Google Working on Tool to Gather Stats While Preserving Privacy

Google is working on a new system that enables the company to collect randomized information about the way that users are affected by unwanted software on their machines, without gathering identifying data about the users. The system is known as RAPPOR Randomized Aggregatable Privacy-Preserving...

Android 5.0 Lollipop Encryption and Application Control

Google, like most technology companies in this climate, is fighting for the security and privacy of its users’ data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise, Google decided with Android...

AOL Releases Transparency Report Lobbies for USA FREEDOM Act

Noting that Saturday was the 13th anniversary of the passage of the USA PATRIOT Act, the Web giant AOL this week released its latest transparency report, detailing estimations of how many Foreign Intelligence Surveillance Act FISA orders and National Security Letters NSLs it’s received in the las...

'Every Drupal 7 Site Was Compromised' Unless Patched By Oct. 15

The maintainers of the Drupal content management system are warning users that any site owners who haven’t patched a critical vulnerability in Drupal Core disclosed earlier this month should consider their sites to be compromised. The vulnerability, which became public on Oct. 15, is a SQL...

Popular Science Website Infected, Serving Malware

The website of widely read Popular Science magazine is reportedly hosting a malicious script that is redirecting site visitors to a third-party domain containing an exploit kit, which is infecting users by uploading files containing malware to their machines. To give an idea of the scope of this...

Microsoft Plans to Disable SSLv3 in IE, All Online Services

Microsoft is planning to disable support for the weak SSLv3 protocol in Internet Explorer at some undetermined point in the future, and also will remove support for it in the company’s online services soon. The security and utility of SSLv3 has been an issue for a long time, but it came into...

Microsoft Warns of Crowti Ransomware

Researchers with Microsoft have spotted a spike in Crowti, a ransomware similar to Cryptolocker that encrypts files on victims’ machines and then asks for payment to unlock them. The malware has existed for several months but it wasn’t until mid-October that Microsoft’s Malware Protection Center...

Facebook Releases osquery to Open Source

Facebook is in a giving mood today. The social networking giant announced today that it will release to open source a framework that detects and logs state changes in an operating system likely caused by an attack or performance meltdown. It also announced that it will hand out up to $300,000 nex...

Dyreza Banker Trojan Attackers Exploiting CVE-2014-4114 Windows Flaw

The Dyreza Trojan is nothing if not ambitious. The malware has been spotted doing a variety of interesting things in the last year, including bypassing SSL and targeting users of specific business apps. Now the Trojan is exploiting the recently disclosed CVE-2014-4114 vulnerability in Windows tha...

BlackEnergy Malware Used in Attacks Against ICS HMI

Industrial control system operations running human-machine interface software from a handful of vendors are being targeted by a hacking campaign making use of the BlackEnergy malware. The United States Industrial Control System Cyber Emergency Response Team ICS-CERT published an advisory on Tuesd...

Cyberespionage: 'This Isn't a Problem That Can Be Solved'

WASHINGTON–Gentlemen may not read each other’s mail, as Henry Stimson famously said so long ago, but in today’s world they certainly steal it and there’s precious little in the way of gentlemanly conduct happening in the realm of cyberespionage. It’s every man—or country—for himself in this...

Four ScanBox APT Watering Hole Attacks Uncovered

The appearance of the ScanBox keylogging tool in August ushered in a new era of reconnaissance tools used in targeted attacks. No longer was a malware infection required to steal information from a victim of interest. Instead, attackers using watering hole attacks, were loading malicious JavaScri...

US-CERT Warns of Dyre Banking Trojan

The Department of Homeland Security formally sounded the alarm Monday on Dyre, the banking Trojan that’s been spotted siphoning banking credentials from both large enterprises and major financial institutions as of late. The warning came in the form of an alert from the United States Computer...

Russian APT28 Group Linked to NATO, Political Attacks

A Russian APT group tied to ongoing attacks against military and political targets in Eastern Europe and against NATO could also have ties to the MiniDuke espionage campaign uncovered more than a year ago. Dubbed APT28 by FireEye in a report published last night, the Russian hackers have targeted...

Government, Industry Focusing on Issue of Resiliency

WASHINGTON–As things stand right now, the United States has no overarching national information security policy or centralized agency responsible for defending the government’s networks in the event of a serious cyberattack. There have been many pushes over the years to change that and put one...

Infighting, Politics Hampering Cybersecurity Progress in Washington

WASHINGTON–The United States government and private sector are unprepared for a major cyber attack on the country’s critical infrastructure, a former Congressman said, thanks to a divided, risk-averse Congress and an inability for agencies and other organizations to share information effectively...

