Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2019-02-18 16:00:00 |
Crack hunting: not all it\'s cracked up to be (lien direct) |
|
|
|
|
|
2019-02-15 16:40:02 |
Tackling the shortage in skilled IT staff: whole team security (lien direct) |
Is whole-team-security, or empowering tech-savvy volunteers to help, a good solution to the shortage of skilled IT staff? It could be, if you keep certain ground rules in mind.
Categories:
Business
Security world
Tags: byodbyosempowermentenablementITit staffshortageskills shortagevolunteers
(Read more...)
|
|
|
|
|
2019-02-14 17:30:00 |
Should you delete yourself from social media? (lien direct) |
All the recent news-from Facebook's Cambridge Analytica snafu to various abuses of Twitter vulnerabilities-has you wondering: Should I delete myself from social media? We provide advice and links on how to tighten security if you want to cool down, or, if you're ready to go nuclear, delete yourself permanently.
Categories:
101
How-tos
Tags: cambridge analyticafacebookGoogleInstagramsnapchatsocial mediasocial media addictionsocial networkstwitter
(Read more...)
|
|
|
|
|
2019-02-14 16:56:00 |
Hacker destroys VFEmail service, wipes backups (lien direct) |
A hacker managed to compromise, and entirely destroy, a popular email service and all of its backups. What happened?
Categories:
Cybercrime
Hacking
Tags: backupsdestroyemailhackhackingmail
(Read more...)
|
|
|
|
|
2019-02-13 16:54:02 |
Businesses: It\'s time to implement an anti-phishing plan (lien direct) |
|
|
|
|
|
2019-02-12 16:00:00 |
(Déjà vu) Exploit kits: winter 2019 review (lien direct) |
We review the top exploit kits in this winter 2019 snapshot.
Categories:
Exploits
Threat analysis
Tags: EKEKsexploit kitsFalloutMagnitudeRIGsundownUnderminer
(Read more...)
|
|
|
|
|
2019-02-11 18:38:05 |
Sextortion Bitcoin scam makes unwelcome return (lien direct) |
A well-worn sextortion scam is back in user's inboxes. We explain what to look for and why recipients shouldn't panic.
Categories:
Cybercrime
Social engineering
Tags: emailfakepressurescamsextortionspamthreat
(Read more...)
|
|
|
|
|
2019-02-11 17:05:03 |
A week in security (February 4 – 8) (lien direct) |
A roundup of security news from February 4 – 8, including Facebook's secure messaging integration, Google's changes to URLs, a scam involving the Kindle store and John Wick, and more.
Categories:
Security world
Week in security
Tags: amazonAppleAT&TAustraliabitcoinbounty hunterscryptocurrencycryptographycybersecurityDo Not TrackebooksfacebookGoogleInstagraminternetJeff BezosJohn wickkindlemessengersafarisecure messagingSprintT-MobileURLswhatsappZcashzero day
(Read more...)
|
|
|
|
|
2019-02-08 19:09:03 |
Compromising vital infrastructure: communication (lien direct) |
In the series about vital infrastructure we look at communication. How vital is it? How is malware a threat and even how does malware show us the way to secure communication?
Categories:
Business
Security world
Tags: botnetsBreaking the internetcommunicationDDos attackDomain Generating Algorithmsencryptionhordesinfrastructureinternet backboneMisinformation and fake newsmobile telephone networksMyanmarredundancyvital
(Read more...)
|
Threat
Malware
|
|
|
|
2019-02-07 16:53:03 |
Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle (lien direct) |
Facebook's plan to integrate secure messaging across Messenger, WhatsApp, and Instagram will demand technical know-how and a fierce commitment to user privacy.
Categories:
Privacy
Security world
Tags: Appleencryptionend-to-end encryptionfacebookFacebook MessengerInstagrammessaging servicesmessengersignalwhatsapp
(Read more...)
|
|
|
|
|
2019-02-06 18:16:04 |
Google Chrome announces plans to improve URL display, website identity (lien direct) |
The search giant isn't “killing” (a.k.a. getting rid of) the URL, unlike some sensationalist and eye-rolling headlines have put it. They are slowly giving it a facelift.
Categories:
101
FYI
Tags: chrome improvement timelineGooglegoogle changes url presentationGoogle Chromegoogle kills the urlphishingurl display
(Read more...)
|
|
|
|
|
2019-02-06 17:16:05 |
New critical vulnerability discovered in open-source office suites (lien direct) |
A security researcher recently published a proof of concept exploit for open-source office software LibreOffice and OpenOffice. Will this new vulnerability be used in the wild?
