Archives: March 2016
You are here: Home \ 2016 \ March
The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain public-facing websites will be...
The American Civil Liberties Union has dug up more proof that from the get-go the FBI’s attempt to crack open an iPhone used by the San Bernardino shooter Syed Rizwan Farook was not just about the one phone. The ACLU found court documents and on Wednesday published an interactive map visualizing the Justice Department’s 63 requests through the courts since 2008...
Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprises wishing to develop and internally distribute mobile apps for their workforces without...
Wall Street-savvy hackers are behind a data breach that involves a who’s-who of New York City legal firms. Federal investigators are looking into the breach that included Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, both high-profile New York-based law firms. Cravath Swaine & Moore said told Threatpost its computer networks were infiltrated...
When the Internet’s root name servers are in the line of fire of a DDoS attack, people start to sweat, and with good reason since they are the authoritative servers used to resolve IP addresses. The most recent attacks against the root servers happened over a two-day period starting last Nov. 30, and impacted services...
More than 1,400 vulnerabilities exist in a widely used drug cabinet system, according to an advisory issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on Tuesday. The problems exist in Pyxis SupplyStation, an automated medical supply cabinet manufactured by CareFusion. The systems, common in nursing setups in facilities across the healthcare sector,...
Portions of the hospital chain MedStar Health remain offline Wednesday as a result of a major malware attack that occurred Monday and crippled the hospital’s computer systems and forced one of the largest healthcare providers in Maryland and Washington, D.C. to turn patients away. The healthcare provider said the attack forced it to shut down its...
In a conversation from RSA Conference, Mike Mimoso talks to Endgame chief technology officer Jamie Butler about what’s new–if anything–with targeted attacks, the proliferation of ransomware, and what defenders are doing about detecting attacks on their networks. Download: Jamie_Butler_RSA.mp3 Music by Chris Gonsalves
Researchers are digging through samples of the Petya ransomware, and while they’ve learned some about its inner workings, they still haven’t mastered enough to come up with a decryptor. Petya is the latest twist on crypto-malware. It was found recently targeting companies in Germany in a spam campaign aimed at human resources organizations. The emails...
Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub. Unlike traditional ransomware samples that rely on gullible users to click on a malware-infected email attachment or visit a booby-trapped website, this new breed of ransomware is installed once attackers have exploited unpatched server vulnerabilities. To date, only...