Trending Now
LATEST
Websites can steal browser data via extensions APIs
Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
6 Reasons We Need to Boost Cybersecurity Focus in 2019
Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency
Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information as well...
Bulgaria Extradites Russian Hacker to US: Embassy
Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday.
read more
DDoS sueball, felonious fonts, leaky Android file manager, blundering building security, etc etc
Plus, Safari security foiled by… a finger swipe? Roundup This week we wrangled with alleged Russian election meddling, hundreds of millions of username-password combos spilled online, Oracle mega-patches, and cliams of RICO swap-gangs.…
Hellfire Dong Slinger – Paul’s Security Weekly #590
This week, we welcome Dr. Eric Cole, the Founder and CEO of Secure Anchor Consulting for an interview! In the Technical segment, our very own Joff Thyer will be demonstrating some syntax with PowerShell useful for transferring data into...
The Iceman cometh, his smartwatch told the cops: Hitman jailed after gizmo links him to Brit gangland slayings
Killer jailed for life after fitness kit data tips off plod Avid runner and hitman Mark Fellows was this week found guilty of murder after being grassed up by his Garmin watch.…
Luring IoT botnets to the honeypot — Research Saturday
Researchers from Netscout's ASERT team have been making use of honeypots to gather information on rapidly evolving IoT botnets that take advantage of default usernames and passwords to gain access and take control of unprotected devices. Matt Bing is...
2018’s Most Common Vulnerabilities Include Issues New and Old
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
DNC says Russia tried to hack its servers again in November 2018
Democrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful.
Friday Squid Blogging: Squid Lollipops
Two squid lollipops, handmade by Shinri Tezuka.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
VC Investments in Cybersecurity Hit Record Highs in 2018
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
WiFi firmware bug affects laptops, smartphones, routers, gaming devices
List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.
‘Collection #1’ Breach Is Huge, But Should You Be Worried?
The dealer behind the Collection #1 data dump has been circulating six other databases with almost 1TB of data. But opinions vary on whether they contain data from previously reported hacks or newly released information.
Checklist 121: On Checklist, TV Watches You!
On this week’s Checklist by SecureMac we talk about TVs that are too smart for your own good, putting a lock on individual iOS Apps and some security resolutions.
The post Checklist 121: On Checklist, TV Watches You!...
Exploit for Recent Flash Zero-Day Added to Fallout Exploit Kit
An updated version of the Fallout exploit kit recently emerged with an exploit for a recent Flash zero-day included in its arsenal, Malwarebytes Labs security researchers warn.
read more
Temporary micropatch available for zero-day Windows exploit
Microsoft has left two publicly known vulnerabilities unpatched in Windows this month, but researchers have stepped in and created temporary patches that can be easily applied to protect systems until an official fix becomes available.During the last two weeks...
Researchers find Telegram bot chatter is actually Windows malware commands
Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands.
Forcepoint researchers discovered what it described as a “fairly simple” year old malware...
US midterms barely over when Russians came knocking on our servers (again), Democrats claim
Лучшая защита – нападение? Russian hackers attempted to infiltrate the Democratic National Committee (DNC) just after the US midterm elections last year, according to a new court filing.…
Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware
A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware...
Android ES File Explorer open port vulnerability divulged
A French cybersecurity researcher is reporting that Android ES File Explorer app can allow others on your local network to remotely access a file on your phone.
The app, which has more than 100 million Android installs and is designed...
Ingenious! The Android malware which only triggers if you’re moving
Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim’s device or being analysed by a security team.
Hackers Actively Scanning for ThinkPHP Vulnerability, Akamai Says
There is widespread scanning for a recently disclosed remote code execution vulnerability in the ThinkPHP framework, Akamai reveals.
read more
New Year, New Features for Fallout EK
New Year, New Features for Fallout EKThe new year is a time for resolutions and promises of change, so much so that even malware has returned from a bit of time off with some new features, including a new Flash...
LEADERS
Friday Squid Blogging: Squid Lollipops
Two squid lollipops, handmade by Shinri Tezuka.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Ingenious! The Android malware which only triggers if you’re moving
Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim’s device or being analysed by a security team.
Evaluating the GCHQ Exceptional Access Proposal
The so-called Crypto Wars have been going on for 25 years now. Basically, the FBIand some of their peer agencies in the U.K., Australia, and elsewhereargue that the pervasive use of civilian encryption is hampering their ability to solve...
Weekly Update 122
Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stackAnd then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing...
773M Password ‘Megabreach’ is Years Old
My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to...
