Latest News

Security Measures to Build Safer Software Embraced by Devops

Security Measures to Build Safer Software Embraced by Devops

Devops isn’t simply transforming how developers and operations work together to deliver better software faster, it is also changing how developers view application security. A recent survey from software automation and security company Sonatype found that devops teams are increasingly adopting security automation to create better and safer software. Automation includes adding security testing...

Phishing Your own Employees for Schooling & Security Reasons

Phishing Your own Employees for Schooling & Security Reasons

Your education program isn't complete until you test your users with fake phishing emails. Sending fake (but realistic) phishing emails to all your users to see if they fall for them. There are plenty of tools and services that can do this for you. This is the real test of your phishing and user awareness security training. So, let's talk about how you can improve your general security education...

'Machete' still Continues to Spy on Spanish-Speaking Countries

'Machete' still Continues to Spy on Spanish-Speaking Countries

Machete was first analyzed by Kaspersky Lab back in 2014. The list of targeted entities included intelligence services, embassies, government institutions and military organizations. A majority of the victims at the time were located in Venezuela, Ecuador and Colombia, but some compromised systems were also identified in Russia (embassies), Peru, Cuba, Brazil, the U.S., Spain, Sweden, and China....

'Killer' American Surveillance Tech that Helped Russians Spy On iPhones

'Killer' American Surveillance Tech that Helped Russians Spy On iPhones

Alner is the chief of a small malware merchant, Killer Mobile, whose Tracer surveillance tool for Android and iPhone has spread far beyond Las Vegas, all the way to Russia, a Forbes investigation found. In what appears to be an unprecedented spyware deal between American and Russian firms, Killer's cellphone spy tools were resold by Moscow-based surveillance tech dealer, OpenGSM, which markets to...

Ransomware is Not Just File Encryption

Ransomware is Not Just File Encryption

Ransomware attacks are a popular way for threat actors to make easy profits, as the payment is made anonymously using anonymous BitCoin wallets rather than bank transfers. The motivation for victims to cooperate is high, as their personal data is on the line. While most ransomware families encrypt files, some use creative ways to drive victims to pay. Types of ransomware: 1) IoT ransomware: Smart...

What Happens When USB Pen-Testing Stick Falls Into Malicious Hands?

What Happens When USB Pen-Testing Stick Falls Into Malicious Hands?

The so-called USB Killer – which comes from a Hong Kong company – looks like a standard USB drive, but it’s actually filled with capacitors. Once you plug it in, the USB Killer rapidly charges all those capacitors from the USB power supply. Then, once it’s full, it turns around and electro-vomits all that power back into the drive. It works in a fraction of a second, frying circuits in...

A Court Will be Deciding if a GIF Can Be Considered a ‘Deadly Weapon'

A Court Will be Deciding if a GIF Can Be Considered a ‘Deadly Weapon'

On Monday, a suspect faced federal charges in a Dallas County court for allegedly sending a strobing GIF that triggered a seizure in Kurt Eichenwald, a Newsweek writer with epilepsy, late last year. Light-induced seizures have been fought with lawsuits and TV bans in the past. But like something out of Black Mirror, they've had their day in what's likely the first criminal trial over a seizure...

Do these Things Immediately if You See a Crime Being Committed on Facebook Live

Do these Things Immediately if You See a Crime Being Committed on Facebook Live

As Live grows in popularity along with the potential for harmful uses of the tool, police say it is important for users to know what to do if you see a crime or other dangerous activity on Facebook Live. 1) Call 911: If someone is in danger or a crime is being committed, call the police immediately. 2) Look for descriptive details: Providing key details about what you see can help save law...

Bypassing Encryption: Next frontier of Law Enforcement Tech is

Bypassing Encryption: Next frontier of Law Enforcement Tech is "Lawful Hacking"

The scholarly and research community, the technology industry and Congress appear to be in agreement that weakening the encryption that in part enables information security – even if done in the name of public safety or national security – is a bad idea. Backdoors could be catastrophic, jeopardizing the security of billions of devices and critical communications. The future of law enforcement...

  • More at Salon
  • |
  • |
Disguised as Siemens Firmware a Malware Drills into 10 Industrial Plants

Disguised as Siemens Firmware a Malware Drills into 10 Industrial Plants

Malware posing as legitimate firmware for Siemens control gear has apparently infected industrial equipment worldwide over the past four years. The cyber-nasty is packaged as software to be installed on Siemens programmable logic controllers (PLC). At least 10 industrial plants – seven in the US – were found running the infected firmware, a study by industrial cybersecurity firm Dragos...

Rapid Adoption of a Security Programme Within a Large Enterprise- Strategies

Rapid Adoption of a Security Programme Within a Large Enterprise- Strategies

A large-scale deployment of the Veracode static code analysis platform across a large enterprise presents a number of unique challenges: 1) Understanding Your Application Estate: Where are the applications hosted, where are the codebases, who is responsible for building and maintaining them, what development languages are used, how critical are they to the organisation and so on; 2) Application...

Deterring Cyber-Attacks and International Law

Deterring Cyber-Attacks and International Law

The United States must systematically develop a portfolio of both cyber and non-cyber response options to a wide range of potential cyber attacks and costly cyber intrusions. The objective should not be to develop a “cookbook” with formulaic responses, but a “playbook” that will allow DoD and other departments to ensure that there is real capability behind the U.S. cyber deterrence...

Hacker's Guide to Fixing Automotive Cybersecurity

Hacker's Guide to Fixing Automotive Cybersecurity

The usage of Controller Area Network (CAN) bus- a single two-wire connection between all the components of the car- in automobiles didn’t add any security risk for many years. However, things changed when safety and convenience features such as Automated Parking Assist and Adaptive Cruise Control were added. They require that computers have the ability to send commands to other computers that...

Krebs: “Users Downgrade Security” asks eBay

Krebs: “Users Downgrade Security” asks eBay

eBay asks its users to downgrade security. The move by eBay comes just months after the National Institute for Standards and Technology (NIST) released a draft of new authentication guidelines that appear to be phasing out the use of SMS-based two-factor authentication. NIST said one-time codes that are texted to users over a mobile phone are vulnerable to interception, noting that thieves can...

How ARM-based Mobile Devices are Exploited by the Attack of Drammer?

How ARM-based Mobile Devices are Exploited by the Attack of Drammer?

Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Hardware-based security vulnerabilities and attacks are not commonplace, but they do exist, and could provide access to an otherwise secure system. The Flip Feng Shui technique allows the Rowhammer hardware bug to be exploited by a...

The ways Companies can Stay Ahead of the Cybersecurity Curve

The ways Companies can Stay Ahead of the Cybersecurity Curve

Businesses of all types, not just tech-centered ones, can help keep themselves in the clear by putting cybersecurity at the forefront of their risk management efforts: 1) A de facto standard of care: A set of obligations companies owe to their customers, and increasingly their vendors and partners, as a basic practice of doing business. Standards like the NIST Cybersecurity Framework could become...