Categories:
Exploits
Threat analysis
Tags: CVE-2018-16858exploitlibreofficeopenofficepythonrce
(Read more...)
|
Vulnerability
|
|
|
|
2019-02-05 16:00:04 |
How to browse the Internet safely at work (lien direct) |
This Safer Internet Day, we're presenting a guideline to employees on how to navigate the online trenches safely, whether they're on their desktop computers, company-owned laptops, or mobile devices. Who wants to be the one responsible for a breach? No one.
Categories:
101
FYI
Tags: browser-based attacksdetectifyethical hackershackersinternetsafer internet dayweb browsersweb security
(Read more...)
|
|
|
|
|
2019-02-04 17:30:03 |
Movie stream ebooks gun for John Wick 3 on Kindle store (lien direct) |
Over the weekend, we observed a clever spam campaign using bogus ebooks dressed as John Wick 3 movie files to push links to streaming sites. Can John and your ability avoid web based scams survive?
Categories:
Cybercrime
Social engineering
Tags: 3amazonebookfilmJohn wickkindlemovieparabellumstream
(Read more...)
|
Spam
|
|
|
|
2019-02-04 17:00:04 |
A week in security (January 28 – February 3) (lien direct) |
A roundup of security news from January 28 – February 3, including disputes between Facebook and Apple, dubious malware hosting, privacy threats to mobile users, and more.
Categories:
Security world
Week in security
Tags: facebookhostingmalwarephishingsocial mediaweek in securityweekly round up
(Read more...)
|
Malware
|
|
|
|
2019-02-01 18:00:03 |
Houzz data breach: Why informing your customers is the right call (lien direct) |
Online renovation and design platform Houzz suffered a data breach-not good. Their subsequent response, however, was exemplary. Here's how other businesses can learn from their example.
Categories:
Business
Security world
Tags: breachdata breachData privacyforensicsgdprhouzz
(Read more...)
|
|
|
|
|
2019-01-31 16:44:00 |
Apple pulls Facebook enterprise certificate (lien direct) |
After an app using an internal-only certificate from Facebook made its way into the outside world, Apple has responded by pulling Facebook's developer certificate with immediate consequences for the social media giant.
Categories:
Privacy
Security world
Tags: appAppleData privacyfacebookfacebook privacyMobileprivacystorevpn
(Read more...)
|
|
|
|
|
2019-01-30 17:00:00 |
Analyzing a new stealer written in Golang (lien direct) |
We captured a new information-stealing malware written in Golang (Go). Read up on our analysis of its functionality, as well as the tools researchers can use to unpack malware written in this relatively new programming language.
Categories:
Malware
Threat analysis
Tags: GoGolangIDAGolangHelpermalware analysisnew malwareprogrammingprogramming languagesthreat analysis
(Read more...)
|
Malware
|
|
|
|
2019-01-29 19:00:00 |
Apple\'s FaceTime privacy bug allowed possible spying (lien direct) |
|
|
|
|
|
2019-01-29 16:00:00 |
Interview with a malware hunter: Jérôme Segura (lien direct) |
In our series called "Interview with a malware hunter," we turn to Jerome Segura, Head of Threat Intelligence at Malwarebytes. In this Q&A session, we'll take you behind the scenes to get to know one of our malware intelligence crew.
Categories:
101
FYI
Tags: cybersecurity researcherexploit kitsJerome Seguramalware hunterresearchersecurity reseracher
(Read more...)
|
Threat
Malware
|
|
|
|
2019-01-28 18:00:01 |
A week in security (January 21 – 27) (lien direct) |
A roundup of last week's security news from January 21 to 27, including Modlishka, Crytekk, PUPs, and the State of Malware report.
Categories:
Security world
Week in security
Tags: 2019 State of Malware report2faALPRandroid malwareanprArs TechnicaBleeping Computercrytekkcrytekk ransomwareDark ReadingfortnightgdprGoDaddyHelp Net SecurityKrebsOnSecuritymitsubishimodlishkaphishingrecapSecurity WeekTechCrunchThe Wall Street Journalvishingvoicemail phishingvulnerabilityweek in securityweekly blog roundupyoutube
(Read more...)
|
Malware
|
|
|
|
2019-01-25 18:00:00 |
Sly criminals package ransomware with malicious ransom note (lien direct) |
Ransomware is not dead. It's changing-and we need to be ready for them.
