Category: Featured

Featured stories feature some of the best interviews and content on our site.

Experts Doubt Hackers’ Claim Of Millions Of Breached Apple Credentials

Read full post Security experts say they are skeptical that a group called Turkish Crime Family actually possess a cache of hundreds of millions of Apple iCloud account credentials.

/ March 25, 2017

Google Slams Symantec for ‘Failures’ in SSL/TLS Certificate Process

Read full post Google Chrome engineers railed on Symantec for allegedly issuing thousands of security certificates that had not been properly validated.

/ March 24, 2017

Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago

Read full post New WikiLeaks data dump describes “Sonic Screwdriver,” other CIA exploits for Mac desktops and iPhones

/ March 24, 2017

Intro to Cyber Insurance: 7 Questions to Ask

Read full post Buying a cyber insurance policy can be complex and difficult. Make sure you’re asking these questions as you navigate the process.

/ March 24, 2017

Privacy Advocates Vow to Fight Rollback of Broadband Privacy Rules

Read full post Privacy activists say rolling-back ISP privacy rules means health, financial and browsing habits can be used, shared and sold to the highest bidder without consent.

/ March 24, 2017

Instagram Adds Two-Factor Authentication

Read full post Instagram became the latest in a long line of services over the years to offer users two-factor authentication.

/ March 24, 2017

Phishing 101 at the School of Hard Knocks

Read full post A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access...

/ March 24, 2017

America’s JobLink Suffers Security Breach

Read full post A third-party hacker exploited a flaw in America’s JobLink application code to access the information of job seekers from 10 states.

/ March 24, 2017

Apple underwhelmed by latest CIA exploits revealed by WikiLeaks

Read full post WikiLeaks’s revelations about security vulnerabilities in Apple products appear to be a damp squib. The post Apple underwhelmed by latest CIA exploits revealed by WikiLeaks appeared first on WeLiveSecurity

/ March 24, 2017

Sandia Testing New Intrusion Detection Tool That Mimics Human Brain

Read full post Neuromorphic Data Microscope can spot malicious patterns in network traffic 100 times faster than current tool, lab claims.

/ March 24, 2017

US Senate Overturns Obama Consumer Privacy Rule

Read full post The FCC regulation, passed in October, was rejected in a 50-to-48 vote and is now in the House of Representatives.

/ March 24, 2017

Prioritizing Threats: Why Most Companies Get It Wrong

Read full post To stay safer, focus on multiple-threat attack chains rather than on individual threats.

/ March 24, 2017

Threatpost News Wrap, March 27, 2017

Read full post The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.

/ March 24, 2017

16 years of Mac OS X: Secure but not invincible to malware

Read full post Mac OS X is still secure 16 years after its creation, but increasingly being targeted by cybercriminals. No operating system is 100% malware-proof. The post 16 years of Mac OS X: Secure but not invincible to malware...

/ March 24, 2017

Adware Apps Booted from Google Play

Read full post More than a dozen apps removed from Google Play store after it was determined they were overly aggressive adware.

/ March 24, 2017

GDPR: A simple explainer

Read full post The GDPR is the biggest change in data protection laws for 20 years, and comes into effect on May 25th, 2018. We answer some key questions. The post GDPR: A simple explainer appeared first on WeLiveSecurity

/ March 24, 2017

When bad bugs bite: Apple iCloud accounts ‘held hostage’

Read full post The so-called Turkish Crime Family is demanding that Apple pays it a ransom, otherwise it will delete millions of credentials it says it possesses. The post When bad bugs bite: Apple iCloud accounts ‘held hostage’ appeared first...

/ March 24, 2017

Apple Tells WikiLeaks to Submit CIA Exploits Through Normal Process

Read full post Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular...

/ March 24, 2017

Cisco Patches Critical IOX Vulnerability

Read full post Cisco Systems patched a critical vulnerability Wednesday that could allow an unauthenticated, remote attacker to execute remote code on affected hardware and gain root privileges. The bug is in Cisco’s Data-in-Motion (DMo) process, part of the company’s...

