Fake FBI mail: “Send us $112 or we’ll lock your iCloud account”
Here’s a scam mail which claims your iCloud has been accessed without permission, and will be locked within 2 hours if you don’t verify the account by sending $112 to a Bitcoin address. The missive claims to be from [email protected] and is titled, “Virus Warning: E-Mail from ‘FBI Alert”.
Stop using SHA1: It’s now completely unsafe
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be…
This What Hackers Think of Your Defenses
Billions of dollars are spent every year on cyber security products; and yet those products continually fail to protect businesses. Thousands of reports analyze breaches and provide reams of data on what happened; but still the picture worsens. A new study takes a different approach; instead of trying to prevent hacking based on what hacking…
Road Map To A $200,000 Cybersecurity Job
Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan. The economics of supply and demand shape today’s cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for…
Which countermeasures improve security and which are a waste of money?
If you want to know about which cyber defenses are most effective and which are a waste of money and resources, ask a hacker. And that’s just what Nuix researchers did. “During Black Hat USA and DEF CON 24 in 2016, we conducted a survey of known hackers, professionally known as penetration testers, and asked…
Firefox Users Fingerprinted via Cached Intermediate CA Certificates
An attacker can discover various details about Firefox users due to the manner in which the browser caches intermediate CA certificates, a researcher has discovered. When the server doesn’t deliver the complete certificate chain, Firefox loads the website if the intermediate CA certificate is cached, security researcher Alexander Klink discovered. By determining which websites use…
Can the World Economic Forum’s Cyber Security Principles Advance Cyber Resilience?
A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.” It is touted as a first-of-its-kind resource to support board of directors and CEOs on cyber security and cyber resilience strategy. The WEF’s principles and tools…
6 Tips for Preventing Laptop Data Theft
Experts point to stronger passwords, full-disk encryption, and multi-factor authentication as ways to stop data theft in the event a laptop is lost or stolen. Anybody can have their laptop stolen. It happened to Hillary Clinton’s campaign last fall, when three laptops were stolen from campaign workers in Philadelphia. In that case, the devices were…
Hard Drive LED Allows Data Theft From Air-Gapped PCs
Researchers at Ben-Gurion University of the Negev in Israel have disclosed yet another method that can be used to exfiltrate data from air-gapped computers, and this time it involves the activity LED of hard disk drives (HDDs). Many desktop and laptop computers have an HDD activity indicator, which blinks when data is being read from…
Why We Need To Reinvent How We Catalogue Malware
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button. To understand how the bad guys have become so adept at producing the flood of uniquely hashed malware, we need to look at what our adversaries have been doing the past few…