Latest News

  • Former Botmaster, ‘Darkode’ Founder is CTO of Hacked Bitcoin Mining Firm ‘NiceHash’
    true
    On Dec. 6, 2017, approximately USD $52 million worth of Bitcoin mysteriously disappeared from the coffers of NiceHash, a Slovenian company that lets users sell their computing power to help others mine virtual currencies. As the investigation into the heist nears the end of its second week, many Nice-Hash users have expressed surprise to learn that the company’s chief technology officer recently served several years in prison for operating and reselling a massive botnet, and for creating and running ‘Darkode,” until recently the world’s most bustling English-language cybercrime forum. In December 2013, NiceHash CTO Matjaž Škorjanc was sentenced to four years, ten months in prison for creating the malware that powered the ‘Mariposa‘ botnet. Spanish for “Butterfly,” Mariposa was a potent crime machine first spotted in 2008. Very soon after, Mariposa was estimated to have infected more than 1 million hacked computers — making it one of the largest botnets ever... Read more »
  • Mirai IoT Botnet Co-Authors Plead Guilty
    true
    The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called “Internet of Things” devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site). Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania. Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could... Read more »
  • Patch Tuesday, December 2017 Edition
    true
    The final Patch Tuesday of the year is upon us, with Adobe and Microsoft each issuing security updates for their software once again. Redmond fixed problems with various flavors of Windows, Microsoft Edge, Office, Exchange and its Malware Protection Engine. And of course Adobe’s got another security update available for its Flash Player software. The December patch batch addresses more than 30 vulnerabilities in Windows and related software. As per usual, a huge chunk of the updates from Microsoft tackle security problems with the Web browsers built into Windows. Also in the batch today is an out-of-band update that Microsoft first issued last week to fix a critical issue in its Malware Protection Engine, the component that drives the Windows Defender/Microsoft Security Essentials embedded in most modern versions of Windows, as well as Microsoft Endpoint Protection, and the Windows Intune Endpoint Protection anti-malware system. Microsoft was reportedly made aware of the malware protection engine bug by the U.K.’s... Read more »
  • Phishers Are Upping Their Game. So Should You.
    true
    Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate. A brand new (and live) PayPal phishing page that uses SSL (https://) to appear more legitimate. According to stats released this week by anti-phishing firm PhishLabs, nearly 25 percent of all phishing sites in the third quarter of this year were hosted on HTTPS domains — almost double the percentage seen in the previous quarter. “A year ago, less than three percent of phish were hosted on websites using SSL certificates,” wrote Crane Hassold, the company’s threat intelligence manager. “Two... Read more »
  • Anti-Skimmer Detector for Skimmer Scammers
    Crooks who make and deploy ATM skimmers are constantly engaged in a cat-and-mouse game with financial institutions, which deploy a variety of technological measures designed to defeat skimming devices. The latest innovation aimed at tipping the scales in favor of skimmer thieves is a small, battery powered device that provides crooks a digital readout indicating whether an ATM likely includes digital anti-skimming technology. A well-known skimmer thief is marketing a product called “Smart Shield Detector” that claims to be able to detect a variety of electronic methods used by banks to foil ATM skimmers. [youtube https://www.youtube.com/watch?v=caklX1dDB2U] The device, which sells for $200, is called a “Smart Shield Detector,” and promises to detect “all kinds of noise shields, hidden shields, delayed shields and others!” It appears to be a relatively simple machine that gives a digital numeric indicator of whether an ATM uses any of a variety of anti-skimming methods. One of the most common... Read more »
  • Hacked Password Service Leakbase Goes Dark
    true
    Leakbase, a Web site that indexed and sold access to billions of usernames and passwords stolen in some of the world largest data breaches, has closed up shop. A source close to the matter says the service was taken down in a law enforcement sting that may be tied to the Dutch police raid of the Hansa dark web market earlier this year. Leakbase[dot]pw began selling memberships in September 2016, advertising more than two billion usernames and passwords that were stolen in high-profile breaches at sites like linkedin.com, myspace.com and dropbox.com. But roughly two weeks ago KrebsOnSecurity began hearing from Leakbase users who were having trouble reaching the normally responsive and helpful support staff responsible for assisting customers with purchases and site issues. Sometime this weekend, Leakbase began redirecting visitors to haveibeenpwned.com, a legitimate breach alerting service run by security researcher Troy Hunt (Hunt’s site lets visitors check if their email address has... Read more »
