GCHQ infosec group disclosed kernel privilege exploit to Apple

GCHQ infosec group disclosed kernel privilege exploit to Apple

GCHQ's infosec unit CESG was credited with the discovery of two vulnerabilities that were patched by Apple last week.

Bratton: NYC gangs turning to cybercrime, encryption thwarting investigations

Bratton: NYC gangs turning to cybercrime, encryption thwarting investigations

As serious crime stats drop in New York City, gangs are becoming more adept at cybercrime, according to Police Commissioner Bill Bratton.

Researcher brute forces Instagram, cites multiple internal flaws

Researcher brute forces Instagram, cites multiple internal flaws

Information security bug-bounty hunter Arne Swinnen used several flaws with Instagram's login system to brute force his way into the social media giant and gain access to member accounts.

Imperva finds DDoS for hire on Fiverr

Imperva finds DDoS for hire on Fiverr

Professional services online marketplace Fiverr bills itself as "the easiest way to get everything done at unbeatable value" and apparently, at least briefly, that promise extended to distributed denial of service (DDoS) for hire.

Cerber ransomware on sale in Russian darknet with new scripting features

Cerber ransomware on sale in Russian darknet with new scripting features

Victims download the malware either via a double-zipped file with a WSF inside attached to the malicious email or via an unsubscribe link at the bottom of the email which is linked to the same ZIP file.

Cash stolen from 15K ATMs in Japan in coordinated attack

Cash stolen from 15K ATMs in Japan in coordinated attack

As many as 100 people are believed to have taken part in a heist of nearly $13 million (USD) from thousands of cash machines in Japan.

Ubiquiti warns of worm using known exploit on outdated AirOS firmware

Ubiquiti warns of worm using known exploit on outdated AirOS firmware

Updated: A worm that made its way into Ubiquiti Networks equipment through outdated AirOS firmware has wreaked havoc on ISPs and others that use the Ubiquiti networking platform.

SEC chief: Cyber-crime biggest threat to financial systems

SEC chief: Cyber-crime biggest threat to financial systems

Hackers could wreak havoc on banks and other financial institutions, claims Mary Jo White

'Digital Batman' hacktivist posts video of cyberattack on Calatan police site

'Digital Batman' hacktivist posts video of cyberattack on Calatan police site

Days after transferring $11,000 in stolen bitcoins to an anti-ISIS revolutionary group in Syria, hacktivist Phineas Fisher was at it again—defacing the website belonging to Spain's Catalan police union, and posting an online tutorial showing how it was done.

After trio of hacks, SWIFT addresses information sharing concerns

After trio of hacks, SWIFT addresses information sharing concerns

Following reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, SWIFT stated it is taking steps to create more information sharing practices.

60 percent of enterprise Android phones prone to QSEE vulnerability

60 percent of enterprise Android phones prone to QSEE vulnerability

Duo Labs researchers found that 60 percent of enterprise Android phones are affected by a critical QSEE vulnerability.

Russian students come out on top at international programming finals

Russian students come out on top at international programming finals

A trio of students from St Petersburg State University in Russia have been dubbed world champions in the 40th annual ACM International Collegiate Programming Contest (ICPC) finals.

Android Pay launches in UK; 28% of consumers worried about digital payment security

Android Pay launches in UK; 28% of consumers worried about digital payment security

Security and payment experts warn that the Google-backed Android Pay UK launch on 18 May is promising, however could be held back by concerns over malware.

Wyden bill seeks to block gov't hacking authority under Rule 41 changes

Wyden bill seeks to block gov't hacking authority under Rule 41 changes

A bill introduced yesterday by Sen. Ron Wyden (D-Ore.) seeks to block the expansion of government's hacking authority under Rule 41 changes that would let judges issue warrants to access computers located in any jurisdiction.

TeslaCrypt authors release master keys, Ransomware Info Day held 19 May

TeslaCrypt authors release master keys, Ransomware Info Day held 19 May

The authors of the TeslaCrypt ransomware have publicly released the master decryption key that unlocks files encrypted by the malware in efforts to close up shop and go home for good.

