View Full Version : Security News



  1. Cisco squashes DoS bug in its unified infrastructure software
  2. Rudra: Framework for automated inspection of network capture files
  3. Operational security and cybersecurity come together in Anaheim
  4. Cyber crooks opt for APT method for delivering malware
  5. PayPal stored XSS vulnerability exposed
  6. Open source Sleepy Puppy tool finds XSS bugs in target apps and beyond
  7. Persistent cyber spies try to impersonate security researchers
  8. Clever Android ransomware infects tens of thousands of devices
  9. Major browser makers synchronize end of support for RC4
  10. Popular Android AppLock app full of gaping security holes
  11. Adware installer gives itself permission to access Mac users keychain
  12. Best practices for ensuring compliance in the age of cloud computing
  13. 0-days found in widely used Belkin router, fixes still unavailable
  14. 95% of websites in 10 new TLDs are suspicious
  15. Whats burning up resources for IT pros during the summer?
  16. Verizon and Splunk deliver actionable threat intelligence
  17. Snoopers’ Charter will cause extreme rise in business costs
  18. 49 new Regin backdoor modules discovered
  19. An emerging global threat: BEC scams hitting more and more businesses
  20. Why collaboration is crucial in the battle for IT security
  21. Should a data breach be the kiss of death for the CEO?
  22. How data breaches are changing information security
  23. Ashley Madison-themed blackmail, data deletion scams hitting inboxes
  24. Five years of hardware and software threat evolution
  25. How Linux Foundation sysadmins secure their workstations
  26. Spotting malicious apps on Android markets just got easier
  27. Over 225,000 Apple accounts compromised via iOS malware
  28. Whos afraid of shadow IT?
  29. CPU hardware performance counters for security
  30. Should the removal of personal info posted online be a human right?
  31. EMEA organizations are being pre-emptive about security
  32. 5 reasons Security Congress is the (ISC)2 member event of the year
  33. What drives employees to shadow IT?
  34. Protect against privileged credential attacks with zero trust
  35. The big picture of protecting and securing Big Data
  36. 81% of healthcare organizations have been compromised
  37. Unsurprisingly, most would support eliminating passwords
  38. Effective security starts with UX
  39. Malvertising campaigns increase 325 percent
  40. Unmanaged Apple devices are a liability for corporations
  41. How to get better at web application security
  42. UDP-based Portmap latest target for DDoS attackers looking to amplify attacks
  43. If you build it, they will come
  44. Cybercriminals are becoming more creative
  45. Evaluating the security of open source software
  46. The rise of artificial intelligence technologies
  47. Security flaws could allow attackers to steal over 100 different cars
  48. Payment card info of 93,000 Web.com customers stolen
  49. Most security executives lack confidence in their security posture
  50. Stolen Ashley Madison data dumped online, seems legitimate
  51. Microsoft issues emergency patch for IE flaw exploited in the wild
  52. The unstoppable rise of DDoS attacks
  53. Keep your site more secure with WordPress 4.3
  54. Mozilla is experimenting with improved Private Browsing
  55. Solving the third-party risk management puzzle for PCI
  56. Does your mobile carrier track you online?
  57. Researcher releases exploit for OS X 0-day that gives root access
  58. IBM is betting big on open source in the enterprise
  59. How to sabotage DDoS-for-hire services?
  60. Dealing with a difficult data legacy
  61. Five points of failure in recovering from an attack
  62. Privileged accounts are still easy to compromise
  63. BitTorrent clients can be made to participate in high-volume DoS attacks
  64. Google plugs Google Admin app sandbox bypass 0-day
  65. Maintaining security during your healthcare merger or acquisition
  66. Cloud security without borders
  67. Week in review: New C++ bugs, preventing insider threats, and gamifying threat detection
  68. Researcher hacks house arrest tracking system
  69. Google's Android Stagefright patch is flawed
  70. Apple fixes a bucketload of vulnerabilities in everything
  71. Dealing with a difficult data legacy
  72. Five principal cloud security challenges
  73. Researchers get $100k for detecting emerging class of C++ bugs
  74. Cisco spots attackers hijacking its networking gear by modifying firmware
  75. Redefining security visualization with Hollywood UI design
  76. Impact and scope of fraud that crosses multiple industries
  77. Addressing IoT risks with a trust framework
  78. Dropbox adds support for FIDO U2F secure authentication
  79. Researchers hack Corvette via SMS to plugged-in tracking dongle
  80. Attackers actively exploiting Windows bug via malicious USB devices
  81. Insider trading ring hacked into newswire services, raked in $100M based on stolen info
  82. Scammers exploit mobile ads for easy profit
  83. Revisiting takedown wins: Are users in the developing world getting left behind?
  84. Firefox 40: New features and critical security updates
  85. Looks like mobile device security is on nobodys mind
  86. Kali Linux 2.0 released: New 4.0 kernel, improved hardware and wireless driver coverage
  87. How to prevent insider threats in your organization