Categories:
Cybercrime
Social engineering
Tags: crytekkcrytekk ransomwarehybrid ransomwarepaypal phishingphishing
(Read more...)
|
Ransomware
|
|
|
|
2019-01-25 16:00:00 |
A user\'s right to choose: Why Malwarebytes detects Potentially Unwanted Programs (PUPs) (lien direct) |
Read more...)
|
|
|
|
|
2019-01-23 08:01:03 |
2019 State of Malware report: Trojans and cryptominers dominate threat landscape (lien direct) |
The 2019 State of Malware report is here. Learn what Malwarebytes Labs researchers discovered about the top global threats for businesses and consumers in 2018, and predictions for 2019.
Categories:
CTNT report
Malwarebytes news
Tags: 2019 State of Malware reportAIbyoscryptominersemotetinformation stealersIoTlabs reportransomwarestate of malware reporttrickbotTrojans
(Read more...)
|
Threat
Malware
|
|
|
|
2019-01-22 18:03:00 |
Browser push notifications: a feature asking to be abused (lien direct) |
Whoever invented browser push notifications must have been able to guess they would be abused for advertising. This post explains what they are and how to disable them.
Categories:
Security world
Technology
Tags: Androidapiappsbrowser alertchromeChrome ExtensionEdgeEdge browserfirefoxmacnotificationsoperaopera browserpushsafariSafari browserwebwindows
(Read more...)
|
|
|
|
|
2019-01-21 16:48:03 |
A week in security (January 14 – 20) (lien direct) |
A roundup of last week's security news from January 14 to 20, including APT10, Fallout EK, Colllection 1 data, Youtube challenges, hosting malicious sites and a Fortnite security flaw.
Categories:
Security world
Week in security
Tags: APT10ArsTechnicaBleepingComputerCoinDeskcollection 1cryptopiacve-2019-0543DASFallout EKfortnitegarminGarmin watchhostingHTTPSoregonpowershellPowerShell Team BlogSC Mediashutdowntelegramthreadxyoutube
(Read more...)
|
|
APT 10
|
|
|
2019-01-21 16:15:03 |
Has two-factor authentication been defeated? A spotlight on 2FA\'s latest challenge (lien direct) |
Read more...)
|
Conference
|
APT 35
|
|
|
2019-01-18 18:33:04 |
Collection 1 data breach: what you need to know (lien direct) |
In what's being dubbed one of the largest data dumps in history, Collection 1 contains the data of over 770 million people. But is it really as bad as it sounds? We take a closer look and let users know what to do if their info is caught up in the mix.
Categories:
101
How-tos
Tags: breachesBrian Krebscollection 1data breachdata dumpextortionhackhackinghaveibeenpwnedMEGApasswordsPPITroy Huntuser awareness
(Read more...)
|
|
|
|
|
2019-01-18 16:00:00 |
Hosting malicious sites on legitimate servers: How do threat actors get away with it? (lien direct) |
Is money all hosting providers care about when it comes to allowing malicious sites on their servers? Or is there more at play? We embark on an investigation to discover their motives.
Categories:
Cybercrime
Malware
Tags: hostingmalicious sitesmalwaretakedownsweb security
(Read more...)
|
Threat
|
|
|
|
2019-01-17 19:51:02 |
Improved Fallout EK comes back after short hiatus (lien direct) |
The Fallout exploit kit is back with some noteworthy improvements.
Categories:
Exploits
Threat analysis
Tags: CVE-2018-15982EKexploitexploit kitsFalloutpowershell
(Read more...)
|
|
|
|
|
2019-01-16 17:00:00 |
The Advanced Persistent Threat files: APT10 (lien direct) |
While security companies are getting good at analyzing the tactics of nation-state threat actors, they still struggle with placing these actions in context and making solid risk assessments. So in this series, we're going to take a look at a few APT groups, and see how they fit into the larger threat landscape-starting with APT10.
Categories:
Cybercrime
Hacking
Tags: advanced persistent threatadvanced persistent threatsaerospaceAPTAPT10APTschinaChinese Ministry of State SecurityconstructionengineeringFireEyeMSSPlugXPoison Ivyscanboxsogutelecomsthreat actors
(Read more...)
|
Threat
|
APT 10
|
|
|
2019-01-15 17:16:00 |
How the government shutdown is influencing cybersecurity jobs (lien direct) |
As of this writing, the government shutdown of 2019 is the longest ever in America. Will the government's stable of cybersecurity talent be the next casualty-now and in the long run?