Cisco patches Web Security Appliance flaws

Cisco patches Web Security Appliance flaws

Cisco patched vulnerabilities affecting the company's Web Security Appliance devices that affect how the web filtering devices process traffic.

Video: Police need to be more savvy in commissioning high-tech solutions

Video: Police need to be more savvy in commissioning high-tech solutions

Chief constable Stephen Kavanagh tells techUK's Partners Against Crime seminar that the police need to engage more effectively with the private sector in developing new crime fighting capabilities.

Furtim malware can run AND it can hide

Furtim malware can run AND it can hide

Avoiding detection is generally a top priority for any malicious code developer, but the creators of the newly discovered "Furtim" truly appear to have gone the extra mile to ensure that their malware flies under the radar.

Cyberattacks likely against presidential campaigns: CIA

Cyberattacks likely against presidential campaigns: CIA

The Republican and Democratic candidates and their campaign staffs need to prep for a possible barrage of cyberattacks during this election cycle, industry experts and U.S. National Intelligence Director James Clapper said.

Ransomware activity marks sixfold increase in March

Ransomware activity marks sixfold increase in March

FireEye researchers detected a nearly six-fold increase in the percentage of ransomware activity in March 2016.

Senate hearing: 'Hard to overstate' ransomware's impact, botnet bill improves protections

Senate hearing: 'Hard to overstate' ransomware's impact, botnet bill improves protections

Security professionals lauded a bill that aims to tackle malware threats by disrupting the use of botnets by cybercriminal groups, in testimony during a Senate hearing.

Angler Exploit campaign infected at least 19 sites

Angler Exploit campaign infected at least 19 sites

Cyphort Labs spotted a new Angler Exploit campaign that has already infected at least 19 websites.

Web app attacks are on the rise, but money is tight for developers

Web app attacks are on the rise, but money is tight for developers

Cyber-attacks against web applications are increasing, yet security budgets for developers remain low.

The brick doesn't fall far from the Apple tree

The brick doesn't fall far from the Apple tree

Apple has released a series of security updates to both tvOS, iOS, watchOS, OSX, Safari and iTunes.

Eastern Ukraine separatists seemingly targeted in Operation Groundbait APT

Eastern Ukraine separatists seemingly targeted in Operation Groundbait APT

Researchers have discovered a malware-based APT dating back to 2008 that at least appears to target political enemies of Ukraine, including pro-Russia separatists in the disputed eastern region of the country.

117 million LinkedIn email credentials found for sale on the dark web

117 million LinkedIn email credentials found for sale on the dark web

The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web.

77% of organisations unprepared for cyber-security incidents

77% of organisations unprepared for cyber-security incidents

Roughly 77 percent of organisations are unprepared for cyber-security incidents according to research by NTT Com in its 2016 Global Threat Intelligence Report.

SC Congress Atlanta: Apple right to rebuff FBI, encryption not foolproof, panel says

SC Congress Atlanta: Apple right to rebuff FBI, encryption not foolproof, panel says

Apple did the right thing by rebuffing the FBI's attempt to get it to crack an iPhone 5c and tech companies that don't show similar backbone might find potential customers hesitant to purchase their products.

SC Congress Atlanta: Atlanta is no dummy when it comes to cybersecurity, CISO says

SC Congress Atlanta: Atlanta is no dummy when it comes to cybersecurity, CISO says

Atlanta has an ambitious plan to bolster its cybersecurity posture.

Click-fraud botnet infects 900K to earn money via Google AdSense

Click-fraud botnet infects 900K to earn money via Google AdSense

A click-fraud botnet dubbed "Redirector.Paco Trojan" has infected 900,000 IPs worldwide.

NTIA study: Security threats deter online activities like making purchases and banking

NTIA study: Security threats deter online activities like making purchases and banking

A new government survey shows that U.S. households are growing averse to even the most routine online transactions, due to cyberattacks imperiling users' finances, identities and privacy.

SC Congress Atlanta: The Phish and how to prevent it

SC Congress Atlanta: The Phish and how to prevent it

Figuring out to defend against phishing attacks, along with how to train company workers to identify and report these ubiquitous scams instead of clicking on them was the focal point of the final panel held today at the inaugural SC Congress Atlanta.

