Security News

  • The Next Web
  • The Hackers News
  • Naked Security
  • HelpNet Security
  • NIST
  • Security Week
  • Threat Post
  • Security Week
  • Security Affairs
  • IT World Canada
  • Fire Eye
  • Tech Channel


Currently women only make up about 5-7% of cryptocurrency users. With many saying cryptocurrency is [...]

Sure, taking a swing at something new is usually uncomfortable and a little bit scary. But with trai [...]

WeWork, the mega-unicorn startup that operates trendy office spaces across the world, announced toda [...]

In spite of a long streak of high-profile busts over the past few months, illegal trading on the dar [...]

The tastiest bit of news out of this year’s E3 was that Microsoft was updating the Xbox One to allow [...]

Sarahah, a ‘compliments’ app (think ask.fm) popular with teenagers, is reportedly rife with security [...]

Google wants to make it easier for you to shop online and pay for services and subscriptions with a [...]

Over the past week, tech evangelist Robert Scoble (he of Rackspace and Google-Glass-in-the-shower fa [...]

Telsa has confirmed its plans to build a manufacturing plant for its electric vehicles in Shanghai, [...]

In the past few years, smartphone manufacturers have started paying more attention to the optics the [...]

Google to add "DNS over TLS" security feature to Android OSNo doubt your Internet Service Provides (ISPs), or network-level hackers cannot spy on https communi [...]

New Rapidly-Growing IoT Botnet Threatens to Take Down the InternetJust a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching mas [...]

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware AttacksA newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office i [...]

Google Play Store Launches Bug Bounty Program to Protect Popular Android AppsBetter late than never. Google has finally launched a bug bounty program for Android apps on Google [...]

Enable Google's New "Advanced Protection" If You Don't Want to Get HackedIt is good to be paranoid when it comes to cybersecurity. Google already provides various advanced f [...]

Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!Hacking ATM is now easier than ever before. Usually, hackers exploit hardware and software vulnerabi [...]

Learn Ethical Hacking — Get 8 Online Courses For Just $29With the rise in cyber-crimes, ethical hacking has become a powerful strategy in the fight against o [...]

Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach [...]

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of DevicesIf you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have [...]

Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher SpywareFinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adob [...]

Yet Another Linux Kernel Privilege-Escalation Bug DiscoveredSecurity researchers have discovered a new privilege-escalation vulnerability in Linux kernel that c [...]

How A Drive-by Download Attack Locked Down Entire City for 4 DaysWe don't really know the pain and cost of a downtime event unless we are directly touched. Be i [...]

KRACK Demo: Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi ProtocolDo you think your wireless network is secure because you're using WPA2 encryption? If yes, thin [...]

Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttackRemember NotPetya? The Ransomware that shut down thousands of businesses, organisations and banks in [...]

New Ransomware Not Just Encrypts Your Android But Also Changes PIN LockDoubleLocker—as the name suggests, it locks device twice. Security researchers from Slovakia-based s [...]

Scam Alert: Your Trusted Friends Can Hack Your Facebook AccountIf you receive a message from any of your Facebook Friends asking for urgent help to recover their F [...]

Online Training for CISA, CISM, and CISSP Cyber Security CertificationsBelieve it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With m [...]

MS Office Built-in Feature Allows Malware Execution Without Macros EnabledSince new forms of cybercrime are on the rise, traditional techniques seem to be shifting towards mo [...]

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For MonthsBeware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, [...]

Israel Hacked Kaspersky, Caught Russian Spies Hacking American Spies, But...The cold cyber war has just turned hot. According to a story published today by the New York Times, [...]

Hackers Steal $60 Million from Taiwanese Bank; Two Suspects ArrestedA Taiwanese bank has become the latest to fall victim to hackers siphoning off millions of dollars b [...]

Microsoft Issues Patches For Severe Flaws, Including Office Zero-Day & DNS AttackAs part of its "October Patch Tuesday," Microsoft has today released a large batch of secu [...]

OnePlus Secretly Collects Way More Data Than It Should — Here’s How to Disable ItThere is terrible news for all OnePlus lovers. Your OnePlus handset, running OxygenOS—the company [...]

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID PasswordCan you detect which one of the above screens—asking an iPhone user for iCloud password—is original [...]

Microsoft Cortana Can Now Read Your Skype Messages to Make Chat SmarterMicrosoft today announced built-in support for Cortana—an artificial intelligence-powered smart assi [...]

What the KRACK was that? [Chet Chat Podcast 264]Live from BSides Calgary in Alberta, Canada, here's this week's Chet Chat podcast... [...]

Microsoft tears into Chrome security as patching feud continuesEverybody wins as Google and Microsoft's security one-upmanship continues [...]

