Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-10-01 15:00:14 |
For Cybersecurity and Domestic Violence Awareness months, we pledge to fight stalkerware (lien direct) |
Starting today, two hallmark holidays are upon us. No, it's not Halloween and Thanksgiving. It's both Cybersecurity Awareness Month and Domestic Violence Awareness Month. It's no coincidence these two awareness campaigns overlap. What were once seen as separate realities-the physical and the digital-are increasingly blurred as our offices, schools, and hospitals move from paper to...
Categories:
Stalkerware
Tags: Browser guardcyberstalkingdomestic violencedomestic violence awareness monthdomestic violence victimsmonitoring appsnational cyber security awareness monthnational cybersecurity awareness monthNCSAMprivacyspywarestalkersstalkerwaretracking apps
(Read more...)
|
|
|
|
|
2019-09-30 15:43:14 |
A week in security (September 23 – 29) (lien direct) |
A roundup of the security news from September 23–29 including Emotet, checkm8, securing webcams, insurance data, Nodersok, voting machines, iHandy, CCleaner, encryption and breaches.
Categories:
A week in security
Tags: ccleanercheckm8doordashemotetihandyinsurance datanodersokwebcams
(Read more...)
|
|
CCleaner
|
|
|
2019-09-27 16:48:42 |
New iOS exploit checkm8 allows permanent compromise of iPhones (lien direct) |
A new exploit for iOS enables attackers to gain permanent access to iPhones, iPads, Apple Watches, and more-with zero potential for patching. Learn why this is possibly the biggest security news for iOS since its inception.
Categories:
Mac
Tags: Appleapple securityapple vulnerabilitycheckm8exploitexploitsiOSiOS exploitvulnerability
(Read more...)
|
|
|
|
|
2019-09-25 22:44:47 |
Insurance data security laws skirt political turmoil (lien direct) |
Across the United States, a unique approach to lawmaking has seen radical success in making data security a little bit stronger for one industry-insurance providers.
Categories:
Privacy
Tags: AnthemCaliforniaCalifornia Consumer Privacy ActCCPAConnecticutData privacydata privacy lawdata privacy lawsdata privacy legislationdata securitydata security lawDelawareHealth Insurance Portability and AccessibilityHIPAAinsurance cybersecurityinsurance data securityinsurance data security model lawMaineMcCarran Ferguson ActMichiganMississippimodel lawNAICNational Association of Insurance CommissionersNew HampshireNew YorkNew York Department of Financial ServicesNYDFSOhioSouth CarolinaUS data privacy lawsUS data privacy legislation
(Read more...)
|
|
|
|
|
2019-09-24 17:19:23 |
15,000 webcams vulnerable to attack: how to protect against webcam hacking (lien direct) |
We take a look at the ever-present threat of webcam hacking, and what you can do to avoid being caught out.
Categories:
Hacking
Tags: camcameradeviceshackershackinghubInternet of ThingsIoTIoT devicesmonitorsecurity by designvulnerabilitieswebcamwebcam hacks
(Read more...)
|
Threat
|
|
|
|
2019-09-23 18:40:44 |
Emotet malspam campaign uses Snowden\'s new book as lure (lien direct) |
|
Spam
|
|
|
|
2019-09-23 15:55:30 |
A week in security (September 16 -22) (lien direct) |
A roundup of the security news from September 16–22 including Emotet, student-targeted visa scams, data privacy laws, Malwarebytes' new Browser Guard, data destruction, and more.
Categories:
A week in security
Tags: amazonBrowser guarddata destructioneducation cybersecurityemotetGoogleGoogle ChromeInstagramphishingprivacy lawS3bucketsvisavisa scamyoutube
(Read more...)
|
|
|
|
|
2019-09-20 18:18:26 |
What role does data destruction play in cybersecurity? (lien direct) |
Organizations are keen to protect the personal data of their employees and customers from cyberattack. But what about the data they no longer need? We discuss why data destruction is just as important to cybersecurity as protection.
Categories:
Business
Tags: datadata breachdata destructionData privacydegaussinggdprNISToverwriteovewritingpersonal informationpersonally identifiable informationPII
(Read more...)
|
|
|
|
|
2019-09-19 18:27:51 |
Browser Guard combats privacy abuse, tracking, clickbait, and scammers (lien direct) |
The free Malwarebytes Browser Guard extension combats privacy abuse, user tracking, clickbait, unwanted advertisements, and tech support scammers while offering granular control and faster browsing.