Senate subcommittee will address ransomware threat

Senate subcommittee will address ransomware threat

A Senate Judiciary subcommittee will hold a hearing Wednesday to explore that growing threat of ransomware.

Tech support scams gain sophistication, now using malware

Tech support scams gain sophistication, now using malware

Tech support scammers are changing their strategy by adding malware to their payloads, effectively holding the victim's device for ransom until the "repair fee" is paid.

OSGP custom RC4 encryption cracked yet again

OSGP custom RC4 encryption cracked yet again

The Open Smart Grid Protocol's (OSGP) home-grown RC4 encryption has been cracked once again. The easy-to-break, custom RC4 was cracked last year.

SC Congress Atlanta: Ransomware, a real or overblown threat?

SC Congress Atlanta: Ransomware, a real or overblown threat?

A panel Tuesday at SC Congress Atlanta devolved into a debate over how serious the threat is posed by ransomware.

Judge denies request to compel FBI to disclose vulnerability to Mozilla

Judge denies request to compel FBI to disclose vulnerability to Mozilla

A Federal judge denied a motion filed by Mozilla last week requesting that the FBI privately disclose a security vulnerability used in a child pornography case.

SC Congress Atlanta: Insuring cyberspace

A panel of industry insiders at SC Congress Atlanta looked at cyber insurance taking a look at what is driving the industry's quick growth.

FDA: Hackers want pharma data for competitive advantage

FDA: Hackers want pharma data for competitive advantage

FDA official provided detail about the agency's IT strategy that aims to strengthen protection of pharmaceutical companies' data submitted in regulatory filings during the approval process of new drugs.

Hacker doxes Nulled cybercrime forum, exposes data on 536,000 user accounts

Hacker doxes Nulled cybercrime forum, exposes data on 536,000 user accounts

An unidentified hacker turned the tables on Nulled.io, a popular online forum that facilitates cybercriminal activity, by compromising its website and publicly dumping its sensitive user data and communications.

Researchers spot spike in phishing attacks leveraging 2016 Rio Olympics

Researchers spot spike in phishing attacks leveraging 2016 Rio Olympics

Researchers spotted a spike in phishing attacks, email scams and spam messages that mimic branding from the 2016 Rio De Janeiro Olympics.

Google seeks to phase out Flash on Chrome by year-end

Google seeks to phase out Flash on Chrome by year-end

Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.

BfV agency says Russia is behind German cyber-attacks

BfV agency says Russia is behind German cyber-attacks

According to Germany's domestic intelligence agency, Russia was most likely responsible for the major cyber-attack on the Bundestag last year, forcing computer systems to be on hiatus for days.

SS7 vulnerability defeats WhatsApp encryption, researchers claim

SS7 vulnerability defeats WhatsApp encryption, researchers claim

Flaw in the international communications standard SS7 could allow hackers to mimic users and intercept messages on mobile networks.

Banking Trojan has infected at least 40K Android users worldwide

Banking Trojan has infected at least 40K Android users worldwide

Hundreds of different banking Trojans attack Android users, one being Android.SmsSpy.88.origin, which was first spotted in 2014.

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.

House bill seeks to sanction indicted Iranian hackers

House bill seeks to sanction indicted Iranian hackers

A U.S. House member introduced draft legislation Thursday that would require the Obama administration to sanction Iranian hackers indicted for cyberattacks.

Emails raise more questions of Clinton infosec practices

Emails raise more questions of Clinton infosec practices

Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.

Second bank hit with SWIFT-based hack, experts say patches failed

Second bank hit with SWIFT-based hack, experts say patches failed

The revelation by SWIFT that another bank was victimized using the same MO as that in the Bangladesh bank hack has the security industry believing the SWIFT system is flawed and possibly still vulnerable to another attack.

Clinton emails will prompt new federal cyber policy, D.C. insider says

Clinton emails will prompt new federal cyber policy, D.C. insider says

Updated: Federal cybersecurity policy will likely be affected by the ongoing saga involving Hillary Clinton's email communications, a former Congressional chief of staff said.

