The U.S. Department of Homeland Security has published the National Cyber Incident Response Plan (NCIRP), which aims to describe the government’s approach in dealing with cyber incidents involving public or private sector entities.
read more
Ukraine Power Company Confirms Hackers Caused Outage
The investigation is ongoing, but Ukraine’s national power company Ukrenergo has confirmed that the recent electricity outage in the Kiev region was caused by a cyberattack.
read more
ProtonMail Launches Tor Hidden Service
Encrypted email provider ProtonMail announced this week the launch of a Tor hidden service whose role is to help combat the censorship and surveillance efforts of totalitarian governments.
read more
XSS Found in Silently Installed Acrobat Chrome Extension
Google Project Zero researcher Tavis Ormandy discovered that a Chrome extension installed silently by Adobe last week had been affected by a cross-site scripting (XSS) vulnerability. Adobe quickly patched the flaw after learning of its existence.
read more
New “Quimitchin” Mac Malware Emerges Targeting Scientific Research
Security researchers have described what they consider to be "the first Mac malware of 2017." It has a simple structure and includes some antiquated code; but nevertheless appears to have existed undetected for some time — perhaps even several years — while possibly targeting biomedical research institutions.
read more
Chrome Users Targeted in Malware Campaign
A recently observed malware distribution campaign has been specifically devised to target users of the Chrome browser on Windows-based computers, Proofpoint security researchers warn.
read more
Hackers Offered Over $1 Million at Pwn2Own 2017
For the 10th anniversary of the Pwn2Own hacking contest, Trend Micro and the Zero Day Initiative (ZDI) have introduced new exploit categories and they are prepared to offer more than $1 million worth of prizes.
read more
Carbanak Hackers Use Google for Command and Control
The infamous Carbanak malware is now capable of using Google services for command and control (C&C) communication, Forcepoint security researchers warn.
read more
US-CERT Issues Warning After Hackers Offer SMB Zero-Day
The United States Computer Emergency Readiness Team (US-CERT) has issued a warning after the threat group calling itself Shadow Brokers has offered to sell what it claims to be a zero-day exploit targeting the Server Message Block (SMB) network file sharing protocol.
read more
Cyber Skills Gap Quantified in Terms of Supply and Demand
Gaining and retaining security talent is a major headache for almost all security leaders — indeed, the consensus is that the world is suffering under a chronic security skills gap. But most of the evidence for this skills gap is empirical; there is little hard evidence in facts and figures.
read more
