View Full Version : Security News



  1. Week in review: Yahoo breach, Tesla remote hijack, new issue of (IN)SECURE
  2. How the EFF was pushed to rethink its Secure Messaging Scorecard
  3. US DOJ can’t access data stored abroad with just a warrant, court rules
  4. Shard: Open source tool checks for password re-use
  5. Avast to acquire AVG for $1.3 billion
  6. New Russian law to force service providers to decrypt encrypted comms
  7. Android-rooting malware lurking on Google Play
  8. ApocalypseVM ransomware decrypter released
  9. 70,000 hacked servers for sale on xDedic underground market
  10. Adobe Flash zero-day actively exploited in targeted attacks
  11. 789% year-over-year spike in malware and phishing
  12. Improving software security through a data-driven security model
  13. Who’s tracking you online, and how?
  14. PGP-encrypted comms network allegedly used by criminals shuts down
  15. Researcher develops tool that blocks OS X crypto-ransomware
  16. Beware of emails with JavaScript attachments!
  17. Rooting malware lurking in third party Android app stores
  18. Playing Hearthstone? Want to cheat? You might end up with Bitcoin-stealing malware
  19. Android users on high alert as malware, phishing and scams are projected to rise
  20. 60+ Trojanized Android games lurking on Google Play
  21. OpenSSL bug that could allow traffic decryption has been fixed
  22. The history of cyber attacks: From ancient to modern
  23. Versatile Linux backdoor acts as downloader, spyware
  24. "Deliberately hidden" backdoor found on US governments comms system
  25. OpenWPM: An automated, open source framework for measuring web privacy
  26. OS X's Gatekeeper bypassed again
  27. Cheap web cams can open permanent, difficult-to-spot backdoors into networks
  28. Android banking Trojan defeats voice call-based 2FA
  29. Drupal moves to fix flaws in update process
  30. SLOTH attacks weaken secure protocols because they still use MD5 and SHA-1
  31. January Android security update fixes 5 critical flaws, removes unneeded component
  32. Difficult to block JavaScript-based ransomware can hit all operating systems
  33. Google is testing password-free logins
  34. Android users targeted with sophisticated new banking Trojan
  35. Cisco Systems will be auditing their code for backdoors
  36. Oracle agrees to settle FTC charges it deceived consumers about Java updates
  37. Who planted the backdoors in Junipers firewalls?
  38. New date for migrating off vulnerable SSL and early TLS encryption
  39. Linux machines can be "owned" by hitting backspace 28 times
  40. Linux machines can be "owned" by hitting backspace 28 times
  41. Twitter users warned about being targeted by state-sponsored attacks
  42. Business email compromise scams still happening, still successful
  43. Whitepaper: Cyber Security Best Practices
  44. Turn the Cyber Kill Chain against your attacker
  45. Apple releases security updates for every major product
  46. Microsoft warns of imminent end of support for all but the latest Internet Explorer versions
  47. A deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware
  48. 86% of PHP-based apps contain at least one XSS vulnerability
  49. How Europol analyzes malware
  50. VTech data breach gets worse: Childrens pictures and chat logs were also compromised
  51. Global cyberconflicts, hacktivism and disruptions are on the horizon
  52. Telegram Android app is a stalker's dream
  53. VPN protocol flaw allows attackers to discover users true IP address
  54. Spyware/adware combo masquerading as AnonyPlayer hits Android users
  55. Video training course: Penetration testing and ethical hacking
  56. How malware peddlers trick users into enabling Office macros
  57. ISIS operation security guide gives insight into group's cybersecurity practices
  58. How fake users are impacting business through acts of fraud and theft
  59. Exploit kit activity up 75 percent
  60. Anonymous goes after ISIS, aims to expose recruiters and sympathizers
  61. Point of Sale malware gaining momentum as holiday shopping season approaches
  62. Event: ENITSE Enterprise IT Security Conference & Exhibition
  63. Bug in Android Gmail app allows effective email spoofing
  64. Phishers are targeting millions of DHL customers
  65. Google debuts customized warning for social engineering sites
  66. Information security innovation and the fast-paced threat landscape
  67. Email is more secure today than it was two years ago
  68. Digitally signed spam campaign spotted delivering malware
  69. Rooted, Trojan-infected Android tablets sold on Amazon
  70. Ivan Ristic and SSL Labs: How one man changed the way we understand SSL
  71. Three indicted in largest theft of customer data from a U.S. financial institution in history
  72. Beware of Apple-themed phishing emails threatening to limit your account
  73. Stolen or lost devices and the risks of remote working
  74. Final TalkTalk breach tally: 4% of customers affected
  75. A new, streamlined version of Cryptowall is doing rounds
  76. IT priorities are changing: Cloud-first strategy to rise
  77. Sale of legitimate code-signing certs booms on darknet markets
  78. Trojanized versions of 20,000 popular apps found secretly rooting Android devices
  79. 11 zero-days uncovered in Samsung Galaxy S6 Edge
  80. Researchers map out hard-to-kill, multi-layered spam botnet
  81. Hard-hitting insights into global attacks targeting organizations
  82. Open source tool checks for vulnerabilities on Android devices
  83. Chimera crypto-ransomware is hitting German companies
  84. The growth of mobile malware and online banking attacks
  85. Stanford researchers identify potential security hole in genomic data-sharing network
  86. Researchers can identify people through walls by using wireless signals
  87. Most consumers believe cloud-based apps can be hacked
  88. Android infostealer masquerading as MS Word document
  89. China is the top target for DDoS reflection attacks
  90. Hackers put up for sale 13 million plaintext passwords stolen from 000webhost
  91. Most are unaware of the seriousness of medical data theft
  92. US Library of Congress makes tinkering with your car software legal
  93. The security communitys reaction as CISA passes US Senate
  94. How can we decide on surveillance and privacy when we can't see the whole picture?
  95. WhatsApp collects phone numbers, call duration, and more!
  96. TalkTalk breach: Attackers demand £80,000 for stolen data
  97. The top 6 scariest cloud security mistakes and how to avoid them
  98. Cloud-based vulnerability management: Top vendors in the field
  99. What should companies do after a wide-scale data breach?
  100. Nine arrested in UK investigation of criminal network defrauding bank customers
  101. Week in review: Criminals hacked chip-and-PIN system, secret code in printers allows tracking, and insecure WD self-encrypting hard drives
