security.didici.cc

Netflix sparks privacy row after making fun of users of Twitter

1 hour ago

“To the 53 people who've watched A Christmas Prince every day for the past 18 days: Who hurt you?”

Massive Uber data scraping and secret servers exposed in Waymo suit

1 hour ago

It’s old news that Uber has legal troubles on its plate - but the plot has thickened considerably in recent weeks.

5 ransomware as a service (RaaS) kits – SophosLabs investigates

2 hours ago

A look at five RaaS kits and how each is marketed and priced

Apple plugs IoT HomeKit hole

4 hours ago

Apple just can’t seem to get away from the theme of security flaws right now.

ISC StormCast for Wednesday, December 13th 2017

13 hours ago

Microsoft Patch Tuesday Summary https://isc.sans.edu/foru
ms/diary/December+Microso
ft+Patch+Tuesday+Summary/
23123/EV Certificate Model Broken? https://stripe.ian.shROBO
T Attack Against TLS https://robotattack.org

SN 641: The iOS Security Trade-off

14 hours ago

This week we discuss the details behind the "USB / JTAG takeover" of Intel's Management Engine, a rare Project Zero discovery, Microsoft's well-meaning but ill-tested IoT security project, troubles with EV certs, various Cryptocurrency woes, a clever DNS ...

Risky Business #481 -- Inside the Anthem breach with someone who was there

16 hours ago

This is the last show for the year, Risky Business will return on January 10th 2018. In this week’s feature Stephen Moore joins us. He was formerly the Staff Vice President of Cyber Security Analytics at Anthem, the healthcare company that was spectacu ...

Hack Naked News #153 - December 12, 2017

19 hours ago

Paul reports on Google patches, vulnerability in two keyless entry locks, Mozilla security updates, and 1.4 billion plain-text leaked passwords found online! Jason Wood of Paladin Security joins us for the expert commentary, and more on this episode of Ha ...

iOS jailbreak exploit published by Google

22 hours ago

Has Google just given the crooks an early Christmas present?

Ransom email scam from ‘hitman’ demands: pay up or die

23 hours ago

It's a horrible email scam that's supposed to scare the life out of you

Man apologizes after photo of ‘racist’ woman goes viral

1 day ago

A viral post that turned the internet into a torch-bearing mob.

Coinbase: don’t expect to trade your cryptocurrency at busy times

1 day ago

It’s OK to be excited about Bitcoin and other digital currencies, according to Brian Armstrong, CEO of digital currency exchange Coinbase... just maybe not that excited.

Spies are watching… on LinkedIn

1 day ago

The young professionals portrayed in the LinkedIn listings are hot, enticing, and fictitious.

ISC StormCast for Tuesday, December 12th 2017

1 day ago

Pornographic Spam Messages Used to Deliver Crypto Coin Miner https://isc.sans.edu/foru
ms/diary/Pornographic+mal
spam+pushes+coin+miner+ma
lware/23119/Microsoft Leaks Secret SSL Key For Dynamics 365 https://medium.com/matthi
as-gliwka/microsoft-leaks
-tls-priv ...

HP leaves accidental keylogger in laptop keyboard driver

1 day ago

HP didnt beat around the bush - when a researcher found a left-over keylogger, the company fessed up and fixed it fast. Result!

Mailsploit: using emails to attack mail software

1 day ago

Mailsploit bugs allow attackers to bypass anti-spam protections and, in some cases, run hostile code

Lil Bub, a special-needs celebrity cat, gets hacked

2 days ago

The Instagram account of a kitty who suffers from extreme feline dwarfism and terminal cuteness has been hacked by somebody who says they're 11.

Warrantless surveillance can continue until April, say Feds

2 days ago

Thought FISA Section 702 was due to bite the dust on New Year's Eve? Think again, say Trump's lawyers: you're stuck with it until the spring

Monday review – the hot 21 stories of the week

2 days ago

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Ep. 100 - Sky Robots vs War Apes with Lucky Yates

2 days ago

Lucky Yates is an actor and writer, known for Archer (2009), The American Shame (2001) and American Dirtbags (2015). Lucky is a hilarious guest that entertained us and we got to discuss some really interesting topics: What is a war ape and a sky robot? Ho ...

ISC StormCast for Monday, December 11th 2017

2 days ago

Sometimes An RTF Document is Just an RTF Document https://isc.sans.edu/foru
ms/diary/Sometimes+its+a+
dud/23115/HP Keyboard Drivers Can Log Keystrokes https://support.hp.com/us
-en/document/c05827409 https://zwclose.github.io
/HP-keylogger/Android App Signatu ...

