Popular News
1 day ago Botnet of >145k cameras reportedly deliver Internet's biggest DDoS ever
ArsTechnica View Synopsis+1Once unthinkable, 1 terabit attacks may soon be the new normal.
1 day ago D-Link DWR-932 B owner? Trash it, says security bug-hunter
The Register View Synopsis+1More than 20 vulns in SOHOpeless LTE gatewayIf you've got a D-Link DWR-932 B LTE router, you might want to fire it into the sun - or hope that a firmware upgrade lands soon.
1 day ago Yahoo attack not 'state-sponsored,' researchers claim
ZDNet View Synopsis+1InfoArmor says that not only was customer data sold in the underground, but the damage is far more extensive than reported.
1 day ago Brandis swings his golden hammer, misses mark
ZDNet View Synopsis+1Criminalising the re-identification of de-identified government data will hinder legitimate researchers and do nothing to improve citizens' privacy.
1 day ago Clinton vows to retaliate against foreign hackers
Yahoo Security View Synopsis+1Hillary Clinton is vowing anew to respond to foreign hacking the same as any other attack against the United States. When she openly blamed Russia for recent U.S. cyber break-ins, Donald Trump wondered ...
Top News
11 hours ago iPhone exploit bounty surges to an eye-popping $1.5 million
ArsTechnica View Synopsis+1Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.
10 hours ago Want to make US$1.5m this weekend? Just jailbreak iOS
The Register View Synopsis+1Zerodium triples iOS exploit bounty to $1.5M, doubles 'droid to $200kExploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million.
6 hours ago Brandis re-identification law proposal slammed
ZDNet View Synopsis+1While Health Minister Sussan Ley has apologised for the breach in de-identified medical data, Australia's Attorney-General has come under fire for 'rushing' through legislation.
4 hours ago Samsung slammed by Chinese state TV over Note 7 recall 'discrimination'
Yahoo Security View Synopsis+1By Sijia Jiang HONG KONG (Reuters) - Chinese state broadcaster CCTV has slammed South Korean tech giant Samsung Electronics Co for what it said was "discrimination" against China consumers in its handling of a global recall of Galaxy Note 7 smartphones to replace batteries. In a commentary piece posted on its website on Thursday evening, CCTV said Samsung's behavior in China after the Sept. 2 recall of 2.5 million phones was "full of arrogance". CCTV said a video apology Samsung issued to U.S. consumers, along with various replacement options and compensation, was in stark contrast to its treatment of those in China, where the company issued a brief statement saying most phones didn't need to be replaced.
4 hours ago Tofsee Malware Distribution Switched From Exploit Kit to Spam
SecurityWeek View Synopsis+1The RIG exploit kit recently stopped distributing Tofsee and cybercriminals have decided to use the botnet's own spamming capabilities to deliver the malware, Cisco's Talos team reported on Thursday.
2 hours ago Why Cybercrime Is On the Rise; Update on Threat Info Sharing
InfoRiskToday View Synopsis+1The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the latest status of the U.S. government's cyberthreat information sharing initiative.
23 hours ago Security: It might not be the outside world that's the largest threat to businesses
TechRepublic View Synopsis+1A new report reveals that one in three businesses experienced an insider attack in the past year. More devices with more access are putting sensitive info in the hands of everyone: Spies included.
15 hours ago PORTKnockOut: Data Exfiltration via Port Knocking over UDP
SANS Reading Room View Synopsis+1Data Exfiltration is arguably the most important target for a security researcher to identify. The seemingly endless breaches of major corporations are done via channels of various stealth, and an endless array of methods exist to communicate the data to remote endpoints while bypassing Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, and proxies. This research examines a novel way to perform this data exfiltration, utilizing port knocking over User Datagram Protocol. It focuses specifically on the ease at which this can be done, the relatively low signal to noise ratio of the resultant traffic, and the plausible deniability of receiving the exfiltration data. Particular attention is spent on an implemented Proof of Concept, while the complete source code may be found in the Appendix.
Latest News
13 minutes ago Building Automation Products Vulnerable to Remote Attacks
SecurityWeek View Synopsis+1Building automation products from American Auto-Matrix are affected by a couple of high-severity vulnerabilities that allow remote hackers to compromise the affected system, ICS-CERT warned on Thursday.
1 hour ago You can now earn $1.5 million for hacking the iPhone
ZDNet View Synopsis+1Private exploit seller Zerodium has tripled the price of iOS rewards -- and Android is on the radar, too.
5 hours ago Security analyst says Yahoo<i>!</i>, Dropbox, LinkedIn, Tumblr all popped by same gang
The Register View Synopsis+1Says five-strong 'Group E' may have lifted a billion Yahoo! records, sells to statesFive hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.
11 hours ago $1.5 million bounty for iPhone exploits is sure to bolster supply of 0days
ArsTechnica View Synopsis+1Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.
