Category: Uncategorized

Windows ‘DoubleAgent’ Attack Turns AV Tools into Malware

Read full post Zero-day attack exploits a legitimate process in Windows, according to Cybellum; AV vendors downplay threat.

/ March 22, 2017

eBay Asks Users to Downgrade Security

Read full post Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable...

/ March 22, 2017

Google, Jigsaw Offer Free Cyber Protection to Election Sites

Read full post The Protect Your Election package from Google and Jigsaw includes password alert and two-step verification for candidates and campaigns.

/ March 22, 2017

New Yorkers See 60% Rise in Data Breaches in 2016

Read full post Attorney General Eric Schneiderman announced his office received nearly 1,300 data breaches in 2016, a 60% increase over 2015.

/ March 22, 2017

Malware Explained: Packer, Crypter & Protector

Read full post These three techniques can protect malware from analysis. Here’s how they work.

/ March 22, 2017

Phishing Your Employees for Schooling & Security

Read full post Your education program isn’t complete until you test your users with fake phishing emails.

/ March 22, 2017

Future of the SIEM

Read full post Current SIEM systems have flaws. Here’s how the SIEM’s role will change as mobile, cloud, and IoT continue to grow.

/ March 22, 2017

The economics of cybersecurity for the undecided

Read full post How do you calculate the value at risk? Choosing between investing in antivirus software or doing nothing to prevent cybercrime is not black and white. We explore the grey areas of cybersecurity economics. The post The economics...

/ March 22, 2017

The economics of cybersecurity for the undecided

Read full post How do you calculate the value at risk? Choosing between investing in antivirus software or doing nothing to prevent cybercrime is not black and white. We explore the grey areas of cybersecurity economics. The post The economics...

/ March 22, 2017

Lithuanian con artist scams two US tech giants out of $100 million

Read full post That the phisher was able to dupe the companies, which work with social media, is perhaps the biggest surprise.

/ March 22, 2017

The True State of DevSecOps

Read full post Automation improving, but security needs to find ways to slide into DevOps workflow and toolchain.

/ March 21, 2017

Student Aid Tool Held Key for Tax Fraudsters

Read full post Citing concerns over criminal activity and fraud, the U.S. Internal Revenue Service (IRS) has disabled an automated tool on its Web site that was used to help students and their families apply for federal financial aid. The removal of...

/ March 21, 2017

You’re right. That ‘electronic Muslim ban’ makes no sense

Read full post Analysis: US officials have been less than forthcoming regarding a potential threat, which only hurts public trust and confidence.

/ March 21, 2017

Keep social engineering attacks from destroying your identity

Read full post Sometimes it takes a close call or bad experience to really hammer it home. The concept of identity theft is nothing new. To put it in perspective, my step-dad had his identity stolen, and didn’t even know...

/ March 21, 2017

Citing terror threat, US confirms electronics ban on some US-bound flights

Read full post Senior administration officials said terrorists are ‘aggressively pursuing’ ways to carry out new attacks, such as smuggling explosive devices in consumer items, but left key questions unanswered.

/ March 21, 2017

US government to ban most electronics from some US-bound flights

Read full post Homeland Security isn’t saying what the reason for the impending ban is, but that a change to the rules have been considered for several weeks.

/ March 20, 2017

ABTA experiences data breach

Read full post The Association of British Travel Agents discovered the data breach on March 1st, but failed to notify customers until March 16th. The post ABTA experiences data breach appeared first on WeLiveSecurity

/ March 20, 2017

ABTA experiences data breach

Read full post The Association of British Travel Agents discovered the data breach on March 1st, but failed to notify customers until March 16th. The post ABTA experiences data breach appeared first on WeLiveSecurity

/ March 20, 2017

Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files

Read full post The flaw was found by Cisco security researchers, despite WikiLeaks’ claiming that the CIA hacking unit disclosures did not contain working vulnerabilities.

/ March 20, 2017

GitHub awards researcher $18,000 for remote code execution flaw discovery

Read full post The severe bug impacted GitHub Enterprise and could have given attackers the opportunity to hijack the management console.