Risky Biz Soap Box: Bromium on custom microvirtualization for legacy apps

2 days ago

Today’s Soap Box is brought to you by Bromium. Bromium makes a security suite that wraps key applications in microvisors. It’s a way to get app-specific, hardware-based virtualisation. Historic
ally Bromium has wrapped things like browsers and the of ...

Channeling Back - Startup Security Weekly #65

4 days ago

Todd O'Boyle of StrongArm joins us for an interview! In our article discussion, we discuss behaviors that can drive cultural change, the power of office back-channeling, and the five traits of successful teams at Google! In the news, we have updates from ...

Paul's Security Weekly #539 - Dental Security Weekly

4 days ago

Lisa O'Connor of Accenture Labs joins us for an interview to discuss threat intelligence, advanced cyber hunting, active defense, and security of the Industrial Internet of things! Eyal Neemany of Javelin Networks joins us for the tech segment to discuss ...

Phishing embraces HTTPS, hoping you’ll “check for the padlock”

5 days ago

HTTPS is one of security’s great love affairs, but it's not all roses.

Google AI teaches itself ‘superhuman’ chess skills in four hours

5 days ago

Move aside, ugly, giant bags of mostly water, the computers are teaching themselves now

ISC StormCast for Friday, December 8th 2017

5 days ago

Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe https://www.blackhat.com/
docs/eu-17/materials/eu-1
7-Goryachy-How-To-Hack-A-
Turned-Off-Computer-Or-Ru
nning-Unsigned-Code-In-In
tel-Management-Engine.pdf
Tracking Users Without GPS http:// ...

Uber disguised $100,000 hacker payoff as bug bounty, claims Reuters

5 days ago

Can a hacker's extortion demand ever be paid off as though it were a bug bounty? Or is that a step too far?

Apple fills the KRACK on iPhones – at last

5 days ago

KRACK is a Wi-Fi encryption bug - Apple patched it quickly, but only for iPhone 7 and later. Now everyone else gets a patch, too...

Episode 2.10 Is your keyboard listening? A different type of jailbreak, Grinch Bots Stealing Christmas? Chrome, and Red Team Architecture!

5 days ago

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Geoff Walton, Ben Tenjamin, Geoff Walton, Scott White, Costa Petros, and Rob ...

Man turns shed into top rated restaurant on TripAdvisor

5 days ago

...without ever serving food from it.

Mr. Robot eps3.8_stage3.torrent – the security review

5 days ago

We're looking at the security concepts in this week's Mr Robot

NiceHash cryptomining exchange hacked; everything’s gone

5 days ago

Reports say that the Bitcoin was worth $58m at the time. As of Thursday morning, the value had soared to $80m.

US gov says it can break your encryption without a court order

6 days ago

The encryption battle between the FBI and apple is all octopus ink, if you go by what the government says

Meow! Facial recognition reaches pet doors

6 days ago

It takes mere seconds to recognize a cat, thereby avoiding confused pets. Microsoft, who built it, didn't address pre-confused pets or hacker squirrels.

ISC StormCast for Thursday, December 7th 2017

6 days ago

Apple Updates Everything https://isc.sans.edu/foru
ms/diary/Apple+Updates+Ev
erything+Again/23107/Do Not Trust Reverse DNS. And here is an example why https://isc.sans.edu/foru
ms/diary/PSA+Do+not+Trust
+Reverse+DNS+and+why+does
+an+address+resolve+to+lo
calhos ...

Net Neutrality comments “deeply corrupted” – NY Attorney General

6 days ago

Eric Schneiderman called for the postponement, declaring that the public comment process in advance of the vote.

Questions linger as data breach trading site LeakBase disappears

6 days ago

On 2 December LeakBase started redirecting to Troy Hunt’s campaigning breach site Have I Been Pwned? (HIBP), but why?

Hacker who tried to free inmate early may soon join him in jail

1 week ago

He used a mix of phishing, typosquatting and social engineering to weasel his way into the county network.

Cayla doll too eavesdroppy to put under the Christmas tree, says France

1 week ago

That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.

ISC StormCast for Wednesday, December 6th 2017

1 week ago

AI.Type Data Exposed in MongoDB Database https://mackeepersecurity
.com/post/virtual-keyboar
d-developer-leaked-31-mil
lion-of-client-recordsMai
lsploit Makes it Easier to Spoof From Headers in E-Mails https://www.mailsploit.co
mStorageCrypt Ransomware Encrypt ...

