| Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
 |
2019-06-11 16:57:03 |
Maine governor signs ISP privacy bill (lien direct) |
Less than one week after Maine Governor Janet Mills received one of the nation's most privacy-protective state bills on her desk, she signed it into law. The move makes Maine the latest US state to implement its own online privacy protections.
Categories:
Privacy
Tags: ACLU of MaineBangor Daily Newsdata privacy lawdata privacy legislationGovernor Janet MillsGSIinternet service providerISPJanet MillsLD 946MaineMaine State Chamber of Commerceonline privacyonline privacy lawonline privacy legislationSenator Shenna BellowsShenna Bellows
(Read more...)
|
|
|
|
|
2019-06-11 15:00:00 |
Cybersecurity pros think the enemy is winning (lien direct) |
Recent research from Malwarebytes, ISSA, and ESG find that security professionals have little confidence in their ability to prevent their organization from being breached. What's behind this mindset? And how can we turn the tide to stay a step ahead of the criminals?
Categories:
Security world
Tags: adminsCISOscybercriminalsdata breachesITsecurity professionalsskills shortage
(Read more...)
|
|
|
|
|
2019-06-10 17:30:05 |
A week in security (June 3 – 9) (lien direct) |
A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.
Categories:
A week in security
Tags: botnetbrowserschinacryptominingdata leaksfacial recognitionfbiFTCmicrosoftvulnerabilityweb browsers
(Read more...)
|
|
|
|
|
2019-06-07 16:52:04 |
Video game portrayals of hacking: NITE Team 4 (lien direct) |
We take a look at a game aimed at giving players the most realistic interpretation of hacking possible. How well does it stack up to the real thing?
Categories:
Hacking
Tags: gaminghackingNITE Team 4press h to hackvideogames
(Read more...)
|
|
|
|
|
2019-06-06 16:59:01 |
Hyperlink auditing: where has my option to disable it gone? (lien direct) |
Hyperlink auditing is not a new way to track website users, but it could become more popular, as many browsers are taking away user options to disable it.
Categories:
Privacy
Tags: browserschromedisable trackingEdgefirefoxHMTLHTML5hyperlink auditinglinkoperapingsafaritracktrackingurl
(Read more...)
|
|
|
|
|
2019-06-05 19:21:00 |
Malwarebytes Labs wins best cybersecurity vendor blog at InfoSec\'s European Security Blogger Awards (lien direct) |
Read more...)
|
|
|
|
|
2019-06-05 15:00:00 |
Maine inches closer to shutting down ISP pay-for-privacy schemes (lien direct) |
Unlike a data privacy proposal in the US and a new data privacy law in California, the Maine data privacy bill aimed at Internet Service Providers (ISPs) explicitly shuts down any pay-for-privacy schemes.
Categories:
Privacy
Tags: ACLU of MaineAT&TcomcastData privacydata privacy lawsdata privacy legislationfacebookGoogleGWIinternet service providerISPL.D. 946LD 946MaineMaine State Chamber of Commercepay-for-privacyRon WydenSenator Ron WydenSpectrumSprintT-MobileVerizonWyden
(Read more...)
|
|
|
|
|
2019-06-04 15:00:02 |
Magecart skimmers found on Amazon CloudFront CDN (lien direct) |
Not all breaches on Content Delivery Networks (CDNs) result in supply-chain attacks, yet, they are often a forgotten entry point for attackers to slip in malicious code, such as web skimmers.
Categories:
Threat analysis
(Read more...)
|
|
|
|
|
2019-06-03 17:09:05 |
A week in security (May 27 – June 2) (lien direct) |
A roundup of security news from May 27–June 2, including a look at 2019 ransomware outbreaks in the Unites States, ATM fraud, NIST's privacy framework, more legal problems for Google and Facebook, and more.
Categories:
A week in security
Tags: a week in securityamazonatm attacksatm fraudbaltimorechromeCity of BaltimoreDepartment of JusticeDoomFederal Trade CommissionG Suitegandcrabgandcrab ransomwaregmailGoogleGoogle Chromehidden beeJustice DepartmentNISTprivacy frameworkprotonmailransomwareweek in securityyoutube
(Read more...)
|
Ransomware
|
|
|
|
2019-06-03 16:47:01 |
Leaks and breaches: a roundup (lien direct) |
There's been some huge leaks and breaches over the last few days, impacting everything from regular logins to important financial documents. What's the fallout?
