News feed copy

Stagefright 2.0: A billion Android devices could be compromised

Thu, 01 Oct 2015 14:27:02 +0000

Most Android users are, once again, in danger of having their devices compromised by simply previewing specially crafted MP3 or MP4 files. Zimperium researchers, who were the ones who discovered ea...

Apple releases OS X El Capitan, patches passcode loophole in iOS

Thu, 01 Oct 2015 12:31:37 +0000

Yesterday Apple released OS X 10.11 El Capitan to end users. With it, the company concentrated more on performance and security instead on new features. Among the security improvements is System In...

7 key global DDoS trends revealed

Thu, 01 Oct 2015 11:15:53 +0000

Neustar released the findings of its latest DDoS report, including key trends. The global research reveals more activity around targeted, smaller assaults aimed at distracting firms IT departments wh...

Compromising Macs with simple Gatekeeper bypass

Thu, 01 Oct 2015 10:16:08 +0000

Patrick Wardle, director of research at security firm Synack, has discovered a worryingly simple way to bypass OS X's Gatekeeper defense mechanism: just bundle a legitimate Apple-signed app with a mal...

The value of threat intelligence

Thu, 01 Oct 2015 08:00:09 +0000

When it comes to understanding how a hacker penetrated the corporate network, nearly a quarter (23 percent) had no insight on which channel a breach occurred, according to DomainTools. Despite the ...

The barriers to cybersecurity research, and how to remove them

Thu, 01 Oct 2015 07:38:07 +0000

Earlier this year, a considerable number of computer scientists and lawyers, from academia, civil society, and industry, congregated at UC Berkeley School of Law to take part of a workshop aimed at di...

CISOs are looking for more integration and automation

Thu, 01 Oct 2015 07:27:51 +0000

Enterprise CISOs are looking for more integration and automation among their existing IT security tools, and that most are only periodically monitoring and mitigating events in their network environme...

Fragmented approaches to PKI don't always follow best practices

Thu, 01 Oct 2015 07:07:05 +0000

Independent research by the Ponemon Institute reveales increased reliance on public key infrastructures (PKIs) in today's enterprise environment, supporting a growing number of applications. At th...

ISC StormCast for Thursday, October 1st 2015 http://isc.sans.edu/podcastdetail.html?id=4679, (Thu, Oct 1st)

Thu, 01 Oct 2015 02:06:18 +0000

...(more)...

Recent trends in Nuclear Exploit Kit activity, (Thu, Oct 1st)

Thu, 01 Oct 2015 00:02:01 +0000

Introduction

Since mid-September 2015, Ive generated a great ...(more)...

Mistakenly-deployed test patch leads to suspicious Windows update , (Wed, Sep 30th)

Wed, 30 Sep 2015 19:41:24 +0000

Earlier today, various sources reporteda highly-suspicious Windows update. According to Ars Techn ...(more)...

OUCH October Newsletter - Password Managers: https://www.securingthehuman.org/ouch, (Wed, Sep 30th)

Wed, 30 Sep 2015 15:12:31 +0000

...(more)...

500 million users at risk of compromise via unpatched WinRAR bug

Wed, 30 Sep 2015 12:37:33 +0000

A critical vulnerability has been found in the latest version of WinRAR, the popular file archiver and compressor utility for Windows, and can be exploited by remote attackers to compromise a machine ...

Scammers use Google AdWords, fake Windows BSOD to steal money from users

Wed, 30 Sep 2015 11:30:17 +0000

Faced with the infamous Windows Blue Screen of Death (BSOD), many unexperienced computer users' first reaction is panic. If that screen contains a toll free number ostensibly manned by Microsoft techn...

Attackers posing as legitimate insiders still an enormous security risk

Wed, 30 Sep 2015 10:07:46 +0000

Cyber attacks that exploit privileged and administrative accounts the credentials used to manage and run an organizations IT infrastructure represent the greatest enterprise security risks. ...

Companies leave vulnerabilities unpatched for up to 120 days

Wed, 30 Sep 2015 08:30:21 +0000

Kenna studied the proliferation of non-targeted attacks and companies ability to mitigate these threats through the timely remediation of security vulnerabilities in their software and network device...

Women represent only 10% of the infosec workforce

Wed, 30 Sep 2015 07:30:09 +0000

Surveying nearly 14,000 global professionals, a new (ISC)2 report focuses on the lack of gender diversity in the information security workforce despite a cyber landscape that is growing and changing i...

File insecurity: the final data leakage frontier

Wed, 30 Sep 2015 07:00:45 +0000

The growth of cloud and mobile computing, the ease at which files can be shared and the diversity of collaboration methods, applications and devices have all contributed to the frequency of file data ...

VBA malware is back!

Wed, 30 Sep 2015 06:22:10 +0000

VBA malware is far from dead. In fact, as Sophos researchers recently noted, approximately 50 to 100 new VBA malware samples are spotted each day. For those who don't know, VBA (Visual Basic for Ap...

ISC StormCast for Wednesday, September 30th 2015 http://isc.sans.edu/podcastdetail.html?id=4677, (Wed, Sep 30th)

Wed, 30 Sep 2015 01:29:49 +0000

...(more)...

Tricks for DLL analysis, (Tue, Sep 29th)

Tue, 29 Sep 2015 21:01:50 +0000

Very often I get questions on how to perform analysis on DLL files.</ ...(more)...

