Hacker: ‘Hundreds of thousands’ of vehicles are at risk of attack
A security expert who recently demonstrated he could hack into a Jeep and control its most vital functions said the same could be done with hundreds of thousands of other vehicles on the road today. Security experts Charlie Miller and Chris Valasek collaborated with Wired magazine to demonstrate how they could remotely hack into and […] more…"IOS Crash Report" Update: Safari Adds Block Feature
Ask, and sometimes, you shall receive. Last Friday, we wrote about call center scammers targeting iOS. And today, Apple released a new (beta) feature that should help. Apple released iOS 9 Public Beta 2: And it appears that one of Safari’s new features allows people to block fraud-focused JavaScript. We tested a scam-site and after […] more…FuTuRology: A Look at Impending Threats to Popular Technologies
How do you think will the threat landscape evolve in the next two years? Three years? One of the most exciting aspects of belonging to a research group like the Trend Micro Forward-Looking Threat Research (FTR) team is practicing the intellectual exercise that is predicting the future. We can’t know what will happen but, with […] more…Windows 10 Sharpens Browser Security With Microsoft Edge
Internet Explorer is possibly the most popular target for vulnerabilities around today. In 2014 alone, a total of 243 vulnerabilities in Internet Explorer were disclosed and patched. Every Microsoft Patch Tuesday cycle contains one bulletin that covers multiple IE vulnerabilities – the monthly “Cumulative Security Update for Internet Explorer”, as it is called by Microsoft. […] more…Microsoft patches Windows zero-day found in Hacking Team’s leaked docs
Microsoft today issued one of its sporadic emergency, or “out-of-band,” security updates to patch a vulnerability in Windows — including the yet-to-be-released Windows 10 — that was uncovered by researchers sifting through the massive cache of emails leaked after a breach of Italian surveillance vendor Hacking Team. The Milan-based vendor sells surveillance software to governments […] more…Best tools for email encryption
Email encryption Recipients of encrypted emails once had to share the same system as the sender. Today, products have a “zero knowledge encryption” feature, which means you can send an encrypted message to someone who isn’t on your chosen encryption service. Today’s products make sending and receiving messages easier, with advances like an Outlook or […] more…Hideouts for Lease: The Silent Role of Bulletproof Hosting Services in Cybercriminal Operations
What do LeaseWeb, Galkahost, and Spamz have in common? All of them, at one point or another, have functioned as cybercriminal hideouts in the form of bulletproof hosting services (BPHS). Simply put, BPHS is any “hosting facility that can store any type of malicious content like phishing sites, pornography, and command-and-control (C&C) infrastructure.” If I […] more…Adobe patches Flash to quash last two zero-days unearthed in Hacking Team’s cache
Adobe today patched Flash Player to quash a pair of zero-day vulnerabilities found in the massive cache of documents hackers stole from the Hacking Team surveillance company. Earlier Tuesday, Google patched its Chrome browser with an updated version of Flash, signaling that Adobe would soon follow suit. But Microsoft dropped the ball, having not only […] more…Hacking Team Flash Zero-Day Integrated Into Exploit Kits
Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Kafeine said, Neutrino Exploit Kit also has included this zero-day. The existence of this particular vulnerability was just leaked from Hacking Team; Adobe has […] more…Lordfenix: 20-year-old Brazilian Makes Profit Off Banking Malware
A 20-year-old college student whose underground username is Lordfenix has become one of Brazil’s top banking malware creators. Lordfenix developed his underground reputation by creating more than a hundred online banking Trojans, each valued at over US$300. Lordfenix is the latest in a string of young and notorious solo cybercriminals we’re seeing today. Who is […] more…Cybrary and WIT partner to help women advance in cybersecurity
A new partnership between IT MOOC platform Cybrary and Women in Technology (WIT), a professional organization for women in the technology field, aims to address two major challenges faced by IT organizations today: a shortage of cybersecurity professionals and a lack of women in technology. Addressing two major issues Demand for cybersecurity professionals is growing […] more…The Spring Dragon APT
Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the […] more…Microsoft Security Updates June 2015
Microsoft releases eight security bulletins today, updating a set of forty five software vulnerabilities. This month’s updates touch a smaller set of Microsoft software, but two of the Bulletins address kernel-level vulnerabilities and require a restart. Some are being exploited as a part of serious targeted attack activity: Windows Kernel, win32k.sys (MS15-061) Internet Explorer – critical Windows […] more…Does CCTV put the public at risk of cyberattack?
The research was originally presented at DefCon 2014. It has been published as part of Kaspersky Lab’s support of Securing Smart Cities – a global not-for-profit initiative that aims to solve the existing and future cybersecurity problems of smart cities through collaboration between companies, governments, media outlets, not-for-profit initiatives and individuals across the world. Thomas […] more…Attack of the Solo Cybercriminals – Frapstar in Canada
By now cybercrime has become the fastest growing criminal enterprise of the 21st century, run by efficient organizations with great professionalism. Today, news headlines are mostly about large-scale breaches orchestrated by large criminal syndicates. But smaller one-man operations can be equally devastating to the unwitting home users and businesses. This reminds us that cyber criminals […] more…[1Q 2015 Security Roundup] Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices
Best practices are failing. No matter how good you are at sticking to them, they can no longer guarantee your safety against the simplest threats we saw last quarter. Malicious advertisements are in the sites you frequent, data-leaking apps come preinstalled in your gadgets, and data-encrypting malware run silently in your office networks. Even the […] more…More information
- Microsoft opens New York research lab, hires mainly Yahoo researchers
- How the software-defined datacenter benefits enterprises
- 19% Of iOS Apps Access Your Address Book Without Your Permission
- Times reporter arrested over NightJack blogger email hack
- Iranian Attackers Use Fake LinkedIn Profiles to Target Victims
- Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies
- Microsoft Edge CVE-2016-7194 Scripting Engine Remote Memory Corruption Vulnerability
- HTTPS-crippling attack threatens tens of thousands of Web and mail servers
- Maintenance: Wireless will be unavailable at some locations (Dec. 18)
- Six months for posting ex girlfriend’s nude pics on Facebook