The PETYA ransomware is just one of the recent examples of malware that encrypts victims' hard drives until a fee is paid. The advice from the government is not to pay the ransom -- or at least not expect to get a decryption key if you do -- but a password generator has been created that means you can decrypt your hard drive for free.
My first reaction after reading accounts about the breach of a vast trove of financial and related information from the Panamanian law firm Mossack Fonseca was to channel John Le Carré and his famed Panamanian tailor/spy Harry Pendel.
However, the reality is much less interesting. The story is actually about a company with third-rate security that gets exploited by a routine hack.
Security researchers have recently observed a large application-layer distributed denial-of-service attack using a new technique that could foil DDoS defenses and be a sign of things to come for Web application operators.
The attack, which targeted a Chinese lottery website that used DDoS protection services from Imperva, peaked at 8.7Gbps. In a time when DDoS attacks frequently pass the 100Gbps mark, 8.7Gbps might not seem much, but it's actually unprecedented for application-layer attacks.
Adobe has issued a security advisory warning about a newly discovered critical vulnerability in Adobe Flash Player currently being used in attacks.
A critical vulnerability (CVE-2016-1019) was found in Adobe Flash Player Version 21.0.0.197 and earlier versions, for Windows, Mac, Linux, and Chrome OS, could allow an attacker to crash and wrest control of the victim's machine.
Adobe notes that there are reports that the bug is being used in attacks on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.
NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.
Banking industry sources tell KrebsOnSecurity that the Trump Hotel Collection — a string of luxury properties tied to business magnate and Republican presidential candidate Donald Trump — appears to be dealing with another breach of its credit card systems. If confirmed, this would be the second such breach at the Trump properties in less than a year.
A representative from Trump Hotels said the organization was investigating the claims.
Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.
The broken patch was discovered by researchers from Polish firm Security Explorations who found the vulnerability and reported it to IBM in May 2013. IBM issued a fix in a July 2013 update for its Java development kit.
No web-connected service is safe. If you need more proof of this, consider a recent alleged attack on a porn site that apparently gave a hacker access to more than 237,000 accounts. In the aftermath of the Apple vs. FBI squabble over iPhone encryption, this is a reminder that strong security is needed for connected devices and products.
According to Motherboard, an unknown hacker claims to have stolen the login credentials belonging to users of a porn website called Team Skeet, part of the Paper Street Media (PSM) network.
A high-profile US hacker has turned an attack on his website into an assault against the Israeli intelligence service. 'The Jester' – or th3j35t3r – claims that he diverted an attempt to overload his website to assault Mossad's online presence.
Haaretz reported that Jester's website – jesterscourt.cc – was the victim of a denial of service (DoS) attack on the night of 1 April. In a tweet, Jester announced that he had diverted the hacker's attack by simply changing the IP address his website was registered on.
A recent report in many of the CIO/CSO magazines claims that the astonishing results from a recent survey by Vanson Bourne, an independent research firm, claiming that about one out of every four employees would be willing to sell their company password to an outsider.
While those 25 per cent would be willing to make a buck by selling access to the information, the majority of responders said they’d need serious coin to make the transaction, asking from $1,000 or more for the credentials. Some would do so for as little as $100.
