Lifeboat Foundation

APIs make your systems easier to run — and make it easier for hackers, too.

Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.

Shalev Hulio wants to explain himself.

Normally, silence and secrecy are inherent in the spy business. For nine full years, Hulio never talked publicly about his billion-dollar hacking company—even when his hacking tools were linked to scandal or he was accused of being complicit in human rights abuses around the world. Lately, though, he’s speaking up.

“People don’t understand how intelligence works,” Hulio tells me over a video call from Tel Aviv. “It’s not easy. It’s not pleasant. Intelligence is a shitty business full of ethical dilemmas.”

Botnet is hard to detect and with no centralized control server, harder to take down.

There were 94 total losses reported around the shipping world in 2017, down 4 percent year-on-year, according to Allianz Global Corporate & Specialty SE’s (AGCS) Safety & Shipping Review 2018.

The report indicates that large shipping losses have declined by more than a third (38%) over the past decade and that the downward trend continued into 2017, marking the second lowest losses in 10 years after 2014.

However, Allianz stressed that the sinking of the oil tanker Sanchi and the impact of the NotPetya malware on harbor logistics underline that the shipping sector is being tested by a number of traditional and emerging risk challenges.

Microsoft Put Off Fixing Zero Day for 2 Years — Krebs on Security.

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week, when Microsoft finally issued a software update to correct the problem.

Continue reading “Microsoft Put Off Fixing Zero Day for 2 Years” »

To revist this article, visit My Profile, then View saved stories.

Tens of thousands of Google account holders have been warned of state-sponsored attacks targeting them.

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us.

If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.

If you think this exploit sounds like a 1990s-standard input overflow flaw, well done. That’s exactly what it is. As Nichols put it in his very detailed blog post: “1996 called, they want their vulnerability back.”