Categories:
Government
Security world
Tags: careerscybersecuritycybersecurity jobscybersecurity talentDHSfurloughgovernment shutdownNISTsecurity certificatesUS Defense Department
(Read more...)
|
|
|
|
|
2019-01-14 16:45:03 |
A week in security (January 7 – 13) (lien direct) |
A roundup of last week's security news from January 7 to 13, including breaches, takedowns, bug fixes, and social media issues.
Categories:
Security world
Week in security
Tags: 2faAndroidArs TechnicaBloombergdata securityDeletionfacebookHacker OnehackersHelp Net SecurityNaked SecurityPA Daily postPassword reusepasswordspentestransomransomwarerogue appsryukRyuk ransomwareTrend MicroUSA TodayVietnamVietnam News
(Read more...)
|
|
|
|
|
2019-01-14 16:00:00 |
Government shutdown impacts .gov websites, puts Americans in danger (lien direct) |
Today, TechCrunch posted a concerning story about the shutdown and most importantly, they covered the reporting of NetCraft, a U.K. internet service company, about how numerous US government websites are now inaccessible due to expired security certificates. This is going to be a quick post to help explain what happened and more importantly, how cyber criminals will use this situation to their advantage.
Categories:
Government
Security world
Tags: accessgovernment shutdownsecuritysecurity certificatesshutdowntrumpwall
(Read more...)
|
|
|
|
|
2019-01-11 18:00:00 |
Luas data ransom: the hacker who cried wolf? (lien direct) |
Irish tram firm Luas were recently compromised and told to pay 1 Bitcoin, or risk user data being fired into the void. The deadline for paying the ransom has now passed: So what happens next? And is anyone out there really at risk?
Categories:
Cybercrime
Hacking
Tags: bitcoindata breachhackedhackinghaveibeenpwnedluasransomransomware
(Read more...)
|
|
|
|
|
2019-01-10 21:05:02 |
Social Security Number scammers are at it again (lien direct) |
The Federal Trade Commission recently released a warning about a sharp increase in Social Security Number scammers. Have you gotten one of their robocalls? Here's how to recognize the scam and what to do about it.
Categories:
Cybercrime
Social engineering
Tags: Federal Trade CommissionFTCrobocall scamSecurity DisabilitySocial Security Administrationsocial security number scamsocial security scamSSAssa scamSSDssd vulnerabilitySSNssn scam
(Read more...)
|
|
|
|
|
2019-01-08 19:49:04 |
Ryuk ransomware attacks businesses over the holidays (lien direct) |
Over the holiday, a little-known ransomware family called Ryuk caused serious damage to numerous organizations. The attacks leave a lot of questions unanswered. What do we know so far?
Categories:
Cybercrime
Malware
Tags: attributionBitPaymer ransomwareChristmasdata resolutiondataresolution.netemotetexploitHermesholidayLazarusmalicious office documentsmalspammalwarebytes anti-exploitmalwarebytes anti-ransomwareNorth KoreaOnslow water and sewer authorityOWASAprotectionransomransomwareryukstatstipstribune publishingtrickbot
(Read more...)
|
Ransomware
|
APT 38
|
|
|
2019-01-07 17:59:00 |
Australia\'s Early Warning Network compromised (lien direct) |
Read more...)
|
|
|
|
|
2019-01-07 17:33:00 |
A week in security (December 31, 2018 – January 6, 2019) (lien direct) |
A roundup of last week's security news from December 31, 2018 to January 6, 2019, including fresh breaches in the New Year, mobile malware, GandCrab, and how we remembered 2018.
Categories:
Security world
Week in security
Tags: a week in securityadobeadobe acrobatadobe vulnerabilitiesAppleblurblur breachcyber cultureDark Overloadgandcrableakmobile malwareMobSTSPYphishingreaderrecapscamstdothe dark overlordtwitterVidarweekly blog roundupyear of breaches
(Read more...)
|
|
|
|
|
2019-01-04 18:15:02 |
Vidar and GandCrab: stealer and ransomware combo observed in the wild (lien direct) |
Threat actors combine new stealer Vidar and GandCrab ransomware in one-two punch.