Monday review – the hot 20 stories of the weekFrom Wi-Fi targeting KRACK attack and Microsoft's Edge smoking out Google Chrome to the IRS [...]

Office DDE attack works in Outlook too – here’s what to doDDE attacks can be run from within Outlook emails and calendar invites [...]

What’s coming next in the world of malware? [VIDEO]We asked one of the world's top threat reasearchers, "What next?" Here's his fas [...]

Google’s Advanced Protection Program: extra security at a costHow much hassle would you put up with to make your account more secure? [...]

5 ways to do 15 minutes of cybersecurity without a computerTaking a 'tech free' 15 minutes doesn't mean taking 15 minutes off, you've got c [...]

Teen hacker sentenced for serious disruption of Phoenix 911 systemHe intended to build a “non-harmful but annoying bug that he believed was ‘funny.’” [...]

IRS chief: assume your identity has been stolenAmericans should “assume their data is already in the hands of criminals and ‘act accordingly.’” [...]

The principle of Attribute Based Access Control (ABAC) has existed for many years. It’s the evolutio [...]

Security teams the world around are putting in hours every day to keep their company’s most prized a [...]

The Anti-Phishing Working Group’s latest report found upticks in phishing attacks against companies [...]

Here’s an overview of some of last week’s most interesting news and articles: Vulnerability in code [...]

A Trojanized version of Elmedia Player software for Mac was available for download for who knows how [...]

With 31 votes for, 24 against and one abstention, the European Parliament Committee on Civil Liberti [...]

Ransomware protection intercepts threats targeting enterprise data FileCloud announced FileCloud Bre [...]

The National Cyber Security Alliance (NCSA) conducted a study to better understand teens and parents [...]

52 percent of UK consumers think fraud is an inevitable part of shopping online, according to Paysaf [...]

Canonical released Ubuntu 17.10 featuring a new GNOME desktop on Wayland, and new versions of KDE, M [...]

This publication approves the XTS-AES mode of the AES algorithm for data on storage devices. [...]

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cyc [...]

Researchers at the Black Hat security conference on Thursday showed an iPhone security flaw which ex [...]

The Mozilla Firefox browser experiences it`s first ever Zeroday exploit. (Fixed) [...]

FoxNews is reporting that a Hacker is attempting extort $10 million from the State of Virginia [...]

So many people have asked for our help with infected computers that we put together this review of f [...]

Conflicker updates its self to include a keylogger and tools to find passwords and finanacial data. [...]

The "Conflicker" worm is set to trigger on April 1st. We provide the basic links you need [...]

NOD32 virus version 3918 is quarantining important Windows files [...]

The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technica [...]

The growing acceptance that it is impossible to detect and block all malware at the perimeter requir [...]

Over 60% of Sites Loaded via Chrome Use HTTPS, Says Google The number of websites that protect traff [...]

Cybersecurity Awareness Month is, once again, upon us. At its core is an issue that can have a massi [...]

Amazon-owned Whole Foods Market informed customers last week that a recent hacker attack aimed at it [...]

With growing concern over nation-state cyber attacks comes an increasing need to secure the critical [...]

Contracting giant Booz Allen is to acquire cybersecurity firm Morphick. Few details have been made p [...]

While continuing to spread via spam emails sent by the Necurs botnet, the Locky ransomware has switc [...]

A newish buzzword in the cybersecurity world is “orchestration”. Which to me is the junction where p [...]

While Equifax is the latest major data breach to hit the headlines, we know it will not be the last. [...]

The acceptance and adoption of biometrics as a primary or second factor in multi-factor authenticati [...]

Google has taken yet another step toward improving the security of its users by making Google prompt [...]

A new, massive botnet is currently recruiting improperly secured Internet of Things (IoT) devices su [...]

Canada’s Communications Security Establishment (CSE) agency announced this week that the source code [...]

Proton, a remote access tool (RAT) that emerged in early 2017, has once again compromised a legitima [...]

A joint Technical Alert, TA17–293A, describing the activities of a Russian APT may contain signature [...]

Researchers identified a new ransomware family called Magniber that uniquely only targets users in S [...]

Malware dubbed IOTroop that researchers say is "worse than Mirai" has already infected one [...]

Researchers have spotted Locky ransomware infections emanating from the Necurs botnet via Word attac [...]

This week's Threatpost News Wrap Podcast recaps the ROCA, KRACK and Boundhook attacks, as well [...]

Cisco patched a critical bug in its Cloud Services Platform 2100 hardware and at the same time told [...]

Google announced a public bug bounty for Google Play that brings developers and researchers together [...]

SSH private keys are being targeted by hackers who have stepped up the scanning of thousands of Word [...]