/ March 20, 2017

Feature or flaw? How to hijack a Windows account in less than a minute

Read full post By the researcher’s own admission, he’s not sure if it’s a newly-discovered security flaw — or a feature.

/ March 18, 2017

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

Read full post Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these...

/ March 17, 2017

Cyber News Rundown: Edition 3/17/17

Read full post The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions?...

/ March 17, 2017

Flashback Friday: Operation Windigo

Read full post In 2014, ESET delivered a comprehensive and detailed report on Operation Windigo. We take a look back at what was documented and what insight was gathered. The post Flashback Friday: Operation Windigo appeared first on WeLiveSecurity

/ March 17, 2017

Flashback Friday: Operation Windigo

Read full post In 2014, ESET delivered a comprehensive and detailed report on Operation Windigo. We take a look back at what was documented and what insight was gathered. The post Flashback Friday: Operation Windigo appeared first on WeLiveSecurity

/ March 17, 2017

Number of women in infosec industry ‘remains stagnant’

Read full post The number of women working within the infosec industry is “continues to remain low”, and could be exacerbating the skills gap within the industry. The post Number of women in infosec industry ‘remains stagnant’ appeared first on...

/ March 17, 2017

Number of women in infosec industry ‘remains stagnant’

Read full post The number of women working within the infosec industry is “continues to remain low”, and could be exacerbating the skills gap within the industry. The post Number of women in infosec industry ‘remains stagnant’ appeared first on...

/ March 17, 2017

Google Points to Another POS Vendor Breach

Read full post For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath...

/ March 16, 2017

This laptop-bricking USB stick just got even more dangerous

Read full post When plugged in, this weaponized USB stick can destroy laptops, kiosks, ATMs, cars, and more.

/ March 16, 2017

Automating security? Robots can’t replace humans in decision loop

Read full post While technology can be used for malicious purposes, such as hardware used for DDoS attacks, it’s the human that crafts the malware, determines the victim, and orchestrates the crime.

/ March 16, 2017

Intel, Microsoft launch new bug bounty programs

Read full post Intel has finally joined the bug bounty game with financial rewards on offer up to $30,000.

/ March 16, 2017

US charges Russian FSB officials in connection with massive Yahoo security breach

Read full post The United States has charged four men, including two officials of Russia’s FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged...

/ March 16, 2017

US charges Russian FSB officials in connection with massive Yahoo security breach

Read full post The United States has charged four men, including two officials of Russia’s FSB intelligence agency, in connection with a hacking attack against Yahoo that saw the details of 500 million users stolen and the use of forged...

/ March 16, 2017

Four Men Charged With Hacking 500M Yahoo Accounts

Read full post “Between two evils, I always pick the one I never tried before.” -Karim Baratov (paraphrasing Mae West) The U.S. Justice Department today unsealed indictments against four men accused of hacking into a half-billion Yahoo email accounts. Two of...

/ March 15, 2017

Simple steps to help make you CyberSmart

Read full post The online threat landscape continues to evolve. Not only do we need to continue innovating and refining our protection techniques, but we also need to stay on top of our cybersecurity education in order to protect each...

/ March 15, 2017

Justice Dept. charges four Russia-backed hackers over Yahoo breach

Read full post The indictments include two members of Russian intelligence and two hackers hired by the Russian government.

/ March 15, 2017

Flaw in web versions of WhatsApp, Telegram put accounts at risk

Read full post Researchers say the vulnerability can expose data, contacts, and more.

/ March 15, 2017

Adobe fixes critical code execution bugs in Flash

Read full post The latest security update includes fixes for security flaws in Flash and Shockwave.

/ March 15, 2017

Millions of records leaked from huge US corporate database

Read full post Exclusive: The database contains more than 33 million records from government departments and large corporate clients which get sold onto marketers.

/ March 14, 2017

Adobe, Microsoft Push Critical Security Fixes

Read full post Adobe and Microsoft each pushed out security updates for their products today. Adobe plugged at least seven security holes in its Flash Player software. Microsoft, which delayed last month’s Patch Tuesday until today, issued an unusually large number of...

/ March 14, 2017