RSS WeLiveSecurity
  • Week in security with Tony Anscombe September 13, 2019
    ESET researchers found an undocumented backdoor used by the infamous Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. With the launch of the Safer Kids online initiative, a guide to help parents protect their kids when they take selfie. The discovery of a serious vulnerability […]
  • A vulnerability in Instagram exposes personal information of users September 12, 2019
    The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. The post A vulnerability in Instagram exposes personal information of users appeared first on WeLiveSecurity
  • Selfies for kids – A guide for parents September 11, 2019
    Are you – and especially your children – aware of the risks that may come with sharing selfies? The post Selfies for kids – A guide for parents appeared first on WeLiveSecurity
  • ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group September 9, 2019
    ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East The post ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe September 6, 2019
    This week, we present an introduction to the MITRE ATT&CK framework, the review of the mobile threats and vulnerabilities detected for mobile during the first half of 2019, and Firefox 69 new features. The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
RSS McAfee Blogs
  • Are Cash Transfer Apps Safe to Use? Here’s What Your Family Needs to Know September 14, 2019
    I can’t recall the last time I gave my teenage daughter cash for anything. If she needs money for gas, I Venmo it. A Taco Bell study break with the roommates? No problem. With one click, I transfer money from my Venmo account to hers. She uses a Venmo credit card to make her purchase. […]
  • Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt September 12, 2019
    Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial […]
  • Countdown to MPOWER 2019: Survival Guide September 11, 2019
    This year, we’re excited to host the 12th annual MPOWER Cybersecurity Summit at the ARIA in Las Vegas, where fellow security experts will strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. With the show nearly upon us, I’m sharing a “survival guide” for first-time attendees and anyone […]
  • How To Practise Good Social Media Hygiene September 11, 2019
    Fact – your social media posts may affect your career, or worse case, your identity! New research from the world’s largest dedicated cybersecurity firm, McAfee, has revealed that two thirds (67%) of Aussies are embarrassed by the content that appears on their social media profiles. Yikes! And just to make the picture even more complicated, […]
  • Iron Man’s Instagram Hacked: Snap Away Cybercriminals With These Social Media Tips September 10, 2019
    Celebrities: they’re just like us! Well, at least in the sense that they still face common cyberthreats. This week, “Avengers: Endgame” actor Robert Downey Jr. was added to the list of celebrities whose social media accounts have been compromised. According to Bleeping Computer, a hacker group managed to take control of the actor’s Instagram account, sharing […]
RSS Krebs on Security
  • NY Payroll Company Vanishes With $35 Million September 11, 2019
    MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in countless people having money drained from their bank accounts and has left […]
  • Patch Tuesday, September 2019 Edition September 10, 2019
    Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on […]
  • Secret Service Investigates Breach at U.S. Govt IT Contractor September 9, 2019
    The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government […]
  • ‘Satori’ IoT Botnet Operator Pleads Guilty September 4, 2019
    A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the "Satori" botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
  • Spam In your Calendar? Here’s What to Do. September 3, 2019
    Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application […]
RSS Dark Reading:
RSS Schneier on Security
  • Another Side Channel in Intel Chips September 16, 2019
    Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for […]
  • Upcoming Speaking Engagements September 14, 2019
    This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society in London on September 24, 2019. I'm speaking at Cyber Security Nordic in Helsinki, Finland on October 3, 2019. […]
  • Friday Squid Blogging: How Scientists Captured the Giant Squid Video September 13, 2019
    In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
  • When Biology Becomes Software September 13, 2019
    All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters --- A, C, T, G […]
  • Smart Watches and Cheating on Tests September 13, 2019
    The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches....
RSS Threatpost
RSS Naked Security
RSS Quick Heal Blog | Latest computer security news, tips, and advice
  • Trivia! 5 things you never imagined could be hacked by cyber criminals September 13, 2019
    The term “hacking” has become the talk of the town, with one new incidence of hacking being reported every single day. The internet is in for a spin as cases of hacking are getting reported on a global level, triggering the realization that anything and everything with a vulnerable spot…
  • The Free Mobile Anti-virus you are using can be a Fake! September 9, 2019
    Quick Heal Security Labs recently spotted multiple Fake Antivirus Apps on Google Play Store. What’s more alarming, is that one of these fake AV Apps has been downloaded 100000+ times already. These Apps appear to be genuine Anti-virus/virus-removal Apps with names like Virus Cleaner, Antivirus security, etc., but do not…
  • Teacher’s Day Special – Things that teachers must know about their students to make them cyber safe September 4, 2019
    A good teacher is not just someone who is good with academics. They are more of a role model and mentor, who can share the right knowledge with their students, to help them choose and perceive between the good and bad of the society they live in. Given the increasing…
  • PowerShell: Living off the land! August 30, 2019
    Trend of PowerShell based malware is increasing. General trend observed shows that malware authors use new techniques for infection and propagation of malwares along with open source tools. PowerShell gets executed with high privileges and that’s why it easily performs its activity and propagates through network. Quick Heal Security Lab…
  • Cybersquatting and Typosquatting victimizing innocent customers and brands August 28, 2019
    The rapid shift of brands towards online platforms and ecommerce portals, has opened the gates for cyber threats like Phishing, Cybersquatting and Typosquatting. In fact, every entity with an online presence today, feels burdened by the fear of compromising their brand reputation, in the face of these ubiquitous cyber threats….
