Research

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on all firms' networks

By

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

By

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

No encryption means easy compromise of Viber location data, communications

No encryption means easy compromise of Viber location data, communications

By

Cross-platform communications tool Viber does not utilize encryption when sending, receiving or storing location data and communications, making the information easy to compromise.

A hundred Android apps, 150M downloads, vulnerable to Heartbleed

A hundred Android apps, 150M downloads, vulnerable to Heartbleed

By

Researchers with FireEye scanned more than 54,000 Android apps in the Google Play store and learned that more than a hundred, downloaded a combined 150 million times, are vulnerable to the Heartbleed bug.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, can be reopened

By

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Verizon: Espionage attacks grew threefold in 2013, greater visibility diverts China focus

Verizon: Espionage attacks grew threefold in 2013, greater visibility diverts China focus

By

While China continued to lead cyber espionage activity against organizations, Eastern Europe accounted for more than 20 percent of related incidents, according to an annual data breach report.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

By

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.

Attackers target Facebook to deliver Android iBanking malware

Attackers target Facebook to deliver Android iBanking malware

By

A Windows trojan delivered via drive-by download is injecting malicious content into Facebook and ultimately fooling users into downloading Android malware that can allow for the capturing of SMS messages.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Study: Eighteen percent of online adults have had personal info stolen

By

About 18 percent of online adults have had personal information stolen, and more than 20 percent had an email or social networking account compromised.

Is SIEM up to the challenge?

Is SIEM up to the challenge?

This latest ebook from SC Magazine paints a lucid picture of today's SIEM capabilities and challenges to help you decide what might be the right implementation for your organization.

Researchers find Android security issue in app permissions protocol

Researchers find Android security issue in app permissions protocol

By

The permissions issue could allow a malicious app to alter legitimate home screen icons.

Phishers find most success midweek, masquerading as IT, report finds

Phishers find most success midweek, masquerading as IT, report finds

By

An incident response firm found that 93 percent of phishing emails were sent out on weekdays, with the most popular day being Wednesday.

Popular ad server patches SQL injection flaw impacting platform

Popular ad server patches SQL injection flaw impacting platform

By

Orbit Open Ad Server was vulnerable to SQL injection attacks, which could result in website visitors' information being stolen via malvertising, a security firm found.

HHS reveals "high-risk" security issues at Medicaid agencies

HHS reveals "high-risk" security issues at Medicaid agencies

By

An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.

XSS vulnerability in popular video site enables unique DDoS attack

XSS vulnerability in popular video site enables unique DDoS attack

By

Website security company Incapsula defended a client from a DDoS attack that was carried out using a persistent XSS vulnerability in a highly popular site that hosts video content.

Facebook doled out $1.5 million to researchers in 2013 for bug bounties

By

The social media giant received close to 15,000 submissions, 687 of which were valid.

Singapore's NTUC resident members get two-factor authentication devices

By

Added security and no longer having to memorize increasingly difficult passwords are some of the benefits resident members of Singapore's NTUC will get by activating their new OneKey two-factor authentication devices.

More than 24M home routers enabling DNS amplification DDoS attacks

More than 24M home routers enabling DNS amplification DDoS attacks

By

More than 24 million home routers have open DNS proxies that enable DNS-based DDoS attacks, and 5.3 million of the devices were used to generate attack traffic in February, according to Nominum.

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responds to information disclosure, user enumeration, other concerns

By

Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.

Tesla cars' weak password protocol could allow remote unlock, locating

Tesla cars' weak password protocol could allow remote unlock, locating

By

A researcher at Black Hat Asia highlighted security issues affecting Tesla Model S cars.

Smartphones at risk of malicious code injection through HTML5-based apps

Smartphones at risk of malicious code injection through HTML5-based apps

By

Researchers have discovered a new attack, known as Cross-Device Scripting, that can allow an attacker to compromise most smartphones by injecting malicious code through HTML5-based apps.

Google researchers shed light on state-sponsored attacks targeting news orgs

By

The security engineers presented the findings at the Black Hat conference in Singapore.

Cutwail operators aim DDoS at Zeus competitors

Cutwail operators aim DDoS at Zeus competitors

By

Researchers at RSA noted the "battle of the botmasters" taking place.

Experts suggest transaction malleability did not ruin Mt. Gox

Experts suggest transaction malleability did not ruin Mt. Gox

By

In a paper released on Wednesday, Swiss researchers suggest the transaction malleability Bitcoin flaw did not ruin Mt. Gox, despite what the Tokyo-based company announced.

Cryptocurrency-mining apps discovered on Google Play store

By

At least two apps have been discovered on the official Google Play store that mine for cryptocurrencies, but overheating mobile devices and decreased performance may tip off Android users.

WinRAR spoofing vulnerability being exploited in malware campaign

WinRAR spoofing vulnerability being exploited in malware campaign

By

A WinRAR vulnerability is being taken advantage of in a malware campaign targeting government and international organizations, as well as Fortune Global 500 companies.

Windows trojan packs punch, downloads ransomware "Cribit"

Windows trojan packs punch, downloads ransomware "Cribit"

By

Cribit ransomware demands Bitcoin payment to decrypt hostage files, Trend Micro reveals.

Gameover variant of Zeus trojan targets Monster and CareerBuilder

By

The Gameover variant of the Zeus trojan is targeting employment sites Monster and CareerBuilder, according to F-Secure researchers.

Sign up to our newsletters

POLL