RSS Feed

Chinese Man Pleads Guilty to Espionage, Theft from US Firm
Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.

GDPR is just a year away: here’s what you need to know
Time is running out - are you ready for GDPR? We've got some guidance for you

What does Twitter think you’re interested in? Now you can find out
Twitter has tweaked its settings so that you can see what it thinks you're interested in so that advertisers can target you

In Search of an Rx for Enterprise Security Fatigue
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

ATM heists: 27 arrested as police move against ‘black box’ attacks
Thieves have used a number of ways to get at cash in ATMs over the years - this latest involves old-fashioned vandalism of the machines

Monday review – the hot 20 stories of the week
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time

Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in


Google Adds New Behavior-Based Malware Scanner To Every Android Device
In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called Google Play Protect. Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious apps, which have always been albatross around the tech giant's neck. Since Google Play Protect



WannaCry: could something similar happen to Android?
If WannaCry blazed through Windows machines like wildfire, how safe are Android devices from ransomware?

WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom
If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals. Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on


Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.

Ransomware Rocks Endpoint Security Concerns
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.

More Hacking Groups Found Exploiting SMB Flaw Weeks Before WannaCry
Since the Shadow Brokers released the zero-day software vulnerabilities and hacking tools – allegedly belonged to the NSA's elite hacking team Equation Group – several hacking groups and individual hackers have started using them in their own way. The April's data dump was believed to be the most damaging release by the Shadow Brokers till the date, as it publicly leaked lots of Windows


Deconstructing the 2016 Yahoo Security Breach
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.

Walk this way: how you roll could become how you log in
Combining biometrics and wearable technologies opens up new possibilities for future multi-factor authentication systems

WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows
WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10. Dubbed Athena/Hera, the spyware has been designed to take full control over the


Google wants to share your photos with your nearest and not-dearest
Say cheese! You'll need to be extra-vigilant that Google's machine-learning doesn't share your photos with the wrong people

5 Security Lessons WannaCry Taught Us the Hard Way
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

APT3 Threat Group a Contractor for Chinese Intelligence Agency
Recorded Future says its research shows clear link between cyber threat group and China's Ministry of State Security.

Don't Forget Basic Security Measures, Experts Say
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.

Android Users Fail to Run Latest OS Version
A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.

All Generations, All Risks, All Contained: A How-To Guide
Organizations must have a security plan that considers all of their employees.


NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign
Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says.

WannaCry: Ransomware Catastrophe or Failure?
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.

Have you inadvertently joined a Trump-supporting robot army?
If your data was exposed in one of two recent breaches, there's a good chance your details have been used by an army of bots to support the proposals to end net neutrality

Zomato Hacked; Hacker Puts Up 17 Million Users' Emails and Passwords On Sale
If you ever ordered food from Zomato, You should be Worried! India's largest online restaurant guide Zomato confirmed today that the company has suffered a data breach and that accounts details of millions of its users have been stolen from its database. In a blog post published today, the company said about 17 Million of its 120 Million user accounts from its database were stolen. What


Latest Joomla 3.7.1 Release Patches Critical SQL Injection Attack
If your website is based on the popular Joomla content management system, make sure you have updated your platform to the latest version released today. Joomla, the world's second popular open source Content Management System, has reportedly patched a critical vulnerability in its software’s core component. Website administrators are strongly advised to immediately install latest Joomla


ExtraTorrent, Popular Torrent Site, Permanently Shuts Down!
After the shutdown of Kickass Torrents and Torrentz.eu, it's time for the torrent community to say goodbye to the second most popular torrent site in the world, ExtraTorrent. Yes, the popular torrent site ExtraTorrent has permanently shut down. So, stop searching for 'extratorrents unblock' and 'extratorrents proxy' websites. <!-- adsense --> In a short but clear message on its homepage, the


FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.

Why We Need a Data-Driven Cybersecurity Market
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.

Survey: Unpatched Windows OS on the Rise
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.

Inside the Motivations Behind Modern Cyberattackers
Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.

The Fundamental Flaw in TCP/IP: Connecting Everything
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.

