Microsoft has paid out its second $100,000 bug bounty since launching its reward program in mid-2013. The award brings total payouts for the program to $253,000 in under a year.
Zeus Trojan Now Hiding in Plain Sight – Using Pictures
A new variant of the notorious Zeus banking trojan is making the rounds, with a new approach that uses steganography, a technique that allows it to disguise data inside of an existing file without damaging it.
Scariest Search Engine on the Internet Just Got Scarier
CNN Money described Shodan as “The scariest search engine on the Internet.” Forbes called it a “terrifying search engine.” Unlike Google, Shodan searches for internet-connected devices (which could have known vulnerabilities) rather than information. F…
70% of Android Devices Vulnerable to a Remote Exploit
Rapid7’s Metasploit researchers have developed a new exploit for an old vulnerability that remains pervasive in the Android ecosystem some 9 months after it was patched by Google. With this new code, 70% of all Android users are vulnerable to a little …
Hundreds of Millions of Passwords are Compromised Yearly
An analysis of compromised credentials posted to Pastebin suggests that hundreds of millions of passwords are being compromised by cybercriminals every year.
Researcher Develops New Geographical Passwords
Passwords do not keep our personal data safe. That much is empirically clear – the sheer volume of passwords that are stolen and the ease with which they are cracked demonstrates this on a weekly basis. But it is not the theory of passwords that fails,…
Australia Offered Economic Espionage Results to the NSA
Details from a newly disclosed document from the cache of Edward Snowden leaks demonstrates that the Australian spy agency (one of the Five Eyes) was monitoring a US law firm advising the Indonesian government on a trade dispute with the US in 2013 in …
Merkel and Hollande Propose a European Internet
News outlets, such as the BBC, are reporting that Germany’s Chancellor Angela Merkel “is proposing building up a European communications network to help improve data protection” and prevent European emails and other data passing through the United Stat…
The Syrian Electronic Army Hacked Forbes and Dumped 1 Million Credentials
In a brief statement, Forbes said it had been compromised; that email addresses had been exposed (so beware of phishing attempts); and that passwords had been stolen (‘encrypted’, but change them anyway); and that law enforcement had been informed. It …
New IE 0-Day Used in Watering Hole Attack
A new Internet Explorer 0-day exploit, apparently used by an old hacking group, was found to have been served by the compromised Veterans of Foreign Wars website. Similarities in the attack suggest the same group as that involved in operations DeputyDo…