Yubico has finally gotten the green light from Apple to make a hardware authentication token that works on iPhones and iPads.
01/08/19 9:00 am
The special counsel has lots of unfinished business on his to-do list this year, including a final report. Here's a rundown.
01/08/19 4:00 am
A rogue PewDiePie fan, Marriott hack details, and more of the week's top security news.
01/05/19 6:00 am
Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.
01/04/19 12:34 pm
One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.
01/03/19 9:33 am
Don't assume your employees know how to spot business email compromises - they need some strong training and guidance on how to respond in the event of an attack.
01/09/19 6:00 am
This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
01/08/19 4:00 pm
This month's security update includes seven patches ranked Critical and one publicly known vulnerability.
01/08/19 2:00 pm
Hack was not politically motivated; no sign of third-party involvement, authorities say.
01/08/19 12:20 pm
To protect yourself, you must know where you're vulnerable - and these tips can help.
01/08/19 11:30 am
The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.
10/01/17 11:17 am
We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.
10/01/17 4:11 am
The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.
10/01/17 4:11 am
Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.
10/01/17 4:09 am
Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.
10/01/17 4:08 am
The Hacker News
Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users. A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims' iPhoneX running iOS 12.1.2 and before versions. To do so, all an attacker needs to
01/23/19 6:09 am
Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package manager (go-pear.phar) with a modified version in the core PEAR file
01/23/19 1:43 am
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by a
01/23/19 12:19 am
The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days. The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with "
01/22/19 11:31 pm
The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union's new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate information and lack of valid consent regarding the ads personalization," the CNIL (National Data
01/21/19 10:54 am
The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely have serious repercussions for federal law enforcement agencies for years to come. One federal agent with more than 20 years on the job told KrebsOnSecurity that the shutdown "is crushing our ability to take the fight to cyber criminals."
01/23/19 9:51 am
Two of the most disruptive and widely-received spam email campaigns over the past few months -- including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year -- were made possible thanks to an authentication weakness at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. Perhaps more worryingly, experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers, and is actively being abused to launch phishing and malware attacks which leverage dormant Web site names currently owned and controlled by some of the world's most trusted corporate names and brands.
01/22/19 6:44 pm
My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of breached data found." But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.
01/17/19 12:11 pm
Unsettling new claims have emerged about Nicholas Truglia, a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims. The lurid details, made public in a civil lawsuit filed this week by one of his alleged victims, paints a chilling picture of a man addicted to thievery and all its trappings. The documents suggest that Truglia stole from his father and even a dead man -- all the while lamenting that his fabulous new wealth brought him nothing but misery.
01/15/19 4:52 pm
Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes. On Friday, a 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia's Internet access in 2016.
01/14/19 11:37 am
Here's the latest Naked Security podcast. Enjoy!
01/23/19 5:11 am
Online gamblers lose their private data as yet another unsecured Elasticsearch database is discovered.
01/23/19 5:04 am
Last week hackers allegedly compromised an admin’s Steam account and used it to spawn planes, tanks, and whales in Atlas.
01/23/19 4:18 am
In a landmark ruling, France’s data protection commissioner has fined Google 50 million Euros (around $57m) for violating Europe’s privacy laws.
01/23/19 3:28 am
A hacked Nest camera broadcast the fake warning about incoming North Korean missiles, sending a family into “five minutes of sheer terror.”
01/23/19 2:45 am
SecurityWeek RSS Feed
The European Union and Japan on Wednesday launched the "world's largest areas of safe data flows" after finalizing common rules to protect personal information, the EU said.
Firms can transfer data now that the executive European Commission finds that Japanese law offers "a comparable level of protection of personal data," the commission said.
01/23/19 9:39 am
Apple this week released new updates for iOS and macOS users to address tens of security vulnerabilities and other bugs in the two platforms.
01/23/19 8:53 am
A remote code execution vulnerability was recently discovered in APT, the high level package manager used in many Linux distributions.
01/23/19 8:27 am
Application security firm WhiteHat Security on Tuesday announced the general availability of a new product line designed to help organizations conduct comprehensive code analysis.
01/23/19 8:05 am
Over the last few years, the supply chain has emerged as a primary attack vector for both criminal gangs and nation-state groups. Attackers are compromising often smaller and less well-defended suppliers in order to gain access to larger primary targets. This problem is getting worse with the increasing digital transformation of business around the world -- more companies are dealing electronically with each other than ever before.
01/23/19 6:14 am
Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it’s easy to imagine that many criminals will be tempted to put it to malicious use.
01/09/19 4:43 am
Research claims Facebook users are prepared to give up the social network for a year… if paid over $1000.
01/09/19 3:27 am
Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?
The sad truth is that we may never know for sure… but intelligence agencies might.
01/07/19 8:24 am
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
01/07/19 3:55 am
Just before Christmas, hackers managed to break into a database belonging to a popular online game and steal the details of over seven million players.
Read more in my article on the Hot for Security blog.
01/04/19 8:04 am
This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer (ASan). ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The log_path option can be set using the ASAN_OPTIONS environment variable, allowing clobbering of arbitrary files, with the privileges of the setuid user. This module uploads a shared object and sprays symlinks to overwrite /etc/ld.so.preload in order to create a setuid root shell.
01/23/19 1:55 pm
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
01/23/19 1:53 pm
Ghostscript has an issue with pseudo-operators that can lead to remote code execution. Version 9.26 is affected.
01/23/19 1:51 pm
Coppermine version 1.5.46 suffers from multiple cross site scripting vulnerabilities.
01/23/19 1:49 pm
Abantecart version 1.2.12 suffers from a cross site scripting vulnerability.
01/23/19 1:47 pm
The banking trojan hides its misdeeds with a rotating set of tactics.
01/23/19 12:27 pm
Researchers detected 191,970 bad ads and estimates that around 1 million users were impacted.
01/23/19 12:00 pm
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.
01/23/19 10:17 am
Here are six tips to put threat hunters in the driver's seat so they can outsmart their adversaries.
01/23/19 8:34 am
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.
01/23/19 8:23 am