Biometric data: security and ease negate passwords, but is it private?

Biometric data: security and ease negate passwords, but is it private?

Compared to passwords, authentication through biometric data is simpler to use and can be much more secure.

The cyber-security buck should stop with executives, finds survey

The cyber-security buck should stop with executives, finds survey

New research by VMWare has found that a great deal of UK workers believe that the responsibility for cyber-security should go all the way to the board of directors.

Inside Dark Web: Security pros discuss threat protection and insiders

Inside Dark Web: Security pros discuss threat protection and insiders

Information security professionals discussed methods of protecting against threats from malicious actors and insiders at the Inside Dark Web conference in New York City on Thursday.

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.

Call center fraud spikes 45 percent as payment card security improves, study

Call center fraud spikes 45 percent as payment card security improves, study

A recent Pindrop study found a spike in call center fraud as cybersecurity improves.

Mozilla wants advance disclosure of zero day exploited by FBI in Playpen case

Mozilla wants advance disclosure of zero day exploited by FBI in Playpen case

Mozilla asked a federal district court in Washington to compel the FBI to disclose a zero-day vulnerability in the Tor browser that authorities exploited to identify patrons of the Tor-based child pornography site Playpen.

Spearphishers using a Windows zero day to attack companies

Spearphishers using a Windows zero day to attack companies

FireEye researchers believe a mature and sophisticated criminal operation has been responsible for conducting spearphishing attacks that resulted in more 100 organizations in North America being victimized.

Encryption hampering law enforcement efforts, Comey

Encryption hampering law enforcement efforts, Comey

Federal Bureau of Investigation (FBI) Director James Comey reiterated Wednesday to reporters in Washington that encryption was hampering law enforcement's ability to investigate criminals.

Legal effects of encryption bills discussed at dark web event

Legal effects of encryption bills discussed at dark web event

A former attorney for the U.S. Army and the Central Intelligence Agency discussed attempts to regulate encryption technologies at the Inside dark web conference in New York City on Thursday.

AbaddonPOS malware preys on retail POS software

AbaddonPOS malware preys on retail POS software

Point-of-sale (POS) malware is still a clear and present danger, say Proofpoint researchers.

IT pros in financial services assert ability to detect breaches

IT pros in financial services assert ability to detect breaches

Data breaches in the worlds of banking, credit and finance have nearly double between 2014 and 2015 according to the Identity Theft Resource Centre's 2015 Breach List report. Despite being unsure of how long it would take, IT pros in financial services are very confident in their ability to detect a breach.

Scammers impersonate legit cyber-security companies

Scammers impersonate legit cyber-security companies

A scammer syndicate has been caught impersonating the services of cyber-security companies and charging high fees for doing very little.

Critical patches target privilege escalation

Critical patches target privilege escalation

Half of this months Patch Tuesday releases are critical, many addressing privilege escalation.

Advisory Committee expresses Quantum, legacy system concerns

Advisory Committee expresses Quantum, legacy system concerns

The National Security Telecommunications Advisory Committee (NSTAC) brought together Silicon Valley executives with federal officials at the advisory committee's annual meeting on Wednesday.

Hayden says private sector will lead cyber defense charge

Hayden says private sector will lead cyber defense charge

Gen. Michael Hayden told the audience at Centrify Connect that the U.S. hasn't defined what to call cyber attacks like the one on Sony.

Bangladesh bank investigators reportedly find three separate network intruders

Bangladesh bank investigators reportedly find three separate network intruders

The investigation into the bank heist that cost Bangladesh's central bank $81 million has taken a byzantine turn, as a new report surfaced of multiple hacking groups infiltrating the bank's network.

Senate bill asks Obama administration to define cyber war

Senate bill asks Obama administration to define cyber war

Sen. Mike Rounds (R-S.D.) introduced The Cyber Act of War Act of 2016 bill this week asking the Obama administration to develop a set of guidelines for the U.S. military to follow in response to a cyberattack.

UAE InvestBank hacked, nearly 100k recycled data records leaked?

UAE InvestBank hacked, nearly 100k recycled data records leaked?