SN 640: More News & Feedback

1 week ago

This week we discuss the long-awaited end of StartCom & StartSSL, inside last week's macOS passwordless root account access and problems with Apple's patches, the question of Apple allowing 3D facial data access to apps, Facebook's new and controversial u ...

Risky Business #480 -- Uber, Kaspersky woes continue

1 week ago

On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excus ...

Hack Naked News #152 - December 5, 2017

1 week ago

Paul reports on a flaw found in Dirty COW patch, Apache Software security updates, more hacks in 2018, and a MailSploit e-mail spoofing flaw! Jason Wood joins us to give expert commentary on a Federal Data Breach Legislation, and more on this episode of H ...

Startup Security Weekly #64 - Legal in Some States

1 week ago

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, Rever ...

Politicians boast about sharing passwords, bask in blissful ignorance

1 week ago

'Staff use my login every day!', 'I have to ask staff members my own password when I forget it!", and other stories...

High schooler hacks his way to a higher GPA

1 week ago

You’d think students smart enough to hack into their school’s IT system and change their grades wouldn’t need to hack into their school’s IT system and change their grades.

Facebook brings Messenger to kids as young as 6

1 week ago

Do kids that young "need" a parent-sanctioned chat app? Facebook thinks so.

PayPal’s TIO Networks breached; PII of 1.6 million users affected

1 week ago

No worries, PayPal says: Tio Networks' systems are completely separate from PayPal's. Phew!

ISC StormCast for Tuesday, December 5th 2017

1 week ago

Incidence Response Using TheHive https://isc.sans.edu/foru
ms/diary/IR+using+the+Hiv
e+Project/23099/SSL/TLS For Scapy https://github.com/tintin
web/scapy-ssl_tlstvOS 11.2 Released (but no details about security content yet) https://support.apple.com
/en-us/H ...

Smile, you’re on hidden webcam Airbnb TV!

1 week ago

Webcams can be tucked into anything from smoke alarms to air fresheners, in Airbnbs AND hotel rooms. Here's how to spot them, and what to do if you find one.

The NSA Agent Who Inexplicably Exposed Critical Secrets, Featuring David Kennedy – Wired.com

1 week ago

A SERIES OF leaks has rocked the National Security Agency over the past few years, resulting in digital spy tools strewn across the web that have caused real damage both inside and outside the agency. Many of the breaches have been relatively simple to c ...

Man blocks employer’s tracking with chip packet, plays 140 rounds of golf

1 week ago

Funny thing, Tom - the company's GPS tracker says you didn't show up at the work sites. Plus your PDA's kind of greasy.

Episode 2.9 OWASP Top 10 2017, OSX Root login bypass, Uber Hacked, who are the shadow brokers, ROCA!

1 week ago

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Ben Tenjamin, Geoff Walton, Scott White, Ryan Leese, Scot Berner, and Rob Si ...

Proposed law would jail execs who fail to report data breaches

1 week ago

The Senate's looking at YOU, Uber!

Fancy what? Fancy where? Oh, Fancy BEAR! [Chet Chat Podcast 266]

1 week ago

Here's the latest episode of the Chet Chat podcast...enjoy!

Monday review – the hot 22 stories of the week

1 week ago

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

ISC StormCast for Monday, December 4th 2017

1 week ago

Brazilian Banking Malware Uses UTF-16 Encoded .BAT File https://isc.sans.edu/foru
ms/diary/Phishing+campaig
n+uses+old+bat+script+to+
spread+banking+malware+an
d+it+is+flying+under+the+
radar/23091/Phishing Abuse of JotForm https://isc.sans.edu/foru
ms/diary/P ...

Snake Oilers #4: Dino Dai Zovi, Chris McNab and Sylvain Gil

1 week ago

We’ll be hearing from three vendors in this edition of Oilers. Dino Dai Zovi will be along first up to talk about his startup, Capsule8, which looks very promising indeed. After we’ve heard from Dino we’ll be chatting with Chris McNab. He used to r ...

Paul's Security Weekly #538 - Enjoy the Taste

1 week ago

Allison Miller joins us for an interview, Mick Douglas of the SANS Institute shows us how to feed common and default logs into ELK stacks, and we report on the latest security news on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.s ...

