OpManager: A single console to manage your complete IT infrastructure. Click here for a 30-day free trial.
Welcome Guest | Sign In
KeyRaider Malware Busts iPhone Jailbreakers
September 3, 2015
Data-robbing malicious software dubbed "KeyRaider" has stolen more than 225,000 valid Apple accounts and thousands of certificates, private keys and purchasing receipts, Palo Alto Networks' Unit 42 reported last week. The firm identified the malware in cooperation with WeipTech, which found the accounts on a server while it was analyzing suspicious user-reported iOS tweaks.
Baby Monitors Riddled With Security Holes
September 2, 2015
Rapid7 has released a report on an assortment of new vulnerabilities found in baby monitors: predictable information leaks; backdoor credentials; reflective, stored XSS; direct browsing; authentication bypass; and privilege escalation. "Many of the issues would allow video and audio from the device to be viewed by an attacker," said Mark Stanislav, senior security consultant at Rapid7.
Qualcomm Sics Fire-Breathing Snapdragon on Android Hackers
September 1, 2015
Qualcomm on Monday announced Snapdragon Smart Protect, a hardware-software product that could make the world a safer place for Android smartphone users. Snapdragon Smart Protect, which will become available with Qualcomm's upcoming Snapdragon 820 processor, will provide real-time, on-device machine learning designed to support accurate and effective detection of zero-day malware threats.
Shadow IT Feeds 'Man in the Cloud' Attacks
August 27, 2015
Shadow IT -- the use of unauthorized online services by company employees -- is a concern of cyberwarriors charged with defending business systems against network attacks. There's new evidence that those concerns are justified. A new attack vector on business systems leverages the synchronization features of services like Dropbox and Google Drive to perform malicious mischief.
Cyber-Posse Aims to Round Up Ashley Madison Hackers
August 25, 2015
The Toronto Police Service on Monday reported on the progress of Project Unicorn, the official investigation into the hack attack on Ashley Madison, an adultery-promoting website. The Toronto police are working closely with the U.S. Department of Homeland Security, the RCMP, the FBI, and the Ministry of the Attorney General's criminal law office in carrying out the investigation.
Ashley Madison Hackers: Catch Them if You Can
August 20, 2015
The Ashley Madison hacker gang will be tough to apprehend. The hackers this week dumped nearly 10 gigabytes of stolen personal data onto the Web -- details gleaned from accounts established on the site, which is dedicated to matching up people who want to engage in extramarital affairs. It's "nearly impossible" to track down attackers, noted Bit9 + Carbon Black's Ben Johnson.
Study: Chinese Hackers Are Savvy, Surgical
August 13, 2015
A clandestine group of sophisticated Chinese hackers have infected scores of sites on the Web and stolen documents from industrial and government organizations with surgical precision, according to a Dell SecureWorks study released last week. Dubbed "Threat Group 3390," the cybergang has used infected websites of some 100 organizations across the globe.
Chinese Hackers May Have Burrowed Into Airlines
August 11, 2015
The China-based hacking team that has been infiltrating U.S. government and business computer systems appears to be behind two newly discovered attacks -- this time on travel reservation processor Sabre and American Airlines. Sabre confirmed that its systems -- which contain sensitive records on as many as a billion travelers -- recently were breached. American Airlines is investigating.
Cyberwarrior Demand Outpaces Supply
August 6, 2015
Demand for cybersecurity professionals continues to far outpace supply, according to a Burning Glass Technologies report released last week. Cybersecurity hiring remains concentrated in government agencies and among defense contractors, the third annual cybersecurity job market report notes, but hiring has started to boom in industries handling consumer data.
Commerce Dept. Caves on Security Export Rules
July 30, 2015
Some proposed federal rules on the export of security tools created a tumult in cybersecurity circles -- a tumult that's pushed the rules into limbo. The comment period for the rules, which the U.S. Department of Commerce first aired in May, ended July 20 -- and although the regulations have noble intentions, they also could have dire consequences.
