People Weak Link in Security Chain, Says New Report

If you pay any attention to infosec headlines, you’ve likely seen it’s once again that time of year when Verizon releases its Data Breach Investigations Report (DBIR). The 9th annual report was released yesterday and while much of it isn’t surprising, it is entirely disheartening.

A quick review of the findings show cybercrime continues to target what hackers obviously deem the weakest link in the chain,

> Read More

iOS 9.3 to fix serious iMessages encryption flaw

For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously.

Here, for instance, is what Apple’s website says about its approach to privacy when it comes to iMessages:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime,

> Read More

Tell us how to infect an iPhone remotely, and we’ll give you $1,000,000 USD

If there’s something which is in high demand from both the common internet criminals and intelligence agencies around the world, it’s a way of easily infecting the iPhones and iPads of individuals.

The proof that there is high demand for a way to remotely and reliably exploit iOS devices, in order to install malware that can spy upon communications and snoop upon a user’s whereabouts,

> Read More

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.

But thankfully the vulnerability was found by a responsible researcher, who informed PayPal about the problem and helped the web’s most popular payment service from being embarrassed by a massive security gaffe.

> Read More

Five years after Stuxnet, your USB drive is still being patched

Yesterday was Patch Tuesday, and – as Optimal Security’s Russ Ernst described – Microsoft released fixes for a smorgasbord of vulnerabilities.

Obviously, it’s important that you roll out the patches as soon as possible, and ensure that your computers and networks are protected against threats which malicious hackers could use to target your systems,

> Read More

Windows 10 – Cause for Confusion

As of August 1, ComputerWorld reported Windows 10 global usage had climbed to 2.5%. Not too shabby for the OS that was launched just three days earlier on July 29. Those numbers easily beat early adoption rates for Windows 8.1 but, I wonder how those users are faring? A quick read of headlines shows a lot of headaches ranging from overall privacy concerns to unwanted update files being delivered to networked machines still running Windows 7 or 8.1.

> Read More

LinkedIn trumpets the success of its private bug bounty

It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?