DocuSign Data Breach Led to Targeted Email Malware Campaign
While we all were busy in the WannaCry ransomware menace, two separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canada’s largest telecommunications company. In a notice on its website on Tuesday, DocuSign confirmed a breach at one of its email systems when investigating the cause of an increase in


Bell Canada Hacked: Data of 1.9 Million Customers Stolen
While we all were busy in the WannaCry ransomware menace, two separate data breaches have been reported, one in DocuSign, a major provider of electronic signature technology, and another in BELL, Canada’s largest telecommunications company. Canadian mobile phone, TV, and internet service provider Bell on Monday confirmed that the company had been hit by an unknown hacker who has managed to


Beware! Hackers Can Steal Your Windows Password Remotely Using Chrome
A security researcher has discovered a serious vulnerability in the default configuration of the latest version of Google's Chrome running on any version of Microsoft's Windows operating system, including Windows 10, that could allow remote hackers to steal user's login credentials. Researcher Bosko Stankovic of DefenseCode has found that just by visiting a website containing a malicious SCF


WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.

ShadowBrokers To Launch Monthly Subscription Service for Exploits
Think of it like a wine of the month club for attack tools and new exploits threat group says.

New Threat Research Shows Vietnam a Rising Force in Cyberespionage
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.

Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit
A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks. According to Kafeine, a security researcher at Proofpoint, another group of cyber criminals was using the same EternalBlue exploit, created by the NSA and dumped last month by the Shadow Brokers,


Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile


Apple Releases Dozens of Security Patches for Everything
While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple. But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad. Apple


Google Researcher Finds Link Between WannaCry Attacks and North Korea
So far, nobody had an idea that who was behind WannaCry ransomware attacks? But now there is a clue that lies in the code. Neel Mehta, a security researcher at Google, found evidence that suggests the WannaCry ransomware, that infected 300,000 machines in 150 countries over the weekend, is linked to a state-sponsored hacking group in North Korea, known for cyber attacks against South Korean


WannaCry Ransomware: Everything You Need To Know Immediately
By now I am sure you have already heard something about the WannaCry ransomware, and are wondering what's going on, who is doing this, and whether your computer is secure from this insanely fast-spreading threat that has already hacked nearly 200,000 Windows PCs over the weekend. The only positive thing about this attack is that — you are here — as after reading this easy-to-understandable


WannaCry Ransomware That's Hitting World Right Now Uses NSA Windows Exploit
Update — After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article "WannaCry Ransomware: Everything You Need To Know Immediately."  Earlier today, a massive ransomware campaign hit computer systems of hundreds of private companies and public organizations across the globe – which is


Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)
Update — After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article "WannaCry Ransomware: Everything You Need To Know Immediately."  In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft


WannaCry Kill-Switch(ed)? It’s Not Over! WannaCry 2.0 Ransomware Arrives
Update — After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article "WannaCry Ransomware: Everything You Need To Know Immediately."  If you are following the news, by now you might be aware that a security researcher has activated a "Kill Switch" which apparently stopped the WannaCry


WannaCry Ransomware Attack: What Happened and How to Address
Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom.  This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including... Continue Reading...

WikiLeaks Reveals 'AfterMidnight' & 'Assassin' CIA Windows Malware Frameworks
When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed "AfterMidnight" and "Assassin," both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows


Botnet Sending 5 Million Emails Per Hour to Spread Jaff Ransomware
A massive malicious email campaign that stems from the Necurs botnet is spreading a new ransomware at the rate of 5 million emails per hour and hitting computers across the globe. Dubbed "Jaff," the new file-encrypting ransomware is very similar to the infamous Locky ransomware in many ways, but it is demanding 1.79 Bitcoins (approx $3,150), which much higher than Locky, to unlock the


Learn How to Code: Get 10 Best Online Training Courses for Just $49
Struggling to learn how to code? If you’re looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the boom in technology. Today, you can elevate your programming skills straight from the Internet to


0-Day Flaws in Vanilla Forums Let Remote Attackers Hack Websites
A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums, an open source software that powers discussion on over 500,000 websites, which could allow unauthenticated, remote attackers to fully compromise targeted websites easily. Discovered by Polish security researcher Dawid Golunski of Legal Hackers, two separate unpatched vulnerabilities, a remote


Microsoft Brings Ubuntu, Suse, and Fedora Linux to Windows Store
Microsoft has been expressing its love for Linux and Open Source for almost three years now, and this love is embracing as time passes. Just last year, Microsoft made headlines by building support for the Bash shell and Ubuntu Linux binaries into Windows 10, allowing users to run limited instances of Linux directly on top of the OS without installing any virtual machine, as well as developers


