A power outage in western Ukraine on 23 December 2015 was the result of a cyberattack, the country's energy ministry has confirmed. Cybersecurity researchers at ESET believe it to be the first-known instance of power stations being disabled by hackers.
Russian Industrial Controls Systems Supervisory Control and Data Acquisition (ICS/SCADA) researchers posted a list of industrial products that ship with default passwords in an effort to urge vendors to implement better security controls, a move some feel could cause more harm than good.
If you have an Android, keep an eye out for updates from your vendor or carrier – there are some critical security patches out.
Google has fixed 12 vulnerabilities affecting Android versions 4.4.4 through 6.0.1, including five rated as “critical” – the designation for the worst kind of security bug.
Dutch security researcher Guido Vranken has published a paper in which he details a new attack method on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams.
Mr. Vranken describes the HTTPS Bicycle Attack as a method through which an attacker can inspect HTTPS traffic and be able to determine the length of some of the data exchanged underneath the TLS protection layer.
A security vendor says it discovered a flaw in Comcast's home security system that could let criminals break into houses undetected by using radio jamming equipment. The vendor, Rapid7, says it alerted Comcast to the problem two months ago but never received a response from the company. However, Comcast told Ars that Rapid7 e-mailed the wrong address.
The group that claimed responsibility for taking down the BBC's global website last week has said the attack was "just the start."
On Saturday, a group calling itself New World Hacking also claimed responsibility for an attack that downed Republican presidential candidate Donald Trump's campaign website for about an hour.
Software vulnerabilities are a daily event it seems, but some systems just have more of them. When we think of this a couple of names usually spring to mind -- Flash and Java. However, according to the new list being published by CVE Details, they aren't quite at the top, nor is Microsoft's oft-maligned operating system.
Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper’s devices.
There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, and their number appears to be growing. Combined they expose 684.8 terabytes of data to potential theft.
This is the result of a scan performed over the past few days by John Matherly, the creator of the Shodan search engine for Internet-connected devices.
Security researchers with Avast recently took a look at several shopping apps to see just how much retailers know about their shoppers. What the team found was a bit alarming, to say the least.
