Another thug learns that SWATting Brian Krebs is a bad idea

Read full post Things have not gone well for Krebs’ tormentors

/ September 26, 2017

Suspected mass-spoofing of ships’ GPS in the Black Sea

Read full post One ship’s navigation system reported that it was actually on land

/ September 26, 2017

Dirty Cow vulnerability discovered in Android malware campaign for the first time

Read full post The bug has been found in malware designed to root and install backdoors into Android handsets.

/ September 26, 2017

After DHS Notice, 21 States Reveal They Were Targeted During Election

Read full post Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.

/ September 25, 2017

Microsoft Builds Automation into Windows Defender ATP

Read full post Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.

/ September 25, 2017

Breach at Deloitte Exposes Emails, Client Data

Read full post Intrusion may have resulted from company’s failure to properly secure a key administrator account.

/ September 25, 2017

Privacy Shield Framework Gains Popularity in EU, US: Report

Read full post The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.

/ September 25, 2017

The software flaw that could beam out passwords by DNS

Read full post iTerm2 was trying to be helpful.

/ September 25, 2017

News in brief: New IoT grief; Old patch lessons; Older voting tech

Read full post Your daily round-up of some of the other stories in the news

/ September 25, 2017

Ex-NSA hacker drops macOS High Sierra zero-day hours before launch

Read full post The vulnerability lets an attacker steal the contents of a Keychain — without needing a password.

/ September 25, 2017

Joomla 3.8 fixes serious LDAP authentication issue, update now

Read full post The bug allows the extraction of an affected site’s credentials “in seconds”

/ September 25, 2017

Deloitte confirms hack exposed email system

Read full post It’s said that a lack of two-factor authentication on an administrator’s account failed to keep attackers out.

/ September 25, 2017

Thoughts from Webroot’s new President & CEO, Mike Potts

Read full post I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d...

/ September 25, 2017

PassGAN: Password Cracking Using Machine Learning

Read full post Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.

/ September 25, 2017

Bankbot trojan returns to Google Play with new tricks

Read full post The Android banking trojan that we first informed about in the beginning of this year has found its way to Google Play again and contains new tricks designed to get access to the private banking information of...

/ September 25, 2017

No, Facebook spies aren’t secretly “following me”, it’s a hoax

Read full post Typing “Facebook security” into your block list won’t reveal their names

/ September 25, 2017

Monday review – Adobe botches, Apache bleeds and Equifax blunders

Read full post From Apache bleeding to Equifax shooting itself in the foot. Again.

/ September 25, 2017

Security’s #1 Problem: Economic Incentives

Read full post The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.

/ September 25, 2017

Security and privacy on the new iOS 11

Read full post These new security measures will undoubtedly not only impact the security of data stored on a phone that has been lost or stolen, but could also complicate the progress of criminal investigations requiring the forensic analysis of...

/ September 25, 2017

Adobe accidentally releases private PGP key

Read full post The firm’s security team failed in a spectacular fashion.

/ September 25, 2017

Spammed-out emails threaten websites with DDoS attack on September 30th

Read full post Websites are being told that they have until September 30th to pay extortionists $720 worth of Bitcoin, or else suffer a distributed denial-of-service (DDoS) attack. The post Spammed-out emails threaten websites with DDoS attack on September 30th...

/ September 25, 2017

Adobe security team posts public key – together with private key

Read full post If you generate an encryption keypair and you get a public key and a private key, which one do you think you should keep to yourself?

/ September 22, 2017

Tracking phones without a warrant ruled unconstitutional

Read full post ‘Stingray use without a warrant violates 4th Amendment’

/ September 22, 2017

Cryptomining or online ads – which one floats your boat? [VIDEO]

Read full post Is cryptomining in the background better than ads in the foreground as a way of earning money to “pay” for free sites?

/ September 22, 2017

News in brief: DDoS threat spam; Army logic bomber; Viacom leak

Read full post Your daily round-up of some of the other stories in the news

/ September 22, 2017

1.4 Million New Phishing Sites Launched Each Month

Read full post The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.

/ September 22, 2017

New Verizon leak exposed confidential data on internal systems

Read full post Dozens of documents reveal detailed maps and configurations of internal Verizon servers.

/ September 22, 2017

Using infrared cameras to break out of air-gapped networks

Read full post Invisible data exfiltration from isolated networks

/ September 22, 2017

Americans Rank Criminal Hacking as Their Number One Threat

Read full post Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.

/ September 22, 2017

10 Security Product Flaw Scares

Read full post CCleaner compromise puts the crown on several years’ worth of headlines about cybersecurity product weaknesses.

/ September 22, 2017

Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid

Read full post Why healthcare organizations need a good strategy to find talent, or get left behind.

/ September 22, 2017

Where Do Security Vulnerabilities Come From?

Read full post There are three major causes: code quality, complexity, and trusted data inputs.

/ September 22, 2017

This new app can detect wireless credit card skimmers at gas pumps

Read full post Credit card skimmers are getting more advanced – but that’s making them easier to detect.

/ September 22, 2017

Equifax has been sending customers to a fake phishing site for weeks

Read full post A series of blunders to add to the Equifax breach

/ September 22, 2017

ISP involvement suspected in latest FinFisher gov’t spyware campaign

Read full post ISPs in a number of countries are under suspicion for distributing the malware to government targets.

/ September 22, 2017

Cloud services: What to consider when migrating your infrastructure

Read full post Most companies have switched the majority of their services and information over to the cloud. There are many reasons for this, ranging from cost to practicalities. The post Cloud services: What to consider when migrating your infrastructure...

/ September 22, 2017

Joomla patches eight-year-old critical CMS bug

Read full post The flaw could be exploited to steal administrator account details and hijack websites.

/ September 22, 2017

SEC Says Intruders May Have Accessed Insider Data for Illegal Trading

Read full post 2016 breach of the Securities and Exchange Commission’s EDGAR database dents its reputation as a federal cybersecurity enforcer.

/ September 21, 2017

CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft

Read full post The backdoor discovered in Avast’s CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.

/ September 21, 2017

Webroot Culture: Q&A with Systems Administrator Ann Roberts

Read full post Before chatting with Ann Roberts, systems administrator at Webroot, I had a pretty narrow view of what her role in the IT department required on a day-to-day basis. As it turns out, a systems administrator must wear...

/ September 21, 2017