News
News
- June 29, 2016
29 Jun'16
Google Project Zero exposes more critical Symantec vulnerabilities
A raft of new Symantec and Norton antivirus vulnerabilities exposed by Google Project Zero are 'as bad as it gets,' according to Tavis Ormandy: RCE, no user interaction and wormable.
- June 27, 2016
27 Jun'16
Intel reportedly considering selling its security business
New reports suggest Intel may be looking into selling off its security business, and experts are unclear whether it means Intel's McAfee acquisition has gone sour.
- June 27, 2016
27 Jun'16
NASCAR race team hit with ransomware attack
Hit by a ransomware attack, a NASCAR race team paid to restore data worth millions, then called on Malwarebytes to secure their systems -- and Malwarebytes joined up as a sponsor.
-
- June 24, 2016
24 Jun'16
Cyber attribution relies on human intelligence, not technical info
Experts said human intelligence was the key to the cyber attribution effort for the Democratic National Committee attack, which confirmed Russian agents were to blame.
- June 24, 2016
24 Jun'16
FBI surveillance access with National Security Letter unchanged, for now
U.S. Senate fails to pass National Security Letter regulation to enhance warrantless FBI surveillance access to metadata, including email headers and browser history.
-
Sponsored News
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
Why Zero Trust, Why Now
Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
-
5 Best Practices To Secure Remote Workers
Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
-
- June 22, 2016
22 Jun'16
Activists, DOJ spar over Rule 41 changes to enhance FBI searches
EFF and privacy activists oppose Rule 41 changes, while the Department of Justice claims the changes do not alter 'traditional protections' under the Fourth Amendment.
- June 21, 2016
21 Jun'16
Acer's e-commerce website hit by a customer data breach
Computer maker Acer was hit by a customer data breach of its e-commerce website, leaving approximately 34,500 customers' contact and payment information exposed for about a year.
- June 20, 2016
20 Jun'16
CIA chief denies encryption backdoor effect on U.S. business
The director of the CIA denied that a government-mandated encryption backdoor would have an effect on U.S. business, but experts said the statement ignores the global market.
- June 17, 2016
17 Jun'16
DNC hack raises questions about cyber attribution methods
The hack of the Democratic National Committee has called into question methods for cyber attribution after the alleged attacker comes forward.
- June 17, 2016
17 Jun'16
FBI facial recognition systems draw criticism over privacy, accuracy
GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources.
-
- June 17, 2016
17 Jun'16
What Symantec's acquisition of Blue Coat says about the CASB market
Symantec's $4.65 billion acquisition of Blue Coat Systems could lead to a dramatic shift at the antivirus vendor, but what does the deal mean for the cloud access security broker space?
- June 16, 2016
16 Jun'16
Russian hacker arrests linked to ransomware and exploit kit shutdowns
The Lurk group hacker arrests in Russia came at the same time as the shutdown of a major exploit kit, ransomware family and botnet, but no one is sure if it is coincidence or causation.
- June 15, 2016
15 Jun'16
SAP vulnerability, reported in 2010, finally patched
SAP vulnerability patched, finally: The Java flaw was originally patched in 2010 but became the subject of an unprecedented US-CERT alert in May.
- June 15, 2016
15 Jun'16
Ransomware worm raises concerns for enterprise security
In this Risk & Repeat podcast, SearchSecurity editors break down the discovery of the ZCryptor ransomware worm and what it means for future ransomware threats.
- June 14, 2016
14 Jun'16
Adobe Flash zero-day overshadows June 2016 Microsoft Patch Tuesday
Microsoft's June 2016 Patch Tuesday release is not the most important of the day according to experts, instead another Adobe Flash zero-day vulnerability gets the spotlight.
- June 14, 2016
14 Jun'16
Ransomware attack, education highlight 2016 Information Security Summit
User education, ransomware attacks and cyberliability insurance are among the hot topics for infosec attendees at the annual 2016 Information Security Summit.
- June 13, 2016
13 Jun'16
Symantec acquisition of Blue Coat shakes up security industry
Symantec agreed to acquire Blue Coat Systems for $4.65 billion, with Blue Coat CEO Greg Clark taking over as new CEO of the combined company.
- June 10, 2016
10 Jun'16
Mozilla Secure Open Source Fund to aid developers with audits
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- June 10, 2016
10 Jun'16
Ransomware attack hits UCalgary as CryptXXX devs up their game
As the University of Calgary contends with a ransomware attack, the actors behind CryptXXX are rolling out patches and upgrades and attackers are shifting from Angler to Neutrino EK.