A data file of 10GB holding sensitive financial data compromised from an InvestBank in the United Arab Emirates (UAE) has been leaked online. The file contains information on tens of thousands of customers from a bank based in Sharjah.

Ransomware attacks prompt warnings to House members

Ransomware attacks prompt warnings to House members

Members of the U.S. House of Representatives and staffers received warnings that the House network has received a rise in attempted ransomware attacks.

Facebook making its CTF platform available

Facebook making its CTF platform available

Facebook is making its Capture the Flag, or CTF, gaming platform available to teach cyber skills.

Securities fraudsters who stole from 100M people to be extradited from Israel

Securities fraudsters who stole from 100M people to be extradited from Israel

Two Israeli men accused of securities fraud and hacks into media outlets and nine financial institutions, including JPMorgan Chase, Fidelity Investments and E*Trade Financial Corp., will be extradited to the U.S.

Google pulls malicious 'Viking' apps from Play store

Google pulls malicious 'Viking' apps from Play store

Security researchers discovered popular Android applications that execute remote code on devices and use the infected devices to create botnets that engage in ad fraud, DDoS attacks, and spam messages.

Attackers already pouncing on newly discovered ImageTragick vulnerability

Attackers already pouncing on newly discovered ImageTragick vulnerability

Mere hours after word spread last week of a remote code execution vulnerability in the image-processing software ImageMagick, bad actors were already actively exploiting it in the wild

Yahoo's second wave of declassified FISC docs spotlights battle with feds over PRISM

Yahoo's second wave of declassified FISC docs spotlights battle with feds over PRISM

Yahoo has released its second wave of Foreign Intelligence Surveillance Court (FISC) documents concerning a 2007 case over user data.

Patch Tuesday: Adobe Flash Player patch on the way, Acrobat, Reader fixes issued

Patch Tuesday: Adobe Flash Player patch on the way, Acrobat, Reader fixes issued

Adobe will issue an update later this week for Flash Player to patch a vulnerability that is currently being exploited in the wild, and the company also released a slew of fixes for its Reader and Acrobat product lines.

Patch Tuesday: Microsoft rolls out 16 bulletins, eight rated critical

Patch Tuesday: Microsoft rolls out 16 bulletins, eight rated critical

Microsoft's May Patch Tuesday roll out contains 16 bulletins covering 37 vulnerabilities, with half of them being rated critical and possibly leading to remote code execution.

FBI StingRay NDA instructs police to use parallel construction

FBI StingRay NDA instructs police to use parallel construction

The FBI provided a local police department with a StingRay but required it to "use additional and independent investigative means and methods" to ensure data obtained by the surveillance device "would be admissible at trial."

Forum to help Irish businesses understand and combat cyber-crime

Forum to help Irish businesses understand and combat cyber-crime

More than half of Irish companies don't provide regular cyber-security training to their staff.

London NHS trust fined £180K by Information Commissioner for HIV data leak

London NHS trust fined £180K by Information Commissioner for HIV data leak

The ICO has levied a £180,000 fine against a London HIV clinic for accidentally divulging the names and email addresses of 780 patients.

Kiddicare suffers a data breach! 794,000 customer details are exposed

Kiddicare suffers a data breach! 794,000 customer details are exposed

Baby retailer Kiddicare suffers a data breach that exposes 794K customer details

Celebrity gossip site PerezHilton.com serves up malicious ads to its visitors

Celebrity gossip site PerezHilton.com serves up malicious ads to its visitors

PerezHilton.com, home to Hollywood and celebrity gossip news, has served up a new set of malicious ads to some of its half a million daily site visitors.

Activist Lauri Love dodges encryption key issue for now

Activist Lauri Love dodges encryption key issue for now

Lauri Love, the British/Finnish activist, was granted a small victory today at Westminster Magistrates Court when the judge ruled he didn't have to reveal the passwords to encrypted files as part of his request for return of data storage devices.

Study: Apple, Android should better vet app stores, notify users of 'dead apps'

Study: Apple, Android should better vet app stores, notify users of 'dead apps'

Appthority's Q2 2016 Enterprise Mobile Threat Report found Apple and Android should better vet their app stores.

