Security Feeds

Naked Security

Hackers hold 80,000 healthcare records to ransom

CarePartners said its forensic investigation identified 1500 affected records - the hackers say they took 80,000.

07/20/18 4:50 am

Roblox says hacker injected code that led to avatar’s gang rape

Roblox was moving some older, user-generated games to a newer, more secure system when the attack took place, it says.

07/20/18 4:29 am

Basic email blunder exposed possible victims of child sexual abuse

The Independent Inquiry into Child Sexual Abuse sent out a mass emailing in which a staffer mistakenly used "To" instead of "Bcc".

07/20/18 3:41 am

Privacy – can you have too much of a good thing? [PODCAST]

Catch up with Day 4 of our Security SOS Week - here's the fourth episode of our week-long online security summit.

07/20/18 3:02 am

Venmo users: time to hide your drug deals and excessive pizza consumption

To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious, it's a privacy nightmare.

07/19/18 5:03 am

Krebs on Security

Human Resources Firm ComplyRight Breached

Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousands of clients on behalf of employees. Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's clients on behalf of employees. Pompano Beach, Fla-based ComplyRight began mailing breach notification letters to affected consumers late last week, but the form letters are extremely vague about the scope and cause of the breach. Indeed, many readers who received these letters wrote to KrebsOnSecurity asking for more information, as the company hadn't yet published any details about the breach on its Web site. Also, most of those folks said they'd never heard of ComplyRight and could not remember ever doing business with a company by that name.

07/19/18 2:08 pm

‘LuminosityLink RAT’ Author Pleads Guilty

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called "LuminosityLink," a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide.

07/16/18 12:09 pm

Sextortion Scam Uses Recipient’s Hacked Passwords

Here's a clever new twist on an old email scam that could serve to make the con far more believable. The message purports to have been sent from a hacker who's compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all your contacts unless you pay a Bitcoin ransom. The new twist? The email now references a real password previously tied to the recipient's email address.

07/12/18 7:19 am

Notorious ‘Hijack Factory’ Shunned from Web

Score one for the good guys: Bitcanal, a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company's bandwidth providers chose to sever ties with the company.

07/11/18 10:19 am

Patch Tuesday, July 2018 Edition

Microsoft and Adobe each issued security updates for their products today. Microsoft's July patch batch includes 14 updates to fix more than 50 security flaws in Windows and associated software. Separately, Adobe has pushed out an update for its Flash Player browser plugin, as well as a monster patch bundle for Adobe Reader/Acrobat.

07/10/18 7:34 pm

Security Magazine

More intelligent viewing, from Bosch

The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.

10/01/17 11:17 am

Over the Horizon: Emerging Security Threats and Risks to the Enterprise

We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.

10/01/17 4:11 am

Protecting History: A Culture of Security at the Art Institute of Chicago

The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.

10/01/17 4:11 am

Preserving & Securing: Keeping Security Discreet at the Darwin Martin House

Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.

10/01/17 4:09 am

University Campuses Take Center Stage

Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.

10/01/17 4:08 am


Massive Malspam Campaign Finds a New Vector for FlawedAmmyy RAT

Hundreds of thousands of emails are delivering weaponized PDFs containing malicious SettingContent-ms files.

07/20/18 1:57 pm

D-Link, Dasan Routers Under Attack In Yet Another Assault

Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.

07/20/18 1:24 pm

Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away

Criminals have found a mischievous way to mine cryptocurrency. Security researcher Troy Mursch sounds off on why this tricky trend isn't going away anytime soon.

07/20/18 11:45 am

ThreatList: A Ranking of Airports By Riskiest WiFi Networks

Airport TSA agents don’t check terminals for insecure WiFi networks, so stay on your toes when using hotspots at these airports.

07/20/18 9:29 am

Chinese Hackers Mount Espionage Campaign During Trump-Putin Summit

An uncharacteristic spate of strikes against IoT devices in Finland during the summit was likely an indicator of a coordinated cyberespionage effort, researchers said.

07/20/18 9:05 am


Packet Storm

CMS Made Simple 2.2.5 Authenticated Remote Command Execution

CMS Made Simple version 2.2.5 allows an authenticated administrator to upload a file and rename it to have a .php extension. The file can then be executed by opening the URL of the file in the /uploads/ directory.

07/19/18 4:22 pm

WordPress All In One Favicon 4.6 Cross Site Scripting

WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.

07/19/18 11:22 am

Chrome Swiftshader Blitting Floating-Point Precision Errors

Chrome suffers from floating-point precision errors in Swiftshader blitting.

07/19/18 10:44 am

MyBB New Threads 1.1 Cross Site Scripting

MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.

07/19/18 10:22 am

Chrome SwiftShader OpenGL Texture Binding Reference Count Leak

Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.

07/19/18 10:02 am