Saturday, December 16, 2017

Windows ‘DoubleAgent’ Attack Turns AV Tools into Malware

Zero-day attack exploits a legitimate process in Windows, according to Cybellum; AV vendors downplay threat.

Google, Jigsaw Offer Free Cyber Protection to Election Sites

The Protect Your Election package from Google and Jigsaw includes password alert and two-step verification for candidates and campaigns.

New Yorkers See 60% Rise in Data Breaches in 2016

Attorney General Eric Schneiderman announced his office received nearly 1,300 data breaches in 2016, a 60% increase over 2015.

Malware Explained: Packer, Crypter & Protector

These three techniques can protect malware from analysis. Here's how they work.

Phishing Your Employees for Schooling & Security

Your education program isn't complete until you test your users with fake phishing emails.

Future of the SIEM

Current SIEM systems have flaws. Here's how the SIEM's role will change as mobile, cloud, and IoT continue to grow.

The True State of DevSecOps

Automation improving, but security needs to find ways to slide into DevOps workflow and toolchain.

New Metasploit Extension Available For Testing IoT Device Security

RFTransceiver extension for the Metasploit Hardware Bridge API will let organizations detect and scan wireless devices operating outside 802.11 spec.

Hacked Sites Up By 32% in 2016 Over 2015, Says Google

Webmasters should register on Search Console for hack notifications, advises the company.

Report: ‘OilRig’ Attacks Expanding Across Industries, Geographies

The highly-effective malware targets Middle Eastern airlines, government, financial industries and critical infrastructures with a simple but powerful backdoor created by infected Excel files attached to phishing emails.

Cisco Issues Advisory on Flaw in Hundreds of Switches

Vulnerability was discovered in WikiLeaks' recent data dump on CIA's secret cyber-offensive unit.

3,000 Industrial Plants Per Year Infected with Malware

Targeted industrial control systems-themed malware is less prevalent yet persistent, including one variant posing as Siemens PLC firmware that has been in action since 2013, researchers find.