Cyberattacks Most Imminent Threat to U.S., Economy

ALEXANDRIA, Va – In a panel discussion Monday morning, a crowded table of top-level security experts from industry, military and government agreed that the threat posed by cyberattacks targeting U.S. critical infrastructure and private industry now outweighs any other national security threat...

Shellshock Exploits Used Against SMTP Servers at Webhosts

The persistence of the Shellshock vulnerability remains high more than a month after it first surfaced. The latest attacks involved SMTP servers belonging to web hosts, said a report published by the SANS Internet Storm Center. Attackers are using Shellshock exploits targeting the now infamous...

Koler Malware Propagating Through SMS

A new iteration of the Android ransomware Koler has surfaced that’s trying to trick its victims into downloading the malware by propagating through SMS messages. Android users receive SMS messages containing shortened bit.ly URLs that ultimately lead to the malicious .APK. Once opened, the packag...

Samsung Rebuffs Criticism of Knox Crypto, Password Management

Replies and rebuttals are flying about regarding a report critical of the encryption and password management functions deployed with Samsung’s Knox technology in its Android-based Galaxy and Note mobile devices. Last week, a researcher published an advisory that said a PIN chosen during setup of...

NSA-Approved Samsung Knox Stores PIN in Cleartext

A security researcher has tossed a giant bucket of ice water on Samsung’s thumbs up from the NSA approving use of certain Galaxy devices within in the agency. The NSA’s blessing, given under the agency’s Commercial Solutions for Classified Program, meant that the Samsung Galaxy 4, 5 and Galaxy No...

Researchers Finds Malicious Tor Exit Node Adding Malware to Binaries

A security researcher has identified a Tor exit node that was actively patching binaries users download, adding malware to the files dynamically. The discovery, experts say, highlights the danger of trusting files downloaded from unknown sources and the potential for attackers to abuse the trust...

Facebook Yahoo Require-Recipient-Valid-Since SMTP Extension

Yahoo’s decision in June 2013 to reset accounts that had been dormant for 12 months and make them available to other users raised a number of security and privacy red flags. It was feared that the potential for identity theft would grow given that if an old Yahoo account was linked to another...

NAT-PMP Security Vulnerability Affects 1.2M Routers

Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...

Malicious Ads on Yahoo, AOL, Trigger CryptoWall Infections

Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,00...

Cybersecurity Legislation Forecast is Grim

MINNEAPOLIS – If you’re expecting federal cybersecurity legislation any time soon, forget it. Despite the number of prospective bills on the Hill right now, Congress is unlikely to move anything forward any time soon, according to Matthew Rhoades, director cyberspace and security program Truman...

Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances

There is a severe remote code execution vulnerability in a number of Cisco’s security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the...

April 911 Outage Impacted 3.5 Percent of U.S. Population

In the early hours of April 10, a series of errors led to a massive, multi-state outage in the emergency call management centers ECMCs that handle 911 calls in seven geographically dispersed states. The incident originated at an obscure but critical call routing hub in Englewood, Colo., and ended...

New Adobe Flash Exploit Found in Angler, Fiesta EKs

Two notorious exploit kits are already seeding vulnerable websites with exploits for a Flash Player vulnerability that was patched in last week’s Adobe security bulletin. French researcher Kafeine told Threatpost that the most likely scenario is that a skilled coder found a way to reverse-enginee...

NIST Publishes Draft Hypervisor Security Guide

NIST has followed up a three-year-old virtualization security guide with recommendations for hypervisor security. A draft version of SP800-125a was released this week and a public comment period opened on Monday and ends Nov. 10. The guide targets enterprise security and IT management as well dat...

PHP Patches Buffer Overflow Vulnerabilities

UPDATE Developers at PHP recently pushed out a series of patches to fix a handful of vulnerabilities, including one that can lead to a heap-based buffer overflow. Researchers at the Swiss firm High-Tech Bridge dug up the vulnerabilities in versions 5.6.1, 5.5.17, and 5.4.33 of the framework. The...

Attackers Exploiting Windows OLE Vulnerability

Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there...

D.C.'s Complicated View of Cyberwar, Regulation, Liability

MINNEAPOLIS – Lawmakers and politicians trying to equate cyberwar with a kinetic battle are misguided in putting the two on equal footing, said former National Security Agency general counsel Stewart A. Baker today in his keynote at the Cyber Security Summit. “Cyberweapons are not like nuclear...