  88. Event: (ISC)2 SecureTurkey
  89. How to minimize insider threats in your organization
  90. Angler EK exploits recently patched IE bug to deliver ransomware
  91. Severe deserialization vulnerabilities found in Android and third-party Android SDKs
  92. Top 10 U.S. cities for online fraud
  93. Darkhotel spying crew boosts attacks with Hacking Team exploit
  94. Cloud security: Integrated global CDN with DDoS mitigation and WAF
  95. Defending the enterprise in an increasingly complex environment
  96. HTC phone stores fingerprints in easily accessible plaintext
  97. Fraudsters steal nearly $47 million from Ubiquiti Networks
  98. Google adds another obstacle for developers of deceptive Chrome extensions
  99. Info of 2.4 million Carphone Warehouse customers stolen
  100. File-stealing Firefox bug exploited in the wild, patch immediately!
  101. EFF's Privacy Badger prevents users being tracked online
  102. Pentagons unclassified email system breached, Russian hackers blamed
  103. Vulnerabilities in 2015: 0-days, Android vs iOS, OpenSSL
  104. The GasPot experiment: Hackers target gas tanks
  105. How to do BYOD the right way
  106. Disrupting trust models: An evolution in the financial services sector
  107. Easily exploitable Certifi-gate bug opens Android devices to hijacking
  108. Photo gallery: Black Hat USA 2015, part 2
  109. GameOver Zeus gang boss also engaged in cyber espionage
  110. Zero-day disclosure-to-weaponization period cut in half
  111. Android users rejoice! Security updates will be coming out faster
  112. Microsoft expands Bug Bounty programs, increases rewards
  113. Corporate networks can be compromised via Windows Updates
  114. Global hacker competition challenges penetration testers
  115. Photo gallery: Black Hat USA 2015 Business Hall
  116. NIST releases SHA-3 cryptographic hash standard
  117. Attackers use Google Drive, Dropbox to breach companies
  118. Qualys announces free global asset inventory service
  119. Phishing attacks targeting businesses are escalating
  120. CDNetworks to showcase Cloud Security 2.0 at Black Hat USA 2015
  121. WordPress 4.2.4 fixes critical vulnerabilities
  122. How to protect your privacy on Windows 10
  123. Security challenges emerging with the rise of the personal cloud
  124. API security becoming a CXO level concern
  125. New "Do Not Track" standard released
  126. Vulnerability and configuration management for Amazon Web Services
  127. Chinese APTs use commercial VPN to hide their attack activity
  128. MatrixSSL Tiny: A TLS software implementation for IoT devices
  129. Attackers are downing DNS servers by exploiting BIND bug
  130. Macs can be permanently compromised via firmware worm
  131. Open source tool for deploying SSL public key pinning in iOS, OS X apps
  132. Hackers actively exploiting OS X zero-day to root machines, deliver adware
  133. 79% of companies release apps with known vulnerabilities
  134. Quantum-powered RNG supplies pure entropy to crypto systems
  135. Malicious advertisements surge! 260% spike in 2015
  136. Best practice application security: Does it exist?
  137. Chrome extensions easily disabled without user interaction
  138. Health records of 5.5 million US patients accessed in MIE breach
  139. Hacker steals Bitdefender customer info, blackmails company
  140. Fake "Windows 10 Free Upgrade" emails deliver ransomware
  141. Hospitals advised to stop using vulnerable computerized drug pumps
  142. What’s the state of your software?
  143. The leading cause of insider threats? Employee negligence
  144. The rapid growth of the bug bounty economy
  145. Cyber insurance market to hit US$10 billion by 2020
  146. US will revise Wassenaar pact changes
  147. Microsoft Edge: New browser, new risks for Windows 10
  148. List of approved Windows 10 compatible security products
  149. Researchers devise passive attacks for identifying Tor hidden services
  150. Organizations on the hunt for DevOps, IoT and mobile skills
  151. New Android bug can put devices into a coma
  152. Most malvertising attacks are hosted on news and entertainment websites
  153. Researchers hack Linux-powered sniper rifle
  154. Most malvertising attacks are hosted on news and entertainment websites
  155. United Airlines hacked by same group that breached Anthem and OPM
  156. More than a third of employees would sell company data
  157. Distrust in use of personal data could hinder business growth
  158. Rowhammer.js: The first remote software-induced hardware-fault attack
  159. Check out the Windows 10 security features
  160. Sun Tzu 2.0: Is cyberwar the new warfare?
  161. Apple patches serious remotely exploitable iTunes and App Store flaw
  162. Chrome extension thwarts user profiling based on typing behavior
  163. One in 600 websites exposes sensitive info via easily accessible .git folder
  164. Dmail: A Chrome extension for sending self-destructing emails
  165. How complex attacks drive the IT security innovation race
  166. New Google Drive phishing campaign exposed
  167. Edward Snowden to discuss privacy at IP EXPO Europe 2015
  168. Internet of Things: Bracing for the data flood
  169. Automated threat management: No signature required
  170. Finally! A free, open source, on-premise virus scanner framework
  171. Over 5,000 mobile apps found performing in-app ad fraud
