Author: Carolyn Moritz

US Intelligence “Hedges Bets” Against Competitors

“If one does not consider the long-range future, one will never cease to be surprised.” In this context the Director of National Intelligence introduced the US Intelligence Community’s most recent Quadrennial Intelligence Community Review (QICR), published in 2009. Deputy Director of National Intelligence David R. Shedd. Photo: Wikimedia Commons It is the most recent of Read More

KorBanker Adds Mobile Malware to Multi-Vector Threats

FireEye has released an updated analysis on the behavior of Android banking malware KorBanker. The security researchers have been observing the malware’s behavior over the past year to determine the scope of newer mobile malware threats. Android.KorBanker is a banking malware that has been affecting Korean users since at least September 2013. It mimics an Read More

BlackWorm Trojan Identifies New Syrian Malware Team

Security firm FireEye demonstrated a “connect the dots” approach to attribution after identifying several members of the Syrian Malware Team. This pro-Assad hacking group has ties to both the Syrian government and the Syrian Electronic Army (SEA), another team that has made headlines for its attacks against the Syrian opposition. Photo: Giphy.com The Syrian Malware Read More

October is European Cyber Security Month

On September 1, the European Union Agency for Network and Information Security (ENISA) published the dates and events planned for the 2014 European Cyber Security Month (ECSM). ECSM is an EU-based advocacy campaign that has taken place every October since 2012 across several EU member states. From the event’s dedicated website: ECSM aims to promote Read More

NOAA Slow to Fix Weather Satellite Vulnerabilities

The US National Oceanic and Atmospheric Administration (NOAA) is behind schedule in updating its newest satellite systems and, as a result, is facing serious security vulnerabilities. The Department of Commerce Assistant Inspector General issued an urgent report to NOAA Under Secretary Dr. Kathryn D. Sullivan. The report refers to an audit on NOAA’s IT security Read More

Netflix

Netflix Releases Scumblr, Seeks ‘Outside Perspective’

Netflix has announced an open source release of its in-house security tools Scumblr and Sketchy. The Netflix security team has been using these tools internally since February 2014 and determined they are now stable and useful enough to open up to the public developer community. Netflix senior application security engineer Scott Behrens spoke to ThreatPost Read More

chase

‘Smash and Grab’ Attack Targets JPMorgan Customers

A Proofpoint report published Thursday, August 21 revealed an aggressive “smash and grab” style phishing campaign targeted at JPMorgan Chase’s US-based banking customers. According to Kevin Epstein, Proofpoint VP of Advanced Security and Governance, just the very first wave of emails targeted 150,000 Chase customers. To date the total number of emails in the campaign Read More

WebView Exploit Can Make Calls From Your Phone

A developer in Copenhagen has explored a vulnerability in mobile applications that allows potential attackers to initiate remote phone calls. Andrei Neculaesei wrote in his blog Algorithm.dk about Apple’s documentation regarding the “tel” Uniform Resource Identifier (URI) scheme. Neculaesei concluded that the fundamental problem rested with developers who did not read the aforementioned documentation. The Read More

secret

Apple Removes ‘Secret’ From Brazil App Store

A Brazilian court issued a preliminary injunction against Apple and Google on August 21, requesting that both companies remove anonymous secret-sharing app Secret from their app stores in Brazil pending the final ruling of a controversial court case. Prosecutor Marcelo Zenker first went after the app on Friday, August 15. Although the prosecution mentions the Read More

san diego

San Diego Adds Bluetooth Tracking to Surveillance Roster

The San Diego government has been using a Bluetooth tracking system called Blufax to monitor traffic behavior via Bluetooth-enabled smartphones. After Voice of San Diego reporter Michael Robertson requested documentation under the California Public Records Act (CPRA), he discovered that the city government had a minimum of 16 Blufax devices and intended to eventually install Read More

Older Posts