-
SEC Documents Show Yahoo Knew of Massive Data Breach Since 2014
Documents filed by Yahoo yesterday with the US Securities and Exchange Commission (SEC) reveal that at least some Yahoo employees knew since 2014 of the massive security incident through which an unknown attacker stole details of 500 million users.
- November 10, 2016
- 01:00 PM
1
-
Google Chrome 54.0.2840.99 update fixes 3 Reported Vulnerabilities
Version 54.0.2840.99 of Google Chrome was released yesterday that fixes for 4 reported vulnerabilities. Unfortunately, at this time the severity of these vulnerabilities is unknown, but based on the bounty reward it is possible that at least 2 of them could possibly lead to remote code execution.
- November 10, 2016
- 11:49 AM
1
-
New report: How browser-based attacks are bypassing your security controls
Browser-based attacks, from AITM phishing and ClickFix to malicious OAuth apps and session hijacking, are driving today's biggest breaches.
A new report from Push Security breaks down the techniques attackers are using, real-world case studies, and the detection gaps leaving security teams exposed.
-
BlackNurse Attack: Low-Volume Ping Packet Traffic Can Shut Down Some Firewalls
BlackNurse is the name of a recently discovered network attack that can crash firewalls and routers via ICMP packets, known by most of us as "pings."
- November 10, 2016
- 09:40 AM
- 0
-
Locky Spam Wave Poses as OPM Bank Fraud Alert
The operators of the Locky ransomware have been spotted using a cleverly designed spam lure to trick their victims into downloading their payload and running it on their computers.
- November 10, 2016
- 05:00 AM
- 0
-
Windows 10 Build 14965 adds shorthand notation to the Regedit Address Bar
Today Microsoft has released the Windows 10 Insider Preview Build 14965 for PC and Mobile to Insiders on the fast ring. This release adds new features such as the ability to use a tablet's virtual touchpad to control an external screen, Windows Ink and Sticky Notes improvements, and enhancements to the Registry editor address bar.
- November 09, 2016
- 10:58 PM
- 0
-
iOS WebView Bug Can Force iPhones to Make Calls While UI Freezes
A bug in the iOS WebView component allows an attacker to force someone's iPhone to dial any number, while also locking the user's interface for a few moments, preventing him to cancel the outgoing call.
- November 09, 2016
- 05:20 PM
- 0
-
Telecrypt Ransomware Uses Telegram as C&C Server
Security researchers from Kaspersky Lab have come across a new ransomware variant that they named Telecrypt, which uses Telegram channels as C&C (command-and-control) servers.
- November 09, 2016
- 04:00 PM
- 0
-
Google Announces 30-Day Ban for Websites Abusing Safe Browsing System
Google announced today harsher measures against website operators that abuse its Safe Browsing system to distribute malware by pretending to play nice and requesting quick reviews to lift bans, only to revert back to distributing harmful content.
- November 09, 2016
- 01:00 PM
- 0
-
Heimdall Open-Source PHP Ransomware Targets Web Servers
A Brazilian developer named Lenon Leite has released proof-of-concept code for a ransomware family coded in PHP that will allow an attacker to encrypt the contents of web servers.
- November 09, 2016
- 11:33 AM
- 9
-
New Deal: 81% off the AWS Security Master Class Course Bundle
This bundle contains 2 courses with 10 hours of training on how to properly secure Amazon Web Services (AWS). These two courses would be normally priced at $158, but have been discounted 81% to $29. Certificates of completion are not included with these courses.
- November 09, 2016
- 11:00 AM
- 0
-
Microsoft to Retire Security Bulletins in January 2017 in Favor of Searchable Security Updates Database
Microsoft announced yesterday plans to retire the Security Bulletins system after January 2017, and replace it with a portal that provides a searchable database of all the company's security updates.
- November 09, 2016
- 05:53 AM
- 0
-
Canada Immigration Website Crashes as Trump Prepares to Become US President
Canada's immigration website has gone down on the night of the US Presidential Election after early poll results started coming in, showing Republican candidate Donald Trump holding a small lead, which slowly grew as the evening progressed.
- November 09, 2016
- 03:25 AM
- 0
-
Microsoft's November 2016 Patch Tuesday fixes Zero Day disclosed by Google
Today is the November 2016 Patch Tuesday and we have 14 security updates being released by Microsoft. Of these 14 updates, 6 of them are rated as Critical as they allow remote code execution on the affected computer. Of particular note is the MS16-135 update, which fixes the zero-day Windows vulnerability reported by Google last week
- November 08, 2016
- 04:01 PM
- 0
-
November's Android Security Bulletin Patches Drammer and Dirty COW Exploits
Google released today Android's Security Bulletin for the month of November, which among a total of 83 security vulnerabilities has also patched two high profile bugs identified as Drammer and Dirty COW.
- November 08, 2016
- 02:40 PM
- 0
-
Adobe updates Flash Player and Connect to fix 10 Vulnerabilities
Today, Adobe released security updates for Adobe Flash Player and Adobe Connect that fix a total of ten vulnerabilities. The Adobe Connect update resolves a cross-site scripting (XSS) vulnerability, while the Flash Player updates resolves 9 critical vulnerabilities that could lead to remote code execution.
- November 08, 2016
- 01:33 PM
- 0
-
DDoS Attacks Bring Down Heating System for Two Buildings in Small Finnish Town
Residents of two building in Lappeenranta, Finland spent a few days in the cold over the past few days as DDoS attacks aimed at a service provider indirectly affected the smart building heating system installed at their residential complex.
- November 08, 2016
- 01:00 PM
- 0
-
New Deal: Pay What You Want: 2017 Master Game Development Bundle
Today's we have a pay what you want deal for 10 courses wth 77 hours of training on game development using Unity, Unreal Engine, Phaser, & more. This deal has a combined value of $1,110, but with the Pay What You Want bundles, you are able to get all of the courses by beating the average price.
- November 08, 2016
- 12:50 PM
- 0
-
Dutch Police Posts Grim Warning on Seized Dark Web Marketplace
Police in the Netherlands have taken over a Dark Web marketplace used for selling illegal products and posted a grim warning addressed to former users and potential shoppers searching for illegal products.
- November 08, 2016
- 10:52 AM
- 0
-
IoT Worm Can Be Mounted on Cars, Drones to Take Over Entire Smart Cities
Security researchers have created an experimental IoT worm that can spread on its own to nearby compatible smart devices, causing havoc inside a modern smart city by allowing an attacker to jam WiFi connections, disturb the electric grid, or brick devices making entire critical systems inoperable.
- November 08, 2016
- 08:30 AM
- 0
-
China Passes New Cybersecurity Law That Grants Government the Power to Shut Down the Internet at Will
On Monday, November 7, 2016, the Chinese government passed a new cybersecurity law that heavily restricts Internet freedom for the country's citizens and gives the government the power to shut down Internet access at will, in the name of "national security."
- November 08, 2016
- 06:00 AM
- 0
-
New webinar: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks
-
Overdue a password health-check? Audit your Active Directory for free
-
Want access to threat actors’ playbooks? Get them for free with Flare.
-
Think you can't be deepfaked? Make one of yourself for free and see
-
Is your credential vault DORA-ready? Audit access controls with Passwork.
