Trending Now
LATEST
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
PCI Piñata – Paul’s Security Weekly #583
This week, we welcome Jon Buhagiar, Network+ Review Course Instructor at Sybex for an interview to talk about Network Operations! In the Technical Segment, we welcome back John Moran, Senior Product Manager at DFLabs to talk about IncMan SOAR...
Elasticsearch Sales Leads – 5,788,169 breached accounts
In October 2018, security researcher Bob Diachenko identified multiple exposed databases with hundreds of millions of records. One of those datasets was an Elasticsearch instance on AWS containing sales lead data and 5.8M unique email addresses. The data contained...
Week in security with Tony Anscombe
GDPR-themed WordPress plugin flaw exploited. Google’s data charts path to avoiding malware on Android. Plus security researchers bypass encryption on self-encrypting drives
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Japanese government’s cybersecurity strategy chief has never used a computer
The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability.
Yoshitaka Sakurada admitting he has never used a computer in his professional life, despite the Japanese Government,...
Doubling down on Cobalt Group activity — Research Saturday
The NETSCOUT Arbor ASERT team has been tracking Cobalt Group campaigns targeting financial institutions. Richard Hummel is manager of threat intelligence with ASERT, and he joins us to share his team's findings. The research can be found here: https://asert.arbornetworks.com/double-the-infection-double-the-fun/...
KnownCircle – 1,957,600 breached accounts
In approximately April 2016, the "marketing automation for agents and professional service providers" company KnownCircle had a large volume of data obtained by an external party. The data belonging to the now defunct service appeared in JSON format and...
Russian APT comes back to life with new US spear-phishing campaign
Cozy Bear (APT29) makes a comeback after last year's Dutch and Norwegian hacking campaigns.
Could have sworn I deleted that photo from my phone! [PODCAST]
This week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. Enjoy!
Children’s smartwatches once again found vulnerable
China-based company MiSafe is once again making headlines with its unsecured products after a pen tester found that its child tracking smartwatches were found to be highly insecure.
MiSafe previously made controversy after firm’s Mi-Cam baby monitors were found to...
Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in
A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page.
In a company blog post yesterday, researchers at WebARX disclosed...
Change of stRATegy? Cybercrime group TA505 tests new tRAT malware
A newly discovered remote access trojan nicknamed tRAT has apparently attracted the interest of TA505, a cybercriminal group known for launching prolific banking malware and ransomware attacks.
In a company blog post yesterday, researchers at Proofpoint reported observing several phishing...
Friday Squid Blogging: Squid Sculptures
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Ep. 009 – Competitive hacking, threat report and crazy tweets!
In the Naked Security Podcast this week: hacking phones at Pwn2Own, the brand new SophosLabs Threat report, and squeezing Shakespeare into one tweet. With Anna Brading, Paul Ducklin and Mark Stockley. (Music: purple-planet.com)
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
GSA looks to issue new rules for gov’t contractor data breach reporting
The General Services Administration (GSA) has issued a proposal for new guidelines on data breaches disclosure that government contractors must follow and give the government access to their system in the event of a breach.
The GSA proposal will amend...
Blackberry in $1.4 billion deal to buy Cylance
Blackberry has entered into a $1.4 billion cash deal to acquire Cylance with the intention of using the cybersecurity firm’s technology to accelerate Blackberry’s Enterprise of Things (EoT) project.
The agreement will see Blackberry combine Cylance’s artificial intelligence, algorithmic science,...
Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser's users when their email address and credentials may have been obtained by hackers.Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing...
GPS jamming. Bank phishing. Exposed server. Censorship, East, West, and South. Is there a sealed indictment of Julian Assange?
In today’s podcast, we ask a question: when does a military exercise become hybrid warfare? Answer: when it affects civilian safety. Like with GPS jamming. Russian banks are sustaining a major, and well-crafted, phishing campaign. An unprotected server exposes...
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
Firefox to Display Warning if You Visit a Site That’s Been Breached
The warnings will appear on Firefox's desktop browser as pop-up notifications that tell you how many accounts were compromised in a breach within the last year.
Smartphones: A Double-edged Sword for Terrorists
Bombs and guns aside, a smartphone can be a powerful weapon in the hands of a terrorist -- but it can also provide intelligence services with the tools to track them down.
Three years ago to the day, the Paris...
LEADERS
Friday Squid Blogging: Squid Sculptures
Pretty.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Mailing Tech Support a Bomb
I understand his frustration, but this is extreme:
When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb or, rather, two pipe bombs, which is what investigators found when they picked apart the...
Hidden Cameras in Streetlights
Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.
According to government procurement data, the DEA has paid a Houston, Texas company called Cowboy Streetlight Concealments LLC roughly $22,000 since...
Weekly Update 113
Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Bit of a change of scenery this week; I've gone to the other end of the house whilst...
Under attack! Should your company ever ‘hack back’?
Are targeted companies missing a trick? Could they not use their tech skills to penetrate their attacker’s own computer systems, and launch a counter-attack which might knock out their adversaries’ infrastructure?
Read more in my article on the Bitdefender...
