Information Security News
Hackers Have Been Secretly Pwning US Agencies and Firms for the Past Five Years
APT, or Advanced Persistent Threat, is a term used in the infosec industry to describe threat actors with a narrow set of goals, that focus attacks only on specific targets. Most APT groups are state-sponsored, and launch attacks in accordance with the ...
Finding the Security Software That Suits Your Needs
The good news is that security software products to safeguard your devices - home computers, office computers, laptops, tablets, or smartphones - are plenty. The bad news is that there are so many of them on the market that it can be difficult to ...
The Panama Papers, a breach we can all get behind
Selected excerpts from the Panama Papers dropped on Sunday, an unprecedented snatch-and-grab of offshore tax haven records released to a handful of global news organizations. In them, the tax-avoiding dealings of the super-rich were exposed in a ...
Here's How You Hack An iPhone With Play-Doh
Many smartphone makers including Apple swear by fingerprint technology as ultimate protection against hackers. A sensor manufacturer from China has demonstrated just how easy it is to fool a smartphone fingerprint sensor. The Chinese start-up used the ...
Adobe patches Flash bug that's being exploited to install ransomware
Adobe has rushed out a Flash update to plug a security hole spotted by infosec researchers, who warned that Windows 10 users of the software may have been exposed to the flaw for more than a week. Ne'er-do-wells could exploit the flaw by sending ...
CPacket Networks To Present At Cloud Security Expo 2016 In London
HostReview.com (press release)
cPacket's complete packet inspection analytics provides your InfoSec team with the operational intelligence to understand and correlate the attack to other events happening across the network when used in conjunction with an IDS, IPS or Advanced ...
by Kelly Fiveash
Adobe has rushed out a Flash update to plug a security hole spotted by infosec researchers, who warned that Windows 10 users of the software may have been exposed to the flaw for more than a week.
Ne'er-do-wells could exploit the flaw by sending ransomware to Windows 10 machines. Adobe said its updates addressed critical vulnerabilities in Flash, and advised users to install the latest version of the software. It said in a security bulletin:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 22.214.171.1246 and earlier.
Researchers at Proofpoint—which has a good explainer of the flaw here—worked with other infosec folk to track down the latest security hole in Flash that could be exploited by attackers with a type of ransomware dubbed "Cerber." The ransomware is understood to have been in the wild since at least March 31.
by Sean Gallagher
There's something inherently world-changing about the latest round of crypto-ransomware that has been hitting a wide range of organizations over the past few months. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion.
And that means that there's now a financial incentive for going after just about anything. While the payoff of going after businesses' networks used to depend on the long play—working deep into the network, finding and packaging data, smuggling it back out—ransomware attacks don’t require that level of sophistication today. It's now much easier to convert hacks into cash.
Harlan Carvey, a senior security researcher at Dell SecureWorks, put it this way. "It used to be, back in the days of Sub7 and 'joy riding on the Information Highway,' that your system would be compromised because you're on the Internet. And then it was because you've got something—you've got PCI data, PHI, PII, whatever the case may be. Then it was intellectual property. And now it's to the point where if you've got files, you're targeted."