Coinbase ordered to turn over customer records to IRS

1 week ago

A federal district court in California has ordered Coinbase to turn over three years worth of identifying records on more than 14,000 of its customers to the Internal Revenue Service (IRS).

Former IT manager used employer’s computer to view child abuse

1 week ago

He pleaded guilty to one count of computer intrusion and one count of accessing a computer in order to view child abuse imagery.

RFID repeater used to steal Mercedes with keys locked inside a house

1 week ago

Relay attacks intercept a fob's signals, trick the car into unlocking, and can even be used to drive it away, without a key or a scratch.

Microsoft defends Windows 10 against ASLR criticism

1 week ago

It’s one of the oldest debates in software: is it a bug or a feature?

ISC StormCast for Friday, December 1st 2017

1 week ago

More Malspam Pushing Emotet Malware https://isc.sans.edu/foru
ms/diary/More+Malspam+pus
hing+Emotet+malware/23083
/Google Chrome To Block Some Third Party Software Mid-2018 https://blog.chromium.org
/2017/11/reducing-chrome-
crashes-caused-by-third.h
tmlEuropea ...

Apple’s rocky week with passwords in High Sierra [VIDEO]

1 week ago

We took to Facebook Live to discuss what happened in Apple's "password nightmware" week...

Expanding Community Engagement at OWASP w/ Greg Anderson

1 week ago

Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hope to accomplish in his tenure on the board, the first initiatives he would like to implement and on various ideas for wo ...

Google sued over iPhone ‘Safari Workaround’ data snooping

1 week ago

Did you use an iPhone in the UK between 1 June 2011 and 15 February 2012? If so, you’re one of an estimated 5.4 million who may be in line for compensation.

Snapchat takes a swipe at fake news

1 week ago

Snapchat is curating items based on what YOU like, not your echo chamber, fake-news spreading friends.

Apple’s “blank root password” fix needs a fix of its own – here it is

1 week ago

Bug, fix, bug, fix - but we're still saying "Well done" to Apple for a superquick response to the "blank root password" vulnerability.

Mr. Robot eps3.7_dont-delete-me.ko – the security review

1 week ago

We examine the latest security happenings in this week's episode of Mr. Robot...

Epic Games sues 14-year-old cheater, mother launches rhetorical firestorm

1 week ago

I would run away if I were you, Epic Games: she's scary, and she's got good points.

Enterprise Security Weekly #71 - Call Me!

1 week ago

James Wilkinson joins us to discuss his transition from the military to the enterprise security space. In the news, updates from Docker, GuardiCore, Trend Micro, Barracuda Networks, and more on this episode of Enterprise Security Weekly!Full Show Notes: h ...

ISC StormCast for Thursday, November 30th 2017

1 week ago

Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug https://support.apple.com
/en-us/HT208315Insecure Android Crypto Currency Wallets https://www.htbridge.com/
news/security-cryptocurre
ncy-mobile-apps.htmlCoinh
ive Miner Now As Pop-Under htt ...

Apple closes that big root hole – “Install this update as soon as possible”

1 week ago

That Apple root hole we wrote about just yesterday? Apple has pushed out a patch already - get it while it's hot!

Radio Shack robbery to have huge consequences for location privacy

2 weeks ago

This could go beyond Radio Shack and location data; it may apply to email/text messages, internet searches, and bank and credit card records.

Hack Naked News #151 - November 28, 2017

2 weeks ago

Paul and Michael report on an Exim-ergency, why Uber’s in hot water, Firefox’s new pwnage warnings, 1.7 million breached Imgur accounts, bidding farewell to SMS authentication, voting and security, and more on this episode of Hack Naked News!Full Show ...

US indicts three Chinese nationals for alleged cyberattacks

2 weeks ago

The three men are accused of hacking into at least three multinational corporations over the past seven years.

Google AI lets phone owners know about shoulder surfers

2 weeks ago

Researchers' system halts a text conversation, shows a face peering over your shoulder, and involves alarmingly pretty sparkles and rainbows!

ISC StormCast for Wednesday, November 29th 2017

2 weeks ago

Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierrahttps://twitter.com
/lemiorhan/status/9355786
94541770752https://suppor
t.apple.com/en-us/HT20401
2Defeating Facial Recognition https://arxiv.org/abs/171
1.09001Bitcoin Gold ...

SN 639: News & Feedback

2 weeks ago

This week we discuss a new bad bug found in the majority of SMTP mailing agents, 54 high-end HP printers found to be remotely exploitable, more than 3/4ths of 433,000 websites are using vulnerable JavaScript libraries, horrible free security software, som ...

