Clik here to view.
针对新型Ursnif木马活动的追踪分析
概述 10月9日,我们的一些客户在几个小时内接连产生相同的告警事件。根据此前已经发生的恶意活动,这一系列告警似乎与Ursnif木马有关。Ursnif是一个长期活跃的恶意软件,其根源可以追溯到2007年的ZeuS和SpyEye,该恶意软件在每一起恶意活动中都具有强大的感染能力。这一系列攻击的媒介是附带恶意Word文档的电子邮件。...
View ArticleClik here to view.
蔓灵花(BITTER)APT组织使用InPage软件漏洞针对巴基斯坦的攻击及团伙关联分析
概述 近期,360威胁情报中心监控到一系列针对巴基斯坦地区的定向攻击活动,而相关的恶意程序主要利用包含了InPage文字处理软件漏洞CVE-2017-12824的诱饵文档(.inp)进行投递,除此之外,攻击活动中还使用了Office...
View ArticleClik here to view.
Sennheiser patches software that allowed for security certificate spoofing
Why it matters:Connecting to a site with HTTPS gives users a sense of privacy and security. For users of Sennheiser's HeadSetup software, a flaw allowed for false certificates to be installed while...
View ArticleCompliance is not Security
Many folks get confused about the difference between security and compliance. Many, especially those less technically inclined, assume that fulfilling compliance obligations sufficiently addresses...
View ArticleCommit your node modules
The latest NPM dependency fiasco has got me thinking again about dependency management. While this used to be a discussion that was limited to those of us who create Node apps, these days, with...
View ArticleVenafi Secures $100M Financing Round Led by TCV
Venafi Secures $100M Financing Round Led by TCV New funding to accelerate growth and support new Machine Identity Protection Development Fund Recent Articles By Author Check Point Software Integrates...
View ArticleHuawei asks New Zealand to explain latest ‘national security’ 5G ban
Less than a month after Huawei narrowed its 5G ambitions in New Zealand by offering to supply carrier Spark with basic 5Gradio transmitters rather than “core” networking hardware, New Zealand has...
View ArticleClik here to view.
Against Security Token Standards
Recently I was speaking about the future of security tokens at a blockchain conference in Europe. During one of the satellite receptions to the event, I was approached by a prominent figure in the...
View ArticleClik here to view.
Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack
A credential stuffing attack has allowed hackers to take a big bite out of Dunkin’ Donuts customer data. The donut giantannounced Tuesday evening that a data breach in October may have led to...
View ArticleClik here to view.
2019 Predictions: Will Cyber Serenity Soon Be a Thing of the Past?
In 2018 the threat landscape evolved at a breakneck pace, from predominantly DDoS and ransom attacks (in 2016 and 2017, respectively), to automated attacks. We saw sensational attacks on APIs, the...
View ArticleDetectify security updates for 29 November
For continuous coverage, we push out major Detectify security updates every two weeks, keeping our tool up-to-date with new findings, features and improvements sourced from our security researchers and...
View ArticleTougher Privacy Laws
I am all for tougher privacy laws, especially for companies that have not followed basic security practices for securing data. There is a proposal from US Senator Ron Wyden that would increase...
View ArticleClik here to view.
The Return of Email Flooding
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect. Imagine your inbox receiving 15,000 messages...
View ArticleClik here to view.
Dunkin' Donuts struck in latest credential stuffing attack
Dunkin' Donuts said a security vendor detected a so-called credential stuffing attack last month. (Flickr/ Thomas Hawk ) Share Written byJeff Stone Nov 29, 2018 | CYBERSCOOP Dunkin’ Donuts has alerted...
View ArticleGemalto launches ‘industry’s first’ cloud access management, single sign on s...
Digital security provider Gemalto is claiming an industry-first with the launch of a new solution that it says will enable organisations which have invested in Public Key Infrastructure (PKI) security...
View Article周鸿yN:助力国家网络安全
1994年4月20日,中国通过一条64K的国际专线,全功能接入国际互联网,距离改革开放的开始已经过去了16年。民营经济在这16年间获得了长足的发展,旧制度逐步松动,新共识开始形成。 1992年,邓小平发表南巡讲话,经济发展的重要性被强调,意识形态之争被搁置。...
View ArticleSecurity breaches come with a high price tag for UK businesses
UK consumers increasingly put their money where their trust is, research from PCI Pal finds With the busy Christmas shopping period now upon us, new research conducted on behalf of payment security...
View ArticleClik here to view.
Kangaroo Motion Sensor review: This home security system only goes halfway
Motion sensors are an essential component of any home security system. But in Kangaroo’s current ecosystem, motion sensors are the only component. On the upside, that means you don’t need a central...
View ArticleClik here to view.
How Risk-based Authentication Cuts Fraud Losses and Improves Customer...
The fourth quarter is a time when many financial institutions are deep into strategic planning for the coming year. Whether you are on the business or security side of the house, it is the time to...
View ArticleClik here to view.
Break-even in sight for Box as enterprise deals increase in size and number
Box CEO Aaron Levie posted a tongue-in-cheek comment on Twitter yesterday following the release of the cloud storage and collaboration vendor’s latest quarterly numbers: Turns out this start-up thing...
View Article