Categories:
Privacy
Tags: AmazingcobreachesBusiness Email CompromiseCanvadatadata breachdata leaksFirst American Financial CorpFlipboardimpersonation attemptsleaksprivacy
(Read more...)
|
|
|
|
|
2019-05-31 17:32:05 |
Hidden Bee: Let\'s go down the rabbit hole (lien direct) |
Read more...)
|
|
|
|
|
2019-05-31 15:00:00 |
Ransomware isn\'t just a big city problem (lien direct) |
|
Ransomware
|
|
|
|
2019-05-29 18:51:04 |
NIST\'s privacy framework lets privacy tell its own story (lien direct) |
|
|
Uber
|
|
|
2019-05-29 15:00:00 |
Everything you need to know about ATM attacks and fraud: Part 1 (lien direct) |
If you're familiar with skimming, you may have also heard of shimming, card trapping, and cash trapping. These are attacks and scams targeted at ATMs. Part 1 of our series explores various ATM attack scenarios and explains what users should look out for when using an ATM.
Categories:
101
How-tos
Tags: atmatm attacksatm card trappingatm cash trappingatm fraudatm industry associationatm malware strainsatm physical attackatm safety guidelinesATM scamatm security 101atm security working groupatm shimmingatm skimmingatmiaatmswgautomated teller machineeastenisaeuropean association for secured transactionsexplosivesglue trappolice service of northern irelandpsnoram raidingtaiwan heistterminal tamperingvulnerable atm
(Read more...)
|
Malware
|
|
|
|
2019-05-28 15:25:05 |
Employee education strategies that work to change behavior (lien direct) |
Using technology alone to combat cyberattacks is not enough. That's why employee education on security awareness should be an integral part of any company's cybersecurity policy.
Categories:
How-tos
Tags: culture of securitycybersecuritycybersecurity awarenesscybersecurity policyemployee educationemployee trainingsecurity training
(Read more...)
|
|
|
|
|
2019-05-27 07:03:02 |
A week in security (May 20 – 26) (lien direct) |
A roundup of the last week's security news, including admin changes, phishing in Canada, smart AI images and more.
Categories:
Security world
Week in security
Tags: roundupweek in security
(Read more...)
|
|
|
|
|
2019-05-24 18:05:02 |
Medical industry struggles with PACS data leaks (lien direct) |
PACS servers are often used to store and transmit patient data. But how is their security implemented? We take a look at case of how poor setup can easily lead to data leaks.
Categories:
Threat analysis
Tags: %USERNAME%datadata leaksData privacydefault credentialshealthcare securitymedical industrymedical recordsPACS serverspasswordspatient dataservers
(Read more...)
|
Guideline
|
|
|
|
2019-05-23 19:22:04 |
Knowing when it\'s worth the risk: riskware explained (lien direct) |
Read more...)
|
|
|
|
|
2019-05-22 16:10:01 |
Governments increasingly eye social media meltdown (lien direct) |
It seems problems never quite go away for social media platforms, and more governments of the world are taking keen interest. Will the tech giants be able to sort things out before legislators steps into the fray?
Categories:
Cybercrime
Privacy
Tags: EUfacebookgovernmentshate speechInstagramMastodonMyanmarsocial mediatrollstwitterukgov
(Read more...)
|
|
|
|
|
2019-05-21 15:38:04 |
Skimmer acts as payment service provider via rogue iframe (lien direct) |
Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something's not right when they are redirected to the real (and external) payment form.
Categories:
Cybercrime
Malware
Tags: credit carde-commercehacked websitehackingiframeMagecartmagentophishingskimmer
(Read more...)
|
|
|
|
|
2019-05-20 15:57:02 |
A week in security (May 13 – 19) (lien direct) |
A roundup of security news from May 13–19, including ransomware attacks on the upswing, website hacking, pseudo-VPNs, bloatware, and more.
Categories:
Security world
Week in security
Tags: Androidbloatwarebreachescrysis ransomwareDDos attackdharmahackinghealthcare cybersecuritymdsMeltdownmicrosoftransomwareserver vulnerabilitiesSpectretyposquattingvpnvulnerabilitieswhatsapp
(Read more...)
|
Ransomware
|
|
|
|
2019-05-17 15:59:03 |
4 Lessons to be learned from the DOE\'s DDoS attack (lien direct) |
Read more...)
|
|
|
|
|
2019-05-15 16:02:01 |
Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for businesses (lien direct) |
CrySIS, aka Dharma, is a ransomware family making waves over the last two months, often being used in targeted attacks through RDP access. What other tricks are up its sleeve?
