Research

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

By

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.

Attackers target Facebook to deliver Android iBanking malware

Attackers target Facebook to deliver Android iBanking malware

By

A Windows trojan delivered via drive-by download is injecting malicious content into Facebook and ultimately fooling users into downloading Android malware that can allow for the capturing of SMS messages.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Study: Eighteen percent of online adults have had personal info stolen

By

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.

Is SIEM up to the challenge?

Is SIEM up to the challenge?

This latest ebook from SC Magazine paints a lucid picture of today's SIEM capabilities and challenges to help you decide what might be the right implementation for your organization.

Researchers find Android security issue in app permissions protocol

Researchers find Android security issue in app permissions protocol

By

The permissions issue could allow a malicious app to alter legitimate home screen icons.

Phishers find most success midweek, masquerading as IT, report finds

Phishers find most success midweek, masquerading as IT, report finds

By

An incident response firm found that 93 percent of phishing emails were sent out on weekdays, with the most popular day being Wednesday.

Popular ad server patches SQL injection flaw impacting platform

Popular ad server patches SQL injection flaw impacting platform

By

Orbit Open Ad Server was vulnerable to SQL injection attacks, which could result in website visitors' information being stolen via malvertising, a security firm found.

HHS reveals "high-risk" security issues at Medicaid agencies

HHS reveals "high-risk" security issues at Medicaid agencies

By

An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.

XSS vulnerability in popular video site enables unique DDoS attack

XSS vulnerability in popular video site enables unique DDoS attack

By

Website security company Incapsula defended a client from a DDoS attack that was carried out using a persistent XSS vulnerability in a highly popular site that hosts video content.

Facebook doled out $1.5 million to researchers in 2013 for bug bounties

By

The social media giant received close to 15,000 submissions, 687 of which were valid.

Singapore's NTUC resident members get two-factor authentication devices

By

Added security and no longer having to memorize increasingly difficult passwords are some of the benefits resident members of Singapore's NTUC will get by activating their new OneKey two-factor authentication devices.

More than 24M home routers enabling DNS amplification DDoS attacks

More than 24M home routers enabling DNS amplification DDoS attacks

By

More than 24 million home routers have open DNS proxies that enable DNS-based DDoS attacks, and 5.3 million of the devices were used to generate attack traffic in February, according to Nominum.

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responds to information disclosure, user enumeration, other concerns

By

Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.

Tesla cars' weak password protocol could allow remote unlock, locating

Tesla cars' weak password protocol could allow remote unlock, locating

By

A researcher at Black Hat Asia highlighted security issues affecting Tesla Model S cars.

Smartphones at risk of malicious code injection through HTML5-based apps

Smartphones at risk of malicious code injection through HTML5-based apps

By

Researchers have discovered a new attack, known as Cross-Device Scripting, that can allow an attacker to compromise most smartphones by injecting malicious code through HTML5-based apps.

Google researchers shed light on state-sponsored attacks targeting news orgs

By

The security engineers presented the findings at the Black Hat conference in Singapore.

Cutwail operators aim DDoS at Zeus competitors

Cutwail operators aim DDoS at Zeus competitors

By

Researchers at RSA noted the "battle of the botmasters" taking place.

Experts suggest transaction malleability did not ruin Mt. Gox

Experts suggest transaction malleability did not ruin Mt. Gox

By

In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.

Cryptocurrency-mining apps discovered on Google Play store

By

At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.

WinRAR spoofing vulnerability being exploited in malware campaign

WinRAR spoofing vulnerability being exploited in malware campaign

By

A WinRAR vulnerability is being taken advantage of in a malware campaign targeting government and international organizations, as well as Fortune Global 500 companies.

Windows trojan packs punch, downloads ransomware "Cribit"

Windows trojan packs punch, downloads ransomware "Cribit"

By

Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.

Gameover variant of Zeus trojan targets Monster and CareerBuilder

By

The Gameover variant of the Zeus trojan is targeting employment sites Monster and CareerBuilder, according to F-Secure researchers.

Study examines erosion of PII as massive breaches persist

Study examines erosion of PII as massive breaches persist

By

A report investigates how static, or hard to change personal data, like SSNs or dates of birth, are impacted by repeated breaches.

MitM attackers posing as banks, other major groups, tough to detect

MitM attackers posing as banks, other major groups, tough to detect

By

PhishLabs researchers have identified a man-in-the-middle attack campaign that involves hackers posing as major organizations, including banks.

Pileup flaws enable privilege escalation during Android updates, researchers find

Pileup flaws enable privilege escalation during Android updates, researchers find

By

Under the right conditions, simply updating any Android device can enable an attacker to escalate app privileges and carry out all sorts of malicious things.

APT groups use Malaysian flight-themed email attachments as bait

APT groups use Malaysian flight-themed email attachments as bait

By

Researchers at FireEye say firms were targeted with phishing emails mentioning the mysterious flight.

What the SEA stole from McCain's office, and much more, compiled in report

What the SEA stole from McCain's office, and much more, compiled in report

By

An IntelCrawler report shines some new light on the Syrian Electronic Army, including its attacks, tactics, members and more.

Zeus variant blocks user activity with full-screen pop-ups

By

Infected users are forced to contend with open windows, which are actually legitimate sites being displayed on their desktops.

Sign up to our newsletters

POLL