  • Former NSA Employee Pleads Guilty to Taking Classified Data
    A former employee for the National Security Agency pleaded guilty on Friday to taking classified data to his home computer in Maryland. According to published reports, U.S. intelligence officials believe the data was then stolen from his computer by hackers working for the Russian government. Nghia Hoang Pho, 67, of Ellicott City, Maryland, pleaded guilty today to “willful retention of national defense information.” The U.S. Justice Department says that beginning in April 2006 Pho was employed as a developer for the NSA’s Tailored Access Operations (TAO) unit, which develops specialized hacking tools to gather intelligence data from foreign targets and information systems. According to Pho’s plea agreement, between 2010 and March 2015 he removed and retained highly sensitive classified “documents and writings that contained national defense information, including information classified as Top Secret.” Pho is the third NSA worker to be charged in the past two years with mishandling classified data. His plea is the latest —... Read more »
  • Carding Kingpin Sentenced Again. Yahoo Hacker Pleads Guilty
    true
    Roman Seleznev, a Russian man who is already serving a record 27-year sentence in the United States for cybercrime charges, was handed a 14-year sentence this week by a federal judge in Atlanta for his role in a credit card and identity theft conspiracy that prosecutors say netted more than $50 million. Separately, a Canadian national has pleaded guilty to charges of helping to steal more than a billion user account credentials from Yahoo. Seleznev, 33, was given the 14-year sentence in connection with two prosecutions that were consolidated in Georgia: The 2008 heist against Atlanta-based credit card processor RBS Worldpay; and a case out of Nevada where he was charged as a leading merchant of stolen credit cards at carder[dot]su, at one time perhaps the most bustling fraud forum where members openly marketed a variety of cybercrime-oriented services. Roman Seleznev, pictured with bundles of cash. Image: US DOJ. Seleznev’s conviction comes more... Read more »
  • MacOS High Sierra Users: Change Root Password Now
    true
    A newly-discovered flaw in macOS High Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now. Update, Nov. 29, 11:40 a.m. ET: Apple has released a patch for this flaw. More information on the fix is here. The update is available via the App Store app on your Mac. Click Updates in the App Store toolbar, then use the Update buttons to download and install any updates listed. Original story: For better or worse, this glaring vulnerability was first disclosed today on Twitter by Turkish software developer Lemi Orhan Ergin, who unleashed his findings onto the Internet with a tweet to @AppleSupport: “Dear @AppleSupport, we noticed a *HUGE* security issue... Read more »
  • Name+DOB+SSN=FAFSA Data Gold Mine
    true
    KrebsOnSecurity has sought to call attention to online services which expose sensitive consumer data if the user knows a handful of static details about a person that are broadly for sale in the cybercrime underground, such as name, date of birth, and Social Security Number. Perhaps the most eye-opening example of this is on display at fafsa.ed.gov, the Web site set up by the U.S. Department of Education for anyone interested in applying for federal student financial aid. Update, Nov. 28, 12:34 p.m. ET: The Education Department says not all of the data elements mentioned below are accessible on a FAFSA applicant if someone merely knows the static details about that person. Read on for their response to this story. Original story: Short for the Free Application for Federal Student Aid, FAFSA is an extremely lengthy and detailed form required at all colleges that accept and award federal aid to students. Visitors to the... Read more »
  • Pakistan ranked 67th in Global Cyber Security Index-2017
    Pakistan ranked at 67th on Global Cyber Security Index in 2017 compiled by International Telecommunication Union as compared to neighboring India that stood at 23rd position. There is a need for relentless hard work required to safeguard country's cyber systems to completely secure the use of digital ...... Read more »
  • EWI Pilots a New Cybersecurity Cooperative for Small and Medium-sized Manufacturers
    Chris Conrardy, Chief Technology Officer of EWI, announced a pilot program to help small and medium-sized manufacturers (SMMs) address the threats of cyber attacks in an increasingly interconnected industry. This cybersecurity cooperative was introduced at an event on December 13th in Loveland, ...... Read more »
  • Mozilla backpedals after Mr. Robot-Firefox misstep
    It sounded like a good idea at Mozilla -- promote computer security and privacy awareness using a tie-in with an online game from the popular Mr. Robot hacker TV series. But almost immediately, the plan started backfiring. On Wednesday, Firefox users started complaining that a cryptic extension had ...... Read more »
  • Enterprise Cybersecurity Market 2022: Know The Key Growth Drivers Developments and ...