FTC Hires Privacy Researcher Ashkan Soltani as Chief Technologist

The FTC has hired Ashkan Soltani, a highly regarded and respected technologist and privacy researcher, as its chief technologist. The move is the latest in a string of interesting hires by the Federal Trade Commission. In 2009 the agency hired Chris Soghoian, a privacy and security researcher, as...

Staples Investigating Payment Data Card Breach

The office supply chain Staples Inc. is reportedly looking into a payment card breach, potentially making it the latest in a long line of retail establishments to suffer a compromise over the last year. “Staples is in the process of investigating a potential issue involving credit card data and h...

Google Adds Hardware Security Key For Account Protection

Google is introducing an improved two-factor authentication system for Gmail and its other services that uses a tiny hardware token that will only work on legitimate Google sites. The new Security Key system is meant to help defeat attacks that rely on highly plausible fake sites that are designe...

Obama Executive Order Forces Chip & Pin, EMV on Government

President Barack Obama last week signed an Executive Order that will force the federal government to adopt chip and PIN technology for government payment cards and to outfit retail point-of-sale terminals at federal facilities – like national parks and post offices – with the capacity to accept...

EFF, Snowden Dispute FBI Claims on Device Encryption

The FBI has long said that the use of strong encryption software hampers the bureau’s investigations and makes life easier for criminals. Current FBI Director James Comey continued this line of reasoning in a speech on Oct. 17, saying that the use of crypto could lead the country to a dark place,...

Privacy Criticism Hits OSX Yosemite over Location Data

Apple has fixed a huge number of security vulnerabilities in OS X and iTunes and, at the same time, is being hit with criticisms about privacy issues in the new version of OS X. The latest version of the operating system, known as Yosemite, sends location information to Apple by default via the...

Microsoft Patches FASTFIX on Older Versions of Windows

UPDATE – Microsoft this week patched a vulnerability in the FASTFAT driver that interacts with FAT32 disk partitions, closing a privilege escalation and code execution hole in Windows Server 2003, Windows Vista and Windows Server 2008. But what about Windows 7 and up versions of the OS, you may b...

Microsoft Changing Detection of Adware and Browser Modifiers

One of the not-so-great side effects of the transition to virtually everything being done in the Web browser now is that advertisers, attackers and scammers constantly are trying to get their code to run in users’ browsers, any way they can. A lot of this is done through extensions and browser...

Operation DeathClick APT Malvertising Campaign

Advanced persistent threat groups are using malvertising in order to compromise the networks of their adversaries in what appears to be an example of high-level, nation-state attackers borrowing tactics from the typically less sophisticated cybercriminal arsenals. Attackers are also borrowing fro...

Facebook Tool Mines Stolen Passwords

When a cache of millions—or even a billion—username-password combinations is stolen and posted to Pastebin, Github or a hacker forum, victimized organizations struggle to respond. And victimized users often twist in the wind wondering whether their identities and personal information are at risk...

SAP Patches DoS Flaw in Netweaver

SAP has released a fix for a remotely exploitable denial-of-service in its Netweaver platform. The bug is confirmed to affect several versions of the platform and may be present in others, as well. Researchers at Core Security discovered the vulnerability and reported it to SAP in June. Netweaver...

Malware Detection Must Soon Recognize Evasive Behaviors

Criminals and advanced attackers have long fortified malware with features that help malicious code stay hidden from analysis. We’ve seen malware samples that determine if they’re being executed in a sandbox or virtual machine, or over remote desktop protocol connections, and stay quiet until...

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place', FBI Director Says

FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could “lead us to a very, very dark place.” Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems...

OpenSSL Releases Patch for POODLE Attack

The OpenSSL Project has released a new version of the encryption software, which patches several security flaws, including the bug that is exploited by the POODLE attack on SSLv3. The updated versions of OpenSSL come just a couple of days after a trio of researchers at Google revealed the POODLE...

Facebook to Double Bounty Payouts For Ad Code Bugs

Popular segments of Facebook code have plenty of white—and black hats—poking around for bugs. The same probably cannot be said for the social network’s ads code, so Facebook has decided to add an incentive to its bug bounty program. Through the end of the year, payments will be doubled for bugs...

Firms Detail Zero Days Targeting Windows Kernel

After they were patched in yesterday’s round of Patch Tuesday security bulletins, security firms have begun to peel back the layers on two zero-day vulnerabilities that are being used in limited, targeted attacks against Microsoft’s Windows Kernel. According to FireEye, one of the firms that...

Drupal Fixes Highly Critical SQL Injection Flaw

Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. “Drupal 7 includes a database abstraction API to...