- June 09, 2016
09 Jun'16
TeamViewer hacks have everyone placing blame
A rash of TeamViewer hacks has led to confusion concerning what the issues are and who is responsible for user security in this case.
- June 09, 2016
09 Jun'16
Petraeus slams encryption backdoors, supports Apple
Speaking at the Cloud Identity Summit, Gen. David H. Petraeus blasted the FBI's recent efforts to compel Apple to break the company's own encryption protection.
- June 08, 2016
08 Jun'16
SWIFT banking system boosts security following cyberattacks
Following a number of attacks on the SWIFT banking system that led to the theft of millions of dollars, SWIFT promised new rules to improve security for bank transfers.
- June 07, 2016
07 Jun'16
Angler exploit kit skips Microsoft EMET to subvert Flash, Silverlight
FireEye researchers spotted the Angler exploit kit bypassing the current Microsoft EMET version 5.5 security tool running on Windows 7 to subvert Flash and Silverlight.
- June 03, 2016
03 Jun'16
SandJacking attack enables installation of rogue apps on iOS devices
Roundup: The new SandJacking attack technique allows attackers with physical access to iOS devices to install rogue apps. Plus, more on medical software security and Privacy Shield obstacles.
- June 02, 2016
02 Jun'16
Crypto-confusion: The search for the real bitcoin creator continues
In this Risk & Repeat podcast, SearchSecurity editors discuss Craig Wright's failed effort to prove he is bitcoin creator Satoshi Nakamoto and what that means for cryptocurrency.
- June 02, 2016
02 Jun'16
Lack of bug bounty programs won't deter cyber extortion attacks
IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.
- June 01, 2016
01 Jun'16
Microsoft warns of rare ransomware worm
Microsoft warned users of a rare ransomware worm affecting older versions of Windows, but experts are wary of the recommended mitigation technique.
- May 27, 2016
27 May'16
House Reps tackle Rule 41 to limit government hacking
US Reps. Poe and Conyers join Sen. Wyden's fight against changes to Rule 41 that would remove limits on government hacking, introduce companion bill to quash changes.
- May 27, 2016
27 May'16
'Ingenious' attack mixes memory deduplication with Rowhammer
Researchers demonstrated an exploit that combines rare attacks on memory deduplication and Rowhammer in order to allow an adversary access to read or write system memory.
- May 27, 2016
27 May'16
RSA: Cloud visibility, analytics crucial to enterprises
RSA's Rashmi Knowles spoke with SearchCloudSecurity about enterprises struggling with security visibility, and how analytics and data science can help.
- May 26, 2016
26 May'16
Retiring obsolete SHA-1 and RC4 cryptographic algorithms, SSLv3 protocol
Microsoft speeds deprecation of SHA-1, Google dropping support for RC4, SSLv3, as web software publishers approach end of life for obsolete cryptographic algorithms and protocols.
- May 26, 2016
26 May'16
New spec aims to improve DNS privacy with TLS
In order to stop metadata snooping by law enforcement and hackers, a proposed spec aims to improve DNS privacy with TLS.
- May 24, 2016
24 May'16
Lieu, Hurd school House colleagues on cyberhygiene, defense
Former computer science majors Lieu and Hurd wrote to their U.S. House of Representatives colleagues, urging improved awareness of cyber risks and cyberhygiene.
- May 24, 2016
24 May'16
Paul Vixie on IPv6 NAT, IPv6 security and Internet of Things
Internet pioneer Paul Vixie spoke with SearchSecurity about IPv6 NAT, IPv6 and the Internet of Things, and the long, thankless path to deploying IPv6.
- May 24, 2016
24 May'16
Sorry Mr. Snowden -- encryption isn't the only path to security
Encryption shouldn't be used to protect people from themselves, especially if it gets in the way of innovation.
- May 24, 2016
24 May'16
Android N security updates leave unanswered questions
Google unveiled the next version of its mobile OS, and Android N security will be improved in a few ways, although Google still can't fix OS updates.
- May 20, 2016
20 May'16
Senate bill would quash unlimited Rule 41 government hacks
Rule 41 changes face bipartisan opposition in Senate with the Wyden-Paul bill to rein in the expansion of authority to let the government hack unlimited numbers of devices with a single warrant.
- May 19, 2016
19 May'16
ImageMagick calls into question responsible disclosure reporting
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- May 19, 2016
19 May'16
TeslaCrypt master key release confounds experts
In a move that surprised and confused experts, the TeslaCrypt master key was released, effectively killing the ransomware.
- May 18, 2016
18 May'16
Android clickjacking attack research updated but questions remain
New research claims more than 95% of Android devices are vulnerable to clickjacking attacks, but the true danger may not be that severe.
