Information Security

This malware just got more powerful by adding the WannaCry trick to its arsenal | ZDNet

The Retefe banking trojan is now using the EternalBlue exploit which helped spread WannaCry to make attacks more effective.<p>A trojan banking malware …

Security

For eight years, hackers have been able to exploit this...

For the last eight years a critical vulnerability has lurked within the code of the Joomla CMS which could have allowed malicious hackers to steal …

Security

Samsung rolls out security patches to fix BlueBorne vulnerability

We recently reported that software updates released this month for several Samsung smartphones lacked the September 2017 Android security patch. The …

Samsung

PassGAN: Password Cracking Using Machine Learning

Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.<p>Researchers at the …

Machine Learning

Insteon and Wink home hubs appear to have a problem with encryption

Security researchers have discovered that two popular home automation systems are vulnerable to attacks.<p>The Insteon Hub and Wink Hub 2 are designed …

Home Automation

Security's #1 Problem: Economic Incentives

The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.<p>There is plenty of blame to go around after …

Security

Russian hackers exploited a Google flaw the company has refused to fix - Salon.com

A hacking team reportedly linked to the Russian government has been utilizing a security flaw in a Google service to launch attacks on investigative journalists. The web giant has known about the vulnerability since November of last year but has still failed to fix it.<p>The security bug lies within …

Liberal View

Explaining and exploiting deserialization vulnerability with Python (EN)

Deserialization?<p>Even though it was neither present in OWASP TOP 10 2013, nor in OWASP TOP 10 2017 RC1, <i>Deserialization of untrusted data</i> is a very …

Python Programming

Surviving ransomware by keeping things simple

<b>DERBYCON</b> - Ransomware is a topic everyone knows about, but unless you've experienced a ransomware attack, it's hard to really describe and understand …

Security

It’s time to kill the web

Web apps are impossible to secure<p>At the end of the 1990’s a horrible realisation was dawning on the software industry: security bugs in C/C++ …

Programming

8 Most Overlooked Security Threats

5/26/2017<br>08:00 AM<p>Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.<p>3 of 9<p>Internet of …

Cybersecurity

Tools on GitHub that have made it into Kali 2017.2

Kali Linux 2017.2 was released on September 20, 2017. This release is a roll-up of all updates and fixes since our 2017.1 release in April. More than …

Software Development

Users plagued by iOS app security issues, according to new research

A new report shows despite Apple iOS' reputation as a secure mobile operating system, users are at risk more often than it seems.<p>San Francisco-based …

SEO

Understanding Ransomware

John Pironti<p>President<p>IP Architects<p>John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic …

Cybersecurity

Identifying exposures and vulnerabilities in UC/RTC Environments

Businesses continue to evolve and rely more heavily on Unified Communications (UC) and Real Time Communications (RTC) based applications to run their …

Security

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding …

Security

The CCleaner hack was much worse than we thought – here’s how to fix it

A few days ago, cybersecurity experts revealed that a PC security product was backdoored by hackers, which allowed the attackers to install malicious …

Security

Hijacked software used to target tech giants

<b>Hackers who booby-trapped widely used security software also used their malware to infiltrate machines at tech firms, suggests analysis.</b><p>Evidence that other companies had been compromised came to light as Cisco researchers probed how attackers got at the popular CCleaner programme.<p>Millions of people …

Security

In spectacular fail, Adobe security team posts private PGP key on blog | Ars Technica

Since deleted, post gave public and private key for Adobe incident response team.<p>Having some transparency about security problems with software is …

Security

Hackers are remotely locking Apple devices and demanding bitcoin payments

Apple iCloud appears has been used to force activate the 'Find My Device' option.<p>It's not a bug, it's a feature. That's what most technology …

Security

Security researchers warn that GO Keyboard is spying on millions of Android users

Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev …

Security

CCleaner Attack Targeted Telecoms, Network Hardware Providers

The malware inserted into CCleaner, a popular system utility downloaded by at least 2.3 million users, is far more serious than originally thought, …

Enterprise Tech

Samba Update Patches Two SMB-Related MiTM Bugs

Samba this week released three security updates, including two related to SMB connections that could be abused by an attacker already on the network …

Security

Excellence in the Essentials: Implementing Foundational Controls

It’s not about <i>whether</i> you implement foundational controls but about how <i>well</i> you do it. Only when excellence in the essentials of security and …

Cybersecurity

Undocumented Word feature could lead to system information theft

Researchers have found an undocumented Microsoft Word feature that can be abused by attackers in order to obtain the system information of a …

SEO

Apache Web Server Bug Can Allow Attackers to Dip into Memory Data

A vulnerability found in the Apache web server can allow attackers to obtain sensitive data stored in the server’s memory. The flaw can be triggered …

Security

Health IT Cybersecurity: 5 Hiring Misconceptions to Avoid

Why healthcare organizations need a good strategy to find talent, or get left behind.<p>The recent WannaCry and NotPetya cyber attacks should remove all …

Cybersecurity

CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features

A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded …

Security

Newest Joomla! release eliminates information disclosure flaws

The Joomla! Project this week released version 3.8 of its content management system, which fixes two information disclosure vulnerabilities.

Security

Finance sector is littered with vulns, and guess what – most can be resolved by patching

Security vulnerabilities across the finance sector have increased more than fivefold (418 per cent) in the last four years, according to a study by …

Security