View Full Version : Security News



  1. Rogue employees, malware exploits and unauthorized software
  2. 100% Compliant (for 65% of the systems), (Fri, Jun 7th)
  3. Plesk 0-day: Real or not?, (Fri, Jun 7th)
  4. PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110, (Fri, Jun 7th)
  5. U.S. Veterans Affairs Dept. repeatedly targeted by foreign hackers
  6. ISC patches publicly disclosed denial-of-service vulnerability affecting BIND 9
  7. Hot cloud products IT pros swear by
  8. Bitcoin payments could be a landmine for companies
  9. Smart TVs vulnerable to a host of attacks
  10. Google Chrome has been updated to version 27.0.1453.110, (Thu, Jun 6th)
  11. NSA legally forces Verizon to hand over all phone records on a daily basis
  12. Brown University CISO on education, BYOD and emerging threats
  13. Mobile security incident costs, regional threat differences revealed
  14. Microsoft, US feds disrupt Citadel botnet network
  15. Report: Secret court order gives US access to Verizon call records
  16. Chinese 'NetTraveler' hackers stole data from 350 organisations, says Kaspersky Lab
  17. Malware increasingly uses peer-to-peer communications, researchers say
  18. Online ring for trading in stolen credit card data busted
  19. Not the Mobile Antivirus You Were Looking For
  20. Fake Mt. Gox pages aim to infect Bitcoin users
  21. Microsoft and FBI disrupt global cybercrime ring
  22. Most small businesses can't restore all data after a cyber attack
  23. Google researcher publishes Windows 0-day exploit
  24. Not the Mobile Antivirus You Were Looking For
  25. Cloud security for Windows, Android and iOS
  26. Google researchers publish Windows 0-day exploit
  27. Is data fragmentation putting businesses at risk?
  28. BIND 9 Update fixing CVE-2013-3919, (Wed, Jun 5th)
  29. Wireshark 1.10.0 Stable Released http://www.wireshark.org/download.html, (Wed, Jun 5th)
  30. Windows 8.1 bolsters biometrics for authentication
  31. Researchers find Java users woefully tardy on patching
  32. Apple fixes irritating Mountain Lion bugs, firms up Java defenses
  33. Mac OS X 10.8.4 fixes iMessage ordering issue, more
  34. Review: Bad Data Handbook
  35. Windows 8.1 will allow locking folders with a finger
  36. Most businesses experienced a mobile security incident
  37. The need for a collaborative effort against cybercrime
  38. Internet-savvy Turkish protesters turn to anti-censorship apps
  39. Cyberespionage campaign 'NetTraveler' siphoned data from hundreds of high-profile targets, researchers say
  40. Researchers find Java users woefully tardy on patching
  41. Exclusive research: IT commits to cloud computing
  42. Possibly related DDoS attacks cause DNS hosting outages
  43. Spyware sold to foreign governments aimed at U.S. woman critical of Turkish movement
  44. Net neutrality soon to be on EU's agenda
  45. Cyberespionage campaign targeting government-affiliated organizations
  46. Apple releases OS X 10.8.4
  47. Managed services for web, cloud and mobile app security
  48. Solution for Active Directory-based single sign-on
  49. Online password manager for business
  50. Damballa now detects malicious P2P communications
  51. Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th)
