I have had the privilege of meeting some great security analysts during my time in the information security profession. One thing I experienced when I was an analyst, and that I’ve repeatedly noticed across the industry since then, is that even the best analysts need focus. Analysts that are focused on high fidelity, low noise alerts and the right workflow accompanying them are far more productive than analysts that are not. What do I mean by this? Allow me
read more
Backdoor Abuses TeamViewer to Spy on Victims
A recently spotted backdoor Trojan abuses the legitimate TeamViewer remote access tool to spy on victims, Doctor Web security researchers warn.
read more
User Data Leaked From Analytics Company Social Blade
Social Blade, an online analytics company based in Raleigh, North Carolina, was hacked earlier this month and its users’ details, including passwords, have been leaked online.
read more
NIST Denounces SMS 2FA – What are the Alternatives?
Towards the end of July 2016, the National Institute of Standards and Technology (NIST) started the process of deprecating the use of SMS-based out-of-band authentication. This became clear in the issue of the DRAFT NIST Special Publication 800-63B, Digital Authentication Guideline.
read more
How Secret Service Techniques Improve Cybersecurity
Recent news coverage has not been kind to the Secret Service, but when it comes to the organization’s core mission – protecting the President – it is hard to argue with its record.
read more
FalseCONNECT Flaw Exposes Proxy Connections to Attacks
Products from Apple, Microsoft, Oracle and possibly other major companies are affected by a vulnerability that exposes connections made via a proxy server to man-in-the-middle (MitM) attacks.
read more
Address Bar Spoofing Vulnerability Found in Several Browsers
Chrome, Firefox and other web browsers are plagued by vulnerabilities that can be exploited to spoof their address bar. Some of the affected vendors are still working on addressing the issues.
read more
Windows 7, 8.1 to Adopt “Monthly Rollup” Patch Model
Windows 7 and Windows 8.1 users who miss their security updates for a month or longer will soon be able to install a single "Monthly Rollup" package to get both the missed and current software patches. The new patching method will be available starting in October.
read more
Massive Spam Campaign Spreads Panda Banker Trojan
Panda Banker, an offspring of the infamous Zeus malware, was recently observed in a massive infection campaign where millions of spam messages were sent to potential victims, Proofpoint researchers warn.
read more
“Shadow Brokers” Claim Hack of NSA-Linked Equation Group
Has the Bear Raided the Eagle's Nest?
read more
