Security

0 Comments
A 19-year-old completely self-taught hacker from Argentina has just been recognized as the first bug bounty hacker to earn more than $1 million in bounty payout awards, according to HackerOne. Santiago Lopez, the hacker, who uses the handle @try_to_hack, has been discovering and disclosing vulnerabilities through HackerOne’s bug bounty program since 2015. In 2016, he earned
0 Comments
Even though misconfigurations in public clouds create risks to enterprise security, a new study found that more than half of IT professionals do not really understand the risks inherent in public cloud misconfigurations as well as they understand risks within their traditional IT environments. The 2019 State of Enterprise Cloud and Container Adoption and Security
0 Comments
by John E Dunn Researchers have spotted an unusual ‘trackware’ attack triggered by viewing a PDF inside the Chrome browser. Security company EdgeSpot said it noticed suspicious PDFs, which seem to have been circulating since 2017, sending HTTP POST traffic to the tracking site readnotify.com. The behaviour only happened when a user viewed a PDF
0 Comments
The state of Massachusetts is reportedly facing increased cyber threats from adversaries who are trying to steal sensitive information, according to the Gloucester Daily Times. In an interview with Stephanie Helm, director of the MassCyberCenter, State House reporter Christian M. Wade learned that the state’s computer systems as well as Massachusetts businesses and individuals are
0 Comments
Cryptocurrency mining tool Coinhive has decided to shut up shop, although not because of its rampant abuse by hackers over the past two years. The team behind the Monero miner revealed all in a brief post on Tuesday, claiming that the 18-month project had come to an end as it was no longer economically viable.
0 Comments
The advanced persistent threat (APT) group known since 2013 as BRONZE UNION, as well as Emissary Panda, APT 27 and LuckyMouse, is believed to be based in China, according to Secureworks. Published today, the State of the [BRONZE] UNION Snapshot and A Peek into BRONZE UNION’S Toolbox, are based on nearly two years of continuous,in-depth visibility
0 Comments
by Paul Ducklin The Naked Security podcast investigates a massive medical data blunder, tells you how NOT to do vulnerability disclosure, and finds out whether password managers do more harm than good. With Anna Brading, Paul Ducklin, Mark Stockley and Matt Boddy. This week’s stories: Millions of “private” medical helpline calls exposed on internet Virus
0 Comments
A graduate of The College of Saint Rose in Albany, New York, has been charged with damaging college computers, according to the Department of Justice’s (DoJ’s) US Attorney’s Office of the Northern District of New York. The 26-year-old Albany resident is reportedly a citizen of India who has been in the United States on a student visa.
0 Comments
Young women in West Virginia will join more than 6,000 high school girls for the second year of Girls Go CyberStart, an interactive series of digital challenges that teachers girls about cybersecurity.  First introduced in 2018, the program launched with 231 participants from 27 high schools across West Virginia. This year, according to West Virginia’s governor, Jim Justice,
0 Comments
Two US House committees will hold hearings next week, each focusing on data privacy as public pressure continues to mount for regulations that address protecting American consumers. On Tuesday, February 26, the House Consumer Protection and Commerce subcommittee will hold its hearing, “Protecting Consumer Privacy in the Era of Big Data.” The following day the
0 Comments
Entrust Datacard has announced a definitive agreement to acquire nCipher Security. Less than a month after nCipher de-merged from Thales, the deal will see nCipher’s identity-based and PKI security solutions become part of Entrust, enabling Thales to complete its acquisition of Gemalto. Operating as a separate stand-alone business within Thales since January 2019 under the
0 Comments
An analysis of multiple top password manager products has revealed vulnerabilities in the tools they use that could potentially put the security of user’s credentials at risk, according to Independent Security Evaluators (ISE). A new study, Under the Hood of Secrets Management, found that a variety of different password managers, including 1Password and LastPass, have
0 Comments
by Lisa Vaas Last week, CNBC reported that Facebook looks up users’ location data when it thinks they’re a threat to the company’s employees or facilities. Until recently, granting an Android app access to your location was an all-or-nothing deal: you either had to turn off location and prevent the app from seeing your location
0 Comments
Apparently cyber-criminals have an affinity not just for stealing credentials but more specifically for pilfering user credentials for pornography sites, according to a new report from Kaspersky Lab. The new report found that nearly 110,000 people were attacked with credential-stealing malware specifically targeting a premium pornography account. That’s more than double the 50,000 people who faced
0 Comments
Foreign adversaries pose threats to US national security, but researchers at Check Point believe that the advanced persistent threat (APT) group known as Lazarus is now targeting Russian organizations. In a February 19 blog post, Check Point revealed findings from research that suggests the North Korean APT known as both Lazarus and Hidden Cobra has
0 Comments
A definitive acquisition agreement between Palo Alto Networks and Demisto, announced today, is expected to close during the fiscal third quarter for Palo Alto Networks. The acquisition of Demisto will be finalized for a total purchase price of $560 million, according to a press release. The total purchase, to be paid in cash and stock, is
0 Comments
Australian Prime Minister Scott Morrison has blamed a “sophisticated state actor” for the recent attempt to hack the parliament’s computer network. On February 8 news broke of the malicious activity which resulted in password resets for government workers. Speaking today, PM Morrison said that there was “no evidence of electoral interference” and that steps were
0 Comments
As the value of Bitcoin and other cryptocurrencies continues to fluctuate while governments consider marketplace regulations, J.P. Morgan announced that is launching the first US bank-backed cryptocurrency, JPM Coin. “The JPM Coin is based on blockchain-based technology enabling the instantaneous transfer of payments between institutional accounts,” the press release stated. “Exchanging value, such as money, between different