Network Security News, Articles and Updates

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected

By

On the cusp of a $4.8 billion acquisition by Verizon, Yahoo today disclosed a data breach in which a state-sponsored actor is believed to have stolen a copy of data linked to at least 500 million accounts.

Air Force reports making progess on cybersecurity without additional funding

Air Force reports making progess on cybersecurity without additional funding

By

The Air Force is reporting progress in its mission to secure its weapons against cyberattacks.

Drupal patches two critical vulnerabilities

Drupal patches two critical vulnerabilities

By

The Drupal Security Team issued updates for a pair of critical flaws, one allowing remote code execution and another giving access to parts of the system without full administrative permissions.

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

Hairy situation: Just For Men website rigged to redirect to RIG Exploit Kit

By

Executives at Combe Incorporated may have sprung a few new gray hairs after learning that the website for its Just for Men brand of hair coloring products was compromised to serve up malware.

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

Citrix sours on Sweet32 birthday attack, calls threat 'low-severity issue'

By

Citrix is advising customers not to fret over recent research stating that 64-bit block ciphers in cryptographic protocols are susceptible to a so-called birthday attack - noting that multiple difficult conditions must be met for such a technique to be effective.

North Korea has only 28 registered domains, leak shows

North Korea has only 28 registered domains, leak shows

By

Security engineer Matt Bryant posted details of North Korea's registered domains after a misconfigured nameserver revealed details.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Researcher rewarded for finding Facebook Business Manager account takeover flaw

By

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

HDDCryptor ransomware uses legit, off the shelf software

HDDCryptor ransomware uses legit, off the shelf software

By

HDDCryptor is a ransomware variant with a couple of new twists added that makes it an effective tool for cybercriminals, a Trend Micro study found.

Video: ISF's Durbin advises orgs to protect mission critical info assets

Video: ISF's Durbin advises orgs to protect mission critical info assets

By

Information Security Forum Managing Director Steve Durbin sat down with SCMagazine.com Executive Editor Teri Robinson to discuss how organizations can better protect their mission critical information assets.

Following hacks, State Democrats warned Wikileaks may be a source of infection

Following hacks, State Democrats warned Wikileaks may be a source of infection

By

The Association of State Democratic Chairs sent an email to its members advising them to avoid Wikileaks as a precaution against malware infection, especially after several state officials had their accounts hacked, Politico reported.

Dropbox moves to change install on Mac

Dropbox moves to change install on Mac

By

Mac users are claiming a Dropbox function that loads the desktop client of its cloud storage service on the accessibility menu of their system works like malware.

Crysis ransomware now attacking businesses in Australia and New Zealand

Crysis ransomware now attacking businesses in Australia and New Zealand

By

Australian and New Zealand businesses are being hit with a ransomware campaign.

Moral breach: Edward Snowden goes to Hollywood

Moral breach: Edward Snowden goes to Hollywood

By

The film Snowden opens this week recounting recent events that have sent reverberations around the world.

VW launches cybersecurity joint venture as House members examine threats facing auto industry

VW launches cybersecurity joint venture as House members examine threats facing auto industry

By

As automakers race to develop automated vehicles, the challenge of securing these automotive systems has taken on an elevated role for automakers.

Ransomware criminals increase use of asymmetric encryption

Ransomware criminals increase use of asymmetric encryption

By

Ransomware criminals are growing more sophisticated in their use of encryption, as criminals increasingly use asymmetric encryption methods.

Researcher believes major DDoS attacks part of military recon to shut down internet

Researcher believes major DDoS attacks part of military recon to shut down internet

By

The attacks targeted major companies that provide internet infrastructure and appear to have probed the companies' defenses to determine capabilities.

Pit road for the network: Case study

Pit road for the network: Case study

By

Seeking to protect its intellectual property, race car team Andretti Autosport went looking for a security solution.

GartnerSEC: people-centric IT practices encouraged

GartnerSEC: people-centric IT practices encouraged

Gartner is now encouraging people-centric IT practices so IT is no longer seen as a hindrance and rather an enabler.

Amidst lawsuit, McAfee aims to innovate as a separate entity

Amidst lawsuit, McAfee aims to innovate as a separate entity

By

As Intel proceeds with plans to divest its majority stake in Intel Security, the chipmaker's security business unit, a lawsuit filed against Intel threatens to create challenges for the entity.

Post-acquisition, RSA president teases synergy opportunities with Dell SecureWorks

Post-acquisition, RSA president teases synergy opportunities with Dell SecureWorks

By

One day after Dell finalized its acquisition of EMC Corporation and its RSA cybersecurity division, RSA President Amit Yoran maintained his business-as-usual stance, but also acknowledged certain synergistic implications.

UAE medical centre hit, hacker claims good intentions

UAE medical centre hit, hacker claims good intentions

A medical centre in the UAE has been modestly breached by a hacker who claims to want to teach them a lesson in security.

WordPress update fixes XSS issues

WordPress update fixes XSS issues

By

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

ShadowGate malvertising campaign casts giant shadow across multiple continents

ShadowGate malvertising campaign casts giant shadow across multiple continents

By

A globalized malvertising campaign was targeting users in the U.S., Europe, Asia Pacific and the Middle East, infecting victims with ransomware before researchers at Cisco's Talos division helped shut down the operation .

DNS tunneling threat drills into nearly half of networks tested

DNS tunneling threat drills into nearly half of networks tested

InfoBlox's new report showed nearly half of all networks tested to show signs of DNS tunnelling

Apple issues updates to prevent spying on desktop

Apple issues updates to prevent spying on desktop

By

Last week, Apple issued security updates to patch a serious flaw affecting iPhone and iPad users. Yesterday it addressed a similar flaw on its desktops.

Gap widens between IT pros and end users while security worsens

Gap widens between IT pros and end users while security worsens

Over half (52 percent) of IT practitioners believe that policies against the misuse or unauthorised access to company data are being enforced and followed, yet only 35 percent of end users say their organisations enforce those policies.

OneLogin confirms bug which allows access to Secure Notes

OneLogin confirms bug which allows access to Secure Notes

OneLogin has confirmed that a bug has allowed a hacker to view some of its customers' encrypted Secure Notes.

User data of 43.6M Last.fm subscribers made public

User data of 43.6M Last.fm subscribers made public

By

The user data of 43,570,999 subscribers to the Last.fm music site were posted on the pwned repository LeakedSource.

Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware

Misfortune cookie: Mr. Chow restaurants website hacked to distribute ransomware

By

The website for the upscale Mr. Chow restaurants has been compromised to deliver CrypMIC ransomware to visitors via the Neutrino Exploit Kit.

Paypal users targeted in new angler phishing scam, Proofpoint report

Paypal users targeted in new angler phishing scam, Proofpoint report

By

Paypal users are being lured into clicking on a malicious link embedded in a tweet that appears to come from the financial transaction service.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US