Categories:
Malware
Threat analysis
Tags: Anti-Ransomwarecrysisdharmamalwareransomransomwarerdprdp access
(Read more...)
|
Ransomware
Threat
|
|
★★★
|
|
2019-05-14 16:46:02 |
WhatsApp fix goes live after targeted attack on human rights lawyer (lien direct) |
A fix was rolled out for a WhatsApp vulnerability, which was used to inject spyware into mobile devices and target a human rights lawyer.
Categories:
Cybercrime
Mobile
Tags: attackMobilespywaretargetedwhatsapp
(Read more...)
|
|
|
|
|
2019-05-14 15:57:00 |
(Déjà vu) Exploit kits: spring 2019 review (lien direct) |
In this edition, we review active and unique exploit kits hitting consumers and businesses over the spring season.
Categories:
Exploits
Threat analysis
Tags: EKsexploit kitsFalloutMagnitudeRIGRouter EKSpelevoUnderminer
(Read more...)
|
|
|
|
|
2019-05-13 15:55:04 |
A week in security (May 6 – 12) (lien direct) |
A roundup of security news from May 6–12, including breaches, privacy, financials, takedowns, and new ransomware tactics.
Categories:
Security world
Week in security
Tags: 5Gbaltimoreconfluencedata breachdharmaelectricfishfinancialfintechGooglemozillaprivacyseep dot webwolters kluwer
(Read more...)
|
Ransomware
|
|
|
|
2019-05-10 15:00:00 |
Vital infrastructure: Threats target financial institutions, fintech, and cryptocurrencies (lien direct) |
Losing trust in financial institutions can have a disrupting effect on society. And malware authors love to target these direct sources of money. How can we protect them?
Categories:
Business
Security world
Tags: APTsbanking appsbanking Trojansbanksbitcoincryptocurrenciescryptocurrencycryptowalletsemotetexploit kitsfinancial institutionsfinancialsfintechinformation stealersinfrastructuremalwarevital
(Read more...)
|
Malware
|
|
|
|
2019-05-09 16:00:00 |
How 5G could impact cybersecurity strategy (lien direct) |
With 5G wireless on the horizon, what will businesses need to do to secure their devices and networks?
Categories:
101
Tags: 5G5G wirelessautomationcybersecurity strategyintegrationinternetmiraiMirai botnetnetworkswirelesswireless technology
(Read more...)
|
|
|
|
|
2019-05-08 16:30:00 |
Vulnerabilities in financial mobile apps put consumers and businesses at risk (lien direct) |
It's good to know that your bank's website boasts that little green padlock, promotes secure communication, and follows a two-factor authentication (2FA) scheme. But are their mobile apps equally secure?
Categories:
101
FYI
Tags: app vulnerabilitiesclient-side injectiondevelopment hygieneexposure of database parameters and sql queriesfinancialfinancial mobile app flawsimplicit trust of all certificatesinsecure data storageinsecure random number generatorlack of binary protectionsman-in-the-middleman-int-the-middlemitmprivate key exposuresecure app developmentsecurity hubrisSQL injectionunintended data leakagevulnerabilitiesweak encryption
(Read more...)
|
|
|
|
|
2019-05-08 15:00:00 |
The top six takeaways for user privacy (lien direct) |
Amidst never-ending data breaches and constantly-surprising company fiascos, here are six takeaways for anyone in the US who cares about protecting their online privacy.
Categories:
101
Tags: alphabetAmy Klobucharcambridge analyticacomprehensive data privacy lawcomprehensive data privacy legislationCory Bookercybersecurity lawcybersecurity lawsdata leakData privacydata privacy legfacebookfacebook-cambridge Analytica scandalGoogleMark ZuckerbergMichael Bennetonline privacytwitterunintended data leakageuser privacy
(Read more...)
|
|
|
|
|
2019-05-07 15:00:00 |
What to do when you discover a data breach? (lien direct) |
You've discovered that your organization has been breached. Now what? Learn which steps to take in the immediate aftermath to limit the damage and preserve your company's reputation.
Categories:
101
Business
Tags: breachbusinessdata breachdata breachesinformationlearnobligationspreparations
(Read more...)
|
|
|
|
|
2019-05-06 15:21:01 |
A week in security (April 29 – May 5) (lien direct) |
A roundup of security news from April 29 - May 5, covering Electrum botnet, Wall Street Market takedown, privacy news, and the state of cryptojacking.