Twitter blocks intel agencies from data analytics service

Twitter blocks intel agencies from data analytics service

Twitter blocked U.S. intelligence agencies' access to data provided by a private company that scans Twitter feeds.

Bad guys update 7ev3n and CryptXXX ransomware

Bad guys update 7ev3n and CryptXXX ransomware

Bad guys have to put in long hours too in order to keep their ransomware fresh and usable.

British manufacturers urged to step up their cyber-security plans

British manufacturers urged to step up their cyber-security plans

To face the growing number of cyber-threats as part of their efforts to get ready for the 4th industrial revolution, British manufacturers are being urged to step up their cyber-security planning.

Microsoft report: 9.4 percent increase in vulnerability disclosures

Microsoft report: 9.4 percent increase in vulnerability disclosures

Microsoft noted a 9.4 percent increase in vulnerability disclosures to just above 3,300 disclosures in its latest study.

Vaizey urges businesses to adopt Cyber Essentials to combat malware threats

Vaizey urges businesses to adopt Cyber Essentials to combat malware threats

As UK government vows to boost cyber-defences, its own research finds majority of successful attacks could have been prevented by adopting Cyber Essentials.

Unsuitable addendum: Wassenaar Arrangement

Unsuitable addendum: Wassenaar Arrangement

A contentious amendment to an international export treaty has been causing an uproar in the security communities.

Kroger warns past, present employees of possible compromise after Equifax W-2Express breach

Kroger alerted current and former employees this week that their data - including Social Security numbers and birth dates - may have been compromised as a result of a breach at Equifax's W-2Express website.

Researchers discover ICS attack method that spreads through networks

Researchers discover ICS attack method that spreads through networks

A team of researchers discover a new method of launching attacks that would threaten global critical infrastructure and utility providers through a worm that spreads through utility networks.

Cybercriminals' oversight allows rare inside glimpse into AlphaLocker ransomware

Cybercriminals' oversight allows rare inside glimpse into AlphaLocker ransomware

Researchers at Cylance removed some of the mystery surrounding the new ransomware AlphaLocker after accessing its configuration files and subsequently pulling up its admin interface.

DARPA looking to develop new technology to ID cybercriminals

The Defense Advanced Research Projects Agency (DARPA) is looking for research proposals to develop a system that would enable the government and law enforcement to identify the actual individual behind a cyber attack.

FBI questions former Clinton aides over private email server

FBI questions former Clinton aides over private email server

The Federal Bureau of Investigation (FBI) has already questioned a number of Hillary Clinton's former aides about her use of the server to conduct official State Department business.

DDoS researchers are among most DDoSed

DDoS researchers are among most DDoSed

NexusGuard's Q1 2016 report has found that one of the favorite targets of DDoS attackers are attack researchers

'Forensic expert' helped LAPD hack iPhone of 'Shield' actor's murdered wife

'Forensic expert' helped LAPD hack iPhone of 'Shield' actor's murdered wife

Los Angeles police detectives bypassed an iPhone security feature that prevents access to content on disabled phones, according to a report, citing court papers reviewed by the news daily.

Organizations, business, tech leaders urge Congress to pass OPEN Government Data Act

Organizations, business, tech leaders urge Congress to pass OPEN Government Data Act

A group of organizations and businesses nearly 50-strong urged Congressional leaders to take swift action on the Open, Permanent, Electronic, and Necessary (OPEN) Government Data Act.

Organizations need formal vendor risk management programs, study

Organizations need formal vendor risk management programs, study

Third-party risks pose a "serious threat" to organizations but upper management may be able to curb the threat, according to a recent study.

Educating C-suites and corporate boards on security risks

Educating C-suites and corporate boards on security risks

C-suites and boards of directors are increasing their knowledge of IT security risks and needs - before a breach happens.

Android/Clicker.G malware found in Google Play apps

Android/Clicker.G malware found in Google Play apps

Researchers found a series of malicious apps containing Android/Clicker.G on the Google Play store. The campaign targets mobile devices in Russia, but they affect apps that are available globally.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US