Trending Now
LATEST
Weekly Update 117
Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...
‘Bomb threat’ scammers are now threatening to throw acid on victims
Bomb threat extortion campaign yielded less than $1 for the spammers.
Brazil bested by hackers, Virgin plugs hub bugs, and France surrenders… records
Plus, Talos critical of flawed message apps It was pretty hectic security week, between the Sharpshooter malware attack, a massive Patch Tuesday, and yet another Facebook privacy fail.…
Ep 28: Unit 8200
Israel has their own version of the NSA called Unit 8200. I was curious what this unit does and tried to take a peek inside. Hear what I found by listening along to this episode.This episode was sponsored by...
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary...
The Sony hack and the perils of attribution — Research Saturday
Researchers at Risk Based Security took a detailed look back at the 2014 Sony hack, comparing analysis that occurred while the facts were still unfolding with what we know, today. There are interesting lessons to be learned, especially when...
‘Bomb threat’ scammers linked to earlier sextortion campaign
Scare tactic efforts may be the work of a single group Yesterday's 'bomb scare' spam campaign may have been a follow-up to another infamous email extortion effort.…
SQLite bug impacts thousands of apps, including all Chromium-based browsers
New 'Magellan' vulnerability will haunt the app ecosystem for years to come.
Thursday’s Email Bomb Threat Has Ties to Earlier ‘Sextortion’ Scam
The mass email bomb threat on Thursday that turned out to be a hoax was likely perpetrated by a group of spammers who have also been scamming people with an email 'sextortion' scheme, according to Cisco's Talos security group.
Scumbag hackers lift $1m from children’s charity
Utter asshats pull seven-figure heist on Save the Children Foundation A group of criminal asswipes have managed to steal $1m from the Save the Children Foundation.…
Email Bomb Threats Follow Sextortion Playbook
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
How to protect Windows 10 PCs from ransomware
CryptoLocker. WannaCry. Petya. Bad Rabbit. The ransomware threat isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world. It’s popular in large part because of the...
Sextortion gang found to be behind email bomb threat spree
Cisco Talos believes it has tied a recent wave of emailed bomb threats to the same group that was conducting a sextortion campaign earlier this year, and revealed that most recent campaign was a financial bust for the malicious...
Best security software: How 25 cutting-edge tools tackle today’s threats
Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to...
Malicious document builder LCG Kit a key component in recent phishing campaigns
Researchers at Proofpoint have uncovered a sophisticated tool commonly used by malicious actors to build weaponized documents for phishing campaigns.
Dubbed LCG Kit, the service has helped small crime groups create docs capable of spreading a variety of remote access...
False flags and real flags. ISIS claims the Strasbourg killer as one of its soldiers. A bogus bomb threat circulates by email.
In today’s podcast, we hear about false flag cyberattacks that mimic state actors, especially Chinese state actors. Chinese intelligence services are prospecting US Navy contractors. Russia’s Fancy Bear continues its worldwide phishing campaign. ISIS claims the career criminal responsible...
Bing recommends piracy tutorial when searching for Office 2019
Oh, Bing! Not again!
The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier
Stefan Streichsbier talks about his chapter, "Unicorn Rodeos", in the just released book, "Epic Failures in DevSecOps". We start with where did the chapter name come from and what does it mean, then lead into his three main points...
Magecart-style credit card sniffer spotted for sale, online retailers beware
Online retailers should be on high alert for attacks carried out by a Magecart-style credit card sniffing tool similar to the one used to carry out the British Airways and Ticketmaster hacks.
Armor researchers are warning retailers after spotting the...
Stop us if you’ve heard this one: Facebook apologizes for bug leaking private photos
Data gathering biz still having trouble keeping data secure Facebook on Friday apologized for a bug that may have exposed exposed private photos to third-party apps for the 12 day period from September 13 to September 25, 2018.…
Iranian Hackers Target Nuclear Experts, US Officials
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Report: Boomoji app developer leaves customer data exposed on open database
The developers of make-your-own-avatar app Boomoji reportedly neglected to password-protect two of their internet-connected databases, thus publicly exposing the personal data of roughly 5.3 million users.
The wide-open databases, from Elasticsearch, stored users’ names, genders, countries and phone types all...
‘Donald’ Makes It on Annual Worst Passwords List
The President's first name came in as the 23rd most frequently used password, behind old favorites such as 'monkey' and 'qwerty," according to data compiled by password management provider SplashData.
Google Keystore feature looks to improve Android Pie security
Google is boosting Android Key security for mobile apps with new Keystore features to improve the safety of devices running Android Pie.
The Android Keystore provides application developers with cryptographic tools designed to secure user data and Android Pie is...
Ransomware strikes University of Maryland Medical System
The University of Maryland Medical System was hit with a ransomware attack earlier this week that affected a small number of its medical devices offline.
About 250 of the system’s 27,000 devices were impacted by the attack, The Baltimore Sun...
LEADERS
Weekly Update 117
Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.I'm in Whistler! And as I say at the start of this video, I did seriously consider having...
International email bomb hoax proves to be a spectacular failure
Authorities in the United States, Canada, Australia, and New Zealand are said to be investigating a wave of bogus bomb threats that have been sent to a variety of organisations late on Thursday.
But if the hoaxer thought they were...
Real-Time Attacks Against Two-Factor Authentication
Attackers are targeting two-factor authentication systems:
Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security...
2018 – a year of data breaches in review
Week after week, month after month, 2018 saw organisations and companies struck by massive and damaging data breaches, putting the personal details of innocent members of the public at risk.
Read more in my article on the Bitdefender Business Insights...
Friday Squid Blogging: More Problems with the Squid Emoji
Piling on from last week's post, the squid emoji's siphon is in the wrong place.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting...
