Teen researcher publishes PayPal 2FA bypass exploit
Joshua Rogers, a teenage whitehat based in Australia, has found an extremely simple way to bypass PayPal’s two-factor authentication feature. Rogers first discovered the …
Open source threat visualization engine for infosec pros
OpenDNS has released OpenGraphiti, an interactive open source data visualization engine that enables security analysts, researchers and data scientists to pair visualization …
DDoS attack volumes plummet as NTP servers got patched
Wise to attackers’ exploitation of the Network Time Protocol (NTP) vulnerability to create distributed reflection denial of service (DrDoS) attacks, information security …
The weak links in an increasingly dynamic threat landscape
The Cisco 2014 Midyear Security Report, released today at Black Hat, examines the “weak links” in organizations – outdated software, bad code, abandoned …
PF Chang’s data breach lasted 8 months
Asian-themed US restaurant chain P.F. Chang’s China Bistro has finally provided some more details about the breach it suffered earlier this year, including the 33 …
Android RAT impersonates Kaspersky Mobile Security
A clever malware delivery campaign impersonating well-known AV vendor Kaspersky Lab is actively targeting Polish Android users. It all starts with a spam email sporting the …
How to foil SynoLocker and minimize the damage
We wrote on Monday warning about Synology NAS users being targeted with SynoLocker, a customized version of the Cryptolocker ransomware, which encrypts the files contained on …
Poweliks malware creates no files, lays low in the registry
For most malware, performing their malicious task(s) is the primary goal, and a close second is to stay unnoticed on the system for as long as possible. As developers of …
NIST asks for comments on security guide for federal information systems
The National Institute of Standards and Technology (NIST) has issued for public comment a draft update of its primary guide to assessing the security and privacy controls that …
China bans Symantec, Kaspersky software from govt systems
Symantec and Kaspersky Lab have become the latest victims of Chinese government’s procurement agency’s axe as the two firms have been dropped from the approved …
New game sharpens secure coding skills
Today at Black Hat, Checkmarx launched Game of Hacks, a challenging game for software developers and security professionals to test their application hacking skills, improve …
Synology NAS users hit with Cryptolocker variant
You know that your products are getting to be very popular when cybercriminals target users with a customized version of the Cryptolocker ransomware. The products in question …