Category Archives: week in review

Here’s an overview of some of last week’s most interesting news, reviews and articles: Twitter, Facebook revoke access to social media surveillance software used by cops Geofeedia, a US-based company that offers its social media aggregation platform “to a broad range of private and public sector clients”, also numbers among its clients over 500 law enforcement and public safety agencies across the country. Quickly audit and adjust SSH server configurations with SSH-audit SSH-audit is a … More → Continue reading Week in review: Social media surveillance, ransomware recovery, US accuses Russia of hacking→

Here’s an overview of some of last week’s most interesting news and articles: 100+ online shops compromised with payment data-stealing code Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping. DMARC email security is now mandatory for the UK government, what can the enterprise learn? … More → Continue reading Week in review: Security fatigue, open source jobs, and compromised online shops→

Here’s an overview of some of last week’s most interesting news and articles: Yahoo breach was not state-sponsored, researchers claim The massive 2014 Yahoo breach isn’t the work of state-sponsored hackers as the company has claimed to believe, say researchers from identity protection and threat intelligence firm InfoArmor. Instead, the breach was effected by a group of professional blackhats believed to be from Eastern Europe. The psychological reasons behind risky password practices A Lab42 survey … More → Continue reading Week in review: Securing ICS, and the reasons behind risky password practices→

Here’s an overview of some of last week’s most interesting news, reviews and articles: Repercussions of the massive Yahoo breach Yahoo has announced on Thursday that they have suffered a breach and that account information of at least half a billion users has been exfiltrated from the company’s network in late 2014. Review: Boxcryptor Storing your data in the cloud comes with both positive and negative aspects. Boxcryptor is a solution that helps with this … More → Continue reading Week in review: Yahoo breach, Tesla remote hijack, new issue of (IN)SECURE→

Here’s an overview of some of last week’s most interesting news and articles: Five ways to respond to the ransomware threat While organizations wrestle with the ever-pressing issue of whether to pay or not to pay if they’re victimized, Logicalis US suggests CXOs focus first on how to protect, thwart and recover from a potential attack. MySQL 0-day could lead to total system compromise Researcher Dawid Golunski has discovered multiple severe vulnerabilities affecting the popular … More → Continue reading Week in review: MySQL 0-day, Stingrays, and the end of Patch Tuesday→

Here’s an overview of some of last week’s most interesting news, reviews, podcasts and articles: Rambler.ru hack: Passwords of nearly 100 million users exposed A new data leak – confirmed to be legitimate by LeakedSource and added to its searchable online database – affects nearly 100 million users of Rambler.ru, one of the biggest Russian web portals. Measuring IT security health with GreySpark In this podcast recorded at Black Hat USA 2016, Brit Wanick, Vice … More → Continue reading Week in review: Stealing login credentials, secure mobile communications explained→

Here’s an overview of some of last week’s most interesting news, podcasts and articles: Linux servers hit with FairWare ransomware – or is it just a scam? Victims of the attack find their web folder deleted, and in its place a ransom note pointing them to an online paste. USBee makes USB devices transmit data from air-gapped computers Unlike COTTONMOUTH, NSA’s USB hardware implant that allows attackers to infiltrate air-gapped systems, load exploit software on … More → Continue reading Week in review: USBee, DNSSEC abuse, and IoT security research→

Here’s an overview of some of last week’s most interesting news, reviews and articles: Backdoor uses TeamViewer to spy on victims A backdoor Trojan with spying capabilities that has been previously directed against European and Russian users is now being lobbed at US users, Dr. Web researchers have warned. Apple plugs three actively exploited iOS zero-days The update, released on Thursday, comes in the wake of a discovery made by researchers from University of Toronto’s … More → Continue reading Week in review: iOS zero-days exploited, hacking cellphone towers and brain implants→

Here’s an overview of some of last week’s most interesting news and articles: eBook: Defending against crypto ransomware Download your copy of the Defending against crypto ransomware eBook and get a walkthrough on how ransomware is delivered to a user’s computer, stages of crypto-ransomware infection, and best practices that can be applied immediately. Proxy authentication flaw can be exploited to crack HTTPS protection Mistakes made in the implementation of proxy authentication in a variety of … More → Continue reading Week in review: Hacking smart cities, leaked hacking tools, and detecting hardware Trojans→

Here’s an overview of some of last week’s most interesting news, reviews and articles: Malware hidden in digitally signed executables can bypass AV protection Researchers have shown that it’s possible to hide malicious code in digitally signed executables without invalidating the certificate, and execute this code – all without triggering AV solutions. CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS When presenting results that build on previous research, it … More → Continue reading Week in review: Spoofing boarding pass QR codes, blocking USB-based threats→