Security Feeds

Naked Security

Steganography – cool cybersecurity trick or dangerous risk? [VIDEO]

Burying secret data in plain sight- is it a clever cybersecurity trick, or a way to attract the very attention you wanted to avoid?

11/14/18 4:14 pm

Targeted ransomware attacks – SophosLabs 2019 Threat Report

This year's SophosLabs Threat Report is out. We talk targeted ransomware attacks, and in particular, SamSam.

11/14/18 6:01 am

HTTP/3: Come for the speed, stay for the security

Key personnel at the Internet Engineering Task Force (IETF) have suggested basing the next version of a core web protocol on Google technology.

11/14/18 4:52 am

Support wouldn’t change his password, so he mailed them a bomb

The Cryptopay customer asked customer services for a new password. They refused, given that it was against the company privacy policy.

11/14/18 3:16 am

Microsoft update breaks Calendar and Mail on Windows 10 phones

Still reeling from last week's Windows 10 Pro debacle, Microsoft dropped a fresh pile of “Oops!” onto Windows 10 Mobile users.

11/14/18 2:57 am

Krebs on Security

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks -- including a deadly incident in Kansas last year -- now faces 20 or more years in prison.

11/14/18 12:27 pm

Patch Tuesday, November 2018 Edition

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe's also got security patches available for Flash, Acrobat and Adobe Reader users. 

11/14/18 5:25 am

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.

11/13/18 8:26 am

Bug Bounty Hunter Ran ISP Doxing Service

A Connecticut man who's earned "bug bounty" rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers' personal data, KrebsOnSecurity has learned.

11/09/18 12:52 pm

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

A year ago, KrebsOnSecurity warned that "Informed Delivery," a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S. Secret Service issued an internal alert warning that many of its field offices have reported crooks are indeed using Informed Delivery to commit various identity theft and credit card fraud schemes.

11/07/18 11:28 pm

Security Magazine

More intelligent viewing, from Bosch

The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.

10/01/17 11:17 am

Over the Horizon: Emerging Security Threats and Risks to the Enterprise

We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.

10/01/17 4:11 am

Protecting History: A Culture of Security at the Art Institute of Chicago

The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.

10/01/17 4:11 am

Preserving & Securing: Keeping Security Discreet at the Darwin Martin House

Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.

10/01/17 4:09 am

University Campuses Take Center Stage

Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.

10/01/17 4:08 am


Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.

11/14/18 2:39 pm

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.

11/14/18 2:31 pm

Siemens Patches Firewall Flaw That Put Operations at Risk

The industrial company on Tuesday released mitigations for eight vulnerabilities overall.

11/14/18 9:40 am

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

11/13/18 2:10 pm

Google’s G Suite, Search and Analytics Taken Down in Hijacking

Google cloud business customers were impacted by a Border Gateway Protocol hijacking.

11/13/18 9:44 am


Packet Storm

It's Amateur Hour In The World Of Spyware And Victims Will Pay The Price

11/14/18 7:25 am

Falcon 9 Backlog Delays Canada's $1B Surveillance Project

11/14/18 7:25 am

US Asks London Court To Hand Over Two Alleged Hackers

11/14/18 7:25 am

Want To Hack An ATM For Free Cash? It's As Easy As Windows XP

11/14/18 7:25 am

Atlassian Jira Authenticated Upload Code Execution

This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin Manager(UPM). The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request against the UPM component. The check command will test the validity of user supplied credentials and test for access to the plugin manager.

11/13/18 6:17 pm