  172. Deplorable Steam security flaw exploited to hijack prominent accounts
  173. Most employees dont understand the value of data
  174. A data security guys musings on the OPM data breach train wreck
  175. Three steps to a successful cloud migration
  176. Security flaws discovered in popular Smart Home Hubs
  177. The Internet of Things is unavoidable, securing it should be a priority
  178. Why cloud business continuity is critical for your organization
  179. OpenSSH bug enables attackers to brute-force their way into poorly configured servers
  180. Bug in OS X Yosemite allows attackers to gain root access
  181. How experts stay safe online and what non-experts can learn from them
  182. Smartwatches: A new and open frontier for attack
  183. Test your defensive and offensive skills in the eCSI Hacker Playground
  184. The challenges of implementing tokenization in a medium-sized enterprise
  185. Global managed security services market to reach $29.9 billion by 2020
  186. Do CISOs deserve a seat at the leadership table?
  187. Google helps Adobe improve Flash security
  188. Hacking Teams RCS Android: The most sophisticated Android malware ever exposed
  189. 600TB of data exposed due to misconfigured MongoDB instances
  190. Google Chrome update includes 43 security fixes
  191. Passwords are not treated as critical to security
  192. Information security governance practices are maturing
  193. Its official: The average DDoS attack size is increasing
  194. Top obstacles to EMV readiness
  195. Proposed Wassenaar pact changes will harm cyber defenders instead of attackers
  196. Free tools for detecting Hacking Team malware in your systems
  197. Microsoft plugs another Windows zero-day with emergency patch
  198. How gamers can help improve critical software security
  199. Hardware encryption market revenue to reach $36.4 billion by end of 2015
  200. Reflections on virtualization security and the VENOM vulnerability
  201. How to apply threat intelligence feeds to remediate threats
  202. Hackers hit UCLA Health, access medical files of 4.5 million patients
  203. Ashley Madison hacked, info of 37 million users stolen
  204. UK High Court declares emergency surveillance bill unlawful
  205. The NYSE system crash was an infosec incident
  206. Are IT pros overconfident in their ability to deflect attacks?
  207. Hacking Team used fake app hosted on Google Play to install its spyware on Android devices
  208. Google Safe Browsing to start blocking sites with ads leading to unwanted software
  209. School monitoring softwares hard-coded encryption key exposed
  210. The arsenal of SMS scammers, spammers and fraudsters
  211. Nearly all websites have serious security vulnerabilities
  212. New GamaPoS malware targets US companies
  213. Is this the death knell for the RC4 encryption algorithm?
  214. Researchers prove HTML5 can be used to hide malware
  215. Review: NowSecure Lab cloud: Mobile app assessment environment
  216. Understanding PCI compliance fines: Who is in charge of enforcing PCI?
  217. SanDisk unveils new wireless flash drive
  218. Global action takes down Darkode cybercriminal forum
  219. Why enterprise security priorities don't address the most serious threats
  220. Epic Games forums hacked, user data stolen
  221. Hacking Team spyware survives on target systems with help of UEFI BIOS rootkit
  222. Coalition for Responsible Cybersecurity fights proposed export control regulations
  223. Oracle fixes Java zero-day exploited by Pawn Storm hackers
  224. Employees embrace BYOD, but still worry about privacy
  225. TeslaCrypt 2.0 makes it impossible to decrypt affected files
  226. Unsharing in the sharing economy
  227. Duke APT group adds low-profile SeaDuke Trojan to their malware arsenal
  228. High severity Internet Explorer 11 vulnerability identified after Hacking Team breach
  229. Adobe patches Hacking Team Flash zero-days, update immediately!
  230. Firefox blocks Flash plugin by default until zero-days are fixed
  231. 65,000+ Land Rovers recalled due to software bug
  232. The soaring cost of malware containment
  233. Germany's new cyber-security law aimed at securing critical infrastructure
  234. The most damaging ramifications of DDoS attacks
  235. Germany's new cyber-security law aimed at security critical infrastructure
  236. CFOs are not confident about their level of security
  237. The difficult task of meeting compliance needs
  238. Flawed Android backup mechanism can lead to injected malicious apps
  239. 3 ways to stop insider threats in your organization
  240. First Java zero-day in two years exploited by Pawn Storm hackers
  241. Mobile SSL failures: More common than they should be
  242. Two more Flash 0-day exploits found in Hacking Team leak, one already exploited in the wild
  243. Apple to introduce two-factor authentication option in iOS 9 and OS X El Capitan
  244. VMware fixes host privilege escalation bug in Workstation, Player, Horizon View
  245. Sensitive info of over 21.5M people, including SSNs and fingerprints, stolen in OPM hack
  246. IIS 6.0 users are heading towards new security dangers
  247. Naked pictures or financial info? Users would rather thieves stole the former
  248. Why is ERP security so difficult?
  249. FBI director insists Silicon Valley can solve the encryption dilemma - if they try hard enough
  250. Popular Android games unmasked as phishing tools