Security

0 Comments
Legacy software vulnerabilities have created opportunities for hackers to steal credit card data and other personal information using tiny point of sale (POS) malware, according to research published by Forcepoint. Researchers reportedly analyzed 2,000 samples of POS malware and found that many are handcrafted, written in assembly code and very small; thus, researchers aptly named the
0 Comments
by Paul Ducklin Today is World Password Day, and that means it’s a day that’s all about caring and sharing… …but WITHOUT THE SHARING! We made a short video to catch your attention: (Watch directly on YouTube if the video won’t play here.) None of the passwords in the video seem truly terrible – there’s
0 Comments
Cyber-attacks in the UK grew by an alarming 140% in 2018, according to a cyber-threat landscape report by eSentire that discusses the most impacted industries in the UK and which types of attacks were the most successful. Attacks on IoT devices have also seen significant growth, with “a growing trend in IoT exploits targeting cameras, door
0 Comments
by Maria Varmazis Our whole lives and livelihoods are wrapped up in our data. That data is especially vulnerable at border crossings and in unfamiliar environments. There are plenty of security products available on the internet for the privacy-minded traveler – if you feel like going shopping, a quick search will turn those up for
0 Comments
Organizations continue to face challenges with managing open source risk, according to a new report published today by published today by Synopsys Cybersecurity Research Center (CyRC). The annual Open Source Security and Risk Analysis (OSSRA) Report, analyzed the anonymized data of over 1,200 commercial codebases from 2018 and found that 96% contained open source components, with
0 Comments
App developer DO Global, a Chinese developer partly owned by Baidu that generates over a half billion installs, has been banned from Google Play after the store received reports the apps were part of an ad fraud scheme, according to BuzzFeed News. As of April 26, 46 apps from DO Global had reportedly been removed from
0 Comments
by John E Dunn After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software
0 Comments
After Facebook alerted the Data Protection Commission (DPC) that it had found hundreds of millions of user passwords stored in its internal servers in plain text format, DPC launched an investigation to determine whether the company had acted in compliance with the General Data Protection Regulation (GDPR), according to an April 25 press release. According
0 Comments
The Hong Kong branch of Amnesty International has reportedly been the target of a sophisticated state-sponsored attack believed to have been carried out by a group of hostile threat actors within the Chinese government. An April 25 press release from Amnesty International said the cyber-attack was detected on March 15, 2019, after monitoring tools identified
0 Comments
After years of requesting a seat at the table, cybersecurity professionals are starting to feel that they see eye to eye with their stakeholders, according to a new report. The AT&T cybersecurity report surveyed 733 security experts at the RSA 2019 conference and found that the vast majority of respondents feel mostly or somewhat in
0 Comments
by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating
0 Comments
A new law in Washington expanded regulations that mandate when consumers must be notified if a malicious actor gains access to their private data, according to a press release from the state’s office of the attorney general (AG). In response to AG Bob Ferguson’s request for legislators to strengthen the state’s data breach notification laws,
0 Comments
Across the healthcare sector, ransomware is reportedly no longer the most prevalent security threat, according to new research from Vectra that found attacks decreased during the second half of 2018. The Vectra 2019 Spotlight Report on Healthcare found that internal human error and misuse occur much more frequently than hacking. In addition, a growing number
0 Comments
The European Parliament has approved plans to boost physical security by implementing a mass identity database, although privacy concerns persist. The Common Identity Repository (CIR) will centralize the personal information of nearly all non-EU citizens in the EU’s visa-free Schengen region. The latter covers the vast majority of the EU except for Ireland and the
0 Comments
During a visit to San Francisco, Singapore foreign affairs minister Vivian Balakrishnan commented that the country cannot “go back to pen and paper. … If people lose confidence in the integrity and security of the system, then all these aspirations cannot be fulfilled.” The comments follow information coming into the open regarding data breaches, one
0 Comments
by Paul Ducklin Last week we wrote about “ransomware from afar” – attacks in which cybercrooks apparently aim ransomware at you across the internet. Whether they hack someone else’s computer on which to run the malware program, or deliberately set up a sacrificial laptop or virtual machine (software-based computer) of their own, the outcome is
0 Comments
by Paul Ducklin The featured image comes from @MalwareTechBlog, the Twitter feed of Marcus Hutchins.Louise Mensch is an independent British/American journalist. Remember the reluctant WannaCry hero? WannaCry was ransomware that made big headlines in mid-2017 for two important reasons. First, it was a true computer worm, or virus, that automatically propagated itself to the next
0 Comments
After two years of investigating, yesterday Robert S. Mueller III finally released his investigation, Report on the Investigation into Russian Interference in the 2016 Presidential Election. The 448-page report looks into Russian interference specifically but also into any individuals in the US that may have been involved.  Appointed in May 2017 as Special Counsel to the
0 Comments
A security researcher identified eight unsecured databases that held “approximately 60 million records of LinkedIn user information.” GDI Foundation, where the security researcher is from, is a nonprofit organization with a mission to “defend the free and open Internet by trying to make it safer.” The researcher, Sanyam Jain, contacted Bleeding Computer when he noticed “something