Month: September 2017

10 Security Product Flaw Scares

Read full post CCleaner compromise puts the crown on several years’ worth of headlines about cybersecurity product weaknesses.

/ September 22, 2017

Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid

Read full post Why healthcare organizations need a good strategy to find talent, or get left behind.

/ September 22, 2017

Where Do Security Vulnerabilities Come From?

Read full post There are three major causes: code quality, complexity, and trusted data inputs.

/ September 22, 2017

This new app can detect wireless credit card skimmers at gas pumps

Read full post Credit card skimmers are getting more advanced – but that’s making them easier to detect.

/ September 22, 2017

Equifax has been sending customers to a fake phishing site for weeks

Read full post A series of blunders to add to the Equifax breach

/ September 22, 2017

ISP involvement suspected in latest FinFisher gov’t spyware campaign

Read full post ISPs in a number of countries are under suspicion for distributing the malware to government targets.

/ September 22, 2017

Cloud services: What to consider when migrating your infrastructure

Read full post Most companies have switched the majority of their services and information over to the cloud. There are many reasons for this, ranging from cost to practicalities. The post Cloud services: What to consider when migrating your infrastructure...

/ September 22, 2017

Joomla patches eight-year-old critical CMS bug

Read full post The flaw could be exploited to steal administrator account details and hijack websites.

/ September 22, 2017

SEC Says Intruders May Have Accessed Insider Data for Illegal Trading

Read full post 2016 breach of the Securities and Exchange Commission’s EDGAR database dents its reputation as a federal cybersecurity enforcer.

/ September 21, 2017

CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft

Read full post The backdoor discovered in Avast’s CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.

/ September 21, 2017

Webroot Culture: Q&A with Systems Administrator Ann Roberts

Read full post Before chatting with Ann Roberts, systems administrator at Webroot, I had a pretty narrow view of what her role in the IT department required on a day-to-day basis. As it turns out, a systems administrator must wear...

/ September 21, 2017

How BitPaymer ransomware covers its tracks

Read full post This BitPaymer malware variant uses tricks that you don’t usually see in ransomware – but it still scrambles your files in the end.

/ September 21, 2017

News in brief: Experian PIN fail; SEC hacked; AI vs terror

Read full post Your daily round-up of some of the other stories in the news

/ September 21, 2017

Hackers holds entire school district to ransom

Read full post The hacking group stole personal information and sent explicit death threats against children to their parents.

/ September 21, 2017

Why Size Doesn’t Matter in DDoS Attacks

Read full post Companies both large and small are targets. Never think “I’m not big enough for a hacker’s attention.”

/ September 21, 2017

SMBs Paid $301 Million to Ransomware Attackers

Read full post But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.

/ September 21, 2017

OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal

Read full post A judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.

/ September 21, 2017

CConsiderations on the CCleaner incident

Read full post Regardless of how Piriform was breached, for a tool as widely downloaded as CCleaner, with a userbase running into the hundreds of millions, there will be a large impact worldwide, even though only the 32-bit version was...

/ September 21, 2017

New FinFisher surveillance campaigns: Are internet providers involved?

Read full post FinFisher has extensive spying capabilities, such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. What sets FinFisher apart from other surveillance tools, however, are the controversies around its deployments. The post New FinFisher...

/ September 21, 2017

“Admin from Hell” holds company to ransom with porn makeover

Read full post The IT admin demanded $10,000, when he didn’t get it things got X-rated

/ September 21, 2017

SEC admits data breach, suggests illicit trading was key

Read full post The commission says that “illicit gain through trading” may have been the key motivator.

/ September 21, 2017

Critical VMware vulnerability, patch and update now

Read full post The impact of this critical vulnerability has the potential to be great.

/ September 21, 2017

CCleaner malware operators targeted tech firms including Cisco, Microsoft, Samsung

Read full post It is believed the threat actor behind the campaign is after intellectual property.

/ September 21, 2017

Iranian Cyberspy Group Targets Aerospace, Energy Firms

Read full post APT33 focused on gathering information to bolster Iran’s aviation industry and military decision-making capability, FireEye says.

/ September 20, 2017

Cisco SMI Still Exposing Network Switches Online

Read full post The high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.

/ September 20, 2017

Mobile Ransomware Hits Browsers with Old-School Techniques

Read full post Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.

/ September 20, 2017

Artificial Intelligence: Getting the Results You Want

Read full post Finding a vendor that doesn’t claim to do AI is hard these days. But getting the benefits you need and expect is even harder.

/ September 20, 2017

Human failings undermine security – but who’s failing who?

Read full post A Ponemon survey puts “negligent employees” on the hook

/ September 20, 2017

The Apache “Optionsbleed” security hole explained [VIDEO]

Read full post If you’re looking for a non-techie, plain English, verbal explanation of the Apache “Optionsbleed” security bug, watch this!

/ September 20, 2017

Software Assurance: Thinking Back, Looking Forward

Read full post Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.

/ September 20, 2017

News in brief: Twitter stops terrorists; WhatsApp stops UK gov; Russia stops Dark Web drugs

Read full post Your daily round-up of some of the other stories in the news

/ September 20, 2017

Pirate Bay hits users’ CPUs with secret cryptocurrency mining

Read full post They should have asked. If they had, would it be better or worse than ads?

/ September 20, 2017

Black Hat Europe 2017: First Briefings Announced

Read full post We are pleased to announce the first Briefings selected for presentation at Black Hat Europe 2017!

/ September 20, 2017

SecureAuth to Merge with Core Security

Read full post K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.

/ September 20, 2017

Ransomware Spares No One: How to Avoid the Next Big Attack

Read full post With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their...

/ September 20, 2017

Get Serious about IoT Security

Read full post These four best practices will help safeguard your organization in the Internet of Things.

/ September 20, 2017

1.9 Billion Data Records Exposed in First Half of 2017

Read full post Every second, 122 records are exposed in breaches around the globe, a new report shows. And that’s doesn’t even include the new Equifax breach data.

/ September 20, 2017

10 Hot Cybersecurity Funding Rounds in Q3

Read full post The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here’s how the third quarter has shaped up.

/ September 20, 2017

Why SMS two-factor authentication puts your bitcoins at risk

Read full post Your name and phone number is all that’s needed to intercept SMS 2FA and raid your bitcoin wallet.

/ September 20, 2017

IT admin sentenced after blackmailing business, redirecting website to porn

Read full post The admin demanded $10,000 from a company after sabotaging their website.

/ September 20, 2017