No idea who could have been behind this one...
The South Korea Ministry of National Defense says 10 of its internal PCs have been compromised by North Korea unknown hackers .…
Now is a good time to get a password manager app
Infosec researcher Troy Hunt has revealed that more than 700 million email addresses have been floating around "a popular hacker forum" - along with a very large number of plain text passwords.…
6 hours ago Airline Booking System Exposed Passenger DetailsInfoRiskToday View Synopsis+1
Vulnerability Highlights Poor Security Controls for Passenger Name RecordsAirline booking system provider Amadeus - used by 500 airlines - is investigating a software vulnerability that exposed passenger name records, which is the bundle of personal and travel data that gets collected when booking a flight.
Consumer advocates and the data-hungry technology industry are drawing early battle lines in advance of an expected fight this year over what kind of federal privacy law the U.S. should have.
Refined malware payloads from Chinese threat actor Rocke Group are sidestepping security tools to install cryptocurrency miners on cloud systems.
Automated unpackers such as Renovo, Saffron, and Pandora's Bochs attempt to dynamically unpack executables by detecting the execution of code from regions of virtual memory that have been written to. While this is an elegant method of detecting dynamic code execution, it is possible to evade these unpackers by dual-mapping physical pages to two distinct virtual address regions where one region is used as an editable mapping and the second region is used as an executable mapping. In this way, the editable mapping is written to during the unpacking process and the executable mapping is used to execute the unpacked code dynamically. This effectively evades automated unpackers which rely on detecting the execution of code from virtual addresses that have been written to.
1 day ago Farewell 2009, and The Washington PostSecurityFix Blog View Synopsis+1
This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company.
Over the last 15 years, I've reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were "reverse published" in the newspaper, including eight front-page stories and a Post Magazine cover.
Through it all, you - the reader - have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you.
I will continue to remain engaged in this increasingly vital news beat. Please stay in touch for updates in the New Year. I can be reached directly at this e-mail address.
Authentication is simply AWOL for remote RF construction plant, says Trend Micro
Did you know that the construction industry uses radio-frequency remote controllers to operate cranes, drilling rigs and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro.…
Reports suggest that cryptocurrency may have been lost by the exchange.
US authorities on Tuesday charged eight people in a scheme to trade on and profit from stolen corporate information hacked from a government database, court papers showed.
Police can't force you to unlock your phone by iris, face or finger
The Office of the Comptroller of the Currency requested public comment on a proposed regulation implementing the so-called "Volcker Rule" requirements of section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
Researchers have discovered two potentially serious vulnerabilities in an industrial-grade weather station made by ControlByWeb, a company that specializes in products that allow organizations to remotely monitor and control electrical devices.
37 minutes ago Live Webinar: An Effective Framework for Improving Cyber Defenses in Your OrganizationInfoRiskToday View Synopsis+1
Onapsis, a company specializing in cybersecurity and compliance solutions for enterprise resource planning (ERP) products, on Wednesday announced that it has entered a definitive agreement to acquire competitor Virtual Forge.
Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.
2 hours ago This cryptocurrency mining malware now disables security software to help remain undetectedZDNet View Synopsis+1
Cryptojacking campaign targets Linux servers that haven't had patches for known vulnerabilities applied.
Microsoft wants you to "make Windows even better" by setting up Microsoft Account services on Windows 10 devices.
3 hours ago Flaw in Reservation System Impacts Many AirlinesSecurityWeek View Synopsis+1
A vulnerability discovered in a reservation system used by hundreds of airlines around the world could expose the details of millions of their customers, researchers warned this week.
2.7 Billion Email/Password Combo List for Credential Stuffing, Troy Hunt WarnsAustralian security expert Troy Hunt says an 87 GB compilation of username and password combinations - drawn from more than 2,000 databases - includes 773 million unique email addresses, for apparent use in credential-stuffing attacks. Takeaway: Use a unique password for every site, or else.