Automated Attack, Threat Intelligence Sharing Sought

BOSTON – If you’re looking for tangible information sharing success stories around attack intelligence, some might point to the prompt publishing of indicators of compromise IOC as an example. Security and forensics companies will publish MD5 hashes of malware, IP addresses involved in attacks,...

MIRcon 2013 – Day 1 Highlights

Happy Day 2 of MIRcon®! Yesterday, Mandiant's CEO Kevin Mandia kicked off MIRcon 2013 with a keynote on attacking the security gap, discussing the necessity of information-sharing and his experience witnessing the evolution of cybercrime. From there we moved on to thought-provoking discussions in...

Finland's Ministry of Foreign Affairs networks hit by sophisticated Malware attack

Finnish commercial broadcaster MTV3 reports that the Finnish Ministry of Foreign Affair networks has been targeted in a four-year-long cyber espionage operation. Finland's foreign minister said, "I can confirm there has been a severe and large hacking in the ministry's data network," A large scal...

Tech Giants Plead for U.S. Surveillance Reforms

Giant technology companies have been vocal about the need for more transparency with regard to the national security requests for user data they receive. But until now, they’ve stayed out of the political fight to address government surveillance, in particular by the National Security Agency...

Major Companies Fall Victim to Social Engineering

The annual Social Engineering Capture the Flag contest held during DEF CON may seem on the surface to be just an opportunity for pen-testers and hackers to flex their pretexting muscles. But if you’re one of the 10 major technology, manufacturing and critical infrastructure organizations targeted...

Obama Administration to Review NSA Capabilities

President Barack Obama has initiated a review of the procedures and methods that the NSA uses to collect intelligence at home and overseas to ensure that the agency isn’t overstepping its bounds in phone and Internet data collection. The review comes at a time when Congress is set to consider...

Google Retools reCAPTCHA Authentication System

Google announced a change to its reCAPTCHA authentication system late Friday wherein the company will begin creating different types of puzzles for different users, use numeric CAPTCHAs and move away from more obscure, hard-to-read distorted letters. CAPTCHAs are the series of distorted letter...

EFF: Congress Has Opportunity to Stop Mass Surveillance

Since the leaks of NSA surveillance methods began in June, there has been a flurry of activity in Congress, with members scurrying to line up on either side of the issue, either defending the agency’s methods or condemning them. That mad scramble also has included the introduction of a number of...

FBstalker Does Data Mining on Facebook Graph Search

Facebook’s Graph Search feature connects a lot of dots between friends on the social network—as well as between others who interact with your Facebook friends. Anyone with a keyboard has a nifty data mining tool at their fingertips that can bring up an intricate list of friends and acquaintances,...

Schneider Electric IGSS Buffer Overflow

Overview Independent researcher Aaron Portnoy of Exodus Intelligence has identified a buffer overflow vulnerability in Schneider Electric’s Interactive Graphical SCADA System IGSS application. Schneider Electric has produced a patch that fully resolves this vulnerability. Aaron Portnoy has...

Snoopy Project mobile tracking and intelligence grows up

A year ago, the Snoopy Project was a neat research initiative that packaged a number of existing technologies into a framework to profile and track mobile devices. After a summer of Snowden revelations, something like Snoopy takes on a whole new meaning. Snoopy devices, called drones by researche...

HTTPS, SSL Minimal Security, Privacy Standard for Email

Yahoo is being second-guessed more today than a mediocre baseball manager. Two days after announcing it would finally turn SSL on by default for its email users starting in January, the company is getting a halfhearted pat on the back from the security industry, which can’t help but ask: “What to...

FISC Court renews the Permission to collect Telephony Metadata again

The Foreign Intelligence Surveillance Court has once again has renewed the permission to the U.S. government for a controversial program to collect the telephony metadata from American phone companies. The News that the NSA collects bulk phone call metadata including phone numbers, call times and...

IBM Cognos Business Intelligence - XML External Entity Information Disclosure

IBM Cognos Business Intelligence - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/63719/info IBM Cognos Business Intelligence is prone to an information-disclosure vulnerability due to an error when parsing XML external entities. An attacker can exploit this...

IBM Cognos Business Intelligence - XML External Entity Information Disclosure

source: https://www.securityfocus.com/bid/63719/info IBM Cognos Business Intelligence is prone to an information-disclosure vulnerability due to an error when parsing XML external entities. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attack...

MIRcon Preview: What to Expect in the Technical Track

MIRcon 2013, Nov. 5-6, Washington, DC is right around the corner. Have you registered yet? Don't miss out! With targeted attacks continuing for the foreseeable future, you should be sure to take advantage of this opportunity to learn from leading industry cybersecurity experts. The two day...

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 IE11. The program was designed to run during Internet Explorer 11's browser beta test on...

Researchers Nab $28k in Microsoft Bug Bounty Program

As part of its first-ever bounty program, Microsoft has paid out $28,000 to a small group of researchers who identified and reported vulnerabilities in Internet Explorer 11. The IE 11 bounty program only ran for one month during the summer, but it attracted a number of submissions from well-known...

Experts Petition NSA Review Board to Include Technologist

A long list of influential security, privacy and technology experts, largely from academic circles, has petitioned the NSA review board to include a technologist among its ranks. The board, established on Aug. 12 by Director of National Intelligence James R. Clapper upon the orders of the...

NSA using Browser Cookies to track Tor Users

Yesterday a new classified NSA document was leaked by Edward Snowden - titled 'Tor Stinks' in which ideas were being kicked around for identifying Tor users or degrading the user experience to dissuade people from using the Tor browser. The NSA had a very hard time while tracking down all Tor...