RSS WeLiveSecurity
  • Week in security with Tony Anscombe August 23, 2019
    ESET research uncovers the first known instances of spyware that is based on the AhMyth Remote Access Tool and has snuck into Google Play The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Cyberbullying: What schools and teachers can do August 23, 2019
    How schools and educators can address and help prevent abusive behavior on the internet The post Cyberbullying: What schools and teachers can do appeared first on WeLiveSecurity
  • First‑of‑its‑kind spyware sneaks into Google Play August 22, 2019
    ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice The post First‑of‑its‑kind spyware sneaks into Google Play appeared first on WeLiveSecurity
  • Education and privacy legislation at ChannelCon August 21, 2019
    As education is becoming an increasingly vital tool in companies’ security toolboxes, the question arises: How can they effectively implement security awareness training? The post Education and privacy legislation at ChannelCon appeared first on WeLiveSecurity
  • Ransomware wave hits 23 towns in Texas August 20, 2019
    The attack, which has victimized mostly smaller local governments, is thought to have been unleashed by a single threat actor The post Ransomware wave hits 23 towns in Texas appeared first on WeLiveSecurity
RSS McAfee Blogs
  • Clicks & Cliques: How to Help Your Daughter Deal with Mean Girls Online August 24, 2019
    According to a new report released by the National Center for Education Statistics (NCES), mean girls are out in force online. Data shows that girls report three times as much harassment online (21%) as boys (less than 7%). While the new data does not specify the gender of the aggressors, experts say most girls are bullied […]
  • Lights, Camera, Cybersecurity: What You Need to Know About the MoviePass Breach August 23, 2019
    If you’re a frequent moviegoer, there’s a chance you may have used or are still using movie ticket subscription service and mobile app MoviePass. The service is designed to let film fanatics attend a variety of movies for a convenient price, however, it has now made data convenient for cybercriminals to potentially get ahold of. […]
  • 19 Cloud Security Best Practices for 2019 August 22, 2019
    Now well into its second decade of commercial availability, cloud computing has become near-ubiquitous, with roughly 95 percent of businesses reporting that they have a cloud strategy. While cloud providers are more secure than ever before, there are still risks to using any cloud service. Fortunately, they can be largely mitigated by following these cloud […]
  • Data Residency: A Concept Not Found In The GDPR August 21, 2019
    Are you facing customers telling you that their data must be stored in a particular location? Be reassured: As a processor of data, we often encounter a discussion about where the data is resident, and we are often facing people certain that their data must be stored in a given country. But the truth is, […]
  • Boost Your Bluetooth Security: 3 Tips to Prevent KNOB Attacks August 21, 2019
    Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered […]
RSS Krebs on Security
  • Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards August 22, 2019
    On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee […]
  • Forced Password Reset? Check Your Assumptions August 21, 2019
    Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset demand was not the result of a breach but rather the site's efforts to identify customers […]
  • The Rise of “Bulletproof” Residential Networks August 19, 2019
    Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Most often, those connections are hacked computers, mobile phones, or home routers. But this is the story of a sprawling "bulletproof residential VPN" service that appears to have been built by acquiring chunks of Internet addresses from some […]
  • Meet Bluetana, the Scourge of Pump Skimmers August 14, 2019
    "Bluetana," a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help […]
  • Patch Tuesday, August 2019 Edition August 13, 2019
    Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it's all going to turn out. Fortunately, this month's patch batch from Redmond is mercifully […]
RSS Dark Reading:
  • Ransomware Trains Its Sights on Cloud Providers August 23, 2019
    Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.
  • Qualys Launches Free App for IT Asset Discovery and Inventory August 23, 2019
    Qualys's Chairman and CEO, Philippe Courtot talks about changes in the security landscape he's witnessed during the company's 20-year lifespan, as well as what motivated the vendor to give away its Global IT Asset Discovery and Inventory app for free.
  • IBM Announces Quantum Safe Encryption August 23, 2019
    Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
  • 80 Charged in Massive BEC Operation Bust August 23, 2019
    A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
  • Virtual World of Containers, VMs Creates New Security Challenges August 23, 2019
    Containers, virtual machines, and the advent of DevOps as a software creation tool all put new pressures on organizations' security strength, according to Dan Hubbard, CEO of Lacework. Cloud's ability to offer scale, capacity, and processing power may even exacerbate the vulnerabilities unless properly managed, he adds.
RSS Schneier on Security
  • Friday Squid Blogging: Vulnerabilities in Squid Server August 23, 2019
    It's always nice when I can combine squid and security: Multiple versions of the Squid web proxy cache server built with Basic Authentication features are currently vulnerable to code execution and denial-of-service (DoS) attacks triggered by the exploitation of a heap buffer overflow security flaw. The vulnerability present in Squid 4.0.23 through 4.7 is caused […]
  • License Plate "NULL" August 23, 2019
    There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: […]
  • Modifying a Tesla to Become a Surveillance Platform August 22, 2019
    From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the same dash and rearview cameras […]
  • Google Finds 20-Year-Old Microsoft Windows Vulnerability August 21, 2019
    There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP....
