Bogus Evernote alert leads to exploit kit
Evernote users are being actively targeted with an email spam campaign that tries to trick them into following a malicious link. Sent from accounts@pcfa.co.in and titled …
Geographical passwords as a solution to the password problem
The massive data breaches that happened in the last few years have proven beyond doubt that the text password authentication method has many flaws. Security researchers and …
SEA hacks Forbes, steals and leaks 1M user records
Business news site Forbes and its registered users are the latest victims of the Syrian Electronic Army (SEA) hacker collective, which proved that they have broken into the …
Kickstarter suffers data breach
If you ever supported a Kickstarter project, you know by now that the popular crowdfunding platform has experience a data breach and that some of your information was …
Week in review: IE 0-day and fake SSL certificates exploited in the wild, Bitcoin exchanges suspend withdrawals
Here’s an overview of some of last week’s most interesting news and articles: Account details of 27,000 Barclays customers stolen, sold to brokers (In)famous …
Exploring the complexity of modern cyber attacks
James Holley is an Executive Director at Ernst & Young LLP. In this interview he discusses the complexity of modern cyber attacks, the challenges involved in maintaining …
Thousands of FTP sites compromised to serve malware and scams
Some 7,000 FTP sites and servers have been compromised to serve malware, and its administrators are usually none the wiser, claim Hold Security researchers. FTP sites function …
Silk Road 2.0 allegedly hacked, user funds stolen
The second incarnation of the (in)famous Silk Road underground market has been hacked, claims one of its moderators who goes by the online handle “Defcon”, and an …
IE 0-day used in watering hole attack tied to previous campaigns
An Internet Explorer zero-day vulnerability (CVE-2014-0322) is actively exploited in the wild in a watering-hole attack targeting visitors to the official website of the U.S. …
300,000 users affected by premium-SMS sending apps from Google Play
Panda Security has identified malicious apps on Google Play that can sign users up to premium SMS subscription services without their permission. These new threats have been …
Most organizations are unable to resolve a cyber attack
The lack of incident detection and investigation puts companies and their CISOs’ jobs at significant risk, according to a new Ponemon Institute study. In fact, when a …
Security vulnerability in the Duo WordPress two-factor authentication plugin
During an internal assessment, Duo Security found a vulnerability in their popular WordPress two-factor authentication plugin that completely bypasses the security measures …