Super-Scary Android Flaw Found
July 28, 2015
Zimperium on Monday revealed a stunning discovery by researcher Joshua Drake -- a flaw in Android's Stagefright media playback engine that could expose millions of mobile device users to attack without their having done anything. Stagefright, which processes several popular media formats, is implemented in native code -- C++ -- which is more prone to memory corruption than some other languages.
Hackers Take Hijacked Jeep Cherokee for Joyride
July 23, 2015
White-hat hackers Charlie Miller and Chris Valasek remotely took over a Jeep Cherokee, ran its controls, then cut the transmission as it sped at 70 mph along Interstate 64 in an experiment conducted with Wired. They turned on the air conditioning, switched radio channels, turned on the windshield wipers, activated the windshield washer fluid pump, and transmitted a photo of themselves.
OPM Director's Resignation Draws Mixed Reactions
July 23, 2015
The resignation of U.S. Office of Personnel Management Director Katherine Archuleta is drawing mixed reactions from the cybersecurity community. Archuleta's departure on July 10, in the wake of a massive data breach resulting in the theft of the personal information of more than 22 million people, is being characterized by security pros as everything from "necessary" to "unfair."
Leverage Big Data to Get Rid of Network Attackers
July 21, 2015
Up to 30 percent of their firms' security incidents this year should have been detected by perimeter security measures -- but weren't -- said 55 percent of respondents to a SANS Institute survey. The truth is that today's attackers have become skilled at bypassing conventional defenses, which no longer can be counted on to protect enterprise networks on their own.
DoJ: Firms Should Hire Cyber-Savvy Lawyers
July 20, 2015
Hardly a day goes by without a headline about a cyberintrusion. No entity is immune -- international retailers, airlines, hotels, mom and pop stores, cloud providers -- even the U.S. government. However, it seems that few businesses contemplate how important it is for their attorney to know and understand cybersecurity, as well as know what to do when a cyberintrusion occurs.
The Emperor Is Naked and We're All Idiots
July 20, 2015
An old fable keeps running through my mind about the scam artist who convinced an emperor that he had created clothing only smart people could see. Everyone says they see the clothing because they don't want to look stupid. Walking around in clothing stupid people can't see doesn't sound enticing anyway, but lately it has seemed clear to me that the folks reporting the news think we are idiots.
Swipes, Taps and Cursor Movements Can Foil Cyberthieves
July 16, 2015
Swipes, taps, cursor movements and other ways of interacting with electronic devices can be used to protect online merchants from Net fraudsters. Many people are familiar with biometric authenticators like irises, fingerprints and voices, but it turns out that how we behave with our machines, including typing speed and the use of keyboard shortcuts, can authenticate our identities, too.
Feds Deliver Darkode's Doomsday
July 16, 2015
United States law enforcement agencies and their counterparts in 19 countries on Wednesday announced they had dismantled the Darkode hackers' forum. Charges, arrests and searches were launched against 70 Darkode members and associates around the world, and 12 people associated with the forum were indicted in the U.S. The agencies also served several search warrants in the U.S.
NYSE, United Shutdowns Spark Cyberattack Rumors
July 9, 2015
The New York Stock Exchange on Tuesday halted all transactions for three hours, due to what it maintained was a technical glitch. Trading continued on the other exchanges belonging to its owner, holding company Intercontinental Exchange. "The markets did not plummet with the shutdown," said Jim Wright, chief investment officer at Harvest Financial Partners.
Security Pros Shine Light on Shadowy Cyberspy Ring
July 8, 2015
A highly sophisticated group of hackers who use cutting-edge techniques to shield their attacks from detection has been bedeviling corporations around the world for several years. The group, which Symantec dubbed "Morpho" and Kaspersky Lab calls "Wild Neutron," has hit multibillion-dollar corporations in the Internet, software, pharmaceutical and commodities sectors in at least 11 countries.
Is Isolating the Internet Key to Bulletproof Security?
July 7, 2015
With so many cybersecurity pros drowning in an ever-rising tide of hack attacks on their computer systems, an emerging approach to defending those systems may be the life preserver they've been looking for. The approach doesn't involve beefing up perimeter defenses, carefully scrutinizing network traffic, or applying analytics to employee behavior.
