Blockchain Security Startup Fireblocks Emerges From Stealth With $16 Million in Funding
Fireblocks Emerges From Stealth Mode to Protect Digital Assets in Hot Wallets and Transit read more more…Microsoft is better at documenting patch problems, but issues abound
I don’t know about you, but I’ve given up on Microsoft’s ability to deliver reliable patches. Month after month, we’ve seen big bugs and little bugs pushed and pulled and squished and re-squished. You can see a chronology from the past two years in my patching whack-a-mole columns starting here. [ Related: Windows 10 May […] more…Shifting Tactics: Breaking Down TA505 Group’s Use of HTML, RATs and Other Techniques in Latest Campaigns
by Hara Hiroaki and Loseway Lu (Threats Analysts) TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. We have been following TA505 closely and detected various related activities for the past two months. In the group’s latest campaign, they started […] more…Don’t Hesitate When Transforming Your Business
Transformation is a popular buzz word in the tech industry. The market is full of companies promising to be the change your business needs to help it transform into the best player in its category. Many companies that have been around for a decade or more believe they’ve already transformed their business numerous times to […] more…MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
By Daniel Lunghi and Jaromir Horejsi We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as […] more…CVE-2019-2725 Exploited and Certificate Files Used for Obfuscation to Deliver Monero Miner
by Mark Vicente, Johnlery Triunfante, and Byron Gelera In April 2019, a security advisory was released for CVE-2019-2725, a deserialization vulnerability involving the widely used Oracle WebLogic Server. Soon after the advisory was published, reports emerged on the SANS ISC InfoSec forums that the vulnerability was already being actively exploited to install cryptocurrency miners. We […] more…What You Can Do to Reduce Your E-Waste This World Environment Day
Our love of technology and often biological need for new devices has created one of the biggest environmental issues of our time – e-waste. Today is World Environment Day – a great opportunity to ensure we are doing all we can to minimise landfill and protect our precious environment. Over the last 12 months, BYO […] more…Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims
As part of our efforts to monitor malicious activity aimed at containers, we set up a machine that simulated a Docker host with an exposed API — one of the most common targets of container-based threats — to act as a honeypot. Our goal was to monitor the honeypot and detect if someone finds and […] more…Palo Alto Networks Acquires Cloud Security Startups Twistlock and PureSec
Network security giant Palo Alto Networks (NYSE: PANW) announced on Wednesday that it has agreed to acquire two security startups that it says will help extend its cloud security capabilities. read more more…Two self-driving startups team up to build a different kind of lidar
Two self-driving startups team up to build a different kind of lidar l33tdawg Wed, 05/29/2019 – 06:06 more…The GDPR – One Year Later
A couple of weeks ago, one famous lawyer blogged about an issue frequently discussed these days: the GDPR, one year later. “The sky has not fallen. The Internet has not stopped working. The multi-million-euro fines have not happened (yet). It was always going to be this way. A year has gone by since the General […] more…From APES to Bespoke Security Automated as a Service
Many of the most innovative security start-ups I come across share a common heritage – their core product evolved from a need to automate the delivery of an advanced service that had begun as a boutique or specialized consulting offering. Start-ups with this legacy tend to have bypassed the “feature looking for a problem” phase […] more…Google Starts Tracking Zero-Days Exploited in the Wild
Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches. read more more…I am an AI Neophyte
I am an Artificial Intelligence (AI) neophyte. I’m not a data scientist or a computer scientist or even a mathematician. But I am fascinated by AI’s possibilities, enamored with its promise and at times terrified of its potential consequences. I have the good fortune to work in the company of amazing data scientists that seek […] more…Saving Summer: 5 Strategies to Help Reign In Family Screen Time Over Break
It’s the most wonderful time of the year — for teachers and lifeguards. For everyone else (parents) we have a little prep work to do to make sure the summer doesn’t lull our kids into digital comas. Most of us have learned that given zero limits, kids will play video games, watch YouTube, send snaps, […] more…Information Services Giant Wolters Kluwer Hit by Malware Attack
Global information services giant Wolters Kluwer has taken many of its applications and platforms offline after discovering malware on its systems. The Netherlands-based company started seeing what it described as “technical anomalies” on May 6. This triggered an investigation that led to the discovery of malware. read more more…More information
- Google CEO on innovation: ‘We’re at 1% of what’s possible’
- Trojan program based on ZeuS targets 150 banks, can hijack webcams
- Human Rights Group: Employee Targeted With Israeli Spyware
- Secret US spy court approved every surveillance request in 2015
- Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250)
- New "Dok" Mac OSX Malware Steals Sensitive Data
- Cisco Patches Critical WebEx Vulnerabilities
- Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability
- Microsoft Internet Explorer CVE-2014-4096 Remote Memory Corruption Vulnerability
- NSA metadata collection is illegal, rules US court