In a press release yesterday evening, retailer Eddie Bauer confirmed a point-of-sale malware infection suspected by some sources as early as beginning of last month. more
"Security experts have discovered a malware platform that's so advanced in its design and execution that it could probably have been developed only with the active support of a nation-state," reports Dan Goodin in Ars Technica. more
Journalists and political activists critical of Kazakhstan's authoritarian government, along with their family members, lawyers, and associates, have been targets of an online phishing and malware campaign believed to be carried out on behalf of the government of Kazakhstan, according to a new report by the Electronic Frontier Foundation (EFF). more
"The threat uses sophisticated techniques to evade detection and prepares the ground for more malware components," Lucian Constantin reporting in CIO: "Security researchers have discovered a new malware threat that goes to great lengths to remain undetected while targeting energy companies." more
Oscar-winning documentarian Alex Gibney's "Zero Days" -- coming out on Friday -- investigates the story of the classified Stuxnet attack on Iran by the US and Israel. more
"These vulnerabilities are as bad as it gets," says Google's Information Security Engineer, Tavis Ormandy, in reference to multiple critical vulnerabilities discovered affecting Symantec, a popular vendor in the enterprise security market. more
NASCAR team Circle Sport-Leavine Family Racing (CSLFR) disclosed today a ransomware infection incident that took place in April and nearly caused losing access to critical files worth about $2 million. more
Cybercriminals are continuing to exploit human nature and relying on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, according to Verizon 2016 Data Breach Investigations Report released today. more
Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more
We live in an online age, one where malware infections have become commonplace. Some might say this is the price of doing business online. News headlines report damaging attacks on well-known brands with depressing regularity. Consumer confidence suffers as customers look to organizations to sort out the issue, secure their transactions and fix the problem. more
Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more
If this past quarter's stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level, reports Trend Micro in its Q2 Security Roundup Report. more
Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more
Every year M3AAWG gives an award for lifetime work in fighting abuse and making the Internet a better place. Yesterday at its Dublin meeting they awarded it to Rodney Joffe, who has been quietly working for over 20 years. I can't imagine anyone who deserves it more. more
Sean Gallagher reporting in Ars writes: "Earlier this week, something suspicious started happening with Web addresses related to sites seized by the FBI from Megaupload and a number of online gambling sites." more
A World-Renowned Source for Internet Developments. Serving Since 2002.