  • Surveillance as a Condition for Humanitarian Aid August 20, 2019
    Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal […]
RSS Threatpost
RSS Naked Security
RSS Quick Heal Blog | Latest computer security news, tips, and advice
  • Phishers using custom 404 Not Found error page to steal Microsoft credentials August 21, 2019
    In the latest of its kind phishing attacks, phishers have been found to use custom 404 Not Found error pages to run phishing campaign. This unusual phishing campaign is basically aimed at tricking unsuspecting victims into sharing their Microsoft login credentials. A 404 Not Found page is typically an indication…
  • Alert! 27 apps found on Google Play Store that prompt you to install Fake Google Play Store August 19, 2019
    Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week. These apps continuously show installation prompt for fake “Google Play Store”. If any user falls…
  • Alert! Income tax refund SMS – Newest way of conducting bank fraud by cyber criminals August 9, 2019
    Scammers are literally on their toes all year round, but for all the wrong reasons, devising ways and means to trick innocent people. In their latest attempt at fraud, cyber criminals are using fake SMS pretending to be from Income Tax Department to trick innocent victims into sharing bank account…
  • Android based IoT devices with open ADB port inviting easy attacks by Crypto-miners August 7, 2019
    The rapid pace at which connected smart home devices are increasing, have opened the gates for a new era of cyber-attacks on IoT devices including smart phones, TVs, IP cameras, etc. These attacks are mostly in the form of crypto mining attacks wherein cryptocurrency-mining botnet enters the targeted device via…
  • MegaCortex Returns… July 30, 2019
    MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key…
RSS Google Online Security Blog
  • Protecting Chrome users in Kazakhstan August 21, 2019
    Posted by Andrew Whalley, Chrome SecurityWhen making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug connections during website development, or for corporate environments to intercept and monitor internal traffic. It is not appropriate for this mechanism […]
  • How Google adopted BeyondCorp: Part 2 (devices) August 20, 2019
    Posted by Matt McDonald, Software Engineer, and Sebastian Harl, Software Engineer Intro This is the second post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal implementation path at Google.The first post in this series focused on providing necessary context for […]
  • New Research: Lessons from Password Checkup in action August 15, 2019
    Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse researchBack in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever you sign in to a site using one of over 4 billion usernames and passwords that […]
  • Making authentication even easier with FIDO2-based local user verification for Google Accounts August 12, 2019
    Posted by Dongjing He, Software Engineer and Christiaan Brand, Product Manager Passwords, combined with Google's automated protections, help secure billions of users around the world. But, new security technologies are surpassing passwords in terms of both strength and convenience. With this in mind, we are happy to announce that you can verify your identity by using […]
  • Awarding Google Cloud Vulnerability Research August 8, 2019
    Posted by Felix Groebert, Information Security EngineeringToday, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize to promote security research of GCP. A prize of $100,000.00 will be paid to the reporter of the best vulnerability affecting GCP reported through our Vulnerability Reward Program (g.co/vulnz) and having a public write-up (nominations will […]
RSS Graham Cluley
RSS Infosecurity Magazine
RSS CSO Online
  • BrandPost: Simplifying Back to School Security with SD-WAN and SD-Branch August 23, 2019
    School is back in session with the second busiest retail season of the year, and technology sales—along with digital subscriptions to applications and services—are predicted to show double-digit growth this fall. Students of all ages, from kindergarten to college, are buying iPads and laptops and subscribing to SaaS applications to better access digital curricula and […]
  • Security executives on the move and in the news August 23, 2019
    The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.CSO’s Movers & Shakers is where […]
  • Examining and addressing threat detection and response challenges August 23, 2019
    Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they […]
  • 4 takeaways from Black Hat 2019 August 23, 2019
    The Black Hat conference not only sheds light on the IT security issues currently plaguing organizations, but the emerging issues that will soon affect people and companies. At the latest Black Hat, held in the Mandalay Bay in Las Vegas in August, industry experts offered their insights on how cybercriminals are upping the ante and […]
  • What is personally identifiable information (PII)? How to protect it under GDPR August 22, 2019
    Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably. It can include an IP address, login IDs, social media posts, or digital images. Geolocation, […]
RSS Symantec Blogs
RSS Security Affairs
  • Hacker will compensate victims with $1.1 million Bitcoin illegally earned August 24, 2019
    UK authorities have seized over £920,000 ($1.1 million) worth of Bitcoin from a prolific hacker, the funds will be used to compensate his victims. Grant West, aka ‘Courvoisier,’ is a hacker that was arrested by the police on September 2017 as result of a two-year-long investigation code-named ‘Operation Draba.’ The man was charged with multiple […]
  • Buffer overflow exposes unpatched Squid servers to RCE and DoS attacks August 24, 2019
    Some versions of the Squid web proxy cache server built with Basic Authentication features are affected by a heap buffer overflow vulnerability. The heap buffer overflow security flaw, tracked as CVE-2019-12527, could be exploited by attackers to trigger DoS condition and also to execute arbitrary code on the vulnerable servers. The flaw received a high severity CVSS […]
  • Mastercard data breach affected Priceless Specials loyalty program August 24, 2019
    Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation notified the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. “The Belgian Data […]
  • Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes August 23, 2019
    Researchers at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) tracked as CVE-2019-6177. Security experts at Pen Test Partners (PTP) discovered a privilege-escalation vulnerability in Lenovo Solution Centre (LSC) that exists since 2011. “A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log […]
  • A new variant of Asruex Trojan exploits very old Office, Adobe flaws August 23, 2019
    Experts at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect systems. Malware researchers at Trend Micro discovered a new variant of the Asruex Trojan that exploits old Microsoft Office and Adobe vulnerabilities to infect Windows and Mac systems. Asruex first appeared in the […]
RSS CIO Security