Categories:
Security world
Week in security
Tags: ElectrumeuropolfacebookfiservgithealthcarejenkinsmirrorthiefmozillaNISTsextortionWall Street Market
(Read more...)
|
|
|
|
|
2019-05-03 15:00:00 |
The top six takeaways for corporate data privacy compliance (lien direct) |
Here are Labs' top six takeaways from our data privacy and cybersecurity law series on corporate data privacy compliance. From emerging startups to burgeoning enterprises, these rules help not just with legal liability, but also user trust.
Categories:
Privacy
Security world
Tags: AppleCalifornia Online Privacy Protection Actcybersecurity lawcybersecurity lawsdata breach notificationdata breach notification lawData privacydata privacy compliancedata privacy lawdata privacy lawsdata privacy legislationgdprGeneral Data Protection RegulationHelix DNAmozillaonline privacypersonal datapersonal informationpersonally identifiable informationprivacy policyprotonmailsignalUberuser privacywhatsapp
(Read more...)
|
|
Uber
|
|
|
2019-05-02 15:00:00 |
Cryptojacking in the post-Coinhive era (lien direct) |
Cryptojacking captured everyone's attention in 2017 and 2018. With Coinhive no longer in business, has this threat been completely snuffed out?
Categories:
Cybercrime
Tags: coinhivecoinimpCryptojackingcryptolootdrive-by cryptominingwebminepool
(Read more...)
|
Threat
|
|
|
|
2019-05-01 17:39:02 |
Mozilla urges Apple to make privacy a team sport (lien direct) |
Mozilla is currently pushing Apple into placing extra barriers between iPhone users and online advertisers. Why? Because, according to Mozilla, it could work, which could benefit users everywhere.
Categories:
Privacy
Security world
Tags: advertiseradvocacyApplecampaigndigital rightsencryptionfbifirefoxfirefox focusfirefox lockboxFirefox SendID for AdvertiserID for AdvertisersIDFAIDFAsiPhonemozillaonline privacypetitionprivacySilicon ValleyTim Cook
(Read more...)
|
|
|
|
|
2019-05-01 15:51:01 |
Mysterious database exposed personal information of 80 million US households (lien direct) |
A large database accessible online containing a huge amount of records has been found by researchers. The question is: who does it belong to, and what is it for?
Categories:
Cybercrime
Privacy
Tags: databaseexposedprivacyrecords
(Read more...)
|
|
|
|
|
2019-04-30 15:00:00 |
Sophisticated threats plague ailing healthcare industry (lien direct) |
Black hat hackers are after patient healthcare data, and such breaches will only intensify. Which forms of malware are behind the attacks? We take a look at the advanced threats targeting a sector struggling to keep up.
Categories:
Cybercrime
Malware
Tags: 2019 data security incident response reportdecatur county general hospital breachEternalBluefiless malwarehealthcarehealthcare cybersecurityhealthcare malwarehealthcare securityHIPAARansom.WannaCryptransomwareriskwareriskware.mictrayriskware.tool.hckrootkit.fileless.mtgenspywarespyware.agentspyware.emotetspyware.trickbottrickbottrojan.bitcoinminertrojan.emotettrojan.fakemsTrojan.TrickBotTrojansWannaCryworm.pariteworm.qakbotworms
(Read more...)
|
Malware
|
Wannacry
|
|
|
2019-04-29 17:00:00 |
Electrum DDoS botnet reaches 152,000 infected hosts (lien direct) |
We've identified a new piece of malware that is connected to the Electrum botnet.
Categories:
Cybercrime
Tags: botnetElectrumElectrumDoSMinerTrojan.BeamWinHTTP
(Read more...)
|
Malware
|
|
|
|
2019-04-29 15:54:05 |
Wall Street Market reported to have exit scammed (lien direct) |
Users reported that Wall Street Market, a broadly-known cryptocurrency dark net market, has executed an exit scam, swindling millions from account holders in the process.
Categories:
Cybercrime
Social engineering
Tags: bitcoindarknetexit scamscam
(Read more...)
|
|
|
|
|
2019-04-29 15:31:00 |
A week in security (April 22 – 28) (lien direct) |
A roundup of security news from April 22–28, covering phishing, CCTV evasion, VPNs, and keeping data safe.
Categories:
Security world
Week in security
Tags: Applecryptomineremotetmalwarephishingweek in security
(Read more...)
|
|
|
|
|
2019-04-26 16:06:01 |
GitHub hosted Magecart skimmer used against hundreds of e-commerce sites (lien direct) |
Magecart threat actors upload their skimming code onto GitHub in the latest attack against Magento websites.