- May 18, 2016
18 May'16
Paul Vixie on the glibc bug, Internet crime and more
Internet pioneer Paul Vixie spoke with SearchSecurity about Internet crime, the glibc bug and other pervasive vulnerabilities that may never be eradicated.
- May 17, 2016
17 May'16
Google Project Zero discloses dangerous Symantec vulnerability
Google Project Zero disclosed a Symantec vulnerability that can be exploited with zero interaction and was described being as bad as it can possibly get.
- May 13, 2016
13 May'16
EMM software on every device? MobileIron makes the case
MobileIron's enterprise mobile management software wasn't installed on the iPhone of San Bernardino shooter Syed Rizwan Farook. Was that the right move?
- May 13, 2016
13 May'16
FBI asked for responsible disclosure of Tor vulnerability
A court filing is asking the FBI for responsible disclosure of the Tor vulnerability used to exploit the Tor browser and de-anonymize users during a criminal investigation.
- May 13, 2016
13 May'16
Google insider data breach exposed employee personal info
Roundup: Google experiences an insider data breach, but the data leakage is cleaned up by a conscientious benefits manager. Plus, the FDIC reports five 'major' incidents, and more.
- May 13, 2016
13 May'16
DHS warns on actively exploited SAP Java vulnerability
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- May 12, 2016
12 May'16
Senate asks President Obama for a cyber act-of-war definition
A new bill from the Senate asked President Obama for a cyber act-of-war definition in order to enable a proper response following a cyberattack.
- May 12, 2016
12 May'16
EU regulatory critics, Rule 41 pose threat to Privacy Shield
The new Privacy Shield framework for transatlantic data flows faces challenges from Article 29 Working Party criticism, as well as U.S. changes to Rule 41 for computer searches.
- May 11, 2016
11 May'16
Ransomware warning issued to Congress following attack
Representatives in Congress have received a ransomware warning following an increased number of attacks perpetrated via phishing schemes.
- May 10, 2016
10 May'16
May 2016 Patch Tuesday: IE zero-day patch tops the list
Microsoft's May 2016 Patch Tuesday takes aim at an IE zero-day vulnerability, which experts say is the top priority, as well as a couple server-side flaws to keep an eye on.
- May 10, 2016
10 May'16
U.S. intelligence agencies cut off from Twitter firehose
Twitter ordered its business partner Dataminr to cut off the Twitter firehose feed access for U.S. intelligence agencies, but experts expect the NSA won't miss much.
- May 06, 2016
06 May'16
Commercial code riddled with open source vulnerabilities
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- May 05, 2016
05 May'16
DARPA to build a cyber attribution system to ID criminals
DARPA has decided to take on one of the most difficult tasks in cybersecurity -- building a cyber attribution system to be able to identify attackers and maybe prevent attacks.
- May 03, 2016
03 May'16
Craig Wright fails, again, to prove he's the bitcoin creator
Craig Wright's second attempt to prove he's the bitcoin creator, Satoshi Nakamoto, was debunked after fooling the mainstream press, but his motives are still a mystery.
- April 29, 2016
29 Apr'16
Apple/FBI battle continues over iPhone vulnerabilities
More fallout from the Apple/FBI conflict: The second iPhone suit was dropped; the FBI can't provide details of a tool used to unlock the San Bernardino shooter's phone.
- April 28, 2016
28 Apr'16
PCI DSS 3.2 focuses on encryption and multifactor authentication
PCI DSS 3.2 marks the start of refining the payment data regulations, rather than minor changes, and includes requirements to strengthen encryption and multifactor authentication.
- April 26, 2016
26 Apr'16
Verizon DBIR 2016 shows we haven't learned how to improve security
The 2016 Verizon DBIR skimps on data breach analysis and instead focuses on common issues, such as phishing, vulnerability management and access controls, which are still befuddling IT pros.
- April 26, 2016
26 Apr'16
Simple, yet undetectable Windows AppLocker bypass discovered
A Windows command-line utility dating back to XP, Regsvr32, reportedly enables a simple and virtually undetectable Windows AppLocker whitelist bypass.
- April 22, 2016
22 Apr'16
'Going dark' battle moves to Congressional encryption hearing
Experts face off in Congress over 'going dark' encryption debate, stake out positions on security, privacy and government access; polls show support for strong encryption.
- April 21, 2016
21 Apr'16
Oracle patches now more critically rated with CVSS 3.0
Oracle patches 136 security flaws in various products and a number of vulnerabilities were rated more critical because of a switch to CVSS 3.0.
