Category Archives: week in review

Here’s an overview of some of last week’s most interesting news and articles: Like it or not, “cyber” is a shorthand for all things infosec We have lost the cyber war. No, not that cyber war. Maybe war of words is a better way to put it. Whether we like it or not, cyber has become the default way for everyone else to talk about what we do. Used devices are a treasure trove of … More → Continue reading Week in review: IIS zero-day, iOS scareware, new issue of (IN)SECURE→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Malware posing as Siemens PLC software is hitting industrial environments Variants of the same malware disguised as software for Siemens programmable logic controllers (PLCs) has been flagged 10 times over the last 4 years, and the latest occurrence was early this month. Cyber insurance: What and why? The primary aim of cyber insurance is to protect individuals and organisations against the … More → Continue reading Week in review: Leaking LastPass extensions, 300+ hackable Cisco switches→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Vulnerability in WhatsApp and Telegram allowed complete account takeover The vulnerability allows an attacker to send the victim malicious code, hidden within an innocent looking image. As soon as the user clicks on the image, the attacker can gain full access to the victim’s WhatsApp or Telegram storage data, thus giving full access to the victim’s account. Leaked: Personal info on … More → Continue reading Week in review: WhatsApp flaw, lip motion passwords, reinventing software patching→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: The six stages of a cyber attack lifecycle High-impact cyber incidents can be avoided if you detect and respond quickly with end-to-end threat management processes. StoneDrill: New wiper targets Middle East, shows interest in Europe Just like another infamous wiper, Shamoon, it destroys everything on the infected computer. Google, Microsoft increase bug bounties Bug hunters, rejoice: both Google and Microsoft have … More → Continue reading Week in review: Apache servers under attack, machine leaning in infosec→

Here’s an overview of some of last week’s most interesting news, reviews and articles: Banks around the world hit with fileless malware Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses. Review: The Internet of Risky Things Building the IoT the same way we built the current Internet is not a good solution. Don’t take your hands off the wheel How much will we want the … More → Continue reading Week in review: Fileless malware, HTTPS interception in the wild, simple Gmail spoofing→

Here’s an overview of some of last week’s most interesting news and articles: Employee burnout: The biggest workplace challenge in 2017 A new study by Kronos and Future Workplace found 95 percent of human resource leaders admit employee burnout is sabotaging workforce retention, yet there is no obvious solution on the horizon. Amazon scammers hijack seller accounts, lure users with good deals Amazon buyers are being targeted by clever scammers that either set up independent … More → Continue reading Week in review: Amazon scammers hijack seller accounts, Shadow Brokers say goodbye→

Here’s an overview of some of last week’s most interesting news and articles: Malvertising campaign compromises routers instead of computers The attackers current main goal is to change DNS records on the target router, so that it queries the attacker’s rogue DNS servers, and the users are served with ads that will earn the attackers money. How to create a safer shopping experience From phishing sites to online card skimming to compromised terminals in stores; … More → Continue reading Week in review: Yahoo breach, malvertising targeting routers, the economics of ransomware→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: McAfee Labs predicts 14 security developments for 2017 Ransomware attacks will decrease in volume and effectiveness in the second half of 2017, the company’s experts believe. Actively exploited Firefox, Tor Browser 0-day patched, update now! Mozilla and the Tor Project have released security updates that fix the Firefox 0-day flaw that was spotted being exploited to de-anonymize Tor Browser users. The … More → Continue reading Week in review: Sextortion, Firefox 0-day, and next level red teaming→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: 65% of Windows devices still running Windows 7, released in 2009 To analyze the current state of device security, Duo Security analyzed more than two million devices, 63 percent of which were running Microsoft operating systems. Security startup confessions: Looking for investors Running a startup is an amazing experience, and a lot like riding a roller coaster. The past couple of … More → Continue reading Week in review: Actively exploited Windows 0-day, ICS and IoT security→

Here’s an overview of some of last week’s most interesting news, reviews and articles: Dirty COW Linux kernel zero-day exploited in the wild is now patched Linux developer Phil Oester has spotted attackers exploiting a Linux kernel zero-day privilege escalation flaw that dates back to 2007, and has raised the alarm. Major US DNS provider hit with DDoS, part of the Internet becomes unreachable Among the websites that experienced issues as a result of the … More → Continue reading Week in review: DNS DDoS, Linux kernel zero-day, VeraCrypt audited→