12 hours ago DNS Servers Crash Due to BIND Security FlawSecurityWeek View Synopsis+1
Updates released by the Internet Systems Consortium (ISC) for BIND patch a remotely exploitable security flaw that has caused some DNS servers to crash.
Hancock Health paid up despite having backups available.
Also, don't get the BOFH to publicly smack them with a LART
Usenix Enigma It's frustrating getting users to keep information and systems secure on a daily basis. However, don't try any smart gimmicks - particularly offering wedges of cash or other prizes for good behavior.…
With Jarvis, BlackBerry Targets Connected - and Driverless - Vehicle SecurityBlackBerry mobile devices have become a rare sight. But drivers of Audi, GM and Mercedes vehicles may be using the company's embedded operating system in their cars, and with a new tool called Jarvis, BlackBerry is also making a play to secure the code used to drive autonomous vehicles.
10 hours ago Biggest vuln bombshell in forever and storage industry still umms and errs over patchesThe Register View Synopsis+1
Does it run in VMs, containers, systems running external code? Just. Patch. It
Analysis A growing consensus among storage hardware appliance vendors is that, since they don't run external software on their hardware, they don't need to stick performance-hindering patches into their operating systems.…
Among the 237 fixes in Oracle's Critical Patch Update for January are patches for both Spectre and Meltdown.
Facebook has agreed - not entirely happily, from its tone - to expand its investigation into whether Russia meddled with the UK's Brexit referendum.
8 hours ago Former CIA Agent Arrested With Top Secret InfoSecurityWeek View Synopsis+1
US authorities said Tuesday they had arrested a former CIA agent, Hong Kong resident Jerry Chun Shing Lee, after discovering he had an unauthorized notebook that had the identities of undercover US spies.
Lee, a naturalized US citizen also known as Zhen Cheng Li, was arrested late Monday after he arrived at JFK International Airport in New York.
48 minutes ago Why Some Healthcare Entities Pay RansomsInfoRiskToday View Synopsis+1
Indiana Hospital Pays After Ransomware Attack, Citing Time Needed to Restore SystemsA recent incident involving an Indiana hospital that publicly admitted to paying a $55,000 ransom to unlock data following a ransomware attack - despite having backup systems - highlights the need to test data recovery plans.
1 hour ago HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizensThe Register View Synopsis+1
This language is wired for sound
Usenix Enigma HTML5 is a boon for unscrupulous web advertising networks, which can use the markup language's features to build up detailed fingerprints of individual netizens without their knowledge or consent.…
A piece of malware known as Zyklon has been delivered by cybercriminals using some relatively new vulnerabilities in Microsoft Office, FireEye reported on Wednesday.
3 hours ago Anatomy of a Cryptocurrency Phishing CampaignInfoRiskToday View Synopsis+1
North Korea Keeps Hacking for Bitcoins, Researchers SayVirtual currency that's been surging in value, stored in internet-connected banks and virtual "hot wallets": What could go wrong? The answer includes well over $175 million worth of stolen cryptocurrency and attacks that have been tied to North Korea's Lazarus Group.
4 hours ago Google intros Security Center tool for G SuiteZDNet View Synopsis+1
Security center aims to bring together analytics, insights and recommendations about an organization's data security.
At least two additional security vendors, including IBM and Palo Alto Networks, have been added to the list of vendors vulnerable to a variation on the Bleichenbacher attack called the ROBOT attack.
The service will offer insights into current security practices and methods for flagging future threats.
The dangerous new spyware kit can gain total control over an Android device, and it's been in the wild since 2015.
5 hours ago A Venture Capitalist's 2018 OutlookInfoRiskToday View Synopsis+1
As a longtime investor in companies offering cybersecurity solutions, Alberto Yépez of Trident Capital Cybersecurity is most concerned by a lack of investment in one key area; replacing aged technologies that are supporting critical infrastructure industries, such as power utilities.
The economic costs of a large cyber-attack could be as large as the impact of a major natural disaster.
ProtonVPN comes to Android, promising no malware, no ads, and no selling of user data.
These attacks fell behind natural disasters and extreme weather in the World Economic Forum's 2018 Global Risks Report.
£15k went walkabout after customer details spilled to boyfriend
A former Santander bank manager has pleaded guilty to £15,000 worth of computer misuse crimes after her boyfriend talked her into giving him illicitly obtained customer information.…