- April 21, 2016
21 Apr'16
JBoss vulnerability highlights dangers of unpatched systems
Up to 3.2 million servers with unpatched JBoss vulnerability from 2010 are open to spread ransomware through networks; experts urge keeping up with software patches to stay safe.
- April 21, 2016
21 Apr'16
Google's second Android Security Report is a mixed bag
The second annual Android Security Report details a number of ways Google has been working to improve security on its mobile platform but also highlights persistent problems.
- April 19, 2016
19 Apr'16
Apple won't patch zero days so uninstall QuickTime now
DHS says users need to uninstall QuickTime for Windows immediately as Apple quietly sends the software to its end of life following the disclosure of two zero-day flaws.
- April 15, 2016
15 Apr'16
Microsoft fights to notify users of FBI surveillance
Microsoft has sued the Department of Justice in an effort to be allowed to notify users of FBI surveillance requests; expert worried about continuous surveillance.
- April 15, 2016
15 Apr'16
Burr-Feinstein draft bill fuels encryption debate
The encryption debate continues with release of the official draft of Burr-Feinstein 'Compliance with Court Orders Act of 2016' mandating court order compliance.
- April 14, 2016
14 Apr'16
Badlock vulnerability proves a bust for responsible disclosure
The much-hyped Badlock bug is still important to patch, but raised issues with celebrity vulnerability promotion and responsible disclosure of security vulnerabilities.
- April 12, 2016
12 Apr'16
April 2016 Patch Tuesday: Badlock isn't a priority
Microsoft's April 2016 Patch Tuesday includes a patch for Badlock, a vulnerability which experts call "overhyped," but the most important patches may need extra care to apply.
- April 12, 2016
12 Apr'16
WordPress SSL now free for hosted sites, thanks to Let's Encrypt
Customers with hosted sites will now have WordPress SSL turned on for free by default, thanks to Let's Encrypt certificates, potentially making a large number of websites more secure.
- April 08, 2016
08 Apr'16
Encrypted messaging for all, as WhatsApp encryption announced
WhatsApp encryption was turned on for all types of messaging, including group chats, which advanced the conversation on 'going dark,' as new encryption legislation draft goes public.
- April 08, 2016
08 Apr'16
Vulnerability branding becomes another marketing tool
Vulnerability branding was once a practice that elevated understanding of flaws and potentially led to better remediation, but now serves as little more than marketing for security researchers.
- April 07, 2016
07 Apr'16
OSVDB shutdown leaves questions for vulnerability databases
OSVDB shutdown, blamed on lack of community support and engagement, raises questions about whether open source vulnerability databases can work and how they can be improved.
- April 05, 2016
05 Apr'16
Gmail BREACH attack gets much faster but still easy to stop
Security researchers updated BREACH attack that would allow a Facebook Messenger or Gmail breach to be performed much faster, but the overall risk is limited.
- April 01, 2016
01 Apr'16
Apple-FBI suit dropped, but crypto wars continue
Roundup: After the Apple-FBI suit, ACLU reports U.S. ramping up crypto wars with All Writs suits for at least 63 iOS, Android devices; Senator Wyden stands up for strong crypto.
- April 01, 2016
01 Apr'16
Can cybersecurity spending protect the U.S. government?
CNAP articulates the right things, as many U.S. government cyber initiatives do, but what has captured the attention of the Beltway is the billion-dollar budget proposals.
- April 01, 2016
01 Apr'16
What endpoint protection software is on your short list?
Roughly half of survey respondents indicated that their organization is shifting away from static scanning as the primary protection for endpoints.
- March 31, 2016
31 Mar'16
Ransomware vaccine promises protection, but experts are wary
A new ransomware vaccine promises to protect against infections by popular ransomware variants like Locky and TeslaCrypt, but experts are wary about implementation and security.
- March 31, 2016
31 Mar'16
Badlock flaw hits Samba, Windows and responsible disclosure
The serious Badlock vulnerability in Windows and Samba, announced three weeks prior to patches, triggers a debate over responsible disclosure of software flaws.
- March 29, 2016
29 Mar'16
Report: 1.5 million Verizon Enterprise customer records stolen
Krebs on Security reports 1.5 million customer contact records were swiped from Verizon Enterprise Solutions and offered for sale on Dark Web; customers are at risk for phishing attacks.
- March 29, 2016
29 Mar'16
DOJ finds successful iPhone crack; drops backdoor bid, for now
The DOJ found a successful iPhone crack to access the San Bernardino, Calif., terrorist's device and dropped the pending legal action against Apple, but only in that one case.
