Archives: February 2016
You are here: Home \ 2016 \ February \ Page 5
Threatpost editor Mike Mimoso talks to HackerOne chief policy officer Katie Moussouris about the U.S. implementation of the Wassenaar Arrangement rules and where things stand close to seven months after the initial draft was pulled off the table for a rewrite. [embedded content]
Glibc, the GNU C library at the core of last year’s GHOST vulnerability, is vulnerable to another critical flaw affecting nearly all Linux machines, as well as API web services and major web frameworks where the code runs. The vulnerability, discovered independently by researchers at Google and Red Hat, has been patched. The flaw, CVE-2015-7547,...
Mike Mimoso and Chris Brook recap last week’s Security Analyst Summit — including lots of IoT and critical infrastructure talk, how a researcher hacked his hospital, news on APTs like Metel and Poseidon, and more. Download: Reflecting_on_SAS_2016.mp3 Music by Chris Gonsalves
Mike Mimoso talks with Steve Adegbite, Chief Information Security Officer at E*TRADE, about data integrity and some of the challenges he encounters when it comes to encrypting data and dealing with third-party access to data. [embedded content]
Several flavors of ransomware, most notably Cryptowall, have come packaged with support features. But a new piece of crypto-ransomware called PadCrypt has upped the game with a live chat feature that victims can use to interact with the attackers about ransom payments and other information. Discovered by a Swiss researcher at abuse.ch, PadCrypt is the...
VMware on Saturday reissued a patch from October that incompletely addressed a critically rated remote code execution vulnerability in vCenter Server. The original vulnerability, CVE-2015-2342, was a poorly configured JMX RMI service in vCenter Server that was remotely accessible. The flaw allowed unauthenticated attackers connect to the service and use it to run code on...
Nearly three months after it was spotted for sale in a Russian hacker forum, the Mazar bot has been put to use in active attacks targeting Android devices. Researchers at Heimdal Security said on Friday the bot is being sent to Android users via SMS and MMS messages and if the victim executes the APK,...
Landing Page Title Appropriately architect interdependent mindshare rather than high-payoff schemas. Authoritatively unleash orthogonal methodologies via functionalized intellectual capital. Phosfluorescently synergize holistic. [kaspersky_sso_button]
Mike Mimoso talks to Kaspersky Lab researcher Vitaly Kamluk who was critical in the discovery of the latest version of the cross-platform Adwind RAT. The remote access Trojan is unique in that it’s written in JavaScript, giving this version—which is also known as Frutas, AlienSpy and JSocket—the flexibility to be used liberally in cybercrime operations...
TENERFIE, Spain – Sergey Lozhkin knows malware. Medical devices? Admittedly, not so much. That, however, was not an impediment to the Kaspersky Lab researcher in cracking the digital walls of a Moscow hospital and finding a shocking array of open doors on the network and weaknesses in medical devices and applications crucial not only to...