Categories:
Malwarebytes news
Tags: ad blockingbrowserBrowser guardbrowser safetybrowser securitybrowserscontrolextensionfaster load timesMalwarebytesMalwarebytes Browser Guardpluginpluginsprivacytrackertrackers
(Read more...)
|
|
|
|
|
2019-09-19 15:54:43 |
CEOs offer their own view of a US data privacy law (lien direct) |
Should this proposed privacy law come into effect, if a company violates that law, you, your neighbor, and your family do not have the right to sue them.
Categories:
Privacy
Tags: BraveBrave browserBusiness RoundatbleCaliforniaCalifornia Consumer Privacy ActCenter for Democracy and Technologyconsumer privacyconsumer privacy lawData privacydata privacy lawdata privacy lawsdata privacy legislationEFFElectronic Frontier FoundationEUEuropean UnionfacebookFederal Trade CommissiongdprGeneral Data Protection RegulationMainemontanaNevadapay-for-privacyPurismSenator Ron WydenTechnetUS data privacy lawsUS data privacy legislationUS Federal Trade CommissionVermont
(Read more...)
|
|
|
|
|
2019-09-18 16:49:40 |
International students in UK targeted by visa scammers (lien direct) |
Visa scammers are at it again, this time targeting Chinese international students in the UK. Learn how these scams work in order to steer clear, and advise others to do the same.
Categories:
Scams
Tags: chinaChinese studentshome officehong kongmoney mulescamukUKVIuniversitiesuniversityvisawire fraud
(Read more...)
|
|
|
|
|
2019-09-16 17:04:53 |
Emotet is back: botnet springs back to life with new spam campaign (lien direct) |
After months of laying dormant, the notorious Emotet is back, with its botnet spewing spam globally.
Categories:
Botnets
Tags: botnetbotnetsdownloaderemotetinformation stealermalicious emailmalspamphishingRyuk ransomwarespamspear phishingtrickbot
(Read more...)
|
Spam
|
|
|
|
2019-09-16 15:35:21 |
A week in security (September 9 – 15) (lien direct) |
A roundup of the security news from September 9–15, including locking down AWS, mobile malware, phishing threats, and more.
Categories:
A week in security
Tags: a week in securityinfosecmalwareMobilephishingsocial networkweekly roundup
(Read more...)
|
|
|
|
|
2019-09-13 20:44:52 |
Hacking with AWS: incorporating leaky buckets into your OSINT workflow (lien direct) |
When penetration testing for an organization, what OSINT tactics can researchers employ? We discuss how hacking with AWS buckets can provide more recon data and uncover any leaks.
Categories:
Researcher's corner
Tags: amazonawsAWS bucketsdatahackingIntelintelligence gatheringopen source intelligenceOSINTpen-testingpenetration testingreconreconnaisancevulnerabilities
(Read more...)
|
|
|
|
|
2019-09-12 20:15:02 |
YouTube ordered to cough up $170M settlement over COPPA infraction (lien direct) |
Last week, the FTC announced its settlement with Google over YouTube's COPPA violations, including requirements for better protecting children's data. But is it enough?
Categories:
Privacy
(Read more...)
|
|
|
|
|
2019-09-12 15:00:00 |
(Déjà vu) Five years later, Heartbleed vulnerability still unpatched (lien direct) |
The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems.
Categories:
Malwarebytes news
Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL
(Read more...)
|
Vulnerability
|
|
|
|
2019-09-11 19:29:03 |
Vital infrastructure: emergency services (lien direct) |
We all depend on emergency services to come to the rescue in case of serious problems. How does malware hinder them?
Categories:
Vital infrastructure
Tags: ambulanceemergencyfire departmentinfrastructurepoliceservicesvital
(Read more...)
|
Malware
|
|
|
|
2019-09-10 16:41:04 |
300 shades of gray: a look into free mobile VPN apps (lien direct) |
Mobile VPN apps are one of the best tools for protecting user privacy. Unfortunately, a notable number of are deemed unsafe. Read on to find out how to assess the best mobile VPN for you.