Categories:
Criminals
Threat analysis
Tags: Arkeiexploitexploit kitFalloutgandcrabransomwareVidar
(Read more...)
|
Ransomware
|
|
|
|
2019-01-02 18:15:04 |
The new landscape of pre-installed mobile malware: malicious code within (lien direct) |
We are now seeing malware authors target system apps that are required for mobile devices to function properly. By injecting malicious code within these necessary apps, threat actors have reshaped the landscape of pre-installed malware for the worse.
Categories:
Cybercrime
Mobile
Tags: adupsAndroidauto installerMobilemonitoring apppreinstalledpreinstalled malware
(Read more...)
|
Threat
Malware
|
|
|
|
2018-12-28 16:00:00 |
2018: The year of the data breach tsunami (lien direct) |
To get a sense of the grim state of data security today, take a look at this infographic from TruthFinder that explains why 2018 was the year of the data breach tsunami.
Categories:
101
Infographics
Tags: breach remediationdata breachdata breachesidentity theftinfographicpersonally identifiable informationPII
(Read more...)
|
Data Breach
|
|
|
|
2018-12-27 17:34:05 |
Using the blockchain to create secure backups (lien direct) |
Some of the properties we would like to see in our backups have blockchain technology written all over them. Should organizations consider blockchain for creating secure, recent backups-especially after a ransomware attack?
Categories:
Business
Security world
Technology
Tags: backupsblockchainmajority attacksybil
(Read more...)
|
Ransomware
|
|
|
|
2018-12-26 19:15:05 |
Assessing the security of a portable router: a look inside its hardware, part deux (lien direct) |
In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess whether there are any vulnerabilities.
Categories:
Hacking
How-tos
Tags: Bus PirateeepromfirmwareFlashromhardwarelinuxportable routerrouter
(Read more...)
|
|
|
|
|
2018-12-24 18:56:04 |
A week in security (December 17 – 23) (lien direct) |
A roundup of last week's security news from December 17–23, including Christmas scams, phishing quizzes, Underminer, smart speakers, flawed Twitter form, Chromebook malware, and Fuchsia.
Categories:
Security world
Week in security
Tags: christmas scamsChromebookexploit kitfuchsiaonline quizzesphone hackssmart speakersTwitter formtwitter memesUnderminerweek in security
(Read more...)
|
|
|
|
|
2018-12-21 21:34:02 |
Underminer exploit kit improves in its latest iteration (lien direct) |
We take a look at some recent changes with the elusive Underminer exploit kit.
Categories:
Exploits
Threat analysis
Tags: CVE-2018-15982CVE-2018-4878CVE-2018-8174EKexploit kitshiddenbeeUnderminer
(Read more...)
|
|
|
|
|
2018-12-21 17:30:00 |
Smart speakers: Christmas treat or lump of coal? (lien direct) |
If you're interested in buying smart speakers this Christmas, you may be wondering how much of a privacy problem they really are. We take a look at this popular holiday present and separate the hype from the real issues at hand.
Categories:
Cybercrime
Privacy
Tags: ChristmasEULAprivacysecuritysmart speakers
(Read more...)
|
|
|
|
|
2018-12-20 18:30:00 |
This online quiz is now confirmed to be a phishing scam (lien direct) |
It's dubbed the 'Three Questions Quiz' scam, and not only are people letting their guard down, but they're also freely sharing it on social media, too. Do you think you have been duped by this before? Read on.
Categories:
Cybercrime
Social engineering
Tags: a new era in phishingphishing quizphishing scamquiz-based phishing scamsurvey scamthree question quiz scamtyposquatting
(Read more...)
|
|
|
|
|
2018-12-20 17:30:01 |
Christmas tech scams roundup (lien direct) |
What's under the Christmas tree? It's worse than lumps of coal, it's a not very festive assortment of tricks and scams designed to give you a festive season hangover.
Categories:
Cybercrime
Privacy
Tags: advertsbitcoinemailfacebookhitmanphishscamtech scamstech support scammerstech support scams
(Read more...)
|
|
|
|
|
2018-12-19 16:00:00 |
Flaw in Twitter form may have been abused by nation states (lien direct) |
Twitter announced in a blog post Monday that they discovered and addressed a security flaw in one of their support forms. The discovery was made on November 15-more than a month ago-and promptly fixed the next day. So why are we only hearing about it now?
Categories:
Cybercrime
Privacy
Tags: botnetbug bountychinaDIYDIY botnet kitsaudi arabiastenographysupporttwitterTwitter form
(Read more...)
|
|
|
|