Categories:
Cybercrime
Tags: GitHubMagecartmagentoskimmer
(Read more...)
|
Threat
|
|
★★★★★
|
|
2019-04-25 07:01:03 |
Labs Cybercrime Tactics and Techniques report finds businesses hit with 235 percent more threats in Q1 (lien direct) |
The Labs team discovered that businesses are being targeted with 235 percent more threats than the previous year. Download the report and find out which threats are revving up, and which are dying out.
Categories:
Cybercrime
Malware
Tags: adwarebusiness threatscryptominingemotetmalwareransomwarethreatsTrojansTroldeshTroldesh ransomware
(Read more...)
|
|
|
|
|
2019-04-24 15:57:00 |
A look inside the FBI\'s 2018 IC3 online crime report (lien direct) |
|
|
|
|
|
2019-04-23 17:03:02 |
Consumers have few legal options for protecting privacy (lien direct) |
Amidst never-ending headlines about data breaches, data misuse, and opaque data-sharing agreements from major companies, users have few legal options to actually protect their privacy in court. Instead, they rely on technology.
Categories:
Privacy
Security world
Tags: ACLUAppleconsumer privacycorporate surveillanceData privacydeceitful business practicesdigital privacyDNA testingEFFHelix DNAmozillaprivacyprivacy policyPrivacy Rights Clearinghousesignalunfair business practiceswhatsapp
(Read more...)
|
|
|
|
|
2019-04-22 18:15:03 |
Of hoodies and headphones: a spotlight on risks surrounding audio output devices (lien direct) |
For years, researchers have been poking holes in our audio output devices in the name of security and privacy. They've found many ways our headphones can be hacked or otherwise compromised. Learn what they discovered, and how you can secure your own.
Categories:
101
FYI
Tags: ahaamerican heart associationaudio output deviceaudio output device securityben gurion universitybluebornebluetooth eavesdroppingheadphone risksheadphones and hoodiesman-in-the-middle attackmitmmultiplexed wired attack surfaceSennheiserSPEAKE(a)RSPEAKE(a)R malware
(Read more...)
|
|
|
|
|
2019-04-22 15:47:02 |
(Déjà vu) A week in security (April 15 – 21) (lien direct) |
A roundup of security news from April 15–21, including an explanation of like-farming, Ellen DeGeneres scam, flaws in VPN services, funky malware formats found in Ocean Lotus, and more.
Categories:
Security world
Week in security
Tags: a week in securitycyber resilienceEllen DeGeneresfake Airbnb sitesFlame 2.0IE vulnerabilitylike-farmingnotre dame disinformationVPN flawweek in security
(Read more...)
|
Malware
|
APT 32
|
|
|
2019-04-19 18:37:05 |
Funky malware format found in Ocean Lotus sample (lien direct) |
Recently, one of our researchers presented at the SAS conference on "Funky malware formats"-atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.
Categories:
Malware
Threat analysis
Tags: APT 32atypical malware formatsBLOBCABcustom formatmalware formatocean lotusVietnam
(Read more...)
|
Malware
Threat
|
APT 32
|
|
|
2019-04-18 15:00:00 |
Explained: like-farming (lien direct) |
Like-farming is a popular method on social media to harvest as many likes and shares as possible in order to increase the value of a site or domain. But what happens when scammers get in the game?
Categories:
101
FYI
Tags: facebookhoaxlike-farminglike-harvestinglikesshares
(Read more...)
|
|
|
|
|
2019-04-17 16:04:02 |
Malware targeting industrial plants: a threat to physical security (lien direct) |
When malware shuts down the computer systems of an industrial plant, it could threaten the physical security of those working in or living near it. Here's how to protect your workforce and your business from targeted threats.
Categories:
101
Business
Tags: controllerslockergogamanufacturingphysical securityproductionransomware
(Read more...)
|
Malware
Threat
|
|
|
|
2019-04-16 15:30:02 |
Hackers snab emails and more in Microsoft Outlook, Hotmail, and MSN compromise (lien direct) |
Hackers made use of a compromised Microsoft support agent's credentials to sneak a peek at its users' Hotmail, MSN, and Outlook emails. How bad is it, and what has Microsoft done to correct it?
Categories:
Cybercrime
Hacking
Tags: emailhotmaillivemicrosoftmsmsnOutlook
(Read more...)
|
|
|
|
