Warrant canaries aren’t definitive markers that a company has been served with a National Security Letter or some other type of court order mandating that customer information be turned over to a government agency or law enforcement. But oftentimes, they are a strong indicator that something has changed in that arena. Pinterest, for example, in...

Embedded device servers made by Moxa remain vulnerable to a trio of vulnerabilities disclosed today in an advisory published by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and a blog post by researcher Karn Ganeshen. Moxa, which is based in Taiwan, will publish a beta patch firmware before the end of the month,...

Palo Alto Networks is reporting a shift in malware tactics used by the APT group Wekby that has added a rare but effective new tool to its bag of tricks. The security firm reported on Tuesday that over the past week, Wekby attackers are turning to the technique known as DNS tunneling in lieu of...

A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East. Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file...

Google wants to kill passwords. And the weapon it wants to use is called Project Abacus, which Google said will become available on Android devices by the end of 2016. The way Project Abacus works is that instead of relying on passwords or two-factor authentication to open your Android phone, your device will instead authenticate...

Jon Callas, equal parts security entrepreneur and innovator, has been hired at Apple for what will be his third stint with the company. Callas left Silent Circle, a company he cofounded, in April after four years there. Silent Circle designs and produces secure communication platforms, including the Blackphone and Silent Phone mobile devices, Silent OS...

The obvious takeaway from last week’s LinkedIn data breach revelation where we learned hackers were selling 117 million LinkedIn usernames, email addresses and passwords from a 2012 breach is, change your passwords-and often. The not so obvious takeaways come from noted security expert Troy Hunt, creator of the cyber-breach service Have I Been Pwned? and...

A private industry notification sent by the FBI in late April to its business partners warns of the risks associated with KeySweeper, a tool released in January 2015 by noted hardware hacker and researcher Samy Kamkar. Sixteen months ago, Kamkar released the source code and instructions on how to build the device, which looks like...

A two-year-old EITest malware campaign is still going strong, fueled by the fact it has shifted its distribution technique over time. Now, researchers at the SANS Institute’s Internet Storm Center, are reporting EITest is morphing again based on analysis of the malware campaign conducted earlier this month. According to researcher Brad Duncan, the EITest malware...

The SWIFT banking network on Friday updated financial institutions worldwide of new security resources it has developed in the wake of massive fraud. Officials also reminded banks of their role in securing their respective infrastructures. Banks in Bangladesh, Vietnam and Ecuador have been infiltrated by attackers who stole credentials for the SWIFT system to move...