Categories:
Privacy
Tags: AndroidanonymityApple App Storeblack mirrorCDTcentennialsCommonwealth Scientific and Industrial Research OrganizationCSIRODark WebDNS hijackingDNS leakemerging marketsencryptionfake avfreefree VPNGlobal Web IndexGlobalWebIndexGoogle Play StoreGuideline 5.4Hotspot ShieldHotspot Shield complaintInnet VPNiOSIPv6 leakKilpVipLuminatimalvertisingmillenialsmobile VPN appsmotivations for VPN usageMyMobileSecurenetflixonion browserprivacyQueen Mary University of Londonrisk-freeRob Mardisalu |
|
|
|
|
2019-09-09 16:01:03 |
A week in security (September 2 – 8) (lien direct) |
A roundup of the latest cybersecurity news for the week of September 2 – 8, including TrickBot's new trick, a social engineering toolkit, and how to keep remote workers safe.
Categories:
A week in security
Tags: back to schoolback to school cybersecurityCapital One data breachchinacyber insurancedeepfakedeepfake for voicesfacebookiphone compromisePaige Thompsonransomwareremote workersromance scamscammersSocial Engineeringspear phishingtargeted attackstrickbotUyghur Muslims
(Read more...)
|
|
|
|
|
2019-09-09 15:36:01 |
When corporate communications look like a phish (lien direct) |
Before organizations engage in gnashing of teeth over the "ignorant user" and the cost of training, think about how much email users encounter and whether corporate communications look like phishes themselves.
Categories:
Business
Tags: anti-phishingbecBusiness Email Compromisecorporate communicationsemail communicationsemailsphishingphishing trainingtraining and awareness program
(Read more...)
|
|
|
|
|
2019-09-04 14:06:02 |
5 simple steps to securing your remote employees (lien direct) |
Modern businesses require modern cybersecurity, and modern cybersecurity means more than just implementing the latest tech. It also means implementing good governance.
Categories:
Business
Tags: 2faapproved device listbring your own devicebyodencryptionFind my iPhoneFind my MobilegovernanceIDG Connectjailbreakman-in-the-middleman-in-the-middle attackmulti-factor authenticationpasscodepasswordpublic Wi-FiRBACremoteremote employeesremote wipingremote workforcerole-based access controlsingle sign-onssotwo-factor authenticationvpn
(Read more...)
|
|
|
|
|
2019-09-03 19:02:01 |
A week in security (August 26 – September 1) (lien direct) |
A roundup of the latest cybersecurity news for the week of August 26-September 1 including xHelper Trojan, Nextdoor app, clickjacking problem, investing cybersecurity, and iPhone malware
Categories:
A week in security
Tags: asruexblockchainclickjackingcoinminingemotetiPhonenextdoorretaduptrickbotvpnxHelper
(Read more...)
|
|
|
|
|
2019-09-03 15:26:00 |
TrickBot adds new trick to its arsenal: tampering with trusted texts (lien direct) |
TrickBot's latest feature allows it to tamper with the web sessions of users from Verizon, T-Mobile, and Sprint mobile carriers.
Categories:
Trojans
Tags: 2faaccount takeover fraudATOAuthyC&CDell Secureworksdynamic webinjectdyrezaemotetEternal RomanceEternalBlueEternalChampionGold BlackburnGoogle Authenticatorhasherezadepoint-of-saleport-out fraudPOSSIM hijackingSIM swappingSprintT-MobilethetricktrickbottrickloadertricksterTrojan.TrickBottwo-factor authenticationVerizon Wireless
(Read more...)
|
|
|
|
|
2019-09-03 15:15:03 |
New social engineering toolkit draws inspiration from previous web campaigns (lien direct) |
We discovered a web social engineering toolkit that allows crooks to create fake update notification campaigns on both desktop and mobile in up to 30 different languages.
Categories:
Social engineering
Social engineering
Tags: DomeneitestFakeUpdateshoeflertextNetSupportratSocGholishSocial Engineering
(Read more...)
|
|
|
|
|
2019-08-30 17:40:02 |
Unprecedented new iPhone malware discovered (lien direct) |
Google announced late last night that hacked websites have been used to drop iPhone malware on unsuspecting users over a two-year period. Thomas Reed investigates.
