Security Feeds

General Security News

Wired Security News

Security Latest

A YubiKey for iOS Will Soon Free Your iPhone From Passwords

Yubico has finally gotten the green light from Apple to make a hardware authentication token that works on iPhones and iPads.

01/08/19 9:00 am

Mueller Investigation 2019: Indictments, Witnesses, and More

The special counsel has lots of unfinished business on his to-do list this year, including a final report. Here's a rundown.

01/08/19 4:00 am

The 'Twinning' Fad, the Weather Channel, and More Security News

A rogue PewDiePie fan, Marriott hack details, and more of the week's top security news.

01/05/19 6:00 am

A Major Hacking Spree Gets Personal for German Politicians

Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.

01/04/19 12:34 pm

The Elite Intel Team Still Fighting Meltdown and Spectre

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.

01/03/19 9:33 am

Dark Reading

Researchers Dig into Microsoft Office Functionality Flaws

An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.

02/13/19 11:39 am

5 Expert Tips for Complying with the New PCI Software Security Framework

The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.

02/13/19 11:30 am

Scammers Fall in Love with Valentine's Day

Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.

02/13/19 11:15 am

70% of Consumers Want Biometrics in the Workplace

Speed, simplicity, and security underscore their desire, a new study shows.

02/13/19 9:55 am

Lessons Learned from a Hard-Hitting Security Review

Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.

02/13/19 7:30 am

Security Magazine

More intelligent viewing, from Bosch

The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.

10/01/17 11:17 am

Over the Horizon: Emerging Security Threats and Risks to the Enterprise

We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.

10/01/17 4:11 am

Protecting History: A Culture of Security at the Art Institute of Chicago

The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.

10/01/17 4:11 am

Preserving & Securing: Keeping Security Discreet at the Darwin Martin House

Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.

10/01/17 4:09 am

University Campuses Take Center Stage

Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.

10/01/17 4:08 am

The Hacker News

The Hacker News

Facebook Mistakenly Stored Millions of Users' Passwords in Plaintext

Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of

03/21/19 12:20 pm

Google Will Prompt European Android Users to Select Preferred Default Browser

Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to "illegally" tie its proprietary apps and services—specifically,

03/21/19 1:50 am

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.

03/20/19 6:31 am

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of

03/20/19 2:41 am

Android Q — Google Adds New Mobile Security and Privacy Features

Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face

03/19/19 11:19 am


Focused Security News

Krebs on Security

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

03/21/19 8:17 am

Why Phone Numbers Stink As Identity Proof

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.

03/17/19 4:25 pm

Ad Network Sizmek Probes Account Breach

Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform." "You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.

03/13/19 1:56 pm

Patch Tuesday, March 2019 Edition

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.

03/12/19 9:55 pm

Insert Skimmer + Camera Cover PIN Stealer

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM. And sometimes, the scammers just hijack the security camera built into the ATM itself.

03/10/19 8:41 pm

Naked Security

Change your Facebook password now!

Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!

03/21/19 11:39 am

Researcher finds new way to sniff Windows BitLocker encryption keys

A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.

03/21/19 5:09 am

Flaw in popular PDF creation library enabled remote code execution

A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.

03/21/19 5:02 am

Opera brings back free VPN service to its Android browser

Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.

03/21/19 4:41 am

FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes

According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.

03/21/19 3:42 am

Security Week

SecurityWeek RSS Feed

Threat Hunting Tips to Improve Security Operations

From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.

read more

03/21/19 12:33 pm

Global Security Spend Set to Grow to $133.8 Billion by 2022: IDC

Global spending on security-related hardware software and services will grow at a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022, to a total of $133.8 billion in 2022. The figures come from the latest Worldwide Semiannual Security Spending Guide compiled by IDC.

read more

03/21/19 10:48 am

Facebook Stored Passwords of Hundreds of Millions Users in Plain Text

Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users. 

read more

03/21/19 9:53 am

How Three of 2018's Critical Threats Used Email to Execute Attacks

History Tends to Repeat Itself - Attackers Repurpose Tried and Tested Methods to Launch Attacks

read more

03/21/19 9:38 am

Multiple Vulnerabilities Patched in PuTTY and LibSSH2

PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.

read more

03/21/19 9:27 am

Graham Cluley

Graham Cluley

Automated phishing attack tool bypasses 2FA protection

Automated phishing attack tool bypasses 2FA protection

Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it’s easy to imagine that many criminals will be tempted to put it to malicious use.

01/09/19 4:43 am

Being paid to quit Facebook

Facebook money thumb

Research claims Facebook users are prepared to give up the social network for a year… if paid over $1000.

01/09/19 3:27 am

Earn $2,000,000 by remotely jailbreaking an iPhone

Earn $2,000,000 by remotely jailbreaking an iPhone

Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?

The sad truth is that we may never know for sure… but intelligence agencies might.

01/07/19 8:24 am

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.”

It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.

Download your free copy now.

About Recorded Future

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

01/07/19 3:55 am

Town of Salem hack exposes details of 7.6 million gamers

Town of Salem hack exposes details of 7.6 million gamers

Just before Christmas, hackers managed to break into a database belonging to a popular online game and steal the details of over seven million players.

Read more in my article on the Hot for Security blog.

01/04/19 8:04 am


Technical Security News

PacketStorm

Packet Storm

Lynis Auditing Tool 2.7.3

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

03/21/19 7:06 am

NSS Netscape Certificate Sequences CERT_DecodeCertPackage() Crash

NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERT_DecodeCertPackage().

03/21/19 7:02 am

Sourcetree Git Arbitrary Code Execution / URL Handling

Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.

03/21/19 6:46 am

JFrog Artifactory Administrator Authentication Bypass

JFrog Artifactory versions prior to 6.8.7 suffer from an administrative access bypass vulnerability due to relying on an X-Forwarded-For header.

03/21/19 6:41 am

Debian Security Advisory 4412-1

Debian Linux Security Advisory 4412-1 - It was discovered that missing input sanitizing in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.

03/21/19 6:30 am

ThreatPost

WordPress Plugin Removed After Zero Day Discovered

The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.

03/21/19 1:47 pm

Hackers Take Down Safari, VMware and Oracle at Pwn2Own

On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.

03/21/19 10:51 am

Facebook Stored Passwords in Plain Text For Years

The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.

03/21/19 9:14 am

MyPillow and Amerisleep Targeted in Magecart Group Attacks

In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.

03/21/19 8:19 am

Cisco Patches High-Severity Flaws in IP Phones

The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

03/21/19 5:31 am