Trending Now
LATEST
Cisco Patches Critical Flaw in Vision Dynamic Signage Director
Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.
Tracked as CVE-2019-1917, the vulnerability was found in the REST...
The Great Hack: the film that goes behind the scenes of the Facebook data scandal
This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
Scotland Yard Twitter and Emails Hacked
London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages.
read more
Hackers breach FSB contractor, expose Tor deanonymization project and more
SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.
Dirty Looks – Paul’s Security Weekly #612
This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System...
Time Speeds Up When You’re Wasting It
An essay on why time can feel like it's speeding up when you get older, and how to slow it back down.Support the show.
Armor Games – 10,604,307 breached accounts
In January 2019, the game portal website website Armor Games suffered a data breach. A total of 10.6 million email addresses were impacted by the breach which also exposed usernames, IP addresses, birthdays of administrator accounts and passwords stored...
Nansh0u not your normal cryptominer — Research Saturday
Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors....
In the cooler for the next three years: Hacker of iCloud accounts used by athletes and rappers
Phishing led to shopping spree with victims' credit cards A man from the US state of Georgia who pleaded guilty in March to breaking into the Apple iCloud accounts of sports and entertainment figures was sentenced on Thursday to...
Flaw allows attackers to alter media files sent via WhatsApp, Telegram, say researchers
Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps.
This “media file-jacking” flaw could allow attackers to alter photographs, modify invoices (to aid...
Friday Squid Blogging: Squid Mural
Large squid mural in the Bushwick neighborhood of Brooklyn.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
Hackers breach 62 US colleges by exploiting ERP vulnerability
Hackers are breaching college networks and creating fake accounts that are used "almost immediately for criminal activity."
When Harry met celly: NSA hoarder thrown in the clink for 9 years – after taking classified work home for decades
Contractor Martin sentenced for squirreling away 50TB of hush-hush files, exploits An ex-NSA contractor who admitted stashing some 50TB of secret US government documents and exploit code at his home was today sentenced to nine years behind bars.…
Israel surveillance firm NSO group can mine data from major social media
The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media.
The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is...
All very MoD-ern: RAF test pilot headed into space with Virgin, £30m small sat demo project
Defence ministry gets with the Apollo vibes Roundup As the world celebrates the 50th anniversary of the Apollo 11 Moon mission, the UK's Ministry of Defence has gone a bit wacky – not only does it have fresh space...
Following K3chang. Bulgaria’s tax agency breach. An alternative currency gets some incipient regulatory scrutiny. Why towns are hit with ransomware. A hair-care hack.
K3chang is out, about, and more evasive than ever. Data breached at Bulgaria’s National Revenue Agency has turned up online in at least one hacker forum. Facebook’s planned Libra cryptocurrency received close scrutiny and a tepid reception on Capitol...
Browser Extensions Siphon Private Data From 4M Users, Then Leak It
Eight browser extensions for Chrome and Firefox were recently shut down after a security researcher uncovered how they were sending users' private data, including links to sensitive online documents, to a marketing intelligence firm.
Securing Energy Infrastructure Act passes House
The House Thursday passed the bipartisan Securing Energy Infrastructure Act, which aims to remove vulnerabilities that could allow hackers to access the energy grid.
The bill was sponsored by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) and mirrors the...
7MS #373: Tales of Pentest Fail #2
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today's episode is a two-tale story...
Contractor who stole 50TB of NSA data gets nine years in prison
Prosecutors never proved former NSA contractor was the origin for the Shadow Brokers leak.
10 Most Neglected Data Security Best Practices
The 2018 Netwrix IT Risks Report explores how organizations are working to ensure compliance and beat cyber threats. Unfortunately, the results indicate that organizations aren’t doing enough to defeat the bad guys. Here are the 10 most neglected security best practices:
1. Classify data based...
Iranian Hackers Use New Malware in Recent Attacks
The Iran-linked cyber-espionage group OilRig has started using three new malware families in campaigns observed over the past month, FireEye reports.
read more
Malware in PyPI Code Shows Supply Chain Risks
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
Ke3chang APT group linked to Okrum backdoor
ESET researchers linked the Ke3chang APT group to the newly discovered Okrum backdoor showing the group is still active and improving its code.
Researchers have since discovered new versions of malware families linked to the Ke3chang group and believe the...
LEADERS
Friday Squid Blogging: Squid Mural
Large squid mural in the Bushwick neighborhood of Brooklyn.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company...
Slack response. Passwords reset four years after data breach
Slack would have been wiser – in an abundance of caution – to reset all of its users’ passwords back in March 2015.
After all, leaving it until four years later looks a little bit… slack.
John Paul Stevens Was a Cryptographer
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
