View Full Version : Security News



  1. Security challenges emerging with the rise of the personal cloud
  2. API security becoming a CXO level concern
  3. New "Do Not Track" standard released
  4. Vulnerability and configuration management for Amazon Web Services
  5. Chinese APTs use commercial VPN to hide their attack activity
  6. MatrixSSL Tiny: A TLS software implementation for IoT devices
  7. Attackers are downing DNS servers by exploiting BIND bug
  8. Macs can be permanently compromised via firmware worm
  9. Open source tool for deploying SSL public key pinning in iOS, OS X apps
  10. Hackers actively exploiting OS X zero-day to root machines, deliver adware
  11. 79% of companies release apps with known vulnerabilities
  12. Quantum-powered RNG supplies pure entropy to crypto systems
  13. Malicious advertisements surge! 260% spike in 2015
  14. Best practice application security: Does it exist?
  15. Chrome extensions easily disabled without user interaction
  16. Health records of 5.5 million US patients accessed in MIE breach
  17. Hacker steals Bitdefender customer info, blackmails company
  18. Fake "Windows 10 Free Upgrade" emails deliver ransomware
  19. Hospitals advised to stop using vulnerable computerized drug pumps
  20. What’s the state of your software?
  21. The leading cause of insider threats? Employee negligence
  22. The rapid growth of the bug bounty economy
  23. Cyber insurance market to hit US$10 billion by 2020
  24. US will revise Wassenaar pact changes
  25. Microsoft Edge: New browser, new risks for Windows 10
  26. List of approved Windows 10 compatible security products
  27. Researchers devise passive attacks for identifying Tor hidden services
  28. Organizations on the hunt for DevOps, IoT and mobile skills
  29. New Android bug can put devices into a coma
  30. Most malvertising attacks are hosted on news and entertainment websites
  31. Researchers hack Linux-powered sniper rifle
  32. Most malvertising attacks are hosted on news and entertainment websites
  33. United Airlines hacked by same group that breached Anthem and OPM
  34. More than a third of employees would sell company data
  35. Distrust in use of personal data could hinder business growth
  36. Rowhammer.js: The first remote software-induced hardware-fault attack
  37. Check out the Windows 10 security features
  38. Sun Tzu 2.0: Is cyberwar the new warfare?
  39. Apple patches serious remotely exploitable iTunes and App Store flaw
  40. Chrome extension thwarts user profiling based on typing behavior
  41. One in 600 websites exposes sensitive info via easily accessible .git folder
  42. Dmail: A Chrome extension for sending self-destructing emails
  43. How complex attacks drive the IT security innovation race
  44. New Google Drive phishing campaign exposed
  45. Edward Snowden to discuss privacy at IP EXPO Europe 2015
  46. Internet of Things: Bracing for the data flood
  47. Automated threat management: No signature required
  48. Finally! A free, open source, on-premise virus scanner framework
  49. Over 5,000 mobile apps found performing in-app ad fraud
  50. Deplorable Steam security flaw exploited to hijack prominent accounts
  51. Most employees dont understand the value of data
  52. A data security guys musings on the OPM data breach train wreck
  53. Three steps to a successful cloud migration
  54. Security flaws discovered in popular Smart Home Hubs
  55. The Internet of Things is unavoidable, securing it should be a priority
  56. Why cloud business continuity is critical for your organization
  57. OpenSSH bug enables attackers to brute-force their way into poorly configured servers
  58. Bug in OS X Yosemite allows attackers to gain root access
  59. How experts stay safe online and what non-experts can learn from them
  60. Smartwatches: A new and open frontier for attack
  61. Test your defensive and offensive skills in the eCSI Hacker Playground
  62. The challenges of implementing tokenization in a medium-sized enterprise
  63. Global managed security services market to reach $29.9 billion by 2020
  64. Do CISOs deserve a seat at the leadership table?
  65. Google helps Adobe improve Flash security
  66. Hacking Teams RCS Android: The most sophisticated Android malware ever exposed
  67. 600TB of data exposed due to misconfigured MongoDB instances
  68. Google Chrome update includes 43 security fixes
  69. Passwords are not treated as critical to security
  70. Information security governance practices are maturing
  71. Its official: The average DDoS attack size is increasing
  72. Top obstacles to EMV readiness
  73. Proposed Wassenaar pact changes will harm cyber defenders instead of attackers
  74. Free tools for detecting Hacking Team malware in your systems
  75. Microsoft plugs another Windows zero-day with emergency patch
  76. How gamers can help improve critical software security
  77. Hardware encryption market revenue to reach $36.4 billion by end of 2015
  78. Reflections on virtualization security and the VENOM vulnerability
  79. How to apply threat intelligence feeds to remediate threats
  80. Hackers hit UCLA Health, access medical files of 4.5 million patients
  81. Ashley Madison hacked, info of 37 million users stolen
  82. UK High Court declares emergency surveillance bill unlawful
  83. The NYSE system crash was an infosec incident
  84. Are IT pros overconfident in their ability to deflect attacks?
  85. Hacking Team used fake app hosted on Google Play to install its spyware on Android devices
