Clicking on a news article below will cause another browser window to open. Your browser window on the LCG website will also remain open.
Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the […]
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Premier League soccer club says the attack didn't affect its website and app, and it doesn't appears to have exposed any fan or customer data either.
APT group TA416 reemerges with new changes to its documented tool sets so it can continue launching espionage campaigns.
Users of the music streaming service were targeted by attackers using credential-stuffing approaches.
Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has […]
The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.
Answering these questions will help CISOs define a plan and take the organization in a positive direction.
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been […]
Quanta magazine recently published a breathless article on indistinguishability obfuscation — calling it the “‘crown jewel’ of cryptography” — and saying that it had finally been […]
At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS […]
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's […]
This is the first video footage of a ram’s horn squid (Spirula spirula) . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my […]
Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.
The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is […]
Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked […]
GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including […]
The data breach began with a compromised employee email account.
Attacks take advantage of popular services, including Google Forms and Google Docs.
Vice has a long article about how the US military buys commercial location data worldwide. The U.S. military is buying the granular movement data of people around the world, harvested from […]
This is a pivotal moment for CISOs. As their influence increases, so does the pressure for them to make the right decisions.
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is […]
The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly […]
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
With a five-processor core, "Pigasus" delivers the same performance as a system with between 100 and 700 cores, according to a team from Carnegie Mellon University's CyLab.
Over at Lawfare, Susan Hennessey has an excellent primer on how Trump loyalist Michael Ellis got to be the NSA General Counsel, over the objections of NSA Director Paul Nakasone, and what Biden can […]
Sound security budget planning and execution are essential for CIO's/CISO's success. Now, for the first time, the Ultimate Security Budget Plan and Track Excel template (download here) provide […]
Apple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to […]
Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home […]
A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.
Cisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of […]
An increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the user's mobile or desktop device. In many cases these […]
The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese […]
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to […]
The bugs tracked as CVE-2020–8271, CVE-2020–8272 and CVE-2020–8273 exist in the Citrix SD-WAN Center.
Blockchain voting is a spectacularly dumb idea for a whole bunch of reasons. I have generally quoted Matt Blaze: Why is blockchain voting a dumb idea? Glad you asked. For starters: It doesn’t […]
A report on the underground economy finds that malicious actors are offering cloud-based troves of stolen data, accessible with handy tools to slice and dice what's on offer.
Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration […]
This is a current list of where and when I am scheduled to speak: I’m speaking at the (ISC)² Security Congress 2020, November 16, 2020. I’ll be on a panel at the OECD Global Blockchain Policy […]
This is neat: By generating powerful streams of water, UCSD’s squid-like robot can swim untethered. The “squidbot” carries its own power source, and has the room to hold more, including a […]
Earlier this year, I announced that I had joined Inrupt, the company commercializing Tim Berners-Lee’s Solid specification: The idea behind Solid is both simple and extraordinarily powerful. Your […]
WHY CHOOSE LCG?