White House wants 10% hike in cybersecurity spending
The White House, citing the peril posed to the government and private sector by cyberattacks, wants more money for cybersecurity research, technology and investigators. That funding request, included in the 2016 federal budget released Monday, seeks $14 billion — a 10% increase over the current fiscal year — in defending U.S. cybersecurity systems. Cyberattacks and […] more…Why You Shouldn’t Completely Trust Files Signed with Digital Certificates
A digital certificate with a file is always seen as a token of its security. For users, a digital certificate is an indication that the file does not contain malicious code. Many system administrators develop their corporate security policies by allowing users to launch only those files that are signed with a digital certificate. In […] more…Malaysia Airlines attacked, big data dump threatened
The Malaysia Airlines website has been attacked and the Lizard Squad, one of the groups that claimed responsibility on Monday, threatened to soon “dump some loot” found on the airline’s servers. The airline said in a statement on its Facebook page that its Domain Name System (DNS) was compromised and as a result users trying […] more…Resolved: Networking Issue – January 12
On Monday, January 12, 2015, a networking issue occurred from 1:31 p.m. until 1:35 p.m. After working with the vendor, an unusual software bug rarely encountered by the vendor was deemed to be the root cause. As a result of the issue, the following services have been impacted: www.psu.edu, news.psu.edu, WebAccess, and LDAP servers. Other […] more…UK police make arrest related to denial of service attack on Playstation and Xbox networks
U.K. police have arrested a man they believe was involved in the denial-of-service attacks directed at PlayStation Network and Xbox Live at end of last year. Proud new owners of PlayStation and Xbox consoles weren’t able to or had trouble accessing Sony’s and Microsoft’s networks starting on Christmas day as a result of the attack, […] more…Zuckerberg describes need to balance local laws and free speech
Mark Zuckerberg tackled the thorny issue of how to balance free speech with local laws at Facebook’s first international town-hall Q&A in Colombia on Wednesday. “Most countries have laws restricting some form of speech or another,” the CEO said. If Facebook were to let users post something that would be illegal in their country, would […] more…AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported […] more…Mobile Virtualization – Solving the BYOD Problem
For many users today, how they use technology is defined by mobile devices. Their primary device is not a desktop computer, or even a laptop. Instead, it’s a tablet or a smartphone. Instead of data stored on a hard drive or a USB stick, corporate data is now stored in the cloud and accessed as […] more…Stolen credentials used to access United Airlines’ MileagePlus accounts
Three dozen loyalty accounts belonging to United Airlines customers saw fraudulent transactions after hackers used login credentials collected from an unknown source. The Mileage Plus accounts, which are part of United’s rewards program, were accessed early last month, said Luke Punzenberger, a United spokesman, on Sunday. The program has about 95 million participants. Punzenberger said […] more…The second round of CODE BLUE in Japan
CODE BLUE@TOKYO, a cutting-edge IT security conference, was held from 18th -19th December. It was the second round, following its first occurrence in February 2014. More than 400 people came together from all around the world, including one remotely participating in the conference via a drone. Heated discussions took place among researchers and engineers during […] more…Facebook Users Targeted By Android Same Origin Policy Exploit
A few months back we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, attacks are found under the collaboration of Trend Micro and Facebook, which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users […] more…New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider
If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is using the domain wpcache-blogger.com as […] more…Update: Phishing Email Appearing to Come from ITS Service Desk
An email is circulating that appears to be coming from the IT Service Desk. If the user clicks on the link it will result in their access account being locked. {see email snippet below} {Penn State Webmail Administrative Information Services (AIS) have released a new version of the Penn State Webmail yesterday, Saturday, December 20, […] more…Phishing Email Appearing to Come from ITS Service Desk
An email is circulating that appears to be coming from the IT Service Desk. (see snippet below) If the user clicks on the link it will result in their access account being locked. (Penn State Webmail Administrative Information Services (AIS) have released a new version of the Penn State Webmail yesterday, Saturday, December 20, 2014. […] more…FBI concludes North Korea ‘responsible’ for Sony hack
North Korea was responsible for the devastating cyberattack on Sony Pictures, the U.S. Federal Bureau of Investigation said Friday after a two-week investigation. The attack on Sony occurred in late November and resulted in the theft of thousands of files that, after being leaked online, proved highly embarrassing for the company. Financial documents, legal and […] more…How Cybercriminals Dodge Email Authentication
Email authentication and validation is one method that is used to help bring down the levels of spam and phishing by identifying senders so that malicious emails can be identified and discarded. Two frameworks are in common usage today; these are SPF and DKIM. SPF (Sender Policy Framework): Defined in RFC 7208, SPF provides a […] more…More information
- D-Link router user? Keep your ears and eyes open for the next firmware fixes!
- Wyden urges government agencies to ditch Flash
- Security-as-a-service supplier Alert Logic started with IDS and blossomed from there
- First Came GDPR, Then Comes ePrivacy – What to Expect with Global Data Regulations
- Vulnerabilities Continue to Plague Industrial Control Systems
- Google’s soaring piracy link-removal requests hit 65 million last month
- No More Ransom Blows Out Three Birthday Candles Today
- UK Cybersecurity Center Says ‘Deepfakes’ and Other AI Tools Pose a Threat to the Next Election
- New Router Attack Displays Fake Warning Messages
- 5 things you need to know about new Payment Card Industry (PCI 3.0) standard