17 hours ago Uber is watching your smartphone's battery chargeThe Register View Synopsis+1
Browser vendors' Battery API deprecation can't come soon enough
Browser authors are abandoning the invasive Battery API W3C specification, but not everybody's got the memo: Uber, for example, still watches battery status.
Microsoft Introduces New Enterprise Security Capabilities With Windows 10 Creators Update
Microsoft announced on Tuesday that the Windows 10 Creators Update, which it plans on releasing free of charge next spring, will include several new security capabilities designed to help IT teams protect their networks and devices.
Alonzo Knowles took a keen interest in what celebrities and pro athletes were up to, but it went beyond following them on Twitter or Instagram. Knowles preferred to hack their email accounts and drop malware onto their computers.
Distributed guessing attacks are surprisingly effective.
Troy Hunt's Christmas trove is a splendid gift for security and data nerds
Security researcher Troy Hunt had better hope his anonymisation works: he's decided to offer up most of his "HaveIBeenPwned" data set for other security researchers to analyse.
Mirai Malware Targets TalkTalk Routers, Hides TracksComing soon to an internet service provider near you: routers infected by IoT device botnet-building malware such as Mirai. The latest victim is ISP TalkTalk, which is updating routers to block DDoS attackers who have been seizing control of the devices.
By Alexander Winning and Elena Fabrichnaya MOSCOW (Reuters) - Russian authorities arrested a large number of suspects in May in connection with the recently revealed electronic theft of $19 million from accounts held at the Russian central bank, an official said on Wednesday. The bank said last week that hackers had this year used fake client credentials to steal money from correspondent accounts -- used to handle transactions on behalf of another bank -- at the Bank of Russia. ...
One of the hacktivists who used distributed denial-of-service attacks to target major websites is still a teenager.
A hand-picked list of must-watch cybersecurity videos to help you learn the fundamentals of encryption, how hackers penetrate systems, and strong cyber-defense tactics for business.
1 day ago SANS 2016 Security Analytics SurveySANS Reading Room View Synopsis+1
Analyst Papers, Analytics, Intelligence
Manipulated images are almost impossible to detect by the untrained eye.
22 minutes ago Sigh... 'Hundreds of thousands' of... sigh... web CCTV cams still at risk of... sigh, hijackingThe Register View Synopsis+1
It's been two years and no patches, say researchers
Vid Amid ongoing malware infections of IoT gadgets and armies of commandeered gizmos attacking server, glaring security holes in web-connected CCTV cameras are going unpatched.
'Here's your new password, champ - GoF***Urs3lf'
Facebook is hiring an Offensive Security Engineer, and not the sort inclined to disparage the length of your keys or your choice of encryption algorithm.
Meanwhile, another nasty Linux bug surfaces
Google has posted an update for Android that, among other fixes, finally closes the Dirty COW vulnerability.
Senate Enacts Bill Containing Several Privacy, Security ProvisionsPresident Obama is expected to soon sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
We're constantly reminded of the risks that come with bad passwords, yet many people persist in using obvious and easy-to-crack names, words, and patterns. Want to know if you're at risk?
Cisco Talos and Flashpoint have teamed up to conduct an in-depth analysis of Floki Bot, a Zeus-based banking Trojan that has been sold on cybercrime marketplaces since September 2016.
6 hours ago Massive Stealthy Malvertising Campaign UncoveredSecurityWeek View Synopsis+1
A stealthy malvertising campaign has been flying under the radar for the last few months, targeting millions of readers visiting popular and mainstream news sites. The campaign is notable for stealth bordering on paranoia from the threat group, probably AdGholas.
7 hours ago NIST's Cybersecurity Framework offers small businesses a vital information security toolsetTechRepublic View Synopsis+1
Small businesses run lean, and bad guys know that means security may be less than adequate. NIST researchers share ways that small businesses can protect their information.
7 hours ago The cloud security advantageZDNet View Synopsis+1
Is the cloud about to shed its reputation for decreasing enterprise security - and will instead enhance it?
As fraudsters continually refine their techniques to steal banking customers' credentials, IBM fights back with new tools that use behavioral biometrics and cognitive fraud detection. IBM's Brooke Satti Charles offers a preview.
Nintendo has joined the long list of companies that are turning to independent researchers for help plugging security holes. They're looking for helping securing their 3DS portable console, and they'll pay up to $20,000 to anyone who finds a bug.
8 hours ago Trump Is Time Magazine's Person of the YearYahoo Security View Synopsis+1
WASHINGTON (AP) - Time magazine on Wednesday named Donald Trump its Person of the Year, bestowing what the president-elect called an "honor" even as he derided the idea that he'll lead "the Divided States of America."
A newly discovered attack that abuses the Dirty COW vulnerability in the Linux kernel can be leveraged to write malicious code directly into processes, Trend Micro security researchers say.
One of the elephants in the room at the 2016 Smart Cities Summit in Boston was cybersecurity. It threatens to derail the most optimistic plans for making cities more efficient and more responsive.
10 hours ago Trump is Time magazine's Person of the YearYahoo Security View Synopsis+1
WASHINGTON (AP) - Time magazine on Wednesday named President-elect Donald Trump its Person of the Year.
Since 1991, proponents of greater cybersecurity have warned of an impending "cyber Pearl Harbor"--or sometimes its sibling, the cyber 9/11--to motivate a response to the cyber threats facing the United States. For years, I have been a critic of such cyber-doom rhetoric, arguing that it is a potentially dangerous distraction [...]