Forbes’ Parmy Olson published a short article about PrivacyGrade on Tuesday. What is PrivacyGrade? From PrivacyGrade’s FAQ: The goal of PrivacyGrade.org is to help raise awareness of the behaviors that many smartphone apps have that may affect people’s privacy. PrivacyGrade provides detailed information about an app’s privacy-related behaviors. We summarize these behaviors in the form […]more…
Why bug bounty hunters love the thrill of the chase
Bounty hunters in the law enforcement field are often thought of as these long haired, wild men who will do whatever it takes to track down the person who has run afoul of the law. Bug bounty hunters perhaps have the same passion for tracking down code-based flaws, but you would be hard pressed to […]more…
Control over personal info nearly dead, Pew survey respondents say
Internet companies have run amok with our personal data, and people aren’t entirely sure what to do about it, judging from the results of a new survey. More than 90 percent of Americans feel they’ve lost control over how their personal information is collected and used by companies, particularly for advertising purposes, according to the […]more…
What CIOs can learn from the biggest data breaches
We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn’t always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a […]more…
What happens when enterprises promote employees with low security IQs
I love the new TV show “Scorpion”, which depicts extreme geniuses Walter O’Brien and his team solving high-risk crisis scenarios using nearly impossible solutions. As everyone should know, the real-life Walter O’Brien, whose high IQ and comparable achievements spawned the basis for the TV drama actually identified the brother terrorists who were behind the Boston […]more…
Microsoft fixes severe 19 year-old Windows bug found in everything since Windows 95
With help from IBM, Microsoft has patched a critical Windows vulnerability that flew under the radar for nearly two decades. The bug has existed in every version of Windows since Windows 95, and would have allowed an attacker to run code remotely when the user visits a malicious website. IBM researcher Robert Freeman described the […]more…
First Stuxnet victims were five Iranian industrial automation companies
For the first time since Stuxnet was discovered in 2010, researchers have publicly named the worm’s original victims: five Iranian companies involved in industrial automation. Stuxnet is considered to be the first known cyberweapon. It is believed to have been created by the U.S. and Israel in order to attack and slow down Iran’s nuclear […]more…
Following the Trail of South Korean Mobile Malware
There have been previous reports about attacks which targeted third party app sites in South Korea resulting in more than 20,000 smartphones being infected with malicious apps. Note that none of these apps were found on the official Google Play store. Checking our database confirmed that this malware family has already been detected as ANDROIDOS_KrBot.HRX. We […]more…
Palo Alto says its new endpoint protection tool can stop the bad stuff in its tracks
The problem with signature based security tools is you are vulnerable until the signature is released and distributed. Palo Alto Networks takes a different approach with Traps, so Network World Editor in Chief John Dix tracked down Palo Alto VP of Product Marketing Scott Gainey for an inside look at how Traps works. You recently […]more…
Adobe fixes eighteen vulnerabilities in Flash Player
Adobe Systems released critical security updates Tuesday for Flash Player to address 18 vulnerabilities, many of which can be remotely exploited to compromise underlying systems. Fifteen of the patched vulnerabilities can result in arbitrary code execution, one can be exploited to disclose session tokens and two allow attackers to escalate their privileges from the low […]more…
Patch Tuesday wrap-up, November 2014: Microsoft joins the "security hole in HTTPS" club
Here’s what you need to know about the November 2014 Patch Tuesday updates from Microsoft and Adobe…more…
Online casino fined for emailing promotions to "self-excluded" gamblers
After gamblers added themselves to a voluntary “self-exclusion” list, they continued to receive promotional offers from the online gambling arm of casino giant Caesars Entertainment Corp. Now the company has to pay a fine.more…
Paedophile caught after targeted girl’s father impersonates her on Facebook
A paedophile was on bail waiting to be sentenced for a string of sex offences when he contacted what he thought was a 10-year-old girl, telling her she was “gorgeous” and that she should come to his home for “cuddles”.more…
Tor Project puzzles over how the law shredded anonymity in Operation Onymous
The Tor Project would very much like to know how identities were laid bare in the recent Operation Onymous.more…
Firefox turns 10 – celebrates by helping you to forget
The Firefox browser just turned 10. Paul Ducklin takes a trip down memory lane…more…
The Psychology Behind Why Websites Get Hacked
It’s an everyday conversation for security professionals that interact with everyday website owners. The one where we have to explain that just because everything seems fine, doesn’t mean that the best security practices shouldn’t be followed, or that being safe so far doesn’t grant future invincibility. The question, “Why should I worry?” is heard so […]more…