  102. Microsoft wants researchers to find bugs in .NET Core and ASP.NET, will pay
  103. 12 new malware strains discovered each minute
  104. Smart home security and privacy checklist
  105. Four things to know about new net neutrality rules
  106. New ransomware delivered via Windows Remote Desktop Services
  107. Apple pushes out critical security updates for OS X, iOS, watchOS, and other products
  108. WikiLeaks publishes documents stolen from CIA directors email account
  109. Think twice about Android root
  110. Back to the Future: How much of Marty and Doc's tech is a reality?
  111. Fitbit trackers can easily be infected with malware, and spread it on
  112. Tech support scammers start targeting users of Apple devices
  113. Tech-savvy users are actually the worst offenders
  114. Free PCI and NIST compliant SSL test
  115. Data dump points to a breach at Electronic Arts
  116. 1 in 4 organizations have experienced an APT
  117. IS hackers are attacking the US energy grid
  118. Secret code in color printers enables government tracking
  119. UK workers are significantly lacking in security awareness
  120. Facebook starts warning users of state-sponsored attacks against their accounts
  121. Emergency Flash update plugs zero-day exploited in the wild
  122. Internet of Things: Rethinking privacy and information sharing
  123. Cyber warfare fears spur US Navy to teach celestial navigation again
  124. Microsoft fixes critical flaws in all versions of Windows and Office
  125. Hackers are exploiting zero-day flaw in fully patched Adobe Flash
  126. UK, US law enforcement agencies disrupt Dridex botnet
  127. Global Internet experts reveal plan for more secure, reliable Wi-Fi routers
  128. The countdown to the EU Data Protection Regulation
  129. How to become a nightmare for cyber attackers
  130. Companies investing in cloud, security and Big Data are growing faster
  131. Secure networks are the key to unlocking A2P potential
  132. WiFi jamming attacks more simple and cheaper than ever
  133. America’s Thrift Stores breached by Eastern European criminals
  134. Android ransomware gets new, professional look thanks to Google’s Material Design
  135. Internet of Things: Connecting the security dots from application design to post-sale
  136. Review: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
  137. Cybersecurity expectations: Myth and reality
  138. Compliance vs. cybersecurity: Insurers face competing priorities
  139. Thousands of Zhone SOHO routers can be easily hijacked
  140. Chinese hackers arrested at US request
  141. GnuPG 2.1.9 released
  142. Authentication bypass flaw in Netgear SOHO routers exploited in the wild
  143. Don't sink your network
  144. Theoretical computer science provides answers to data privacy problem
  145. LogMeIn to acquire LastPass for $125 million
  146. Apple boots some ad blockers from App Store to protect users privacy
  147. Which Android smartphones are most secure?
  148. Attackers compromise Cisco Web VPNs to steal login credentials, backdoor target networks
  149. Do attribution and motives matter?
  150. Most are concerned about security of healthcare data
  151. Top strategic IT predictions for 2016 and beyond
  152. New Toshiba CMOS image sensor improves recognition and authentication
  153. CIOs agree, IT is more complex than ever
  154. Fake Android apps bypass Google Play store security
  155. Former journalist faces 25 years in prison for article defacement
  156. Free tool to remove YiSpecter iOS malware
  157. Hackers breach firm whose tech is used in Samsung Pay
  158. Pen-testing drone searches for unsecured devices
  159. Photo: A walk through Cyber Security Europe 2015
  160. The average cost of cybercrime escalates to $15 million per organization
  161. The impact of digital business on information security
  162. How are businesses responding to cyber risks?
  163. Huawei 3G routers rife with flaws
  164. Wealth of personal data found on used electronics purchased online
  165. Amazon launches AWS web application firewall
  166. Previously unknown Moker RAT is the latest APT threat
  167. The price of the Internet of Things will be a vague dread of a malicious world
  168. How attackers attempt to infect organizations
  169. High prevalence of personal health information at risk
  170. Winnti groups attack platform is based on decade old malware
  171. Cisco disrupts major ransomware campaign that brought in $30M annually
  172. IP camera manufacturers force researcher to pull conference talk
  173. Google patches Stagefright 2.0 on Nexus devices
  174. Attackers take over org's OWA server, harvest domain credentials with malicious DLL
  175. T-Mobile customer data stolen from Experian already for sale
  176. Applying machine learning techniques on contextual data for threat detection
  177. Attackers prefer lower-bandwidth DDoS attacks