Categories:
Mac
Tags: AppleiOSios infectionios malwareiPhoneiphone malwaremacmalware infectiontridentzero dayzero-day vulnerability
(Read more...)
|
Malware
|
|
|
|
2019-08-30 16:16:00 |
Everything you need to know about the Heartbleed vulnerability (lien direct) |
The Heartbleed vulnerability was discovered and fixed in 2014, yet today-five years later-there are still unpatched systems.
Categories:
Exploits and vulnerabilities
Tags: cryptographyEKsexploit kitsexploitsheartbeat extensionheartbleedheartbleed vulnerabilityITIT teamsopen sourceOpenSSLSSLTSL
(Read more...)
|
Vulnerability
|
|
★★★
|
|
2019-08-28 17:31:00 |
Making the case: How to get the board to invest in higher education cybersecurity (lien direct) |
CISOs working in institutions of higher learning have their own considerations when communicating with the board about risk management. One of the top security officials at Boston College offers his takeaway on what it takes to get board buy-in on campus.
Categories:
Business
Tags: boston collegec-levelCIOCISOCISOsenterprisehigher educationhigher education cybersecurityhigher education securityinvestment in cybersecuritynon-profitzero trust security model
(Read more...)
|
|
|
|
|
2019-08-27 17:36:05 |
Study explores clickjacking problem across top Alexa-ranked websites (lien direct) |
We look at recent research exploring the threat of clickjacking, along with other solutions considered by site owners and analysts for protecting users against these online attacks.
Categories:
Web threats
Tags: advertisingalexaalexa-ranked websiteschromiumclickjackingclickjacking attacksclickjacking researchobserverrankingresearchstudyweb threatswebsites
(Read more...)
|
Threat
|
|
|
|
2019-08-27 16:35:03 |
Nextdoor neighborhood app sends letters on its users\' behalf (lien direct) |
Read more...)
|
|
|
|
|
2019-08-26 19:04:01 |
Mobile Menace Monday: Android Trojan raises xHelper (lien direct) |
Since its introduction in May 2019, the xHelper dropper, an Android Trojan, has climbed to our top 10 list of most detected mobile malware.
Categories:
Android
Tags: Androidandroid malwareAndroid/Trojan.Dropper.xHelpermobile malwaremobile menace mondayxHelper
(Read more...)
|
|
|
|
|
2019-08-26 15:38:03 |
A week in security (August 19 – 25) (lien direct) |
A roundup of the latest cybersecurity news for the week of August 19–25, including Magecart attacks on poker software, a new Bluetooth vulnerability, continuing ransomware attacks on US cities, Bitcoin sextortion, and a look back at one researcher's DEF CON experience.
Categories:
A week in security
Tags: AhMythAPTawisBitcoin sextortionBolik banking TrojancrypominingDEF CON 27facebookfacebook hoaxfortniteGooglehong kongInstagram hoaxKey Negotiation of BluetoothKNOB attackMagecartmisinformationNordVPNransomwarerecapSecurity Service of UkraineSodinokibispywareSyrk ransomwaretwitterValve Corporationweek in securityweekly blog roundupyoutubeYuzhnoukrainsk
(Read more...)
|
Ransomware
|
|
|
|
2019-08-23 15:00:05 |
Ransomware continues assault against cities and businesses (lien direct) |
We take a look at the current chaos faced by local governments across the US, as ransomware continues to snap at its cities' heels.
Categories:
Ransomware
Tags: attackbackupcritical infrastructureemotetFloridalocal government organisationlocked outlouisianaransomransomwarerobinhoodryukRyuk ransomwaresamsam ransomwaretexastrickbot
(Read more...)
|
Ransomware
|
|
|
|
2019-08-22 15:00:00 |
The lucrative business of Bitcoin sextortion scams (lien direct) |
Sextortion scams are back on the radar, and many say they're on the uptick. We investigate an email campaign to see how lucrative the business of sextortion can be.
