerages, Uber messages, auto-loan confirmations, promotions and much more.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
5 days agoAlthough WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Windows Zero-Day Flaw Disclosed Via Twitter
5 days agoSecurity experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
Australian security trio aim for unbreakable encrypted data environment
5 days agoVault, QuintessenceLabs, and Ziroh Labs have joined forces to build a system for strong encryption of user data for government.
Telecommunications Industry in the Bullseye
5 days agoNew report cites higher volume and increased sophistication of threats to the sector.
Error Canada: airline tells customers to reset mobile app after attack
5 days agoClumsy Canucks app poutine passport data in hacker's hands Air Canada is advising customers to reset the passwords on their mobile app after the airline detected a potential network break-in.…
Valimail offers US election boards, campaigns and voting vendors its email anti-spoofing service for free
5 days agoValimail, an enterprise email security firm, announced that it will offer its email protections for free to relevant government workers and campaigns through the 2018 midterms. That offer covers state election boards, voting system vendors and major part ...
Passport Numbers Exposed in Air Canada Data Breach
5 days agoMobile app hit in cyberattack that compromised 20K user accounts.
Privacy groups ask senators to confirm US surveillance oversight nominees
5 days agoA coalition of privacy groups are calling on lawmakers to fill the vacant positions on the government’s surveillance oversight board, which hasn’t fully functioned in almost two years. The Privacy and Civil Liberties Oversight Board, known as PCLOB, i ...
High-Severity Flaws Patched in Schneider Electric Products
5 days agoThe Schneider Electric PowerLogic PM5560 and Modicon M221 are both susceptible to attack via an array of high-severity flaws.
The 4 Critical Building Blocks for Digital Threat Hunting
5 days agoHaving the right set of broad data is the linchpin to effective threat-hunting.
Instagram Debuts New Security Tools
5 days agoUpdates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.
Podcast: Plugging Leaky Data in the Cloud
5 days agoThreatpost talks to a Google Cloud expert about the top issues users face when securing data in the cloud.
Hackers faked Cosmos backend to hoodwink bank out of $13.5m
5 days agoResearchers dissect methods behind Indian cyber-heist Security researchers have taken a deep dive into the cyber attack on the SWIFT/ATM infrastructure of Cosmos Bank, the recent victim of a $13.5m cyber-heist.…
ABBYY woes: Doc-reading software firm leaves thousands of scans blowing in wind
5 days agoSurprise! Sensitive info held on misconfigured MongoDB server Document-reading software flinger ABBYY exposed more than 203,000 customer documents as the result of a MongoDB server misconfiguration.…
How One Company's Cybersecurity Problem Becomes Another's Fraud Problem
5 days agoThe solution: When security teams see something in cyberspace, they need to say something.
Simple but extremely effective: Inside the world's most prolific mobile banking malware
5 days agoAsacub trojan has quietly been going about its business for years, stealing funds from hundreds of thousands of victims - but it can also be easily avoided.
iPhone Hacker Puts Headphone Jack Back
5 days ago
We're All Sick Of Fortnite, But The Flaw Found In Its Downloader Is The Latest Way To Attack Android
5 days ago
7 Steps to Start Searching with Shodan
5 days agoThe right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Air Canada confirms mobile app data breach
5 days agoAir Canada has confirmed a data breach on its mobile app, which the airline said may affect 20,000 people — or 1 percent — of its 1.7 million app users. The company said it had “detected unusual log-in behavior” occurring between August 22-24. Ac ...
Researchers Shine Light on Smart-Bulb Data Theft
5 days agoThe attack allows snooping of data from environments that are highly secure or air-gapped using infrared signals from smart bulbs.
CIA Network Exposed Through Insecure Communications System
5 days agoInteresting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time ...
Telegram starts to play nice with security agencies over user data, but not in Russia
5 days agoUnder Telegram's new privacy policy, it could hand over user IP and phone details given the right court order.
We're all sick of Fortnite, but the flaw found in its downloader is the latest way to attack Android
5 days agoMan-in-the-Disk technique able to add malicious files to a device's external storage A newfound way to hack Android using a technique dubbed "Man-in-the-Disk&quo
t; is central to the recent security flap about Fortnite on the mobile platform.…
Defense Distributed now sells 3D gun blueprints online, 'pay what you want'
5 days agoFounder Cody Wilson insists that a recent court injunction is still being obeyed, despite the launch.
