EMOTET Trojan Variant Evades Malware Analysis

A recently observed variant of the EMOTET banking Trojan features new routines that allow it to evade sandbox and malware analysis, Trend Micro security researchers say. Also known as Geodo,...
Continue reading
0 Comments

Group Launches Secure DNS Service Powered by IBM Threat Intelligence

A newly announced free Domain Name System (DNS) service promises automated immunity from known Internet threats by blocking access to websites flagged as malicious. Called Quad9 , because the IP...
Continue reading
0 Comments

GitHub Warns Developers When Using Vulnerable Libraries

Code hosting service GitHub now warns developers if certain software libraries used by their projects contain any known vulnerabilities and provides advice on how to address the issue. GitHub recently...
Continue reading
0 Comments

New Cyber Insurance Firm Unites Insurance With Cyber Intelligence

Mountain View, Calif-based cyber insurance firm At-Bay has emerged from stealth with a mission to shake up the status quo in cyber insurance. It brings a new model of security...
Continue reading
0 Comments

Ransomware Targets SMBs via RDP Attacks

A series of ransomware attacks against small-to-medium companies are leveraging Remote Desktop Protocol (RDP) access to infect systems, Sophos reports. As part of these attacks, the mallicious actors abuse a...
Continue reading
0 Comments

Moxa NPort Devices Vulnerable to Remote Attacks

Moxa NPort devices vulnerable to remote attacks
Hundreds of Moxa Devices Similar to Ones Targeted in Ukraine Power Grid Hack Vulnerable to Remote Attacks Firmware updates released by Moxa for some of its NPort serial device servers...
Continue reading
0 Comments

Drone Maker DJI, Researcher Quarrel Over Bug Bounty Program

DJI fights with researcher over bug bounty program
China-based Da-Jiang Innovations (DJI), one of the world’s largest drone makers, has accused a researcher of accessing sensitive information without authorization after the expert bashed the company’s bug bounty program....
Continue reading
0 Comments

Google Discloses Details of $100,000 Chrome OS Flaws

Google has made public the details of a code execution exploit chain for Chrome OS that has earned a researcher $100,000. In March 2015, Google announced its intention to offer...
Continue reading
0 Comments

China May Delay Vulnerability Disclosures For Use in Attacks

The NSA and CIA exploit leaks have thrown the spotlight on US government stockpiles of 0-day exploits -- and possibly led to this week's government declassification of the Vulnerabilities Equities...
Continue reading
0 Comments

Middle East 'MuddyWater' Attacks Difficult to Clear Up

Long-lasting targeted attacks aimed at entities in the Middle East are difficult to attribute despite being analyzed by several researchers, Palo Alto Networks said this week. Dubbed “MuddyWater” by the...
Continue reading
0 Comments

Terdot Banking Trojan Could Act as Cyber-Espionage Tool

The Terdot banking Trojan packs information-stealing capabilities that could easily turn it into a cyber-espionage tool, Bitdefender says in a new report. Highly customized and sophisticated, Terdot is based on...
Continue reading
0 Comments

What Can The Philosophy of Unix Teach Us About Security?

UNIX Security
I don’t know how often Unix users think about philosophy. Though if they did, they might explain the philosophy of Unix as follows: Useful, nimble, lightweight tools that when combined...
Continue reading
0 Comments

Kaspersky Shares More Details on NSA Incident

Kaspersky Lab on Thursday shared more details from its investigation into reports claiming that Russian hackers stole data belonging to the U.S. National Security Agency (NSA) by exploiting the company’s...
Continue reading
0 Comments

'Fake news' Becomes a Business Model: Researchers

Cyber criminals have latched onto the notion of "fake news" and turned it into a profitable business model, with services starting at under $10, security researchers said Thursday. The online...
Continue reading
0 Comments

White House Cyber Chief Provides Transparency Into Zero-Day Disclosure Process

Government Vulnerability Disclosure Process (VEP)
The U.S. government Wednesday introduced greater transparency into its Vulnerabilities Equities Policy (VEP) program. This is the process by which government agencies decide whether to disclose or stockpile the cyber...
Continue reading
0 Comments

Critical Flaw Exposes Cisco Collaboration Products to Hacking

A dozen Cisco collaboration products using the company’s Voice Operating System (VOS) are exposed to remote hacker attacks due to a critical vulnerability, users were warned on Wednesday. According to...
Continue reading
0 Comments

A CISO Sizes Up Healthcare Security Threats for 2018

A CISO Sizes Up Healthcare Security Threats for 2018 Sean Murphy of Premera Blue Cross Discusses the Cyber Challenges Ahead) • November 15, 2017     15 Minutes    In the...
Continue reading
0 Comments

PCI Council Developing Software Framework

PCI Council Developing Software Framework Troy Leach Describes Why Payment Software Standards Are Essential) • November 14, 2017     20 Minutes    The PCI Security Standards Council is creating a...
Continue reading
0 Comments

How Information Sharing Helped Curtail WannaCry Harm

How Information Sharing Helped Curtail WannaCry Harm Also, the Securities and Exchange Commission Mulls Tougher Cyber Risk Reporting) • November 14, 2017     10 Minutes    The latest ISMG Security...
Continue reading
0 Comments

Singapore Considers Limiting Use of NRIC Numbers

Singapore Considers Limiting Use of NRIC Numbers
Authentication , Privacy , Risk Management Privacy, Identity Theft Protection Are the Primary Reasons• November 14, 2017     With the aim of protecting data privacy , the government of...
Continue reading
0 Comments