Trending Now
LATEST
Can you really sniff out gas station card skimmers with your phone?
A viral post suggests (wrongly) that card skimmers always use Bluetooth. Anyway, just looking at nearby Bluetooth names doesn't help much...
Canada Helping Australia Determine ‘Full Extent’ of Hack
Canada's electronic eavesdropping agency said Wednesday it is working with Canberra to try to determine the scale of computer hacking on Australia's parliament and political parties just months from an election.
read more
Cisco Releases Security Updates
Original release date: February 20, 2019Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages...
Fancy Bear phishes in think tanks. Lazarus Group takes a swipe at Russian organizations. New decryptor for GandCrab. Citizen Lab and Novalpina discuss NSO Group. Ryuk’s lousy help desk.
In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be...
MyHeritage – 91,991,358 breached accounts
In October 2017, the genealogy website MyHeritage suffered a data breach. The incident was reported 7 months later after a security researcher discovered the data and contacted MyHeritage. In total, more than 92M customer records were exposed and included...
30 years in: My, how SC and security have changed
1989. Acid wash jeans, Bon Jovi and the compassionate conservatism of the Reagan Era were actually, unironically popular. The Berlin Wall fell, free elections were held in the then Soviet Congress of Deputies, Vaclev Havel became president of Czechoslavakia,...
WinPot ATM Malware Resembles a Slot Machine
A piece of malware targeting automated teller machines (ATMs) has an interface that looks like a slot machine, Kaspersky Lab reports.
Dubbed WinPot, the malware was initially detected in March last year, targeting the ATMs of a popular vendor to...
Firms Moving Sensitive Data to Cloud, But Security Still a Problem: Oracle
Companies are increasingly moving sensitive data to the cloud, but cybersecurity, including the human factor and technology, is still a problem for many, according to a new report published on Wednesday by Oracle and KPMG.
read more
Mastercard, GCA Create Small Business Cybersecurity Toolkit
A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.
POS Vendor Announces January Data Breach
More than 120 restaurants were affected by an incident that exposed customer credit card information.
9 Years After: From Operation Aurora to Zero Trust
How the first documented nation-state cyberattack is changing security today.
DDoS explained: How distributed denial of service attacks are evolving
What is a DDoS attack?
A distributed denial of service (DDoS) attack is when an attacker, or attackers, attempt to make it impossible for a service to be delivered. This can be achieved by thwarting access to virtually anything: servers,...
New GandCrab Ransomware Decryptor Released
The cat-and-mouse game between BitDefender and the GandCrab ransomware developers continues. On Tuesday (Feb. 19) BitDefender released a new version of its GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5 up to the latest version...
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003
Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
A site is only affected by this if one of...
Blockchain Security Startup CipherTrace Emerges With $15M in Funding
Blockchain security company CipherTrace has fully emerged on Tuesday with $15 million in venture capital financing from Silicon Valley and New York venture capital firms.
read more
Apple is learning why shortcut security is a bad idea
When Apple launched its enterprise developer certificate program — which helps enterprises make their homegrown apps for employee use-only available through iTunes — it had to make a difficult convenience-vs.-security decision: how much hassle to put IT managers through...
IoT botnets target enterprise video conferencing systems
Companies have been adding internet of things (IoT) devices to their networks over the past few years, often increasing their exposure on the internet. This has led to a rise in botnets that specialize in exploiting insecure configurations and...
Online ATM-style Scam Puts Shoppers at Risk: Symantec
Online shoppers are at a growing risk from a scam which allows hackers to skim their payment details, cyber security firm Symantec warned on Wednesday.
read more
Third decryption tool for GandCrab ransomware released to public
A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.
This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as...
As US Pushes to Ban Huawei, UK Considers Softer Approach
Britain can handle the security risks involved with using mobile networks made by China's Huawei, the cybersecurity chief said Wednesday, adding to a growing debate among countries on whether the company should be banned, as the U.S. wants.
read more
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-13)
A prenotification security advisory (APSB19-13) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Thursday, February 21, 2019.
We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well...
Microsoft Edge lets Facebook run Flash code behind users’ backs
Google security researcher finds secret whitelist that lets Facebook run Flash content despite Edge's normal security policies.
The CSO guide to top security conferences, 2019
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...
42,000 patients data compromised AdventHealth Medical Group data breach
AdventHealth Medical Group Pulmonary and Sleep Medicine officials are warning up to 42,000 of their patients of a 16-month-long data breach at the facility that exposed their personal and health information.
The breach was discovered on December 27, 2018, but...
LEADERS
Join me to learn more about Magecart attacks – and how to defend against them
Attacks that can silently skim payment data as it is entered on websites have become a huge problem.
Learn more about the likes of Magecart, and how to effectively combat such threats, in an upcoming free webinar.
Google in hot water after not revealing it had hidden a secret microphone in home alarm product
As if some folks weren’t concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside its Nest Secure product.
Read more in my article...
Details on Recent DNS Hijacking
At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains.
Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.
The man suing Apple over two-factor authentication has ‘previous’
Many have been baffled by Jay Brodsky’s legal action against Apple, including his claim that it takes between two and five minutes for him to pass the 2FA security check.
But things began to fall a little more into place...
Estonia’s Volunteer Cyber Militia
Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia.
Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian...