- March 25, 2016
25 Mar'16
Congress considers 'going dark' encryption legislation
Roundup: Sens. Dianne Feinstein and Richard Burr seek support for an encryption legislation draft, as U.S. politicians consider their options to address the 'going dark' problem.
- March 25, 2016
25 Mar'16
Outbreak of ransomware attacks hit hospitals, enterprises
A series of ransomware attacks have been reported at hospitals in the U.S. and Canada, leading to experts recommending automated backup for enterprises.
- March 24, 2016
24 Mar'16
FBI iPhone backdoor case on hold, as potential hack surfaces
The FBI iPhone backdoor case was put on hold temporarily, as reports surfaced of a possible hack that would allow FBI access without the help of Apple.
- March 21, 2016
21 Mar'16
Stagefright exploit created with reliable ASLR bypass
Researchers have developed a Stagefright exploit, which could mean hundreds of millions of Android devices are at risk, despite mitigations and an available patch.
- March 18, 2016
18 Mar'16
Apple court filing challenges iPhone backdoor as rhetoric heats up
The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional.
- March 18, 2016
18 Mar'16
Google boosts HTTPS, Certificate Transparency to encrypt Web
Roundup: Google pushes efforts on HTTPS, Certificate Transparency and more to safeguard the Web with encryption, while other tech firms are eyeing more, stronger encryption.
- March 18, 2016
18 Mar'16
Automated penetration testing prototype uses machine learning
A team created a prototype machine learning vulnerability scanner that can think like a human in order to perform automated penetration testing.
- March 16, 2016
16 Mar'16
Phishing campaign takes ransomware attacks to a global scale
Research has uncovered ransomware attacks that begin with a sophisticated phishing campaign hitting users around the globe.
- March 16, 2016
16 Mar'16
Java vulnerability report strains responsible disclosure
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- March 11, 2016
11 Mar'16
DROWN attack: TLS under fire again
News roundup: DROWN attack affects millions of servers with an SSLv2 vulnerability; the Home Depot breach lawsuit settlement is pending; and Chinese smartphone-maker ZTE is sanctioned.
- March 09, 2016
09 Mar'16
Crowdsourced vulnerability patching could save us all
Patching systems can be time-consuming and troublesome, so one expert suggests crowdsourced vulnerability patching to make the process faster and easier.
- March 08, 2016
08 Mar'16
March 2016 Patch Tuesday highlights Windows 10 security
Microsoft's March 2016 Patch Tuesday release has put Windows 10 security on display for good and bad, experts say.
- March 04, 2016
04 Mar'16
AI may soon find and patch a software bug automatically
The cybersecurity industry is getting closer to artificial intelligence that can find and patch software bugs automatically, but that same tech could lead to autonomous hacking.
- March 04, 2016
04 Mar'16
McCaul pitches encryption commission to solve 'going dark' problem
Rep. Michael McCaul makes the case for encryption commission legislation as an answer to the 'going dark' problem in the face of global cyberthreats.
- March 03, 2016
03 Mar'16
Military-grade security focuses on isolation and action
Presenters at the RSA Conference 2016 said military-grade security for enterprise networks is possible by taking a zero-tolerance policy to network traffic.
- March 03, 2016
03 Mar'16
Cybersecurity checklist a strategy tool for increasing attack costs
The U.S. Cyber Consequences Unit rolled out a new version of its cybersecurity checklist, which it claims will help reduce attacks by increasing the costs of those attacks.
- March 03, 2016
03 Mar'16
Admiral Rogers, chief of U.S. Cyber Command, seeks cooperation
Private sector cooperation with the government is key to successful protection against cyberthreats, says U.S. Cyber Command chief Michael Rogers in an address to RSA Conference 2016.
- March 03, 2016
03 Mar'16
DOD announces 'Hack the Pentagon' bug bounty program
Defense Secretary Ashton Carter announces the 'Hack the Pentagon' bug bounty program and new Defense Innovation Advisory Board to be headed by Eric Schmidt.
- March 03, 2016
03 Mar'16
Government encryption backdoor debate is more nuanced at RSAC
RSAC panelists had a spirited and nuanced debate about government encryption backdoors, and the topic is more difficult to parse than expected.
- March 02, 2016
02 Mar'16
Cybercrime trends point to growing sophistication
Sophos' James Lyne warns that cybercriminals are becoming more effective, thanks to document-based malware and advanced social engineering techniques.
- March 02, 2016
02 Mar'16
Bruce Schneier on IBM grabbing him up with Resilient Systems
Bruce Schneier chats with SearchSecurity during lunch at RSAC about IBM's plans to acquire Resilient Systems to complete their security offering.