  178. Cybersecurity is being taken seriously around the globe
  179. Nuclear facilities are wide open to cyber attacks
  180. Top 5 Android Marshmallow enterprise security benefits
  181. Advertising malware affects non-jailbroken iOS devices
  182. Car hacking via compromised car diagnostic tools
  183. Prevention is the best cure for identity theft
  184. The changing role of the risk manager
  185. Week in review: The evolution of the CISO, a simple Gatekeeper bypass, and Stagefright 2.0
  186. Compromising Macs with simple Gatekeeper bypass
  187. Unexpectedly benevolent malware improves security of routers, IoT devices
  188. Personal info of 15 million T-Mobile USA customers stolen in Experian breach
  189. Fake PayPal app is going after German users' banking credentials
  190. With unprotected keys and certificates, businesses lose customers
  191. Exposing fraud behavior patterns associated with compromised identities
  192. Unsurprisingly, companies are not protecting personal information
  193. New, improved Ghost Push variants continue to target Android users
  194. Employee use of cloud services puts business data at risk
  195. Stagefright 2.0: A billion Android devices could be compromised
  196. Apple releases OS X El Capitan, patches passcode loophole in iOS
  197. 7 key global DDoS trends revealed
  198. Compromising Macs with simple Gatekeeper bypass
  199. The value of threat intelligence
  200. The barriers to cybersecurity research, and how to remove them
  201. Fragmented approaches to PKI don't always follow best practices
  202. CISOs are looking for more integration and automation
  203. 500 million users at risk of compromise via unpatched WinRAR bug
  204. Scammers use Google AdWords, fake Windows BSOD to steal money from users
  205. Attackers posing as legitimate insiders still an enormous security risk
  206. Companies leave vulnerabilities unpatched for up to 120 days
  207. Women represent only 10% of the infosec workforce
  208. File insecurity: the final data leakage frontier
  209. VBA malware is back!
  210. Too many vulnerable medical systems can be found online
  211. XOR DDoS botnet launching attacks from compromised Linux machines
  212. Do security flaws with life-threatening implications need alternative disclosure?
  213. Hilton, Trump hotel chains hit by PoS malware
  214. How to avoid data breaches? Start by addressing human error
  215. The evolution of the CISO in todays digital economy
  216. Chinese fraudsters are hijacking and misusing Uber accounts
  217. Oysters tablet comes preinstalled with Trojanized Android firmware
  218. Mobile ad network exploited to launch JavaScript-based DDoS attack
  219. Yahoo open-sources Gryffin, a large scale web security scanning platform
  220. How organizations can increase trust and resilience
  221. Is your network suffering from the trombone effect?
  222. Silent Circle launches Blackphone 2, delivering business and personal privacy
  223. Infographic: Devaluing data, fighting cybercrime
  224. Mapping the underground cybercrime economy in order to disrupt it
  225. Cisco releases tool for detecting malicious router implants
  226. Enhancing email security in Office 365
  227. GreenDispenser malware makes ATMs spit out cash
  228. Mobile payments data breaches expected to grow
  229. Free tool helps organizations respond to vulnerability reports
  230. Scandinavian users hit with fake post office emails, ransomware
  231. Vulnerabilities in security software leave users open to attacks
  232. The number of fingerprints stolen in OPM hack rose to 5.6 million
  233. Apple tackles the XcodeGhost crisis by removing apps, alerting devs and users
  234. Chinese promotion company hijacks Android devices around the world
  235. CUJO: Plug-n-play protection for all devices
  236. Healthcare industry sees 340% more security incidents than the average industry
  237. Free WordPress plugin for a password-free login
  238. Using external URL shorteners for internal needs may lead to sensitive data leaks
  239. Killing computer infrastructures with a bang!
  240. WD My Cloud NAS devices can be hijacked by attackers
  241. ENISA provides details on the complex cybersecurity exercise carried out in 2014
  242. Firefox 41 includes critical security updates
  243. Most gamers lack confidence in developers’ security safeguards
  244. NIST will award $3.6 million to projects designed to improve cybersecurity
  245. Facebook tries to help advertisers and users with new ad control options
  246. Number of XcodeGhost-infected iOS apps rises
  247. Exploit broker offers $1 million for reliable iOS 9 exploit
  248. Android SMS Trojans evolve, go after bank and payment system accounts
  249. Reactions to the XcodeGhost malware infecting iOS apps
  250. Malware-infected game discovered on Google Play, up to 1 million users at risk