Sunday , 24 September 2017
Home » NEWS (page 30)


US DOJ publishes guidelines for setting up a vulnerability disclosure program

Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to enlist outside experts to advise them on how to do it, and others will want to rely on their own IT or security department. For the latter, here’s some good news: the US Department ... Read More »

Wait? What? The IBM cloud’s APIs use insecure TLS1 crypto?

An e-mail has gone out from IBM about its Bluemix cloud: after next Tuesday, the SoftLayer APIs will no longer accept connections encrypted with the ancient TLS 1.0. It’s not quite a surprise that the 1990s-era protocol was still accepted: a great many services are still midway through their deprecation plans. View Full Story ORIGINAL SOURCE: The Register Read More »

BASF says disruption unlikely to be caused by cyber attack

German chemicals company BASF said it currently had no indication that a network disruption affecting logistics at its Ludwigshafen headquarters was caused by a cyber attack. “There is currently no reason to assume that the disruption was caused by hacking. Our experts are still at an early stage of investigating the cause,” a spokeswoman said. View Full Story ORIGINAL SOURCE: ... Read More »

An influential US Senator is worried about the stock market getting hacked

Senator Mark Warner (D-Va) is worried about cybersecurity threats to the US securities market. The influential Democrat, who sits on the Committee on Banking, Housing and Urban Affairs, the Committee on Finance, and the Select Committee on Intelligence, on August 1 sent a letter to Securities and Exchange Commission chairman Jay Clayton. In it, he asked the SEC to provide more information on cybersecurity rules ... Read More »

Mobile Trojan Svpeng turns Keylogger and Steals through Services for Disabled Users

Kaspersky Lab experts have uncovered a new variant of the Svpeng mobile banking Trojan that features keylogging functionality, a technique more commonly associated with targeted threat actors. The modified Trojan steals entered text such as banking credentials by abusing Android’s accessibility services. This approach also allows the Trojan to grant itself other permissions and rights and to counteract attempts to ... Read More »

Premier League club’s commitment to GDPR

West Ham United has established a partnership with leading cyber security consultancy Foregenix to help safeguard its data and prepare for the introduction of tough new data privacy rules. The project will include a number of cyber security initiatives and build on the work carried out as part of the club’s move to their new London Stadium home. Mike Bohndiek, ... Read More »

Zscaler ThreatLabZ reveals malicious content delivered over SSL/TLS has more than doubled in six months

Zscaler, Inc., the leading cloud security company, today announced the findings of a study from Zscaler™ ThreatLabZ showing that malicious threats using SSL encryption are on the rise in 2017. According to the study, an average of 60 percent of the transactions in the Zscaler cloud, the largest security cloud, have been delivered over SSL/TLS. Researchers also found that the ... Read More »

‘Invisible Man’ malware runs keylogger on your Android banking apps

Top tip: Don’t fetch and install dodgy Flash updates from random websites A new breed of Android malware is picking off mobile banking customers, particularly those in the UK and Germany, we’re told. The Svpeng software nasty has been around for four years, and its creator was caught and thrown in the clink in 2015. However, the malware keeps on ... Read More »

Scottish government suffered two ransomware attacks in the past 12 months

More attacks may have made it through the cyber defences without being detected The Scottish government has been attacked with ransomware twice in the past year, in attempts to extort money. In its response to a Freedom of Information request, the government said that its ‘networks, systems and websites are constantly monitored and any identified attack is automatically assessed and ... Read More »

Browser trust test: Would you let Chrome block ads? Or Firefox share and encrypt files?

Mozilla spins share ‘n’ synch as Google spins its own virtues Google and Mozilla have each revealed significant new features in their respective browsers. Chrome has gained its long-foreshadowed ad-blocker that Google swears on a stack of bibles will only excise ads that get in your face in unpleasant ways. View Full Story ORIGINAL SOURCE: The Register Read More »