  86. Google Safe Browsing to start blocking sites with ads leading to unwanted software
  87. School monitoring softwares hard-coded encryption key exposed
  88. The arsenal of SMS scammers, spammers and fraudsters
  89. Nearly all websites have serious security vulnerabilities
  90. New GamaPoS malware targets US companies
  91. Is this the death knell for the RC4 encryption algorithm?
  92. Researchers prove HTML5 can be used to hide malware
  93. Review: NowSecure Lab cloud: Mobile app assessment environment
  94. Understanding PCI compliance fines: Who is in charge of enforcing PCI?
  95. SanDisk unveils new wireless flash drive
  96. Global action takes down Darkode cybercriminal forum
  97. Why enterprise security priorities don't address the most serious threats
  98. Epic Games forums hacked, user data stolen
  99. Hacking Team spyware survives on target systems with help of UEFI BIOS rootkit
  100. Coalition for Responsible Cybersecurity fights proposed export control regulations
  101. Oracle fixes Java zero-day exploited by Pawn Storm hackers
  102. Employees embrace BYOD, but still worry about privacy
  103. TeslaCrypt 2.0 makes it impossible to decrypt affected files
  104. Unsharing in the sharing economy
  105. Duke APT group adds low-profile SeaDuke Trojan to their malware arsenal
  106. High severity Internet Explorer 11 vulnerability identified after Hacking Team breach
  107. Adobe patches Hacking Team Flash zero-days, update immediately!
  108. Firefox blocks Flash plugin by default until zero-days are fixed
  109. 65,000+ Land Rovers recalled due to software bug
  110. The soaring cost of malware containment
  111. Germany's new cyber-security law aimed at securing critical infrastructure
  112. The most damaging ramifications of DDoS attacks
  113. Germany's new cyber-security law aimed at security critical infrastructure
  114. CFOs are not confident about their level of security
  115. The difficult task of meeting compliance needs
  116. Flawed Android backup mechanism can lead to injected malicious apps
  117. 3 ways to stop insider threats in your organization
  118. First Java zero-day in two years exploited by Pawn Storm hackers
  119. Mobile SSL failures: More common than they should be
  120. Two more Flash 0-day exploits found in Hacking Team leak, one already exploited in the wild
  121. Apple to introduce two-factor authentication option in iOS 9 and OS X El Capitan
  122. VMware fixes host privilege escalation bug in Workstation, Player, Horizon View
  123. Sensitive info of over 21.5M people, including SSNs and fingerprints, stolen in OPM hack
  124. IIS 6.0 users are heading towards new security dangers
  125. Naked pictures or financial info? Users would rather thieves stole the former
  126. Why is ERP security so difficult?
  127. FBI director insists Silicon Valley can solve the encryption dilemma - if they try hard enough
  128. Popular Android games unmasked as phishing tools
  129. Severe OpenSSL bug that allows certificate forgery has been plugged
  130. Cyber attack on US power grid could result in losses up to $1 trillion
  131. Hacking Teams Flash 0-day exploit used against Korean targets before it was leaked
  132. Risk management programs lack maturity, new strategies needed
  133. Bitglass granted patent on searchable cloud encryption
  134. What a business leader should know about the cloud and its impact
  135. Never underestimate the impact of a data breach
  136. Sophisticated, successful Morpho APT group is after corporate data
  137. ****age Lizard Squad hacker found guilty of 50,700 charges
  138. Security experts explain to US, UK governments why mandated encryption backdoors are a bad idea
  139. Threat intelligence: Sources, sharing, utilization and the government
  140. Why location-based social media data is critical for security
  141. Another malware building toolkit leaked, botnets already popping up
  142. Hacking Team scrambling to limit damage brought on by explosive data leak
  143. Hackers targeting users of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander
  144. Flaw allows hijacking of professional surveillance AirLive cameras
  145. Old MS Office feature can be exploited to deliver, execute malware
  146. Reactions to the Hacking Team breach
  147. Man gets 50 months in prison hacking U.S.-based financial institutions
  148. Hacking Team hacked, 400GB+ of company documents and emails leaked
  149. The best way to prevent data breaches? It's not what you think
  150. You've been breached, now what?
  151. Week in review: Popular VPNs leaking data, and the new issue of (IN)SECURE Magazine
  152. Data-centric security with RightsWATCH
  153. Mastercard is trying out purchase verification with selfies
  154. How you can anonymously use public Wi-Fi from miles afar
  155. Plex forums hacked: IPs, private messages, encrypted passwords compromised
  156. You've been breached, now what?
  157. Amazon releases new, easily auditable TLS implementation
  158. Harvard University suffers IT security breach
  159. Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials
  160. How safe is Windows 10 Wi-Fi password sharing feature?
  161. A closer look into the piracy ecosystem
  162. Rise in DDoS reflection attacks using abandoned routing protocol
  163. Updated Point-to-Point Encryption standard now provides more flexibility
  164. Multi-link network encryptor with 100 Gbps encrypted bandwidth
