Black Hat: Kaspersky is seeking white hats
The security vendor has started up a bug-bounty program.
The security vendor has started up a bug-bounty program.
When Black Hat convenes next week in Las Vegas, it will be a rich environment for gathering tools that can be used to tighten security but also - in the wrong hands - to carry out exploits.
Malware researchers for Kaspersky Lab took to Reddit’s IAmA chat today and pronounced an affection for the hacker-hero TV show “Mr. Robot” but not NSA hacker Edward Snowden.
A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX. Called SNAP_R (for social network automated phisher with reconnaissance), the tool runs through a target Twitter account to gather data on what topics seem to interest the subscriber. Then it writes a tweet loaded up with a link to a site containing malware and sends it.
The new documentary about Stuxnet, ‘Zero Days’, says the U.S. had a far larger cyber operation against Iran called Nitro Zeus that has compromised the country’s infrastructure and could be used as a weapon in any future war.
Over the past year the number of machines hit by ransomware that encrypts all or part of the hard drive is five-and-a-half times what it was the year before, according to Kaspersky Lab.
Jie Zhang says that as a child in China she played a game picking up marbles with chopsticks and performing the delicate task of carrying them to another room without dropping them. That’s what doing business in China is like for Westerners, she told a breakfast gathering today at Gartner’s Security and Risk Management Summit.
Corporate employees who help carry out cyberattacks are increasingly being sought and are seeking criminals to hire them
D-Link is working to fix a weakness that allows attackers to take over remote control of one of its camera so they can eavesdrop, and the company is checking whether others of its products have similar vulnerabilities.
Now when ransomware tries to take over your computer, there’s something you can be sides pay up: stop it, buy more time to deal with it or mitigate the damage it might do, Security BSides Boston conference was told.
When the ransomware demands come in it’s really too late to come up with a good response plan, so do that as soon as you can, an Interop audience was told.
Cyber insurance can pay out millions to cover the cost of data breach liability, but buying the policies can be a nightmare for info security pros, and premiums for similar coverage can vary wildly.
Visibility is key to troubleshooting network woes, but getting such access can be expensive. To help out, a veteran networking pro shared with attendees of the big Interop conference in Las Vegas his list of a dozen mostly free “killer” tools.
The Interop conference convening this week will be a far cry from the gathering of a small group of technology pioneers who sought interoperability among Internet devices 30 years ago.
The first proposed draft US federal encryption legislation has been released, and had it been established law earlier this year Apple would have had to provide the help the FBI asked for in accessing encrypted data on the iPhone used by a terrorist in San Bernardino.