Month: March 2017

Those IRS Scam Calls May Disappear Soon
Phone Fraud, Vishing

Those IRS Scam Calls May Disappear Soon

The FCC has moved one step closer to implementing a system that would prevent robocalls that spoof the caller ID of numbers that don’t initiate outbound calls, a move that could significantly reduce the volume of scam calls reaching businesses and consumers. The commission on Thursday issued a notice that seems public […]

Android Trojan Spreads Through Fake Cell Towers
Authentication, Device Security

Android Trojan Spreads Through Fake Cell Towers

Attackers in China are using rogue cell base stations to spread versions of an Android banking Trojan that steals user credentials and has the ability to bypass two-factor authentication. The malware, known as the Swearing Trojan for some impolite language found in the Chinese code, has been in circulation for […]

Half of Android Devices Didn’t Get Security Patches in 2016
Device Security

Half of Android Devices Didn’t Get Security Patches in 2016

Google has made several changes to the Android security ecosystem recently, including providing monthly updates and working with manufacturers to get those patches in the hands of users more quickly. But despite those efforts, about 50 percent of Android devices didn’t install a single security update in 2016. One of […]

NSA: We Disclose 90% of the Flaws We Find
Hacking

NSA: We Disclose 90% of the Flaws We Find

In the wake of the release of thousands of documents describing CIA hacking tools and techniques earlier this month, there has been a renewed discussion in the security and government communities about whether government agencies should disclose any vulnerabilities they discover. While raw numbers on vulnerability discovery are hard to come […]

Site Hacks Continue to Spike, Google Says
Hacking

Site Hacks Continue to Spike, Google Says

The number of sites hacked last year increased by nearly one third compared to 2015, Google said in a new report, a trend that the company expects will continue in years to come. Google’s crawlers constantly check sites for a number of different properties, including the presence of certain types […]

Trump Administration Hopes to Have Cybersecurity Strategy Done Soon
Privacy

Trump Administration Hopes to Have Cybersecurity Strategy Done Soon

A top Trump administration information security official said the White House hopes to have a national strategy for cybersecurity completed in the next two months, with a view toward having it implemented within two years. The new administration has circulated a draft of an executive order related to cybersecurity, but […]

Critical Cisco Flaw Found Buried in Vault 7 Documents
Hacking

Critical Cisco Flaw Found Buried in Vault 7 Documents

Hundreds of models of Cisco switches are vulnerable to a remote-code execution bug in the company’s IOS software that can be exploited with a simple Telnet command. The vulnerability was uncovered by company researchers in the CIA hacking tool dump known as Vault 7. The bug is a critical one […]

US-CERT Warns of Security Impact of SSL Interception
Privacy

US-CERT Warns of Security Impact of SSL Interception

The Department of Homeland Security’s US-CERT group has issued an advisory warning enterprises that many security appliances that perform HTTPS inspection through a man-in-the-middle position don’t correctly verify certificate chains before forwarding traffic, weakening the security benefits of TLS in the process. The advisory comes after a recent paper by security […]

On the Wire Podcast: Chris Camacho
Podcast

On the Wire Podcast: Chris Camacho

Threat intelligence and business risk intelligence have become key ingredients in enterprise security programs as companies try to make sense out of the ever-changing threat landscape. To help wade through all of the information and figure out what’s important, Dennis Fisher talks with Chris Camacho, chief strategy officer at Flashpoint, […]