Risky Business #479 -- Oh, Uber. Oh, Apple.

2 weeks ago

On this week’s show we’re speaking with Susan Hennessey, a Fellow in National Security in Governance Studies at the Brookings Institution and managing editor of Lawfare. We’re talking to her about cross-border law enforcement in the Internet age. W ...

Apple Macs have gaping root hole – here’s a superquick way to check and fix it

2 weeks ago

You can't login as "root" on a Mac because it never asks you to set the password, so you don't know what it is. Except that it's [blank].

DerbyTV

2 weeks ago

This blog post isn’t directly information security related per se, but is technical in nature, so it should appeal to the geek in most of us. When Dave posted pictures of the gear being used to stream the Track talks within the Hyatt at DerbyCon this ye ...

Most Fancy Bear hacking targets weren’t warned by FBI

2 weeks ago

In some cases, that includes not being contacted by the FBI even after their emails had been stolen and published online.

Age verification legislation will lead to porn habit database

2 weeks ago

"Data collection creates an inherent risk of data loss through hack, breach, or other forms of intrusion."

Involved in a data breach? Firefox to test alerts in the browser

2 weeks ago

The company plans to trial an add-on that will warn users if they appear in Troy Hunt's Have I Been Pwned? database.

The end of net neutrality draws near

2 weeks ago

Will it mean a newly vibrant and competitive internet or an internet for the rich?

How one man could have deleted any image on Facebook

2 weeks ago

Pouya Darabi found how to embed other people's images in a Facebook poll so that deleting *his* poll also deleted *their* files.

Uber Hack and Cover-up, Featuring David Kennedy-MSNBC

2 weeks ago

Former NSA hacker David Kennedy speaks about the implications of the Uber hack and whether the company should have reported the data breach. Click Here: Uber Hack and Cover-Up, Featuring David Kennedy-MSNBC The post Uber Hack and Cover-up, Featuring David ...

Facebook tool will reveal if you were fooled by Russian propaganda

2 weeks ago

Facebook says that Russia-backed posts reached 126 million Americans during the 2016 US election.

Imgur breached back in 2014, wasn’t storing your passwords properly

2 weeks ago

Photo-sharing site Imgur just found out it was breached back in 2014 - and back then it wasn't storing your passwords securely.

Monday review – the hot 22 stories of the week

2 weeks ago

From the all-seeing eye watching you online and the Uber data breach to Androids secretly reporting your location, and more!

A gargantuan all-seeing eye is watching you on popular websites

2 weeks ago

Some websites are recording everything you do, what could go wrong?

Alleged HBO hacker is an Iranian the FBI can’t arrest

2 weeks ago

Is publicly pursuing a man beyond reach a cry in the dark?

Enterprise Security Weekly #70 - We Have Foreigners Here

2 weeks ago

Ismael Valenzuela of the SANS Institute joins us. In the news, Rapid7 and Tenable announce new headquarters, Meg Whitman steps down, announcements for CA World ‘17, and more on this episode of Enterprise Security Weekly!Full Show Notes: https://wiki.sec ...

Startup Security Weekly #63 - In the Books

2 weeks ago

Darren Mar-Elia of Semperis joins us. In the news, deciding with speed and conviction, learning from unicorns, starting your social enterprise, and updates from ThreatQuotient, Symantec, Optiv, and more on this episode of Startup Security Weekly!Full Show ...

SN 638: Quad Nine

3 weeks ago

This week we discuss Windows having a birthday, Net Neutrality about to succumb to big business despite a valiant battle, Intel's response to the horrifying JTAG over USB discovery, another surprising AWS public bucket discovery, Android phones caught sen ...

Hack Naked News #150 - November 21, 2017

3 weeks ago

Don Pezet of ITProTV joins Paul to discuss Amazon S3 buckets, Google collecting Android data, secret spyware in smartwatches, and patches for Microsoft, Intel, HP, and more on this episode of Hack Naked News!Full Show Notes: https://wiki.securityweek
ly.co ...

Held for Ransom! Learn How to Protect Your Data.

3 weeks ago

 Great panel with Chris Prewitt of TrustedSec, Federal Bureau of Investigation (FBI), Ulmer & Berne LLP, Wells Fargo Insurance Services, and RT Specialty  discussing “Cyber Game Plan: A Tabletop Exercise in Defending a Ransomware Attack.” Video Li ...