Yubico has finally gotten the green light from Apple to make a hardware authentication token that works on iPhones and iPads.
01/08/19 9:00 am
The special counsel has lots of unfinished business on his to-do list this year, including a final report. Here's a rundown.
01/08/19 4:00 am
A rogue PewDiePie fan, Marriott hack details, and more of the week's top security news.
01/05/19 6:00 am
Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.
01/04/19 12:34 pm
One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.
01/03/19 9:33 am
An ongoing study investigating security bugs in Microsoft Office has so far led to two security patches.
02/13/19 11:39 am
The Secure SLC Standard improves business efficiency for payment application vendors but could also stand as new security benchmark for other industries to follow.
02/13/19 11:30 am
Online dating profiles and social media accounts add to the rich data sources that allow criminals to tailor attacks.
02/13/19 11:15 am
Speed, simplicity, and security underscore their desire, a new study shows.
02/13/19 9:55 am
Information security is a corporate posture and must be managed at all levels: systems, software, personnel, and all the key processes.
02/13/19 7:30 am
The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.
10/01/17 11:17 am
We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.
10/01/17 4:11 am
The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.
10/01/17 4:11 am
Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.
10/01/17 4:09 am
Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.
10/01/17 4:08 am
The Hacker News
Holy moly, Facebook is again at the center of a new privacy controversy after revealing today that its platform mistakenly kept a copy of passwords for "hundreds of millions" users in plaintext. What's more? Not just Facebook, Instagram users are also affected by the latest security incident. So, if you are one of the affected users, your Facebook or Instagram password was readable to some of
03/21/19 12:20 pm
Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to "illegally" tie its proprietary apps and services—specifically,
03/21/19 1:50 am
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.
03/20/19 6:31 am
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of
03/20/19 2:41 am
Google has recently released the first beta version of Android Q, the next upcoming version of Google's popular mobile operating system, with a lot of new privacy improvements and other security enhancements. Android Q, where Q has not yet been named, offers more control over installed apps, their access, and permissions, and location settings; more support for passive authentication like face
03/19/19 11:19 am
Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.
03/21/19 8:17 am
Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments -- whoever inherits that number can then be you in a lot of places online.
03/17/19 4:25 pm
Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access to hacked online accounts kicked off an auction for "the admin panel of a big American ad platform." "You can add new users to the ad system, edit existing ones and ad offers," the seller wrote. The starting bid was $800.
03/13/19 1:56 pm
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today's patch batch without any help from users.
03/12/19 9:55 pm
Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM. And sometimes, the scammers just hijack the security camera built into the ATM itself.
03/10/19 8:41 pm
Facebook has done an audit and shocked even itself by finding plaintext passwords in logfiles back to 2012. Change your password now!
03/21/19 11:39 am
A researcher has published a new and relatively simple way that Windows BitLocker encryption keys can be sniffed in less secure configurations as they travel from Trusted Platform Modules (TPMs) during boot.
03/21/19 5:09 am
A researcher has discovered a high-severity bug in a popular PHP library used for creating PDFs.
03/21/19 5:02 am
Opera lost its Android browser's VPN after it was sold to a Chinese consortium, but now it's back.
03/21/19 4:41 am
According to a new report, average and maximum DDoS attack sizes decreased by 85.36% and 23.91%.
03/21/19 3:42 am
SecurityWeek RSS Feed
From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.
03/21/19 12:33 pm
Global spending on security-related hardware software and services will grow at a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022, to a total of $133.8 billion in 2022. The figures come from the latest Worldwide Semiannual Security Spending Guide compiled by IDC.
03/21/19 10:48 am
Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users.
03/21/19 9:53 am
History Tends to Repeat Itself - Attackers Repurpose Tried and Tested Methods to Launch Attacks
03/21/19 9:38 am
PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.
03/21/19 9:27 am
Modlishka may help raise awareness of the danger of reverse proxy phishing attacks, but it’s easy to imagine that many criminals will be tempted to put it to malicious use.
01/09/19 4:43 am
Research claims Facebook users are prepared to give up the social network for a year… if paid over $1000.
01/09/19 3:27 am
Will anyone come up with a zero-day remote exploitation of iOS 12.x without user interaction?
The sad truth is that we may never know for sure… but intelligence agencies might.
01/07/19 8:24 am
Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
It’s aimed at helping security professionals realize the advantages of threat intelligence by offering practical steps for applying threat intelligence in any organization.
About Recorded Future
Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. We empower organizations to reveal unknown threats before they impact business, and enable teams to respond to alerts 10 times faster. To supercharge the efforts of security teams, our technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies. 91 percent of the Fortune 100 use Recorded Future.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
01/07/19 3:55 am
Just before Christmas, hackers managed to break into a database belonging to a popular online game and steal the details of over seven million players.
Read more in my article on the Hot for Security blog.
01/04/19 8:04 am
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
03/21/19 7:06 am
NSS suffers from a NULL dereference issue when parsing Netscape Certificate Sequences in CERT_DecodeCertPackage().
03/21/19 7:02 am
Sourcetree for macOS versions below 3.1.1 to 1.2 and Sourcetree for Windows versions below 3.0.17 to 0.5a suffer from code execution vulnerabilities related to the inclusion of git, a Mercurial hooks argument injection vulnerability, and a URI handling vulnerability.
03/21/19 6:46 am
JFrog Artifactory versions prior to 6.8.7 suffer from an administrative access bypass vulnerability due to relying on an X-Forwarded-For header.
03/21/19 6:41 am
Debian Linux Security Advisory 4412-1 - It was discovered that missing input sanitizing in the file module of Drupal, a fully-featured content management framework, could result in cross-site scripting.
03/21/19 6:30 am
The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.
03/21/19 1:47 pm
On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.
03/21/19 10:51 am
The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.
03/21/19 9:14 am
In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.
03/21/19 8:19 am
The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
03/21/19 5:31 am