Feed aggregator

A US Data Protection Agency

Schneier on Security - Thu, 02/13/2020 - 09:20
The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one.... Bruce Schneier
Categories: Security News

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent

ZDNet Zero Day - Thu, 02/13/2020 - 08:08
The plugin is actively installed on over 700,000 websites.
Categories: Security News

Google removes 500+ malicious Chrome extensions from the Web Store

ZDNet Zero Day - Thu, 02/13/2020 - 08:00
A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.
Categories: Security News

MIT researchers disclose vulnerabilities in Voatz mobile voting election app

ZDNet Zero Day - Thu, 02/13/2020 - 07:21
Researchers say Voatz security flaws could allow someone to alter, stop, or expose how an individual user has voted.
Categories: Security News

Loda Trojan revitalized with stealthy upgrade, new exploits

ZDNet Zero Day - Thu, 02/13/2020 - 06:21
The RAT has graduated from infancy and is fast becoming a threat that should be taken seriously.
Categories: Security News

Gaza group strikes targets in Palestinian territories in new cyberattack wave

ZDNet Zero Day - Wed, 02/12/2020 - 23:00
The campaign is focused on cyberespionage and may be politically motivated.
Categories: Security News

Florida county election office hit by ransomware before 2016 presidential election

ZDNet Zero Day - Wed, 02/12/2020 - 16:59
Ransomware incident was kept secret and never reported, current county election supervisor says.
Categories: Security News

Companies that Scrape Your Email

Schneier on Security - Wed, 02/12/2020 - 10:26
Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that... Bruce Schneier
Categories: Security News

Apple joins FIDO Alliance, commits to getting rid of passwords

ZDNet Zero Day - Wed, 02/12/2020 - 07:54
Passwords are a notorious security mess. The FIDO Alliance wants to replace them with better, more secure technology and now Apple is it them in this effort.
Categories: Security News

Average tenure of a CISO is just 26 months due to high stress and burnout

ZDNet Zero Day - Wed, 02/12/2020 - 06:40
Report: The vast majority of interviewed CISO executives (88%) report high levels of stress, a third report stress-caused physical health issues, half report mental health issues.
Categories: Security News

Intel warns of critical security flaw in CSME engine, issues discontinued product notices

ZDNet Zero Day - Wed, 02/12/2020 - 06:37
The CSME system is subject to a severe bug leading to a host of different exploits.
Categories: Security News

Adobe squashes 35 critical vulnerabilities in security patch update

ZDNet Zero Day - Wed, 02/12/2020 - 05:12
Arbitrary code execution issues have eclipsed other security problems in February’s patch round.
Categories: Security News

Play Protect blocked 1.9B malware installs from non-Google sources last year

ZDNet Zero Day - Tue, 02/11/2020 - 19:01
The number of user attempts to install malware-infected apps from outside the Play Store has gone up from 1.6 billion, reported in 2017 and 2018, to 1.9 billion, last year.
Categories: Security News

FBI: BEC scams accounted for half of the cyber-crime losses in 2019

ZDNet Zero Day - Tue, 02/11/2020 - 15:30
Average loss per BEC scam amounted to nearly $75,000, per complaint, on average.
Categories: Security News

Microsoft's February 2020 Patch Tuesday fixes 99 security bugs

ZDNet Zero Day - Tue, 02/11/2020 - 13:15
This is one of Microsoft's biggest Patch Tuesday known to date.
Categories: Security News

Jenkins servers can be abused for DDoS attacks

ZDNet Zero Day - Tue, 02/11/2020 - 11:13
DDoS attacks can reach an amplification factor of 100, but servers will crash very quickly.
Categories: Security News

Crypto AG Was Owned by the CIA

Schneier on Security - Tue, 02/11/2020 - 10:42
The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's... Bruce Schneier
Categories: Security News

Emotet trojan evolves to spread via WiFi connections

ZDNet Zero Day - Tue, 02/11/2020 - 08:43
Security firm discovers what appears to be one of Emotet's most dangerous modules.
Categories: Security News

Enterprise companies struggle to control security certificates, cryptographic keys

ZDNet Zero Day - Tue, 02/11/2020 - 08:00
Certificate authority misuse, MiTM attacks, and problems with cryptographic key handling are now of serious concern to enterprise firms.
Categories: Security News

KBOT virus takes out system files with no hope of recovery

ZDNet Zero Day - Tue, 02/11/2020 - 07:46
In a blast from the past, KBOT has been deemed the first “living” virus detected in recent years.
Categories: Security News