Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack. An image appeared on all employee’s computers demanding their “requests be met” along with links to leaked data.
The Reddit user that posted the thread posted a year ago that they worked at Sony Pictures. The ZIP files mentioned in the images contain a list of filenames of a number of documents pertaining to financial records along with private keys for access to servers. They said that “a single server was compromised and the attack was spread from there.”
Read moreThere's a new hacking group in cyberspace, and it's going after the Islamic State's online propaganda. Less than 24 hours after ISIS social media accounts posted a threatening message from the group's leader, the audio recording was replaced with a song and its transcript with a logo resembling that of the Egyptian military.
Abu Bakr al-Baghdadi's recording had been hacked, and the operation carried all the hallmarks of a group such as the Syrian Electronic Army. The Egyptian Cyber Army is clearly inspired by the infamous Syrian hacktivist group, but a spokesperson told that the group's members are all Egyptians — some civilians, some with a military or police background.
Read moreRussia poses a serious cyber threat to industrial control systems, pharmaceutical, defense, aviation, and petroleum companies. Russian government cyber operations aim to use malware to steal information on files, persist on ICS equipment, and commit espionage.
There is nothing quick about studying Russian cyber operations. Beyond understanding the complexities of the malware itself, one must also match up the names of several families of malware, some which have evolved over time and have had different names, as well as to link together the names given to specific groups by a number of private security companies.
Read moreThe State Department's unclassified email network has been temporarily shut down to update security protocols in the wake of a suspected hacking attack that occurred in early October. A senior State Department official confirmed that the Department recently detected activity of concern in portions of its unclassified email system.
As a result of that incident the State Department scheduled an outage this weekend of some Internet systems to implement security improvements to its main unclassified network. The official said the shutdown has impacted some of the State Department's unclassified email traffic as well as access to some public web sites.
Read moreUK to take action to close down Russian website streaming images from British webcams including baby monitors and those in gyms and bedrooms. The UK is to take international action to close down a Russian website that is streaming images from British webcams including baby monitors, bedroom cameras and gym.
The site feature live feeds from households and businesses across the world, including a gym in Manchester, a bedroom in Birmingham and an office in Leicester. The site highlighted the importance of setting secure passwords on devices that have access to the internet. It has become the source of concern for data watchdogs across the world.
Read moreBadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed to behave badly, has dug deeper into the problem.
The real kicker, however, is that USB device makers indiscriminately flip-flop between these chips depending on price and availability, meaning that not all USBs are alike — not even those in the same product line. Determining which chips are risky requires physically dismantling and examining the chip in the particular USB device.
Read moreZero day actually refers to two things — a zero-day vulnerability or a zero-day exploit. Zero-day vulnerability refers to a security hole in software — such as browser software or operating system software — that is yet unknown to the software maker or to antivirus vendors.
This means the vulnerability is also not yet publicly known, though it may already be known by attackers who are quietly exploiting it. Because zero day vulnerabilities are unknown to software vendors and to antivirus firms, there is no patch available yet to fix the hole and generally no antivirus signatures to detect the exploit, though sometimes antivirus scanners can still detect a zero day using heuristics.
Read moreA survey of companies in the U.K. more than half are willing to hire a hacker to help deal with a shortfall of cyber-security professionals. The finding comes from a survey of 300 senior IT and HR professionals in organizations with 500 or more staffers.
The increasing awareness of the cyber threat means the majority of U.K. companies are clear on their strategy for dealing with any skills gaps. Rather than relying on hackers to share their secrets, or throwing money at off the shelf programs that quickly become out of date, U.K. companies need to take stock of their cyber defense capabilities and act on the gaps that are specific to their own security needs.
Read moreIn the world of infrastructure security, a little bit of knowledge can go a long way toward protecting your organization. That's why Incapsula is always working hard to learn what's going on with the current state of DDoS attacks, including the top trends in DDoS attacks and how DDoS attackers are changing their methods.
During our work, we noticed that there's little understanding out there about exactly how DDoS attacks put businesses at risk. Some companies seem to ignore the risk altogether, while others know the danger is real, but are unsure exactly what that entails. We thought that it would be a good idea to show the actual impact that DDoS attacks can have on a business.
Read moreCybercriminals have started a new trend for conducting distributed denial-of-service attacks and rely on a type of DNS amplification that leverages text records for making the operation more effective; in some campaigns, parts of a press release from the White House have been observed by researchers.
The tactic is not new, but more and more incidents of this sort have been recorded. The entertainment sector is the most targeted. Attackers have used large TXT records in reflection attacks in the past. Cybercriminals often use intermediate victims to reflect the bad traffic to their target.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland