Flashback botnet not shrinking, huge numbers of Macs still infected
Contrary to reports by several security companies, the Flashback botnet is not shrinking, the Russian antivirus firm that first reported the massive infection three weeks ago claimed today. read more more…Encrypted Messaging Service Hack Exposes Phone Numbers
Many people opt for encrypted messaging services because they like the additional layers of privacy they offer. They allow users to message their closest friends, family, and business partners without worrying about a stranger digitally eavesdropping on their conversation. The same people who message over encrypted services and apps are likely also diligent with securing […] more…Ransomware by the numbers: Reassessing the threat’s global impact
Kaspersky has been following the ransomware landscape for years. In the past, we’ve published yearly reports on the subject: PC ransomware in 2014-2016, Ransomware in 2016-2017, and Ransomware and malicious crypto miners in 2016-2018. In fact, in 2019, we chose ransomware as the story of the year, upon noticing the well-known threat was shifting its […] more…Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the […] more…Ransomware: The Digital Plague that Still Persists
Ransomware began its reign of cyber terror in 1989 and remains a serious and dangerous threat today. In layman’s terms, ransomware is malware that employs encryption to lock users out of their devices or block access to critical data or files. A sum of money, or ransom, is then demanded in return for access to […] more…Oktoberfest – The Munich Beer Festival in Numbers
Situated on massive grounds of 34.5 hectares nothing the Oktoberfest does…is small. From 2018 data it’s recorded that over 13,000 people were employed at the event over the two weeks via carnival attractions, stall holders and food and drink services (including the 14 massive beer tents) and that an estimated 6.3 million visitors came to […] more…IE Scripting Flaw Still a Threat to Unpatched Systems: Analyzing CVE-2018-8653
Microsoft recently patched a critical flaw in Internet Explorer’s scripting engine that could lead to remote code execution. The vulnerability is being exploited in the wild and was originally reported by a researcher from Google’s Threat Analysis Group. Microsoft released an out-of-band patch to fix the vulnerability before the normal patch cycle. McAfee products received […] more…Shop till You’re Hacked? 3 Tips to Stay Secure this Holiday Season
With just days until Black Friday, the unofficial kick off to the holiday shopping season is quickly approaching. In anticipation of the busiest time of year for e-commerce, this year we conducted a survey, Stressed Holiday Online Shopping, to understand how financial pressure can impact buyer behavior when it comes to online purchasing and cybersecurity. […] more…Drupal Refutes Reports of 115,000 Sites Still Affected by Drupalgeddon2
The Drupal Security Team has refuted reports that at least 115,000 websites are still vulnerable to Drupalgeddon2 attacks, arguing that the methodology used by the researcher who announced that number is flawed. read more more…Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff
Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, […] more…One Year Later, Hackers Still Target Apache Struts Flaw
One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March […] more…Why do the Vast Majority of Applications Still Not Undergo Security Testing?
Did you know that 84% of all cyber attacks target applications, not networks? What’s even more curious is that 80% of Internet of Things (IoT) applications aren’t even tested for security vulnerabilities. It is 2018, and despite all the evidence around us, we haven’t fully accepted the problem at hand when it comes to software […] more…Resolved: Penn Stater Hub site Uninterruptible Power Supply (UPS) Replacement Change Number CHG0045464
PSUIT – ENCS/TNS will be replacing the Uninterruptible Power Supply (UPS) system that serves the Penn Stater HUB site on Tuesday, December 19th, 2017, starting at 5AM with work expected to be completed by 2PM. In order to perform this work, all equipment at the Penn Stater HUB site will only be supplied by EMERGENCY […] more…Equifax: Rethinking Social Security Numbers as Identifiers, Part I
Revelations about compromised social security numbers at Equifax remind us that the United States needs to modernize the national identification standard for its citizens. In 2017, it is unrealistic for a social security number (SSN) to be shared and distributed to many parties and stay confidential for the better part of a century. This is […] more…False positives still cause threat alert fatigue
It is commonly referred to as information overload. An infosec professional throws out a wide net in hopes of stopping malware before it gets too deep into the network, but like a motion-sensor light, sometimes the alert catches a squirrel instead of a burglar. Rob Kerr, chief technology officer at Haystax Technology, cited the 2013 […] more…Firewalls: Still Your First Line of Defense
The term “firewall” has been used since early computing days to describe a kind of electronic bouncer that keeps threats from entering your network. But it would be a mistake to think that this fundamental network security measure is now old school. With the recent boom in internet-connected devices firewalls are more important than ever. […] more…More information
- Safeguard your online Persona with Mozilla ID system
- Purple Teaming Security Management Firm PlexTrac Raises $70 Million
- US Homeland Security must disclose ‘internet kill switch’, court rules
- Resolved: University Enterprise Network Blue1 Router
- Security researcher finds the DDoS mastermind who took down the internet last fall
- A New Firefox Feature Will Help You Keep Your Passwords Safe
- Facebook Claims it’s a "Bug"
- Insurer hit with fine after unencrypted NAS stolen
- Kiwis unplug supercomputer after intrusion
- GPS Weakness Could Enable Mass Smartphone Hacking