Categories:
Scams
Tags: 163qcNngcPxk7njkBGU3GGtxdhi74ycqzk3HXdb3HAw1wVzU9b7ZSigvGaStd8KoZ3zJbitcoinBitcoin sextortionblackmailDigital ShadowsEFFElectronic Frontier Foundationscamssextortion emailsextortion scams
(Read more...)
|
|
|
|
|
2019-08-21 15:56:04 |
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks (lien direct) |
Researchers called it KNOB, a clever attack against the firmware of a Bluetooth chip that can allow hackers to successfully hijack paired devices and steal their sensitive data. Are users at risk?
Categories:
Awareness
Tags: AppleblackberrybluetoothCiscoCVE-2019-9506iOSKey Negotiation of BluetoothKNOB attackmacOSman-in-the-middle attackmicrosoftmitmret hatwatchoswindows
(Read more...)
|
Vulnerability
|
|
|
|
2019-08-20 16:42:02 |
DEF CON 27 retrospective: badge life redux (lien direct) |
Learn about one of our researcher's badge experiences at DEF CON 27.
Categories:
Researcher's corner
(Read more...)
|
|
|
|
|
2019-08-20 15:00:03 |
Magecart criminals caught stealing with their poker face on (lien direct) |
This blog post details the curious case of a web skimmer encountered in a poker application.
Categories:
Threat analysis
Tags: drupalJavaScriptMagecartmagentopokerskimmer
(Read more...)
|
|
|
|
|
2019-08-19 17:55:05 |
A week in security (August 12 – 18) (lien direct) |
A roundup of the most interesting cybersecurity news stories from August 12 to 18, including a deep dive into facial recognition technology, swatting dangers, social engineering attacks on cities, and more.
Categories:
A week in security
Tags: AndroidfacebookGooglepasswordphishphishingroundupweek in security
(Read more...)
|
|
|
|
|
2019-08-19 15:00:00 |
How much personalization is too much? (lien direct) |
Personalization is the new mantra of marketers-and most people are perfectly okay with that. But when does personalization cross the line into invasive? And what can uncomfortable consumers do about blocking it?
Categories:
Privacy
Tags: browser extensionsbrowser pluginsbrowser securitybrowsing trackingdata collectionpersonal informationpersonally identifiable informationprivacythe parallax
(Read more...)
|
|
|
|
|
2019-08-16 21:06:01 |
QxSearch hijacker fakes failed installs (lien direct) |
QxSearch is a group of search hijackers that try to make the user think the install failed or was incomplete. Is it that they don't want to be found and removed? Or just bad programming?
Categories:
PUPs
Tags: bigsrch.xyzChrome ExtensionQxsearchsearch hijackers
(Read more...)
|
|
|
|
|
2019-08-15 15:26:05 |
The Hidden Bee infection chain, part 1: the stegano pack (lien direct) |
The Hidden Bee cryptominer has a complex and multi-layered internal structure that is unusual among cybercrime toolkits. That's why we're dedicating a series of posts to exploring its elements and updates made during one year of its evolution.
Categories:
Threat analysis
Tags: cryptominerscustom codeexploit kitsexploitshidden beeinfection chaininfection vectormalware modulesminerminersobfuscationpayloadsUnderminerUnderminer EK
(Read more...)
|
|
|
|
|
2019-08-14 13:00:00 |
Trojans, ransomware dominate 2018–2019 education threat landscape (lien direct) |
Trojans such as Emotet and TrickBot were the top threat for the education sector in the 2018–2019 school year. What threats will the new school year bring?
Categories:
Trojans
Tags: cyberthreatseducation cybersecurityemotetransomwareryukRyuk ransomwaretrickbotTrojans
(Read more...)
|
Threat
Ransomware
|
|
|
|
2019-08-13 16:33:02 |
Data and device security for domestic abuse survivors (lien direct) |
Many domestic abuse survivors need help before stalkerware strikes. Here, we give basic advice on device security and protecting sensitive data.
Categories:
Privacy
Tags: 2faAndroidApp Storecloud storagedata securitydevice securitydomestic abusedomestic abuse survivordomestic violenceencryptionend-to-end encryptionGoogle PlayGoogle Play StoreiMessageiOSnational domestic violence hotlineNational Network to End Domestic Violencepasscodesecure messagingsecuritysignalspywarestalkerwaretwo-factor authenticationwhatsappwire
(Read more...)
|
|
|
|
|
2019-08-12 15:38:03 |
A week in security (August 5 – 11) (lien direct) |
The latest cybersecurity news for the week of August 5–11. We touch on problematic backdoors, the grim possibility of the Internet of Thoughts, and smart home improvement. We also released a retrospective report on ransomware.
