Security

0 Comments
On Friday, as presidential candidate Beto O’Rourke made his way through Iowa, Reuters published what has been called a “bombshell” revelation that O’Rourke was once a member of a hactivist group known as the Cult of the Dead Cow (cDc). While conducting research for his new book, Joseph Menn stumbled across evidence that suggested O’Rourke may
0 Comments
The data breach at Wolverine Solutions Group (WSG) continues to plague the healthcare industry, with more organizations, including Spectrum Healthcare, sending security notices to customers. As was the case for many organizations who have already issued security notices, Spectrum said it has no reason to believe its systems or customer information may have been compromised.
0 Comments
Amid widespread speculation that a cyber-attack caused the outage of Facebook‘s services earlier this week, the social media platform contends that the issue was the result of a server configuration change. Despite the array of questions about when it made the change to the server and when it realized that the configuration error had triggered the
0 Comments
by Lisa Vaas Back in 2012, Sophos picked up a stash of USB keys from a lost property auction as an experiment. It turned out that they were a scary bunch of sticks: 66% of them contained malware, and not a single one was encrypted. Well, the more things change, the more things USB drive-related
0 Comments
Researchers at vpnMentor have discovered a security vulnerability in Gearbest, a Chinese e-commerce business that reportedly processes hundreds of thousands of sales a day. According to a blog post from vpnMentor’s research team, hackers were able to access different parts of Gearbest’s database, during which time they discovered more than 1.5 million records, ranging from
0 Comments
Malicious actors who breached a Pakistani government site and delivered the ScanBox Framework payload have been tracking users who visit the site to check the status of their passport applications, according to research from Trustwave. Since attackers compromised the site, visitors to the subdomain (tracking.dgip.gov[.]pk) of the Pakistani government website’s Directorate General of Immigration & Passport load
0 Comments
After months of investigating what was believed to be the largest online drug trafficking ring in the past decade, Israeli police, in conjunction with officers of the Security Service of Ukraine (SBU), have arrested 42 suspects, including the alleged leader. According to SBU, “On March 12, Ukrainian law enforcers basing on the motion about international
0 Comments
A prolific malware, dubbed Ursnif, has resurfaced with new features, including the ability to bypass a popular Japanese antivirus software called PhishWall, according to Cybereason. Described as one of the most prolific information-stealing malware programs, Ursnif has been around since at least 2013. For nearly three months, researchers have been observing a campaign that has
0 Comments
by Lisa Vaas Facebook on Friday sued two Ukrainian men, Andrey Gorbachov and Gleb Sluchevsky, for allegedly scraping private user data through malicious browser extensions that masqueraded as quizzes. The company also alleges that the deceptive extensions injected unauthorized ads into Facebook users’ News Feeds when their victims visited through the compromised browsers. From Facebook’s
0 Comments
In the proposed 2020 federal budget, released by the White House today, President Donald Trump has requested nearly $11bn be allocated to improving cybersecurity. “For cyber, the budget continues to integrate efforts and operationalize US cyber strategy, while scaling artificial intelligence throughout the department,” the document stated. Throughout the 150-page document, cybersecurity appeared several times, falling into
0 Comments
by Danny Bradbury The US Army has been forced to clarify its intentions for killer robots after unveiling a new program to build AI-powered targeting systems. The controversy surrounds the Advanced Targeting and Lethality Automated System (ATLAS). Created by the Department of Defense, it is a program to develop: Autonomous target acquisition technology, that will
0 Comments
A September 2018 ransomware attack on Wolverine Solutions Group (WSG) has had widespread impact, resulting in hundreds of thousands of customers being warned that their personal information may have been part of a data breach, according to Detroit Free Press. In a statement to its clients, Wolverine Solutions Group wrote, “On approximately September 25, 2018, WSG
0 Comments
by Danny Bradbury Firefox users will soon get yet another privacy feature to help them avoid snooping advertisers – and the measure comes straight from its cousin, the Tor browser. The new privacy protection will help Firefox users avoid a long-used snooping technique called fingerprinting. Browser cookies are not the only way to track users
0 Comments
Researchers at Pen Test Partners revealed in a proof of concept (PoC) that they were able to exploit vulnerabilities in two high-end “smart” alarms. In their PoC, the pen testers debunked third-party car alarm vendors’ claim to be the solution to key relay attacks on keyless-entry cars. “We have shown that fitting these alarms can make
0 Comments
Speaking at RSA Conference 2019, Black Hills Information Security owner John Strand discussed threat hunting and how this can be done on a small budget. He admitted that identifying command and control (C&C) traffic is “very difficult” as we have got to the stage where malware can be stealthy and uses C&C to hide, and
0 Comments
Speaking on ‘The Art of the Nudge, Cheap Ways to Steer User Behavior’ at RSA Conference 2019, Branden Williams, director of cybersecurity at MUFG Union Bank, highlighted the psychological ways that user actions can be influenced.  Using real world examples, such as calorie counts on a menu to help you make a healthier choice, or towels and bed
0 Comments
by Paul Ducklin The Naked Security podcast explains why storing plaintext passwords is an unnecessary evil, investigates a cryptocurrency spat between a software maker and a disgruntled user, and tells you some earnest but sometimes unpopular truths about how to keep your children safe online. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy.
0 Comments
Speaking at the CSA Summit, Cloud Security Alliance founder member and ACLU technology fellow Jon Callas tackled the question on whether the future of privacy is “Futile or Pretty Good?” He claimed that it is “really easy to be nihilistic about security” and all too easy to follow the news, but he believed that we