/ March 24, 2017

Breach of DoL Jobs Database a Threat to 10 States, so far

Read full post A multi-state database was hacked, potentially revealing names, dates of birth and Social Security numbers of hundreds of thousands of job seekers across 10 states…so far. The site, America’s Job Link Alliance (AJLA), is offered by the...

/ March 24, 2017

7 Steps to Transforming Yourself into a DevSecOps Rockstar

Read full post Security practitioners at one education software firm offer lessons learned from merging DevOps with security.

/ March 23, 2017

5 Ways CISOs Could Work Better with Their Cyber Insurers

Read full post Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.

/ March 23, 2017

LastPass Fixes Serious Security Flaw in Chrome, Firefox Extensions

Read full post Password manager LastPass creates a workaround for a serious vulnerability affecting browser extensions in Chrome, Firefox, and Microsoft Edge.

/ March 23, 2017

US May Charge North Korea in Bangladesh Bank Cybertheft

Read full post The potential case accuses North Korea, and suspected Chinese middlemen, of spearheading an $81-million theft from Bangladesh Bank.

/ March 23, 2017

Russian Man Pleads Guilty for Role in Citadel Malware Attacks

Read full post Russian national Mark Vartanyan pleads guilty in US federal court following his December 2016 extradition from Norway.

/ March 23, 2017

20 Million Mobile Devices at High Risk of Attack, Study Finds

Read full post Meanwhile, a separate report by Google says half of all Android devices didn’t install a single security update in 2016.

/ March 23, 2017

Windows ‘DoubleAgent’ Attack Turns AV Tools into Malware

Read full post Zero-day attack exploits a legitimate process in Windows, according to Cybellum; AV vendors downplay threat.

/ March 22, 2017

eBay Asks Users to Downgrade Security

Read full post Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable...

/ March 22, 2017

Google, Jigsaw Offer Free Cyber Protection to Election Sites

Read full post The Protect Your Election package from Google and Jigsaw includes password alert and two-step verification for candidates and campaigns.

/ March 22, 2017

New Yorkers See 60% Rise in Data Breaches in 2016

Read full post Attorney General Eric Schneiderman announced his office received nearly 1,300 data breaches in 2016, a 60% increase over 2015.

/ March 22, 2017

Malware Explained: Packer, Crypter & Protector

Read full post These three techniques can protect malware from analysis. Here’s how they work.

/ March 22, 2017

Phishing Your Employees for Schooling & Security

Read full post Your education program isn’t complete until you test your users with fake phishing emails.

/ March 22, 2017

Future of the SIEM

Read full post Current SIEM systems have flaws. Here’s how the SIEM’s role will change as mobile, cloud, and IoT continue to grow.

/ March 22, 2017

The True State of DevSecOps

Read full post Automation improving, but security needs to find ways to slide into DevOps workflow and toolchain.

/ March 21, 2017

Student Aid Tool Held Key for Tax Fraudsters

Read full post Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of...

/ March 21, 2017

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

Read full post Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these...

/ March 17, 2017

Google Points to Another POS Vendor Breach

Read full post For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath...

/ March 16, 2017

Four Men Charged With Hacking 500M Yahoo Accounts

Read full post “Between two evils, I always pick the one I never tried before.” -Karim Baratov (paraphrasing Mae West) The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of...

/ March 15, 2017

Adobe, Microsoft Push Critical Security Fixes

Read full post Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month’s Patch Tuesday until today, issued an unusually large number of...

/ March 14, 2017

If Your iPhone is Stolen, These Guys May Try to iPhish You

Read full post KrebsOnSecurity recently featured the story of a Brazilian man who was peppered with phishing attacks trying to steal his Apple iCloud username and password after his wife’s phone was stolen in a brazen daylight mugging. Today, we’ll...

/ March 13, 2017