Experts applaud a new Google service, Advanced Protection, which beefs up account password protectio [...]

The FBI has made an appeal to organizations victimized by DDoS attacks to share details and characte [...]

The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technica [...]

The growing acceptance that it is impossible to detect and block all malware at the perimeter requir [...]

Over 60% of Sites Loaded via Chrome Use HTTPS, Says Google The number of websites that protect traff [...]

Cybersecurity Awareness Month is, once again, upon us. At its core is an issue that can have a massi [...]

Amazon-owned Whole Foods Market informed customers last week that a recent hacker attack aimed at it [...]

With growing concern over nation-state cyber attacks comes an increasing need to secure the critical [...]

Contracting giant Booz Allen is to acquire cybersecurity firm Morphick. Few details have been made p [...]

While continuing to spread via spam emails sent by the Necurs botnet, the Locky ransomware has switc [...]

A newish buzzword in the cybersecurity world is “orchestration”. Which to me is the junction where p [...]

While Equifax is the latest major data breach to hit the headlines, we know it will not be the last. [...]

The acceptance and adoption of biometrics as a primary or second factor in multi-factor authenticati [...]

Google has taken yet another step toward improving the security of its users by making Google prompt [...]

A new, massive botnet is currently recruiting improperly secured Internet of Things (IoT) devices su [...]

Canada’s Communications Security Establishment (CSE) agency announced this week that the source code [...]

Proton, a remote access tool (RAT) that emerged in early 2017, has once again compromised a legitima [...]

The development team at NetBSD is going to implement the KASLR (kernel Address Space Layout Randomis [...]

The CSE CybSec Z-Lab Malware Lab spotted a new botnet, dubbed Wonder botnet, while it was investigat [...]

The source code of a new Android Remote Administration Tool is available on GitHub, it is dubbed AhM [...]

The US DHS and the FBI have issued a warning that APT groups are actively targeting energy firms and [...]

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Securit [...]

The APT28 group is trying to exploit the CVE-2017-11292 Flash zero-day before users receive patches [...]

An NSA leaked document about the BADDECISION hacking tool raises the doubt about National Security A [...]

The dreaded Proton malware was spreading through a new supply-chain attack that involved the Elmedia [...]

Canada’s Communications Security Establishment (CSE) intel agency has released the source code for o [...]

Operators behind Locky ransomware campaigns have switched to new attack techniques to evade detectio [...]

The vast majority of security incidents can be traced back not to a technical wizardry or enormous e [...]

There have been a lot of interesting reactions to the Equifax data breach. One of the most interesti [...]

November 15 will be an important date in Avaya’s history. On that day Avaya employees, channel partn [...]

Mastercard is taking a bet on blockchain, officially revealing its blockchain technology complete wi [...]

As Catalonia continues to make headlines fighting for independence from Spain, a new report has iden [...]

Three experts in third platform technologies shared insights and advice on AI, cloud, and the digita [...]

Would you consider putting a scanner on an airplane and testing it thousands of metres in the sky ex [...]

Learn about the DICE acronym that helps Peter Burns, CIO, at High Liner Foods, identify the four key [...]

Lyft continues to chase down Uber with a new billion dollar investment round, Deepmind has created a [...]

AI is powering new features in Adobe's Creative Cloud like font recognition, and could soon be [...]

Candace Worley tells the Mpower conference that infosec leaders have to make risk-based choices [...]

New York – Panasonic has been working towards a global connectivity service that can provide a predi [...]

Amazon announced its intentions to build a second headquarters location just a few weeks ago, and th [...]

Apple’s telling secrets about the machine learning behind Siri. Google Calendar gets updated, maybe [...]

Graham Taylor from the University of Guelph and Nicolas Chapados, the chief science officer at Eleme [...]

The network won't be the control point in the future for building a cyber security architecture [...]

Called Investigator, the SaaS offering will help infosec pros weed through alerts and make recommend [...]

Google is investing in a new tech-focused Toronto neighbourhood, Netflix ups its funding for origina [...]

Apple and GE announce a deep partnership that could make Apple an instant standard for industrial fi [...]

IT security discussions are often dominated by new technologies like the cloud. But Laura Payne, dir [...]

Stevan Lewis says that in his new role, he'll no longer be looking in the rear-view mirror at p [...]

Toronto is preparing to use technology to tackle the challenges of urban growth, and it will have so [...]

The continued evolution of digital innovation has resulted in seemingly endless options and technolo [...]

Changing technology, demands for scalability and manageability, and the exponential growth of data i [...]

This time on Unboxing for Business we take a look at what Microsoft is doing with its array of Windo [...]

I (Matthew Haigh) recently contributed to FLARE’s FakeNet-NG network simulator by adding content-bas [...]

