75-byte character assassination reveals Apple was so close yet so far
Analysis Miscreants can crash and reboot iPhones from afar by sending them specially crafted texts, thanks to a vulnerability in iOS.
1 day ago Attack Of The Angry Support StaffForbes View Synopsis+1
I've had occasion over the last year to write about digital supply chain security more than a few times (1,Â 2, 3). There are the aspects of outsourcing helpdesk functions, code development, millions of interconnects with partners. There is no shortage to how wide the attack surface for your organization can [...]
1 day ago Mozilla abandons Firefox tracking protection initiative: Is privacy protection impossible?ZDNet View Synopsis+1
A hidden feature in the open-source Firefox browser can cut load times for modern web pages nearly in half. So why isn't this feature easy to find and enable? Blame the well-funded online advertising industry.
The IRS and 100,000 unlucky taxpayers are victims of the latest data breach in an endless string of cyber exploits that have turned into the online world's version of Groundhog Day. The attackers, identity thieves and fraudsters seeking to file false tax returns, target a place with perhaps the country's [...]
US plans to control exports of hacker tools causes a furore amongst security researchers, who fear for the future of their profession. Even engineers and execs from Facebook, Google and Yahoo have given their backing and voiced their dissent at the proposals.
12 hours ago IRS attack may have originated in RussiaSC Magazine View Synopsis+1
An IRS breach may have been instigated by attackers in Russia, a U.S. Congressman said.
Global revenues for the security software market grew more than five percent in 2014 to a total of $21.4 billion, according to industry analyst firm Gartner.
12 hours ago IRS Authentication Method CriticizedInfoRiskToday View Synopsis+1
The method the Internal Revenue Service used to authenticate users, which failed to keep sophisticated hackers from breaching a taxpayer-facing system, has been widely criticized by cybersecurity experts.
8 hours ago Small businesses trashed in big malware campaignThe Register View Synopsis+1
'Grabit' malware isn't subtle or clever, but it's working
Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign.
8 hours ago BSides London 2015Forbes View Synopsis+1
Next week I have the distinct pleasure of heading over to London to attend a couple of security events. One of which is the community driven BSides London 2015 conference. This will be the third year that I'm attending this event and I still am tickled with the quality of [...]
7 hours ago Sourceforge and Trusted Software SourcesIT Toolbox Blogs View Synopsis+1
This week we got a healthy reminder of one of the drawbacks of open source software - anyone who wants to can compile and distribute it. More people distributing free software is a good thing right? It is - but not if they are packaging it with Malware to boot.
The company is working on a fix, but in the meantime, there are steps you can take to mitigate the problem.
31 minutes ago Sally Beauty says hackers used malware in data breachYahoo Security View Synopsis+1
Sally Beauty Holdings, as part of an ongoing investigation into a data breach, said that malware was deployed against some of its point-of-sale systems, or cash registers, over a six-week period beginning ...
23 hours ago MOOC on CybersecuritySchneier blog View Synopsis+1
The University of Adelaide is offering a new MOOC on "Cyberwar, Surveillance and Security." Here's a teaser video. I was interviewed for the class, and make a brief appearance in the teaser.
22 hours ago Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers SayDark Reading View Synopsis+1
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
16 hours ago Inside a Giant Dark Web Coupon Counterfeiting SchemeWIRED View Synopsis+1
On Thursday, the FBI indicted 30-year old Beau Wattigney on charges of wire fraud and trademark counterfeiting for enabling a gargantuan series of petty thefts as the dark web kingpin ThePurpleLotus.
The post Inside a Giant Dark Web Coupon Counterfeiting Scheme appeared first on WIRED.
28 minutes ago Belgium Probes Germany Spying ClaimsSecurityWeek View Synopsis+1
Belgium has launched an investigation into claims of widespread espionage by Germany, which is accused of helping the US spy on Berlin's closest allies in Europe, a minister said Friday.
What is the true cause of our changing world and what can be done about it?
1 hour ago Hola: A free VPN with a side of botnetZDNet View Synopsis+1
The free Hola package operates by reselling the bandwidth of millions of Hola users -- resulting in a millions-strong botnet for sale.
Wrong in 2006, 2010 and 2014, but it's now fine
Once a fierce opponent of data retention, Germany's back in slurping mode. The Federal Cabinet yesterday approved a new draft law that would force telcos to store call and email records for 10 weeks.
Professional beauty supplies retailer Sally Beauty has provided an update on its investigation into the recent breach of its payment card systems.
SEARCH-LAB, a Hungary-based security testing company that specializes in embedded systems, has identified more than 50 vulnerabilities in network-attached storage (NAS) and network video recorder (NVR) products from D-Link.
5 hours ago Death to Bullet PointsIT Toolbox Blogs View Synopsis+1
You want to communicate effectively. You want to be persuasive. Great! Don't use bullet points.Bullet points aren't the worst thing in the world. They are more effective than paragraph prose. If you make your audience read a full paragraph to know what you want, then you deserve what you get (nothing). BUT! Any more, bullet point lists
A simple but TOXic attack emerges from the onion
Threat Research head Jim Walter says a virus writer has created a ransomware-as-a-service offering which allows luddite criminals to fleece users.
Large size PST file can result in corruption, so to avoid corruption it is necessary to compact the PST file. Such compaction can be done through various methods as described in post.
Look out LastPass: Devs can shunt creds into OS vault
Google I/O Android users will be able to store passwords in Google's native Smart Lock manager, in a security boon for the masses.