Here’s an overview of some of last week’s most interesting news and articles:
The Network and Information Security (NIS) Directive spells the end of more than three years of political bickering and requires critical national infrastructure operators, such as banks, healthcare, transportation, energy and digital service providers, to ramp up their security measures and report major data breaches.
There has never been a more interesting or daunting time to be in security.
As Pokémon GO is enthusiastically embraced by an increasingly larger number of users, we’re witnessing a wide array of dangers that go hand in hand with playing it.
In late 2015 Distil Networks began the process of acquiring managed security provider Scrape Sentry. As the business team worked through the nuances of purchasing a Swedish company, the technical team snapped into action.
Six common security issues stemming from the incorrect implementation of code hooking and injection techniques have been unearthed by EnSilo researchers in over 15 different products, including anti-virus (AV) and anti-exploitation solutions, data loss prevention software (DLP) and host-based intrusion-prevention systems (HIPS).
NSA whistleblower Edward Snowden and hardware hacker Andrew “Bunnie” Huang have possibly come up with a solution for warning users when their phones are revealing their location via radio transmissions.
AVG malware analyst Jakub Kroustek has devised a decryptor for Bart ransomware, and the company has made it available for download (for free).
Avast security researchers conducted a Wi-Fi hack experiment at various locations around the Republican National Convention site in Cleveland to demonstrate how risky it can be to connect to public Wi-Fi.
Artem Vaulin, a 30-year-old Ukrainian that is believed to be the creator and owner of Kickass Torrents, currently the most popular and most visited illegal file-sharing website, has been arrested in Poland on Wednesday.
Canonical’s Ubuntu Forums have been hacked, and the attacker has managed to access and download part of the Forums database, containing usernames, email addresses and IPs for 2 million users.
The iStorage diskAshur Pro is a hard drive for users with security on their mind.
Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service. Given his background, Cabrera is eminently qualified for offering insight about information security challenges in both the government and the private sector.
The compromised sites range from that of tires and sporting goods manufacturer Dunlop, to the official Guatemalan Tourism site and sites of firearms dealers.
The website of the company that develops the popular remote administration software Ammyy Admin has been repeatedly compromised in the last year or so, and users who downloaded the tool were saddled with malware.
A new, branded set of vulnerabilities has been revealed by security researchers, this time responsibly and without too much fanfare. The collective name given to the vulnerabilities is httpoxy. They affect server-side web applications only – application code running in Common Gateway Interface (CGI), or CGI-like environments.
Arbor Networks released global DDoS attack data for the first six months of 2016 that shows a continuing escalation in the both the size and frequency of attacks.
Find out what are the newest trends in Network and Applicative DDoS attacks, what are the implications on your DDoS protection strategy, and how Incapsula’s DDoS Protection service addresses the new protection requirements.
Dubbed PowerWare by the researchers, the malware adds the “.locky” filename extension on encrypted files, the same ransom note as Locky, and its payment/ decryption page also mentioned the infamous ransomware.
Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated.
During the one-day event, computer programs developed by seven remarkable teams will vie for millions of dollars in prizes as they compete in the world’s first automated game of Capture the Flag (CTF).
Administrators of WP and Joomla sites would do well to check for specific fake analytics code injected into their properties, as a ransomware delivery campaign taking advantage of vulnerable sites has been going strong for over a month now.