Too many vulnerable medical systems can be found online

Tue, 29 Sep 2015 14:37:50 +0000

How many critical medical systems can be found on the Internet, accessible to and hackable by remote attackers? According to security researchers Scott Erven and Mark Collao, too many. Erven, an as...

XOR DDoS botnet launching attacks from compromised Linux machines

Tue, 29 Sep 2015 13:59:05 +0000

Attackers have developed a botnet capable of 150+ Gbps DDoS attack campaigns using XOR DDoS, a Trojan malware used to hijack Linux systems, according to Akamai. What is XOR DDoS? XOR DDoS is a T...

Do security flaws with life-threatening implications need alternative disclosure?

Tue, 29 Sep 2015 13:00:54 +0000

If security researchers get no response from manufacturers when disclosing vulnerabilities with life-threatening implications, the majority of IT security professionals (64%) believe that the informat...

How to avoid data breaches? Start by addressing human error

Tue, 29 Sep 2015 11:06:11 +0000

Small businesses in the UK are failing to train staff on how to correctly identify and dispose of confidential information which could lead to a costly data breach. A Shred-it survey conducted by I...

Hilton, Trump hotel chains hit by PoS malware

Tue, 29 Sep 2015 10:51:47 +0000

Payment card data of visitors of a number of Hilton and Trump hotels in the US have been compromised, and some of it is being already used by crooks to rack up fraudulent charges. A few days after ...

The evolution of the CISO in today's digital economy

Tue, 29 Sep 2015 08:00:15 +0000

As the digital economy becomes ever more connected and encompasses all industries, were reaching a point where every company today is a technology company. Along with this transformation we have seen...

Chinese fraudsters are hijacking and misusing Uber accounts

Tue, 29 Sep 2015 07:01:03 +0000

Uber accounts continue to be hijacked, this time by Chinese fraudsters. According to Motherboard, a number of users complained recently on Twitter that their accounts have been used for rides in China...

Exabeam secures $25 million in Series B funding

Tue, 29 Sep 2015 07:00:15 +0000

Exabeam closed a $25 million financing round to further accelerate the company's growth and continue updating its user behavior analytics (UBA) solution. Icon Ventures led the Series B investment r...

Oysters tablet comes preinstalled with Trojanized Android firmware

Tue, 29 Sep 2015 05:04:02 +0000

Keeping your mobile device free of malware requires intentional care, but sometimes even that is not enough. As Dr. Web researchers recently pointed out, a device you buy from a manufacturer or one of...

ISC StormCast for Tuesday, September 29th 2015 http://isc.sans.edu/podcastdetail.html?id=4675, (Tue, Sep 29th)

Tue, 29 Sep 2015 02:23:21 +0000

...(more)...

Mobile ad network exploited to launch JavaScript-based DDoS attack

Mon, 28 Sep 2015 14:24:56 +0000

A type of DDoS attack that has until now been mostly theoretical has become reality: CloudFlare engineers have spotted a browser-based Layer 7 flood hitting one of its customers with as many as 275,00...

Yahoo open-sources Gryffin, a large scale web security scanning platform

Mon, 28 Sep 2015 12:17:20 +0000

Yahoo has open-sourced Gryffin, a scanning platform for web applications. The developers' goal was to create a security scanner that will be able to both discover as much of the application footpri...

Leaked Hacking Team emails show Saudi Arabia wanted to buy the company

Mon, 28 Sep 2015 11:21:32 +0000

Emails stolen in the Hacking Team breach and leaked online by the still unknown attackers continue to be analyzed, and offer insight into the inner workings and controversial relationships the infamou...

"Transport of London" Malicious E-Mail, (Mon, Sep 28th)

Mon, 28 Sep 2015 10:52:30 +0000

This morning, I received several e-mails with the subject Email from Transport of London. The att ...(more)...

How organizations can increase trust and resilience

Mon, 28 Sep 2015 09:03:48 +0000

Gartner said organizations must invest in three risk disciplines to increase trust and resilience. Running a digital business presents business leaders with an increasing level of complexity and new t...

Silent Circle launches Blackphone 2, delivering business and personal privacy

Mon, 28 Sep 2015 08:08:44 +0000

Silent Circle has launched Blackphone 2 its next-generation smartphone that delivers privacy and security. It provides full device encryption by default through harnessing the company's operating sy...

Is your network suffering from the trombone effect?

Mon, 28 Sep 2015 07:33:15 +0000

Trombones are wonderful instruments. These brass beauties are mainstays of any marching band, dutifully producing a bouncing bass tone. Some trombones, however, generate a completely different sound: ...

ISC StormCast for Monday, September 28th 2015 http://isc.sans.edu/podcastdetail.html?id=4673, (Mon, Sep 28th)

Mon, 28 Sep 2015 01:37:18 +0000

...(more)...

Mozilla Foundation Security Advisory 2015-112, (Fri, Sep 25th)

Fri, 25 Sep 2015 11:06:58 +0000

Firefox has announced several vulnerabilities in Firefox and Firefox ESR which were reported byRo ...(more)...

Infocon: green

ISC StormCast for Thursday, October 1st 2015 http://isc.sans.edu/podcastdetail.html?id=4679