How to train new grads on corporate security
Millennials bring a lot to the workplace, whether they’re pushing the boundaries of company culture or forcing companies to modernize. But there are a few risks associated with hiring recent grads — especially if it’s their first job in the industry — and one of those risks is data security. In a recent study from […] more…Industrial cybersecurity threat landscape
Download ICS Availability Statistics (PDF version) Download ICS Statistic vulnerabilities (PDF version) Overview Industrial control systems (ICS) surround us: they are used in electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods). Smart cities, smart houses and cars, […] more…VDI: Non-virtual problems of virtual desktop security, and how to solve them for real
Introduction Virtualization marches victoriously across the globe, adding to its list of champions not only individual IT-specialists and businesses, but even whole sections of the IT industry. In fact, it’s barely possible to find a data center with only physical servers on board: both electricity and physical space are far too expensive nowadays to be […] more…Surges in mobile energy consumption during USB charging and data exchange
Recently, our colleagues questioned the security of charging mobile devices via USB ports. They discovered that if there were a computer behind the port, there would be a data exchange, even when the mobile is blocked. We became curious – is it possible to measure the energy consumption of the “host + mobile” system during […] more…KSN Report: Mobile ransomware in 2014-2016
Part 1. KSN Report: PC ransomware in 2014-2016 Download PDF version Statistics The activity of mobile ransomware, although not as widely covered in the media as PC ransomware, also skyrocketed over the period covered by this report. Especially in the second half. Fig. 12: The number of users encountering mobile ransomware at least once in […] more…Apple fixes memory corruption vulnerability in AirPort product line
Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products. Addressing a vulnerability that could have potentially resulted in remote code execution, Apple announced a firmware update for several of its AirPort Wi-Fi products on Monday. Tags: Apple more…KSN Report: Ransomware in 2014-2016
Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely […] more…KSN Report: Ransomware from 2014-2016
Executive summary and main findings Ransomware is a type of malware that, upon infecting a device, blocks access to it or to some or all of the information stored on it. In order to unlock either the device or the data, the user is required to pay a ransom, usually in bitcoins or another widely […] more…First experimental Zika vaccine gets nod from FDA, moves to human trials
The US Food and Drug Administration on Monday approved the first human trial of an experimental Zika vaccine, according to a joint announcement by the two companies behind the new therapy. The companies, Inovio Pharmaceuticals, Inc., based in Pennsylvania, and GeneOne Life Science, Inc., based in South Korea, said that their DNA-based vaccine candidate, dubbed […] more…The Tip of the Iceberg: An Unexpected Turn in the xDedic Story
Introduction Last week we reported on the xDedic underground marketplace that facilitated the selling and buying of access to compromised RDP servers. We counted over 70,000 hacked server accounts from 173 countries for sale on the marketplace. After the public announcement the xDedic website very quickly went offline, thanks to the cooperation of several major […] more…‘Spam king’ Sanford Wallace sentenced to 2.5 years in prison for Facebook phishing scam
Self-styled spam king Sanford Wallace was sentenced to two-and-a-half years in prison on Tuesday for a phishing scam that resulted in the sending of over 27 million messages to Facebook users. Last August, Wallace admitted to compromising around 500,000 Facebook accounts, using them to send over 27 million spam messages through Facebook’s servers, between November […] more…Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
Users of the TeamViewer remote-access service have been complaining in recent weeks about how their systems have been hacked into, unauthorized purchases made on their cards, their bank accounts emptied. Initially it was believed that this was due to a hack into TeamViewer itself, but the company has denied this. Instead, they have blamed password re-use, […] more…A popular cloud privacy bill stalls in the Senate
A bill to give email and other documents stored in the cloud new protections from government searches may be dead in the U.S. Senate over a proposed amendment to expand the FBI’s surveillance powers. The Electronic Communications Privacy Act Amendments Act would require law enforcement agencies to get court-ordered warrants to search email and other data […] more…IT threats during the 2016 Olympic Games in Brazil
Olympic threats designed to trick you Are you planning to visit Brazil during the Olympic Games? Or watch it online? In this blog post we discuss the threats to visitors aiming to travel to Brazil to watch the games and to those planning to watch it online. In the first part we’ll talk about phishing […] more…Lurk Banker Trojan: Exclusively for Russia
One piece of advice that often appears in closed message boards used by Russian cybercriminals is “Don’t work with RU”. This is a kind of instruction given by more experienced Russian criminals to the younger generation. It can be interpreted as: “don’t steal money from people in Russia, don’t infect their machines, don’t use compatriots […] more…FastPOS: Quick and Easy Credit Card Theft
Businesses today pride themselves on responding quickly to changing conditions. Unfortunately, cybercriminals aren’t any different. A newly discovered malware family hitting point-of-sale (PoS) systems has been found which emphasizes speed in how the information is stolen and sent back to attackers. We called this attack FastPOS, due to the speed and efficiency of its credit card theft […] more…More information
- Chinese Hackers Target Uyghurs With Multiple Android Surveillance Tools
- Skype, WhatsApp, and Yelp access your data hundreds of times, but nobody knows why
- Airbnb calls its hosts ‘micro-entrepreneurs’ who are in need of new laws
- Threat Hunting with Machine Learning, Artificial Intelligence, and Cognitive Computing
- VMware Unveils New Cloud Workload Security Solution
- VirusTotal -= Norman
- Identity and Data Protection Provider Ermetic Raises $17 Million
- Is the BSD OS dying? Some security researchers think so
- OneLayer Raises $6.5 Million From Koch’s VC Arm
- Microsoft Internet Explorer CVE-2016-0107 Remote Memory Corruption Vulnerability