Introduction Exploit kit (EK) use has been on the decline since late 2016; however, certain activity [...]

Another year, another successful Flare-On Challenge. I’d first like to thank our challenge authors f [...]

We can confirm that FireEye devices detected and stopped spear phishing emails sent on Sept. 22, 201 [...]

We observed several high-volume FormBook malware distribution campaigns primarily taking aim at Aero [...]

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatic [...]

Introduction Event tracing for Windows (ETW) is a lightweight logging facility first introduced with [...]

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisti [...]

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a [...]

In 2016 we began observing actors we believe to be North Korean utilizing their intrusion capabiliti [...]

Introduction While performing incident response, Mandiant encounters attackers actively using system [...]

This is the second of two blogs that discuss the implementation of the Windows console architecture [...]

The fourth annual Flare-On Challenge – the FireEye Labs Advanced Reverse Engineering (FLARE) team’s [...]

Exploit kit (EK) activity has been on the decline ever since Angler Exploit Kit was shut down in 201 [...]

FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Ru [...]

Many attackers continue to leverage PowerShell as a part of their malware ecosystem, mostly delivere [...]

As a reverse engineer on the FLARE Team I rely on a customized Virtual Machine (VM) to perform malwa [...]

A wide variety of threat actors began distributing HawkEye malware through high-volume email campaig [...]

Introduction In 2016, FLARE introduced FakeNet-NG, an open-source network analysis tool written in P [...]

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscatio [...]

In May of 2016, Mandiant’s Red Team discovered a series of vulnerabilities present on Lenovo’s Vibe [...]

UPDATE (July 21): FireEye continues to track this threat. An earlier version of this post has been u [...]

Introduction The following blog discusses a couple of common techniques that malware uses to obscure [...]

FireEye has identified a set of financially motivated intrusion operations being carried out by a th [...]

In this blog, we will take a closer look at the powerful, versatile backdoor known as CARBANAK (aka [...]

Episode #269 - Macroless Malware: "A New Technique with Old Technology", Mac Scams, DDoS A [...]

Episode #268 - DnsMasq Critical Bug, App Detects Skimmer Scanners at Gas Pumps, FormBook Malware Tar [...]

Episode #267 - Android Unlock Patterns Too Easy to Guess, Firms underestimate "Seismic Aftersho [...]

Episode #266 - Linux Trojan Using Hacked IoT Devices to Send Spam Emails, New Android Banking Trojan [...]

Episode #265 - CCleaner Malware, Cryptocurrency Mining, Clickless Bluetooth Attack [...]

Episode #264 - Voice Assistant Hears Things You Can't, Android Apps for Creating Ransomware [...]

Episode #263 - Risks to Oracle EBS, The WireX Botnet, and Internet Weather [...]

Episode #262 - Cybersecurity Roadtrip, PoS Flaws-Hackers Steal Card Data/Change Prices, Hurricane Ha [...]

Episode #261 Chain of modern malware attack, large number of DDoS-for-hire-platforms come on-line [...]

Episode #260 - Machine Learning, R00TZ, and Internet Weather [...]

Episode #259 SMBLoris-What you need to Know, 15 days SMB Honeypot: Mum, Tons of WannaCry and Evils A [...]

Episode #258 Bitcoins Received in Ransomware Attacks, Turkish Android App Store 100% Flush w/Malware [...]

Episode #257 Stealing MacOS malware, gSoap Security Flaws, Attackers takeover Wordpress sites, more [...]

Episode #256 - RCE Vulnerability in WebEx, LockPOS, and Internet Weather [...]

Episode #255 - Cyber deception, Reverse-engineering Petya, and the Internet Weather [...]

Episode #254 - Systemd Bug, Outdated Third-Party Software, and the Internet Weather [...]

Episode #253 - What Mirai missed, Cybersecurity Labor Crunch, Phishing and the Markley Quiz [...]

Episode #252 - Gartner Summit Highlights, Fileless Ransomware, MacRansom and Internet Weather [...]

Episode #251 - Sambacry Update, RIG Exploit Kit, Malware Samples and Internet Weather [...]

Episode #250 - Adware, Malware in PPT files, and Security Deficiencies in Medical Devices [...]

Episode #249 - A Bug in Samba, Bugs in Subtitles and Internet Weather [...]

Episode #248 - Hacked Android Phones, Anti-virus for cars, a new worm and the John Markley Quiz [...]

Episode #247 - Battle of the Botnets, the James Bond of Botnets and Internet Weather [...]

Episode #246 - Business Email Compromise, Orange is the New Black Hack, and Certificate Pinning [...]

Episode #245 - Employee leaks, Intel Vulnerability and the Internet Weather [...]