RSS Google Online Security Blog
  • Trust but verify attestation with revocation September 6, 2019
    Posted by Rob Barnes & Shawn Willden, Android Security & Privacy Team [Cross-posted from the Android Developers Blog]Billions of people rely on their Android-powered devices to securely store their sensitive information. A vital component of the Android security stack is the key attestation system. Android devices since Android 7.0 are able to generate an attestation […]
  • Expanding bug bounties on Google Play August 29, 2019
    Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy[Cross-posted from the Android Developers Blog] We’re constantly looking for ways to further improve the security and privacy of our products, and the ecosystems they support. At Google, we understand the strength of open platforms and ecosystems, and that the best ideas don’t always […]
  • Protecting Chrome users in Kazakhstan August 21, 2019
    Posted by Andrew Whalley, Chrome SecurityWhen making secure connections, Chrome trusts certificates that have been locally installed on a user's computer or mobile device. This allows users to run tools to inspect and debug connections during website development, or for corporate environments to intercept and monitor internal traffic. It is not appropriate for this mechanism […]
  • How Google adopted BeyondCorp: Part 2 (devices) August 20, 2019
    Posted by Matt McDonald, Software Engineer, and Sebastian Harl, Software Engineer Intro This is the second post in a series of four, in which we set out to revisit various BeyondCorp topics and share lessons that were learnt along the internal implementation path at Google.The first post in this series focused on providing necessary context for […]
  • New Research: Lessons from Password Checkup in action August 15, 2019
    Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse researchBack in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever you sign in to a site using one of over 4 billion usernames and passwords that […]
RSS Graham Cluley
  • Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH! September 11, 2019
    Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise. All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security […]
  • Toyota parts supplier loses $37 million in email scam September 11, 2019
    Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. Read more in my article on the Tripwire State of Security blog.
  • Operation reWired: 281 suspected email scammers arrested around the world September 11, 2019
    Law enforcement agencies around the world have arrested a total of 281 people suspected of being behind a spate of Business Email Compromise (BEC) scams that have stolen millions of dollars from businesses and individuals.
  • Unlock the power of threat intelligence with this practical guide. Get your free copy now September 11, 2019
    Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.” It’s aimed at helping security professionals realize the advantages of threat […]
  • Wikipedia and World of Warcraft Classic targeted by DDoS attacks September 9, 2019
    Uou can imagine the pain that was caused to pub quiz cheats and students writing essays this weekend when crowd-sourced internet encyclopedia Wikipedia, one of the world’s most popular websites, was hit by a distributed denial-of-service attack. Read more in my article on the Hot for Security blog.
RSS Infosecurity Magazine
RSS CSO Online
  • Three strategies to prove security's value September 16, 2019
    Security executive Ricardo González doesn’t see IT security as a cost center; instead, he describes it as “a strategic investment in reduction of corporate risk, and a positive contribution to the realization of business value.”To read this article in full, please click here(Insider Story)
  • Shining light on dark data, shadow IT and shadow IoT September 13, 2019
    What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.
  • What is PSD2? And how it will impact the payments processing industry September 13, 2019
    PSD2 explained New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the US and other regions of the world. The PSD2 brings two major changes to the payments industry: It mandates […]
  • Privacy Shield and Brexit: What now? What next? September 13, 2019
    Since the fall of Safe Harbor, Privacy Shield has governed how personal data can be transferred from Europe into the US. However, with the UK’s exit from the European Union (EU) looming, organizations need to look at how data is transferred from the UK to the US – whether internally among a company’s different locations […]
  • SOAPA vs. SOAR: How these security terms differ September 13, 2019
    I came up with the security operations and analytics platform architecture (SOAPA) concept in late 2016. In November of that year, I wrote about how SIEM systems were becoming part of SOAPA.As a review, SOAPA is a bottom-up architecture featuring: Common distributed data service. SOAPA creates a common data pipeline for high volumes of batch and […]
RSS Symantec Blogs
RSS Security Affairs
  • Data leak exposes sensitive data of all Ecuador ‘citizens September 16, 2019
    Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens. Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens. Data were left unsecured online on a misconfigured Elasticsearch server, exposed data […]
  • A flaw in LastPass password manager leaks credentials from previous site September 16, 2019
    A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […]
  • France and Germany will block Facebook’s Libra cryptocurrency September 16, 2019
    Bad news for Facebook and its projects, France and Germany agreed to block Facebook’s Libra cryptocurrency, the French finance ministry said. France and Germany governments announced that they will block Facebook’s Libra cryptocurrency, the news was reported by French finance ministry Bruno Le Maire. “We believe that no private entity can claim monetary power, which […]
  • Tor Project’s Bug Smash Fund raises $86K in August September 16, 2019
    The Tor Project has raised $86,000 for a Bug Smash fund that it will use to pay developers that will address critical flaws in the popular anonymizing network. The Tor Project has raised $86,000 for a Bug Smash fund that was created to pay developers that will address critical security and privacy issues in the popular anonymizing […]
  • Astaroth Trojan leverages Facebook and YouTube to avoid detection September 16, 2019
    Cofense experts uncovered a new variant of the Astaroth Trojan that uses Facebook and YouTube in the infection process. Researchers at Cofense have uncovered a phishing campaign targeting Brazilian citizens with the Astaroth Trojan that uses Facebook and YouTube in the infection process. The attach chain appears to be very complex and starts with phishing […]
RSS CIO Security