  52. Google biometrics tests show there's no magic pill for passwords
  53. FBI warns car buyers against scammy online deals
  54. E-voting system used in French election is flawed
  55. Our Mac Team Wants Beta Users
  56. Web developer devises new phishing trick
  57. Defending against exploit kits
  58. Plugging network leaks
  59. Malware going retro in 2013, security firm finds
  60. Maine may be first state to require a warrant for cellphone tracking
  61. Changes to the Java security model
  62. U.S. judge orders Google to share user info with the FBI
  63. The rise of the Koobface social networking worm
  64. Deloitte acquires Vigilant's cyber security services business
  65. The enterprise security time bomb
  66. Security software market grew 7.9% in 2012
  67. LinkedIn unveils optional 2-step verification
  68. Google won't allow facial recognition on Glass
  69. Knowing where to look for the owner of an offending IP address, (Mon, Jun 3rd)
  70. McAfee sees surge in spam, Koobface samples, MBR attacks
  71. What Google, Facebook and Twitter are doing right with website security
  72. Google nixes Glass facial recognition due to privacy concerns
  73. Exploit Sample for Win32/CVE-2012-0158, (Sat, Jun 1st)
  74. Security analytics will be the next big thing in IT security
  75. 7 things you can do to make Internet Explorer more secure
  76. Google zero-day disclosure change slammed, praised
  77. Oracle's Java security improvements don't quite satisfy
  78. LinkedIn aims to keep hackers out with two-factor login
  79. Oracle reveals plans for Java security improvements
  80. Largest ever DDoS attack directed at financial firm, Prolexic reports
  81. Beware of Android Defender mobile scareware
  82. Police and FBI must return seized materials to Kim Dotcom
  83. VMware releases new and updated security advisories, (Fri, May 31st)
  84. Becoming a computer forensic examiner
  85. Software vendors should respond to actively attacked vulnerabilities within seven days, Google says
  86. Dropbox goes down for more than an hour
  87. Mobile phone security no-brainer: Use a device passcode
  88. Motorola is working on electronic tattoos and authentication pills
  89. Questioning Google's disclosure timeline motivations
  90. Employees continue to use risky apps on mobile devices
  91. Amazon launches sign-in service
  92. Parents should be concerned about app security
  93. University of Illinois CS department machines compromised
  94. ISACA releases guide for performing business-relevant assessments
  95. Real-time identity alerts reduce fraud losses
  96. Apache server bug allows remote code execution
  97. University fined $400,000 after disabled firewall put medical records at risk
  98. Twitter SMS authentication security won't stop attacks, say experts
  99. When malware strikes: How to clean an infected PC
  100. Online money laundering bust casts light on Bitcoin
  101. Timely malware: How spammers turn a profit from our misfortune
  102. Microsoft plugs security systems into its worldwide cloud
  103. Reveton 'police virus' malware still being used by multiple gangs
  104. Evernote rolls out 2-factor authentication for paying customers
  105. Profiling modern hackers: Hacktivists, criminals, and cyber spies
  106. Drupal resets account passwords after detecting unauthorized access
  107. FAQ on global supply-chain security standard to prevent IT tampering, counterfeiting
  108. McAfee offers business endpoint security suites for broader protection
  109. F-Secure Globe
  110. Microsoft moving bot-busting fight to the cloud
  111. How Top CIOs Tackle Big Data, Analytics and Cloud Security
  112. Amazon Web Services integrates with Google, Facebook for easier logins
  113. Signature-based endpoint security on its way out
  114. Phishing gang jailed for plundering woman's $1.6 million life savings
  115. Decryption disclosure doesn't violate Fifth Amendment, judge rules in child **** case
  116. Private retaliation in cyberspace a 'remarkably bad idea'
  117. Migration and monitoring of Microsoft environments
  118. Google defines disclosure timeline for actively exploited bugs
  119. Drupal.org forces password reset following breach
  120. The social smart lock of the future
  121. Automate your way out of patching hell
  122. GFI Software buys online backup vendor IASO
  123. Drupal.org & group.drupal.org password disclosure, (Thu, May 30th)
  124. Chinese army announces drill to test its digitalized forces
  125. Running Snort on VMWare ESXi, (Wed, May 29th)
  126. Judge orders **** suspect to decrypt his hard drives
  127. Ruby on Rails bug is being exploited in the wild, researcher warns
  128. Harvard dean who okayed secret faculty email search steps down
  129. Anonymous member pleads guilty to Stratfor hack
  130. The Future: No Hiding Place
  131. Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnet
  132. Anonymous hacker Jeremy Hammond pleads guilty
  133. Review: Online password management with my1login
  134. Liberty Reserve laundered $6 billion through illegal transactions
  135. Addonics releases CipherUSB family of hardware encryption solutions
  136. Backup large data with Big Cloud
  137. McAfee unveils Complete Endpoint Protection suites
  138. How to Secure USB Drives and Other Portable Storage Devices
  139. US weapons system designs were reportedly viewed by Chinese hackers
  140. Can mobile malware be activated via sensors?
  141. U.S. weapons systems designs reportedly stolen by hackers
  142. How secure is quantum cryptography?
  143. Brazilian govt sites found serving malware
  144. Carder's BIN-checking app sold on Apple's App Store
  145. PayPal denies ****ager reward for finding website bug
  146. Commission wants to turn tables on IP thieves by crippling PCs with extortion-style lock-outs
  147. Twitter's two-factor authentication implementation can be abused, researchers say
  148. DNS anomaly detection: Defend against sophisticated malware
  149. Commission wants to minimize U.S. IP theft economic impact
  150. Mac Spyware Bait: Lebenslauf für Praktitkum