  165. Researchers point out the holes in NoScripts default whitelist
  166. 4,900 new Android malware strains discovered every day
  167. NIST revises security publication on random number generation
  168. Why vulnerability disclosure shouldn’t be a marketing tool
  169. Security concerns continue to dog the cloud industry
  170. Event: IP EXPO Europe 2015
  171. Event: (ISC)2 Security Congress
  172. Major Xen update fixes over 20 vulns, including guest/host escape flaw
  173. Hackers are exploiting Magento flaw to steal payment card info
  174. Update your Flash Player if you don't want ransomware
  175. Week in review: TLS security, malicious Tor exit nodes, how to find a free, secure proxy service
  176. 5 ways to stop the Internet of Things from becoming the Internet of Thieves
  177. Update you Flash Player if you don't want ransomware
  178. Event: McAfee FOCUS 15
  179. Why a low-level threat can open the door for serious infections
  180. Researcher tests Tor exit nodes, finds not all operators can be trusted
  181. Vegan and BeEF clash shows how cyber arms race never stops
  182. Facebook slowly fine-tuning its popular ThreatExchange
  183. How companies can regain consumer trust after a data breach
  184. Cisco finds, removes more default SSH keys on its software
  185. Energy security pros: More competent, or just naive?
  186. How to survive a compliance audit
  187. The cloud, FedRAMP and FISMA compliance
  188. Expedia users targeted by phisher who gained access to their info
  189. Nigerian scammers are stealing millions from businesses
  190. Samsung disables Windows Update, undermines the security of your devices
  191. The downfall of a major cybercrime ring exploiting banking Trojans
  192. Businesses know about POS security risks, but are they investing wisely?
  193. Hackers are spending a huge amount of resources targeting financial services
  194. Three simple ways to prevent a data breach
  195. Why a Dyre infection leads to more than just stolen banking credentials
  196. WikiLeaks publishes reports showing NSA spied on French presidents
  197. Instapaper for Android vulnerable to man-in-the-middle attacks
  198. Over $18 million lost to Cryptowall just in the US
  199. Who fixes the most vulnerabilities?
  200. Six key facts about malicious macros and the cybercrime economy
  201. Review: Penetration Testing With Raspberry Pi
  202. How lack of trust and limited knowledge impact your organization
  203. Flash Player 0-day exploited in the wild, patch immediately!
  204. US, UK spies reverse-engineered security software in search for flaws
  205. HP releases exploit code for IE zero-day that Microsoft wont patch
  206. Critical RubyGems vulns can lead to installation of malicious apps
  207. TLS security: What really matters and how to get there
  208. Connected cars: Are tomorrows drivers at risk?
  209. OPM hack shines light on abysmal state of US federal systems's security
  210. How to find a free, secure proxy service?
  211. Cyber attack grounds Polish LOT aeroplanes
  212. New password recovery scam hitting Gmail, Outlook and Yahoo Mail users
  213. Open source security projects get $452,000 from the Linux Foundation
  214. Many popular Android apps fail to encrypt login credentials
  215. The state of cyber security in Thailand
  216. Week in review: Rethinking security, LastPass breach, and stronger data protection rules for Europe
  217. Linux container security and certification concerns remain
  218. How to evaluate the efficiency of a Data Loss Prevention solution
  219. How engaged is the average board when it comes to security?
  220. New Drupal versions fix admin account hijack flaw
  221. Static encryption keys affect SAP security
  222. EFF delves into privacy practices of Apple, Google, Twitter, and others
  223. Relying on your insurer for security? Think again!
  224. Microsofts anti-surveillance website was hacked
  225. Why LinkedIn chose to keep its bug bounty program private
  226. Reddit announces switch to HTTPS-only
  227. Insider threat: A crack in the organization wall
  228. IoT developers concerned about privacy and data protection
  229. Why break in, if you can simply login?
  230. Unpatched OS X, iOS flaws allow password, token theft from keychain, apps
  231. Lets Encrypt CA to issue its first cert
  232. Zero Trust approach to network security
  233. 86.2 million phone scam calls delivered each month in the U.S.
  234. Risks from fraudulent mobile apps and unauthorized app stores
  235. Exposing cyberattacks targeting government networks in Southeast Asia
  236. Keyboard app bug puts millions of Samsung mobile users at risk, researcher claims
  237. Emulating the security analyst with software
  238. Newly patched Flash Player bug exploited to deliver crypto ransomware
  239. Reactions to the LastPass breach
  240. Stolen Foxconn certs used to sign malware used in Kaspersky Lab attack
  241. Google announces reward program for Android bugs
  242. Trojan uses steganography to hide itself in image files
  243. How trustworthy are the worlds leading websites?
  244. A call to researchers: Mix some creation with your destruction
  245. 90% of companies benefit from Big Data
  246. LastPass breached, hashed master passwords compromised
  247. Emojis instead of PIN codes as an alternative for forgetful users
  248. Rethinking security: Securing activities instead of computers
  249. Stronger data protection rules for Europe
  250. OPM hack: Vast amounts of extremely sensitive data stolen