    This report gives a detailed and comprehensive understanding of Enterprise Cybersecurity market. With precise data covering all key aspects of the existing market, this report offers existing data of leading manufacturers. Present scenarios, past progress, global recognition and future prospects of ...... Read more »
  • New minister wants NZ to up ante against cyber-crime
    The paper suggested the new Government update the cyber-security action plan and prioritise improving the ability to prevent, investigate and respond to cyber-crime, particularly within the New Zealand Police. "We can do more to address cyber-crime by allocating resources and specialised training for ...... Read more »
  • SC4 cyber security team earns national recognition
    Photo courtesy of ST. CLAIR COUNTY COMMUNITY COLLEGEThe SC4 Champions finished in 128th place at the National Cyber League annual competition. Pictured here are team members Jeremy Taylor, Bobby Cech, Riley Orlick and Rich Neuman. Not pictured are Justin Leonard and Rease ...... Read more »
  • Computer Engineer/Cybersecurity Engineer, Mid
    Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering and innovation expertise. Computer Engineer/Cybersecurity Engineer, Mid.... Read more »
  • Sample cyber security policy
    2MB); Mobile Device Security Policy Free information security policy templates courtesy of the SANS Institute, Michele D. National Cyber Security Awareness Month. to 3 p. An example of intangibility is reputation risk. This represents both The password protection policy of a large financial services ...... Read more »
  • The lesson behind 2017's biggest enterprise security story
    But that superficial reading masks a deeper truth about the state of cybersecurity today, one that actually is even more worrying than the fact that a company holding data on so many Americans could be breached: namely, that many security teams (like, apparently, Equifax's) are so overwhelmed that ...... Read more »
  • Global Cyber Security Market | Industry Size, Analysis 2011-2017, Future Scope 2018-2023
    Global Cyber Security Market research report gives a systematic and competent approach to gather important statistics of Global Cyber Security industry. In which includes industry chain structure, Cyber Security market classification, dominant market players, product definition, and product scope. Global ...... Read more »
  • UMSL earns only NSA, DHS focus area specialization within 9-state region
    Assistant Professor of Information Systems Maurice Dawson (at center) receives a focus area specialization certificate from Commandant at the National Cryptologic School Leonard Reinsfelder (at left) and Branch Chief of Cybersecurity Education and Awareness for the Department of Homeland ...... Read more »
  • Alliance colleges commit to STEM program growth
    From the expansion of nursing, engineering and cyber-security programs to a new virtual reality degree, institutions of the Cross College Alliance — the University of South Florida Sarasota-Manatee, State College of Florida, New College and Ringling College of Art and Design — are preparing students ...... Read more »
  • Cyber security strategy statement
    Over the lifetime of this five-year strategy, we will invest £1. Iam pleased to issue the State of Illinois Cybersecurity. A state government Network and Cyber Security Statement of Direction was issued in August following the launch Mar 22, 2017 Statement by the Delegation of Ukraine at the 64th Joint ...... Read more »
  • Deep learning in cybersecurity
    I heard about this promising company though : Deep Instinct, based in Israel and San Francisco. com/en-us/deep-lea. " That includes both known malware as well as “first-seen” attacks against a system. Analysis of an organization's May 17, 2017 AI startup Deep Instinct enables cyber-attacks to be ...... Read more »
  • How network security policies protect businesses from cyber attacks
    In recent times, cases of hacker attacks have increased dramatically. However, some companies are not aware of the vulnerabilities and dangerous situations to which they are exposed every day. The size of a company is not a reason to think that it can be immune to any threats to its security. Research ...... Read more »
  • Cybersecurity Analyst - Columbus, IN
    Description. Cummins is a place big enough to coach and develop a global workforce and create the world's leading clean, engine technology. We're also small enough for you to find your fit and personal passion with a team of dependable, innovative thinkers who are developing their careers within a ...... Read more »
  • Cyber Security Specialist Mid at Epsilon, Inc
    View more Careers at EPSILON Follow us on: LinkedIn | Twitter | google+ Cyber Security Specialist Mid Security Clearance Required: Secret Location: A.... Read more »
  • Louisiana Tech gets grant to enhance cybersecurity programs
    RUSTON, La. (AP) — Louisiana Tech University has received a more than $1.3 million grant to enhance its cybersecurity programs. The university, in a news release, says the grant was awarded by the National Science Foundation and will be used to support Tech's proposed CyberCorps Scholarship ...... Read more »
  • Louisiana Tech Gets Grant to Enhance Cybersecurity Programs
    Louisiana Tech University has received a more than $1.3 million grant to enhance its cybersecurity programs. ... the grant was awarded by the National Science Foundation and will be used to support Tech's proposed CyberCorps Scholarship for Service program to prepare cybersecurity professionals ...... Read more »
  • Sample cyber security policy
    Criminal Conviction or Felony Charge. An example of intangibility is reputation risk. Project 4: Cybersecurity Policy Advocacy. We can assist with policy advocacy on Capitol Hill and before the administrative agencies on cybersecurity policy. The purpose of this policy is to define our Cyber Security ...... Read more »