See also – Diamond Fox – part 1: introduction and unpacking   April 6, 2017 by Malwarebytes Labs   In a previous post we made an initial analysis of a Diamond Fox bot delivered by the Nebula Exploit Kit (more about the campaign can be found here). We described the way to unpack the protection… Continue reading Diamond Fox – part 2: let’s dive in the code

In an effort to be more transparent, Microsoft revealed more about what data Windows 10 Creators Update will collect from users’ PCs and clarified what the privacy settings mean.                                       By Darlene Storm, Computerworld | Apr 5, 2017   Microsoft has been under fire for its privacy practices since Windows… Continue reading Microsoft reveals what data Windows 10 collects from you

60GB MSSQL database contained customer records and other sensitive data                                     By Steve Ragan, Senior Staff Writer, CSO | Apr 5, 2017   Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc., recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to… Continue reading Scottrade Bank data breach exposes 20,000 customer records

The vulnerability allows attackers with access to a guest OS to read the host’s memory                                        By Lucian Constantin IDG News Service | Apr 5, 2017 A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the… Continue reading Critical Xen hypervisor flaw endangers virtualized environments

Two become one                                     5 Apr 2017 at 10:03, John Leyden   Key internet standards-making body the Internet Society (ISOC) and security and privacy org the Online Trust Alliance (OTA) are merging.   The move, announced Wednesday, sees an important standards-driver combining with an org that has guided best practices… Continue reading Online Trust Alliance merges with Internet Society

April 5, 2017  By Pierluigi Paganini   Schneider Electric, Allen-Bradley, General Electric (GE) and more vendors are vulnerable to ClearEnergy ransomware.                          Researchers at CRITIFENCE® Critical Infrastructure and SCADA/ICS Cyber Threats Research Group have demonstrated this week a new strain of ransomware attack aiming to erase (clear) the ladder logic diagram in Programmable Logic Controllers… Continue reading ClearEnergy ransomware aim to destroy process automation logics in critical infrastructure

4th April 2017 by Kate Conger                                                    Google’s Project Zero has been on a roll lately, unveiling sophisticated bugs in Cloudflare, LastPass and now Broadcom, a Wi-Fi chip supplier whose product is found in iPhones, Nexuses and Samsung devices.   Apple patched the bug in a security update yesterday… Continue reading Project Zero uncovers a nasty Wi-Fi chip exploit

4th April 2017   “He built a piece of software. That tool was pirated and abused by hackers. Now the feds want him to pay for the computer crooks’ crimes.”   The above snippet is the subhead of a story published last month by the The Daily Beast titled, “FBI Arrests Hacker Who Hacked No One.”… Continue reading Dual-Use Software Criminal Case Not So Novel

Published April 03, 2017   The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Nexus devices through an over-the-air (OTA) update. The Google device firmware images have also been released to the Google Developer site. Security patch levels of April 05, 2017… Continue reading Android Security Bulletin—April 2017

By Tom Spring April 4, 2017                                                 Researchers have identified a stealthy new remote access tool dubbed ROKRAT that leverages a bevy of anti-detection measures. The RAT targets the Korean language Microsoft Word alternative Hangul Word Processor (HWP).   ROKRAT was detected several weeks ago by Cisco Talos,… Continue reading New RAT Targets Koreans And Is Skilled At Evading Detection