Malware

Ahead of Apple’s Announcement: The Security Implications of Wearables | Trend Micro

The world’s attention will be focused on Apple this week and on the topic of wearables. In an event on Tuesday, the Cupertino company is planning to unveil the latest additions to its popular iPhone line along with a wearable device that most folks are just calling the ‘iWatch.’ But as Apple wrestles with the security of its growing stable of mobile devices and the cloud infrastructure that supports them, what will the impact of wearables be? Well, the folks over at Trend Micro are putting together a series of blog posts that look at that very question. Namely: the (information) security implications of wearables. It makes for some interesting reading. Among other things, Trend There are three very broad categories that we can use to describe what we are talking about. The posts, by Senior Threat Researcher David Sancho, break down the wearables space into three categories:  ‘IN’ devices like sensors, ‘OUT’ […]

Continue Reading

Wateringhole Attack Targets Auto and Aerospace Industries | AlienVault

If you’re in the automotive, manufacturing or aerospace industries: beware. Hackers are targeting you and your colleagues with sophisticated, watering-hole style attacks. That, according to a blog post by Jamie Blasco, a noted security researcher at the firm AlienVault. Blasco has written a blog post describing what he says is a compromise of a website belonging to a publisher of “software used for simulation and system engineering” in the three vertical industries.   According to Blasco, after compromising the web site, the attackers added code that loaded a malicious Javascript program dubbed “Scanbox” that is used for reconnaissance and exploitation of web site visitors. [Read more Security Ledger coverage of watering hole attacks here.] Scanbox installs malicious software on the computers it infects – typically keyloggers that record users’ interactions with the infected site and capture online credentials like usernames and passwords. However, the framework also does extensive reconnoitering of victim computers: compiling an in-depth […]

Continue Reading

Report: Home Depot A Common Thread Linking Trove Of Stolen Credit Cards

Home Depot said it is investigating “some unusual activity” on its networks and working with “banking partners and law enforcement,” after security blogger Brian Krebs named the company as a common thread connecting a trove of stolen credit card accounts that have appeared in underground forums.  Krebs reported on Tuesday that “multiple banks” see evidence that Home Depot stores are the source of a “massive new batch” of stolen credit and debit cards that went on sale this morning in underground “carding” forums. The breach is believed to have affected Home Depot stores throughout North America – around 2,500 stores in total. The company has held off from confirming a breach, so far. And as of early Wednesday, Home Depot’s home page made no mention of the incident. In a statement to Reuters, spokesperson Paula Drake said that the company is holding off pending an internal investigation, and is working with law enforcement. […]

Continue Reading

Securing Networks in the Internet of Things Era | Help Net

Cricket Liu, the CIO of Infoblox has an interesting editorial over at Help Net Security today that looks at the challenge of securing the Internet of Things. Among other things, he reveals the results of a commissioned survey of 400 network professionals in the UK and US that revealed  that 78 percent already have precursor IoT devices on their networks – including badge readers, networked cash registers, vending machines and so on. Seventy three percent of those surveyed acknowledged using connected surveillance gear like CCTV on their networks. That shouldn’t be surprising. What is surprising is that a strong majority of respondents – 63 percent – also saw those devices and IoT in general as a threat to network security. So: IoT adoption is gaining speed, and worries about IoT security are gaining traction. The survey suggests that few IT organisations have deployed IoT-specific infrastructure, such as dedicated networks for IoT devices or management […]

Continue Reading

Update: Facebook awards $50K Internet Defense Prize for Work on Securing Web Apps

Saying that research dollars for cyber security are disproportionately devoted to work on “offensive” techniques (like hacking), social media giant Facebook has awarded two researchers  a $50,000 prize for their work on cyber defense. The company announced on Wednesday that Johannes Dahse and Thorsten Holz, both of Ruhr-Universität Bochum in Germany for their work on a method for making software less prone to being hacked. The two developed a method for detecting so-called “second-order” vulnerabilities in Web applications using automated static code analysis. Their paper (PDF here) was presented at the 23rd USENIX Security Symposium in San Diego. In a blog post announcing the prize, John Flyn, a security engineering manager at Facebook, said the Internet Defense Prize recognizes “superior quality research that combines a working prototype with significant contributions to the security of the Internet—particularly in the areas of protection and defense.” Dahse and Holz’s work was chosen by a panel […]

Continue Reading
1 50 51 52 53 54 77