Cisco has quickly provided a workaround for one of two vulnerabilities that was disclosed in the ShadowBrokers’ data dump and issued an advisory on the other, which was patched in 2011, in order to raise awareness among its customers. The networking giant today released advisories saying that it had acknowledged both flaws in its Adaptive Security Appliance (ASA), the newest of which...

After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers. In a study released this week by the European Union Agency For Network And Information Security (ENISA) researchers assert that it’s vitally important to identify the magnitude of cybercrime against the European...

Opponents of the government’s constant talk about intentional backdoors and exceptional access finally may have their case study as to why it’s such a bad idea. Two researchers operating under aliases (my123 and slipstream) this week posted a report—accompanied by a relentless chiptune—that reveals how Microsoft inadvertently published a Secure Boot policy that acts as...

Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber...

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day exploits and refined coding to exfiltrate...

LAS VEGAS — A government project in the works since 2013 is set to conclude Thursday at DEF CON when DARPA’s Cyber Grand Challenge culminates with a competition it’s calling the CGC Final Event. The challenge will mirror Capture the Flag competitions usually held at the hacking conference. CTF contests pit groups of hackers against each other to explore code, identify weaknesses...

President Barack Obama signed a Cyber Incident Coordination policy directive on Tuesday that puts processes in place for how the government will respond to malicious or accidental threats to the nation’s public and private cyber infrastructure. The White House directive is designed to improve coordination between government agencies and bring clarity between departments in the event...

Donald Trump may have left himself an out today when he urged Russian hackers to find 30,000 emails deleted by Hillary Clinton from her private server. “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a press conference in Florida. “I think you’ll probably be...

A U.S. government agency said the end is nigh for SMS-based two-factor authentication, citing a lack of security around the feature. The latest draft version of the Digital Authentication Guideline issued this week by the U.S. National Institute for Standards and Technology (NIST) said the practice would soon be discouraged. The Digital Authentication Guideline sets the rules that...

Amid the connections being made between the Russian government and the attack on the Democratic National Committee (DNC), researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s Global Research and Analysis Team shared some insight into their day-to-day investigations...