News

Insider threats  >  Employees suspiciously peering over cubicle walls
ip cw salarysurveyprimary 2020 coins by josh appel via unsplash

Detecting phishing attempts  >  A magnifying lens spots a hook trying to catch a fish.

Defenders can discover phishing sites through web analytics IDs

Many phishing websites are now using unique user IDs (UIDs), and that gives defenders a signal to detect phishing attacks before they do much damage.

Fragmented image of a Boeing 787 airplane represented in encrypted data.

Boeing's poor information security posture threatens passenger safety, national security, researcher says

The aircraft maker failed to perform minimum due diligence in securing its networks, then tried to cover it up, security researcher Chris Kubecka tells Aviation Cyber Security conference attendees.

The United States Constitution and Bill of RIghts with lock and encryption overlay.

US Department of Justice push for encryption backdoors might run afoul of First Amendment

Is encryption code speech? Earlier court rulings suggest that it is, legally, and therefore subject to First Amendment protections.

A hook is cast at laptop email with fishing lures amid abstract data.

Attackers phish Office 365 users with fake voicemail messages

Recent phishing campaigns have combined a clever use of fake voicemail, phony Microsoft email, and off-the-shelf phishing kits to target high-value victims.

A binary map of china.

China’s MLPS 2.0: Data grab or legitimate attempt to improve domestic cybersecurity?

The new version China’s Multi-Level Protection Scheme (MLPS) expands what companies fall under its purview and lower the threshold for government inspection. Should companies with operations in China be concerned?

Russian flag overlay / mobile phone / wireless signals / data

Cell phones don't belong in SCIFs, says Republican congressman

Rep. Mike Rogers says his phone was infected by Russian malware three years ago. Also, why he believes we need fewer federal cybersecurity agencies and election laws.

cryptojacking / cryptocurrency attack

Cryptojacking worm infects exposed Docker deployments

Graboid is the first known instance of a cryptomining worm used to create botnets spread using containers.

jet aircraft is maneuvering for landing 149957988

Report: China supported C919 airliner development through cyberespionage

Chinese hackers and intelligence agencies coordinated cyberattacks to gather intellectual property of aerospace firms to gain competitive advantage.

CSO  >  ransomware / security threat

GandCrab cousin Sodinokibi made a fortune for ransomware pushers

By tracking down bitcoin wallets, researchers estimate that the Sodinokibi creators pocketed at least $4.5 million.

security risk - phishing / malware / social engineering

Critical remote code execution flaw fixed in popular terminal app for macOS

Users of the iTerm2 terminal app are encouraged to update as soon as possible.

Political data > Republican + Democratic mascots in a binary world

Presidential campaign websites fail at privacy, new study shows

A non-partisan analysis of 23 presidential campaign websites reveals glaring privacy issues.

conference / convention / audience / applause / clapping

Speaker disinvites at CyberCon spark controversy

NSA whistleblower Thomas Drake and Australian academic Dr. Suelette Dreyfus disinvited from speaking at CyberCon a week before the conference.

open door with sunlight shining through

Justice Department takes another run at encryption backdoors with ‘lawful access’

Law enforcement officials and experts on the distribution of child pornography gathered on Friday to make the emotional, if not technological, case that tech companies should open up their encryption schemes to police investigating...

android anti virus security

Zero-day vulnerability gives attackers full control of Android phones

Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and...

01 atm skimmer

Cobalt cybercrime group might be launching Magecart skimming attacks

Researchers link Magecart-based skimming attacks to Cobalt (a.k.a. Carbanak), whose cyber attacks have netted millions of dollars.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools

A previously unknown group or collective associated with China is targeting victims in Asia, possibly for geopolitical gain.

The Google universal quantum computer.

Quantum supremacy might be here, upending conventional encryption

Last week Google posted and quickly took down a report announcing a stunning quantum computing milestone. Regardless of whether the report was premature, conventional encryption’s days are numbered.

online shopping cart magecart hackers shopping online

Magecart web skimming group targets public hotspots and mobile users

IBM researchers discover new Magecart scripts suggest planned advertisement injection through Wi-Fi and supply chain attacks.

Load More