Meet the malware which hijacks your browser and redirects you to fake pages
5 days agoThe malware is currently being distributed through the RIG exploit kit.
If you have to simulate a phishing attack on your org, at least try to get something useful from it
5 days agoStep 1: let the higher-ups know Just when it looked as if the US Democratic National Committee (DNC) had finally got one over on the phishing hackers that had been owning it since 2016, the triumph was torn away by a moment of rebellious fakery.…
Australian government moves to improve My Health Record privacy
5 days agoIt's hardly an example of legislative clarity, but the proposed amendments are intended to address key privacy concerns around the disclosure of personal medical information.
Intel Management Engine JTAG flaw proof-of-concept published
5 days ago"God Mode" requires special USB debugging connector The security researchers who found a way to compromise Intel's Management Engine last year have just released proof-of-concept exploit code for the now-patched vulnerability.…
Chrome back button hijack records user behaviour
5 days agoSimple script captures where people click on competitor sites.
Voting machine maker claims hacking competitions a 'green light' for foreign hackers
6 days agoNSA code cracker says no, hackers performing a service Voting machine vendor ES&S says it did not cooperate with the Voting Village hacking competition at DEF CON because it worried the event posed a national security risk.…
Free Cybersecurity Services Offer a First Step to Securing US Elections
6 days agoSome key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
Crashing Mobile Apps Capture Screens, Leak Private Data
6 days agoSeveral developer tools capture a screen as an app crashes and send it to a third-party server creating a risk of corporate data leakage.
Fileless Attacks Jump 94% in First Half of 2018
6 days agoWhile ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
Yahoo still scans your emails for ads — even if its rivals won’t
6 days agoYou’re not the only one reading your emails. A deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email sca ...
Instagram expands 2FA, account verifications in push to bolster security
6 days agoThe photo sharing platform said it will soon support two-factor authentication apps from third parties.
Australian staffing agency leaked employee details online, says security company
6 days agoHundreds of workers' details revealed, including detailed medical data.
PCI SSC Releases New Security Tools for Small Businesses
6 days agoTool intended to help small businesses understand their risk and how well they're being addressed.
Facebook Flaw Allowed Remote Commands
6 days agoFacebook failed to fully sanitize error data returned by a public facing web app.
Microsoft adds support for Google Gmail IDs to Azure Active Directory
6 days agoSurprise: Microsoft is enabling Gmail users to collaborate with others using Azure Active Directory B2B without requiring them to have a Microsoft account.
Why Security Needs a Software-Defined Perimeter
6 days agoMost security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
Microsoft Windows Zero-Day Found in Task Scheduler
6 days agoA Windows task scheduler API function does not check permissions - so any potential local bad actor can alter them to gain elevated privileges.
Windows Zero Day Pops Up On Twitter
6 days ago
No, eight characters, some capital letters and numbers is not a good password policy
6 days agoWestern Oz infosec audit report was shocking, but only 'cos it made public Internal cybersecurity audits rarely make it to the public domain, but when they do it’s often an eye-popping read.…
UK data protection complaints more than double under new GDPR rules
6 days agoThe number of complaints filed with the UK data protection watchdog has more than doubled since the introduction of new European regulations. There were 6,281 complaints filed with the Information Commissioner’s Office between May 25 when the new GDPR r ...
Free, easy to use, and available to anyone: The powerful malware hiding in plain sight on the open web
6 days ago"When the Russian military is using free stuff, you know how good that stuff is"
Polish Parliament Enacts National Cybersecurity System
6 days agoThe system classifies security incidents and splits national incident response into three separate teams.
Footie fans calling for a red card over West Ham United CC email blunder
6 days agoIf you're after an away ticket, now you know who to call Fat-fingered staff at London football team West Ham United have upset some fans following a ticket confirmation email bungle.…
WhatsApp: Mobile Phishing's Newest Attack Target
6 days agoIn 2018, mobile communication platforms such as WhatsApp, Skype and SMS have far less protection against app-based phishing than email.