Eskenzi PR ad banner Eskenzi PR ad banner

Top 10 Stories

According to a security advisory recently issued by the CERT at the Software Engineering Institute at Carnegie Mellon University, security vulnerabilities in UPnP are exposing millions of home networking devices at risk for cyber attacks. The problem resides in the UPnP that lacks sufficient authentication mechanisms. “Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures.” states the advisory. “Poor adoption of the security standard may...

Read moreDetails

Data privacy experts in Singapore call for mandatory reporting of data breaches, similar to the guidelines issued by some U.S. and Canadian government entities, and making the measure binding on enterprises and citizens alike. It is critical for Singapore regulatory authorities to determine the type of breaches that need reporting, these leaders say. "It is important for customers or enterprises to notify the breach to the privacy commissions depending on the severity for the organisation's benefit," says Bill Taylor-Mountford,...

Read moreDetails

The distributed denial of service (DDoS) attack that downed the National Crime Agency (NCA) website highlights the need to be prepared, according to Barracuda Networks. Hacking group Lizard Squad claimed responsibility for the attack in revenge for the arrest of six teenage hackers in five UK locations. The arrests were part of Operation Vivarium, which was co-ordinated by the NCA and involved officers from various police forces and Regional Organised Crime Units (ROCUs). The six were arrested on suspicion of using the...

Read moreDetails

Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of remote and local exploits that can grant attackers easy and valuable system access. The vulnerabilities (CVE-2015-2823) achieve a severity rating of 6.8 and allow remote...

Read moreDetails

Ransomware continues to grow rapidly, warns McAfee Labs, the threat research division of Intel Security. Malware designed to lock up businesses' data and demand ransom increased by 58% in the second quarter of 2015, according to the McAfee Labs Threats Report: August 2015. The total number of ransomware samples is also up, by 127% compared with the second quarter of 2014, the report said, attributing the increase mainly to rapidly-growing new ransomware families such as CTB-Locker and CryptoWall. View...

Read moreDetails

Mac malware using an exploit so small it fits in a tweet has been upgraded to avoid anti-virus checks. The malware uses the patched OS X DYLD_PRINT_TO_FILE vulnerability that grants attackers root privilege escalation through trivial code. The updated version will throw a fleeting installer request to access the OS X keychain and simulate a click on "allow" before the user can prevent the installation. View full story

Read moreDetails

Hackers have set up a fake domain masquerading as an official site for the Electronic Frontier Foundation as part of a targeted malware campaign. According to the EFF itself, the site, electronicfrontierfoundationorg, is designed to trick users into a false sense of trust, and it appears to have been used in a spear-phishing attack and is still serving malware. Further, the domain seems to be part of a larger campaign. The attack uses the same path...

Read moreDetails

The defences of Japanese banks and financial institutions are being put under a serious test these days by a new banking Trojan created from a mix of previously detected malware. According to the IBM Security X-Force staff, the first signs of this new banking Trojan appeared in April this year and was discovered by IBM Red Cell, a security task force working specifically within the financial sector. This new Trojan was codenamed Shifu, the Japanese word for thief....

Read moreDetails

Cloud computing has changed the way organizations operate by allowing applications and data sets to be accessed from anywhere with Internet. But researchers warn in a new report that entire businesses can be easily brought down because of serious risks caused by a concentration of authority evidenced across the cloud. Analysts with CloudLock, a Massachusetts-based security firm, say companies that put their product on the cloud are often times also placing a tremendous — and...

Read moreDetails

A former intern at security firm FireEye has admitted in federal court that he designed a malicious software tool that allowed attackers to take control of other Android phones so they could spy on their owners. Morgan Culbertson, 20, pleaded guilty to federal charges involving Dendroid, a software tool that provided everything needed to develop highly stealthy apps that among other things took pictures using the phone's camera, recorded audio and video, downloaded photos, and...

Read moreDetails
Page 373 of 630 1 372 373 374 630