Penquin’s Moonlit Maze
Download full report (PDF) Download Appendix B (PDF) Download YARA rules Back to the Future – SAS 2016 As Thomas Rid left the SAS 2016 stage, he left us with a claim that turned the heads of the elite researchers who filled the detective-themed Tenerife conference hall. His investigation had turned up multiple sources involved […] more…A Quick Guide to ‘Zero-Day Threats’ and How They Affect You
If you’re looking for a cybersecurity term that sounds intimidating and impressive to those who aren’t familiar with the field, you’d be hard pressed to find a better phrase than “zero-day threat.” It’s catchy, it hints at clandestine activity, and it’s taken advantage of vulnerabilities found with the systems of a large health organization and […] more…Continuous IT audits are needed to combat today’s cyber threats
We find that many IT departments within our clients’ organizations have very talented IT staff, but all too often they don’t have an information security and compliance staff member on board. All too often this role is not in place. So the question is, how can they meet compliance and maintain security of their vital […] more…Not just a load of old COBOLers: systems are still running on old code
Old code still underpins systems from airlines to banking, presenting not just a potential security risk, but also a risk that you might not be able to find developers to fix the issues more…Google patches Chrome bug from fizzled Pwn2Own hack
Google yesterday updated Chrome to patch several vulnerabilities, including a bug in the browser’s JavaScript engine that a Chinese team tried to exploit at a recent hacking contest. The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked “Critical” — the most serious rating in Google’s system — and the others tagged “High.” […] more…Saks self-leaked customer data unencrypted, violating multiple rules
With so many retailers being impacted by cyber attacks, it’s easy to conclude that thieves are necessary for data breaches. Not necessarily. Saks last week made clear that it can breach itself quite efficiently. That revelation comes courtesy of Buzzfeed News, which visited the site and noticed private data about quite a few fellow site visitors […] more…How to keep ransomware from human resources
Ransomware is not your friend. It’s lurking out there to take over your computer and business systems to extort money from you. Keeping this wolf from your door takes some doing. The sneak attacks come attached to emails. When opened, these attachments infect your computer and lock it up until you pay the ransom demanded. […] more…Cybercriminals Claim They Have ‘Millions’ of iCloud Credentials, but Likelihood Is Low. Here’s Why
A lot of people love to play poker for the thrill and entertainment of sheer luck. For some, however, it’s more of a game of skill. One where you can discern the intent of your competitors by reading their faces and tics and betting on whether they have the cards they say they do. It […] more…Scammers scare iPhone users into paying to unlock not-really-locked Safari
Apple yesterday patched a bug in the iOS version of Safari that had been used by criminals to spook users into paying $125 or more because they assumed the browser was broken. The flaw, fixed in Monday’s iOS 10.3 update, had been reported to Apple a month ago by researchers at San Francisco-based mobile security […] more…Apple Patches Hundreds of Vulnerabilities Across Product Lines
Apple Patches Desktop, Mobile, Wearable Platforms to Fix More than 200 Security Vulnerabilities read more more…Threat Landscape for Industrial Automation Systems, H2 2016
The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations. All statistical data used in the report was obtained using Kaspersky Security Network (KSN), a distributed antivirus network. Data was received from those KSN […] more…Stop using password manager browser extensions
It’s been over a year since I presented on LostPass at ShmooCon, and in that time, many more bugs have been found in password managers. The most severe of which are in browser-based password managers extensions such as LastPass. Tavis Ormandy yesterday demonstrated a remote code execution on the latest LastPass version. This isn’t the […] more…Mozilla beats rivals, patches Firefox’s Pwn2Own bug
Mozilla last week patched a Firefox vulnerability just a day after it was revealed during Pwn2Own, the first vendor to fix a flaw disclosed at the hacking contest. “Congrats to #Mozilla for being the first vendor to patch vuln[erability] disclosed during #Pwn2Own,” tweeted the Zero Day Initiative (ZDI) Monday. ZDI, the bug brokerage run by […] more…Vulnerabilities Found in Double Telepresence Robots
Researchers at Rapid7 discovered several vulnerabilities in Double telepresence robots from Double Robotics. The vendor has addressed the more serious issues with server-side fixes. read more more…Anything you post can and will be used against you
Everybody’s freaking out over the Wikileaks revelations that the Central Intelligence Agency can hack Apple and Android smartphones, major PC operating systems — and even TV sets. The news is causing ripples in international relations and got companies like Google and Apple to patch holes and issue fixes. To read this article in full or […] more…How to Identify Three Common Phishing Scams
Time and time again, phishing scams have gotten the best of us. Take the recent W-2 attacks that are everywhere this tax season, or the phishing scam affecting Gmail users. Google was required to release a patch within Chrome to address the problem, but the scam was surprisingly simple – just an email linking to […] more…More information
- PASS Homes Metadata Disk Replacement
- Trojanized Android games hide malicious code in images
- New products of the week 12.12.16
- 70% of Teens Hide Online Activities from Parents—Why We Should be Concerned
- Allianz Life Data Breach Impacts Most of 1.4 Million US Customers
- Verizon’s Yahoo deal creates tracking powerhouse, privacy groups warn
- Naked Security Live – Ping of Death: are you at risk?
- WikiLeaks Details CIA Tool for Creating Windows Malware Installers
- 20 highest paid tech CEOs
- Cyber Insights 2025: Artificial Intelligence