Categories:
A week in security
Tags: a week in securityAPT28awisbackdoorsbitcoinbmibrain-machine interfacechrome incognitoCTNT reportdslr flawfacebookFancy BearIBM X-Force Incident Response and Intelligence ServicesIRISMark Zuckerbergmessenger kidsphishingprotonmailransomwarerobocallrobocall scamsextortionsmart homessteamStrontiumweekly blog roundup
(Read more...)
|
|
APT 28
|
|
|
2019-08-12 15:00:00 |
Facial recognition technology: force for good or privacy threat? (lien direct) |
It seems facial recognition technology, as technology so often does, has raced far ahead of our ability to define its ethical use. We take a hard look at major concerns brewing in cities around the world.
Categories:
Privacy
Tags: amazonbrooklyncctvchinafacial recognitionhong kongInternet of ThingsIoTLFRmicrosoftorlandosan franciscosurveillancewareukunited statesus
(Read more...)
|
|
|
|
|
2019-08-09 16:10:02 |
Backdoors are a security vulnerability (lien direct) |
Upset by their inability to access potentially vital evidence for criminal investigations, the federal government has, for years, pushed to convince tech companies to build backdoors that will, allegedly, only be used by law enforcement agencies. The problem, cybersecurity researchers say, is that those backdoors can easily be exploited by criminals.
Categories:
Privacy
Tags: AppleAttorney GeneralbackdoorClipper ChipDepartment of Justiceencryptionfbigolden keyGoogleiMessageiOS 8iPhonelawful interceptluggageNational Security AgencyNSAsignalTransportation Security AdministrationTSAwhatsappWilliam Barr
(Read more...)
|
Vulnerability
|
|
|
|
2019-08-08 14:00:00 |
Labs quarterly report finds ransomware\'s gone rampant against businesses (lien direct) |
Read more...)
|
Threat
Ransomware
|
|
|
|
2019-08-07 15:00:00 |
8 ways to improve security on smart home devices (lien direct) |
Smart home devices aren't the most secure, but they do make life more convenient. How can those who've embraced smart home tech stay as secure as possible? Here are eight ways.
Categories:
IoT
Tags: 2faalexaGoogle HomeInternet of ThingsIoTprivacysecure passwordssmart devicesmart devicessmart home assistant
(Read more...)
|
|
|
|
|
2019-08-05 15:44:03 |
A week in security (July 29 – August 4) (lien direct) |
A roundup of security news from July 29 - August 4 including Capital One breach, Lord Exploit Kit, more Magecart skimming, ATM attacks, QR code scams, and Equifax payout.
Categories:
Malwarebytes news
Tags: android qatm attacksboard of directorsCapital OneEquifaxEquifax breachexploit kitexploit kitsgermanwipergovernment cybersecurityLord exploit kitMagecartMageCart attacks
(Read more...)
|
|
Equifax
|
|
|
2019-08-05 15:00:00 |
How brain-machine interface (BMI) technology could create an Internet of Thoughts (lien direct) |
Several companies are developing brain-machine interface (BMI) technologies for medical applications in the near future. Will this lead to connecting the human brain to the cloud, creating an Internet of Thoughts? Or will practical, ethical, and security concerns stop progress.
Categories:
Artificial Intelligence
Tags: AIb/cibmibrainbrain-machine interfacechipsexoskeletonhuman brain/cloud interfaceIBMIntelinternet of thoughtsneural networksneuralnanoroboticsNeurolinkneuromorphic designneuromorphic engineeringneuroscienceSamsung
(Read more...)
|
Guideline
|
|
|
|
2019-08-02 18:15:02 |
Say hello to Lord Exploit Kit (lien direct) |
In this blog, we take a look at a new exploit kit distributed via malvertising that calls itself Lord EK.
Categories:
Exploits
Threat analysis
Tags: EKerisexploit kitLord EKmalvertisingnjRATransomware
(Read more...)
|
|
|
|