  151. A spotlight on grid insecurity
  152. Webinar: Monday, May 13th
  153. Big Hangover
  154. Twitter's 2FA: SMS Double-Duty
  155. Liberty Reserve founder arrested, site and service inaccessible
  156. Western Australia police silent on charges for 17-year-old hacker
  157. Plugging the trust gap
  158. Week in review: Scanner that identifies malware strains, Twitter offers 2FA
  159. Schnucks wants federal court to handle data breach lawsuit
  160. UDP port 1434 directed attack to AS13489 IP ranges, (Fri, May 24th)
  161. Researchers warn of increased Zeus malware activity this year
  162. Layered defenses largely fail to block exploits, says NSS
  163. Researchers find unusual malware targeting Tibetan users in cyberespionage operation
  164. Twitter's 2FA: SMS Double-Duty
  165. Killer apps: The performance of networked applications
  166. Scanner identifies malware strains, could be future of AV
  167. Google to lengthen SSL encryption keys from August
  168. Microsoft brushes off claim Xbox Live accounts were compromised
  169. Could the Bitcoin network be used as an ultrasecure notary service?
  170. Twitter's two-step authentication a good start, experts say
  171. U.S. urged to let companies 'hack-back' at IP cyber thieves
  172. Twitter's two-step authentication a good start, experts say
  173. Mac Spyware Bait: Lebenslauf fr Praktitkum
  174. Zeus variants are back with a vengeance
  175. Google set to upgrade its SSL certs
  176. Fighting cybercrime is on the right track
  177. IT security pros have trouble communicating with executives
  178. Facebook phishers target Fan Pages owners
  179. Nation's power grid under constant cyberattack, but Congress lax
  180. Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day
  181. IT security vendors seen as clueless on industrial control systems
  182. Google researcher reveals another Windows 0-day
  183. MoVP II, (Thu, May 23rd)
  184. DHS employees' info possibly compromised due to system flaw
  185. SoftBank said to be in talks with US to allay national security fears
  186. Twitter aims to become safer with two-step sign-in
  187. ****s are into online sharing, but are also more privacy-aware
  188. Mac Spyware Bait: Lebenslauf fr Praktitkum
  189. The dangers of downloading software from unofficial sites
  190. Mac Spyware Bait: Lebenslauf fr Praktitkum
  191. Twitter finally offers 2-factor authentication
  192. Is it time to professionalize information security?
  193. Microsoft decrypts Skype comms to detect malicious links
  194. A spotlight on grid insecurity
  195. Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
  196. Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
  197. Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
  198. Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html, (Wed, May 22nd)
  199. Blue Coat Systems to acquire security analytics firm Solera Networks
  200. New Citadel malware variant targets Payza online payment platform
  201. Event: Cloud Security Alliance EMEA Congress 2013
  202. Growing mobile malware threat swirls (mostly) around Android
  203. Privilege escalation, why should I care?, (Wed, May 22nd)
  204. Review: Logging and Log Management
  205. Mac Spyware: OSX/KitM (Kumar in the Mac)
  206. Commission wants to minimize U.S. IP theft economic impact
  207. Researchers find critical vulnerabilities in popular game engines
  208. Microsoft may be scanning your Skype messages
  209. U.S. power companies under frequent cyberattack
  210. Opinion varies on action against Chinese cyberattacks
  211. Digital strongboxes won't solve whistleblower problem for journalists
  212. Guantanamo cuts off Wi-Fi access due to OpGTMO
  213. Free tool repairs critical Windows configuration vulnerabilities
  214. IT pros focus on cloud security, not hype
  215. Why BYOx is the next big concern of CISOs
  216. Experts highlight top data breach vulnerabilities
  217. NYPD detective accused of hiring email hackers
  218. Blue Coat to acquire Solera Networks
  219. APT1 is back, attacks many of the initial U.S. corporate targets
  220. Moore, Oklahoma tornado charitable organization scams, malware, and phishing, (Tue, May 21st)
  221. Chrome 27 stable released http://googlechromereleases.blogspot.ca/ some security fixes, (Tue, May 21st)
  222. U.S. DOJ accuses journalist of espionage
  223. A closer look at Mega cloud storage
  224. Big Hangover
  225. Aurora attackers were looking for Google's surveillance database
  226. Senate report: Apple claims subsidiaries with no taxing jurisdiction
  227. Successful companies embrace shadow IT
  228. IntegriCell's Aaron Turner: Security managers still don't get mobile security
  229. Pressure mounts for building in security during application development
  230. "NATO vacancies" phishing email also leads to malware
  231. CISOs need to engage with the board
  232. Find TrueCrypt and BitLocker encrypted containers and images
  233. Wi-Fi client security weaknesses still prevalent
  234. Sourcefire goes beyond the sandbox
  235. Safe - Tools, Tactics and Techniques, (Mon, May 20th)
  236. Ubuntu Package available to submit firewall logs to DShield, (Mon, May 20th)
  237. Researchers uncover new global cyberespionage operation dubbed Safe
  238. U.S. Congress has questions about Google Glass and privacy
  239. Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx, (Mon, May 20th)
  240. Jailed hacker designs device to thwart ATM card skimming
  241. Security Manager's Journal: NAC deployment means better access control at last
  242. Chinese hackers master art of lying low
  243. Yahoo Japan says 22 million user IDs may have been stolen
  244. Cyber espionage campaign uses professionally-made malware
  245. Digital Government Strategy progress and challenges
  246. Over 45% of IT pros snitch on their colleagues
  247. Form-grabbing rootkit sold on underground forums
  248. U.S. DOD decides iPhones and iPads can connect to its networks
  249. The CSO perspective on healthcare security and compliance
  250. Large cyber espionage emanating from India