All OnePlus Devices Vulnerable to Remote Attacks Due to 4 Unpatched Flaws
There is a bad news for all OnePlus lovers. A security researcher has discovered four vulnerabilities that affect all OnePlus handsets, including One, X, 2, 3 and 3T, running the latest versions of OxygenOS 4.1.3 (worldwide) and below, as well as HydrogenOS 3.0 and below (for Chinese users). Damn, I am feeling bad, I myself use OnePlus. One of the unpatched vulnerabilities allows


Court Orders Enterprise to Engage in Forensic Imaging and Analysis
In Realpage Inc. v. Enter. Risk Control, LLC, 2017 BL 102339 (E.D. Tex. 2017), the court ordered Enterprise Risk Control, LLC (“Enterprise”) to produce forensic images of devices used by a former Realpage employee to a forensic neutral in order to determine whether any source code was recoverable pertaining to Realpage’s allegations of misappropriation. Background... Continue Reading...

Protect Your People: Newest Workday-Focused Scam Reroutes Employee Direct Deposit Funds
Another week, another well-concocted phishing scam.  The most recent fraudulent activity targeted businesses that use Workday, though this is not a breach or vulnerability in Workday itself.  Specifically, the attack involves a well-crafted spam email that is sent to employees purporting to be from the CFO, CEO, or Head of HR or similar.   Sometimes the... Continue Reading...

Lessons from the FTC’s First Enforcement Action Against an IoT Company
On January 5, 2017, the Federal Trade Commission (FTC) sued for permanent injunction a Taiwan-based computer networking equipment manufacturer D-Link Corporation and its U.S. subsidiary, alleging that D-Link’s inadequate security measures left its wireless routers and IP cameras used to monitor private areas of homes and businesses vulnerable to hackers, thereby compromising U.S. consumers’ privacy.... Continue Reading...

WG6 MEMBERSHIP-BUILDING EVENT, CHICAGO, IL
When:           Monday, April 24, 2017 Where:          Offices of Seyfarth Shaw LLP, Chicago, IL Sign in:          5:00 – 5:30 pm Event:            5:30 – 6:30 pm Reception:    6:30 – 7:30 pm Topic: Interactive Dialogue concerning The Sedona Conference®... Continue Reading...

The Sedona Conference WG6 Issues “Transitional” International Litigation Principles
In January 2017, The Sedona Conference Working Group on International Electronic Information Management, Discovery, and Disclosure (WG6) issued the much-anticipated International Litigation Principles on Discovery, Disclosure & Data Protection in Civil Litigation (Transitional Edition). This publication updates the 2011  International Litigation Principles, which preceded the 2013 Snowden revelations and the Schrems decision invalidating the U.S.-EU... Continue Reading...

Natalya Northrip, Emily Dorner to Present Regarding Litigation Hold Maintenance and Retention of HR Records in April
Natalya Northrip and Emily Dorner will be presenting on two interesting eDiscovery topics this April; presentations will focus on litigation hold maintenance and best practices, as well as recordkeeping for human resources professionals.  Presentations will take place on April 6, and April 26, respectively.  Summaries of presentation content and links to sign up are provided... Continue Reading...

Key Takeaways from the Sedona Conference Commentary on Proportionality in Electronic Discovery
The Sedona Conference Working Group on Electronic Document Retention & Production (WG1) has released its Commentary on Proportionality in Electronic Discovery. The public comment period on the Commentary closed on January 31, 2017. This Commentary was much anticipated given the revamping of Rules 26(b)(1) and 37(e) of the Federal Rules of Civil Procedure in December... Continue Reading...

Key Takeaways from OCR’s Latest HIPAA Fine: Hospital to Pay $3.2 Million for Its Cybersecurity Violations
Earlier this month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) civil money penalty of $3,217,000.00 against Children’s Medical Center of Dallas (Children’s), a pediatric hospital that is part of Children’s Health, the seventh largest pediatric health care... Continue Reading...

Interesting Sanctions Analysis Applies “Old” Bad Faith Standard Post-December 2015 Amendments
In an interesting decision regarding the spoliation of evidence via a mobile device, Magistrate Judge Terry F. Moorer determined that the newly amended Federal Rule 37(e) – enacted on December 1, 2015 – did not apply to the spoliation case, as the case was filed prior to the rule’s enactment.  (Morrison v. Charles J. Veale,... Continue Reading...

Please log in to view original content

Login with Linkedin

Why log in with Linkedin? Because it helps us verify your identity.


Follow Us
Newsletter

Newsletter: Receive the latest updates via weekly email!