New revelations published by the Dutch newspaper NRC indicate that the NSA’s Tailored Access Operations (TAO) may have infected more than 50,000 computer networks around the world with spyware that it can turn on and off at will remotely.
Racing Post Breached; Users’ Passwords Stolen
Racing Post, a British horse racing, greyhound racing and betting newspaper, announced Sunday that its website had been breached and usernames, first and last names, passwords, email addresses and date of birth have been stolen.
GitHub Resets Passwords After Mass-scale Brute-force Attack
A methodical brute-force password-guessing attack on web hosting development site GitHub has resulted in a mass password reset and the revocation of various security authorizations.
Symantec Finds the Early Stages of a Server-based Botnet Build
Trojan backdoors have traditionally attacked desktop and now mobile computers. In recent months, however, attackers have started to target servers. Two typical purposes are to use server bandwidth for powerful distributed denial-of-service (DDoS) campa…
Is MAM Identity and Access Management’s next big thing?
Mobile Application Management is making waves. Recent news from Oracle, IBM, and Salesforce highlight the market interest. It’s a natural extension of what you’ve been hearing at Identity trade shows over the past few years (and this year’s Gartner IAM…
Anonymous Said to be Exploiting ColdFusion in Government Hacks
The ongoing cyber-attacks by Anonymous on US government websites are being made possible thanks to an exploit for Adobe ColdFusion.
Lenovo Network Storage Flaw Revealed, and Patched
A new vulnerability in Lenovo network storage devices has been uncovered. The flaw can potentially be exploited by an attacker to gain unauthorized remote read-only access to network-attached storage (NAS) shares.
Botnet Takedowns: Effective or Deceptive?
This year has seen a few high-profile wins for the good guys in the form of botnet takedowns, especially those by Microsoft and Symantec earlier this year. But at least one security researcher is warning against rejoicing too heartily: the takedowns, h…
Is there a vBulletin Zero-day Out There?
Last Thursday the Inj3ct0r Team hacking group claimed on Twitter, “Inj3ct0r Team hacked http://vBulletin.com and http://Macrumors.com.” By Friday vBulletin admitted the breach, and on Monday it was reported that a zero-day vulnerability used against bo…
Millions in the UK Targeted by CryptoLocker Ransomware Spam
CryptoLocker, the ransomware menace that has been snowballing in profile of late, is stepping up its game even further. The UK’s National Crime Agency (NCA) is warning that its National Cyber Crime Unit are aware of a mass email spamming event that is …