Hacking Team's Dingy Laundry Hung Out Online
July 6, 2015
Fireworks of a different kind rocked the security world this Fourth of July weekend, when news surfaced that hackers breached Hacking Team, an Italy-based firm that develops malware for governments and law enforcement. The attackers reportedly exposed 400 GB of data stolen from its servers. "It appears [Hacking Team] were compromised through social engineering, said Bugcrowd's Jonathan Cran.
FBI Hunts SF Bay Area Fiber-Optic Cable Cutters
July 2, 2015
The FBI for the past year has been on the hunt for people slashing fiber-optic cables throughout the San Francisco Bay Area. The FBI called for the public's assistance in June, after 10 attacks had taken place. The 11th occurred on Tuesday, when someone severed cables used by Wave Broadband. "We have been in consultation with the FBI," said Wave Broadband spokesperson Mark Petersen.
The Encryption Software Scuffle
June 29, 2015
In the face of encryption that could block brute force attempts for years, law enforcement agencies at every level have been calling for keys that allow investigators to crack open smartphones and court cases alike. Some of the world's leading tech companies and privacy advocates have called for the White House to stand against any proposal to weaken the security software on consumer products.
Samsung Jams Up Windows Security Updates
June 25, 2015
Samsung has been disabling Windows updates by means of an executable file, Disable_Winduwsupdate.exe, that is part of its SW Update software. The issue came to light on Tuesday, when Microsoft MVP Patrick Barker published a blog post about his discovery when helping a user who was having problems. It seemed that Windows Update kept getting disabled.
Will LastPass Breach Poison Trust in Password Managers?
June 25, 2015
A data breach is no picnic for any organization, but for a company that makes its potato salad by protecting other people's passwords, it's the mother of all nightmares. Yet, that has happened to LastPass twice. In 2011, the service found anomalies in its network traffic that forced it to reset all its users' master passwords. Recently, it came under attack again.
US, Brit Spooks Bedevil Security Software
June 24, 2015
The United States' National Security Agency and the UK's Government Communications Headquarters reportedly have been attacking antivirus and other security software since at least 2008. The aim is to infiltrate networks and track users. The agencies apparently have reverse-engineered security and antivirus software, sometimes under dubious legal authority.
Routers Becoming Juicy Targets for Hackers
June 18, 2015
Most consumers pay as much attention to routers as they do to doorknobs. That's not the case with Net marauders. They're finding the devices ripe targets for mischief. "We've seen a big increase in malware designed for home routers," said Incapsula researcher Ofer Gayer. "Every week, we see a new vulnerability in a vendor's routers," he said. "They're low-hanging fruit if you're a hacker."
San Jose to Dabble With Smart City Tech
June 16, 2015
The city of San Jose, California, recently decided to undertake an Internet of Things pilot project. Under a deal finalized last month, anyCOMM, will deploy WiFi sensors on 166 streetlights, to collect data on traffic, sense movement on the streets, turn off streetlights when sidewalks and roads are empty, detect ground shifts and send earthquake warnings, and act as WiFi hotspots.
Duqu 2.0 Makes Other Malware Look Clunky
June 12, 2015
Duqu 2.0 may have just snatched the title of "most sophisticated malware ever," according to Kaspersky Lab, which published a report on the new threat this week. Kaspersky discovered Duqu 2.0 after the malware penetrated its own internal networks. "The philosophy and way of thinking of the Duqu 2.0 group is a generation ahead of anything seen in the APT world," said Kaspersky's Kurt Baumgartner.
See More Articles in Cybersecurity Section >>
Facebook Twitter LinkedIn Google+ RSS
I plan to do my holiday shopping…
Online only -- I like the convenience and comfort.
Online only -- I'd shop in stores if their stock weren't so limited.
At brick-and-mortar stores only -- I like to see what I'm getting.
At brick-and-mortar stores only -- I enjoy the holiday shopping atmosphere.
At brick-and-mortar stores only -- I want to support local merchants.
Online and in stores -- I want the best of both worlds.
I'm not planning on doing any holiday shopping.