Hacking News

NEW YORK–The global average cost of a data breach last year dropped 11.4 percent from 2015 to $3.6 million. The reduction is attributed mostly to a strong U.S. dollar, with wins also offset by a 1.8 percent increase in the size of breaches in 2016. The numbers come from Peter Allor, senior cyber security strategist, […]

Updated The operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme’s badges are required by suppliers bidding for “certain sensitive and personal information-handling [government] contracts”. Companies were notified of the problem, which leaves them at greater risk of phishing

Flaws in Microsoft PatchGuard create a means for hackers to plant rootkits on Windows 10, 64-bit OS devices. The newly discovered attack technique, dubbed GhostHook, allows attackers to completely bypass PatchGuard, security researchers at CyberArk Labs warn. PatchGuard (formally known as Kernel Patch Protection) was developed to prevent Windows users patching the kernel, and by

Cybersecurity startup Cybereason is looking to go to the next level after securing $100m in funding from SoftBank. Cybereason, with headquarters in Boston, Massachusetts and Tel Aviv, Israel, offers a range of endpoint detection and response, next-generation antivirus, and managed monitoring services. These are crowded segments already staked out by the likes of Symantec, McAfee,

Detectives have arrested two men in the UK this morning in connection with an international “conspiracy” to break into the Microsoft network. The two 20-somethings are in police custody. The coppers, based in the South East Regional Organised Crime Unit, are investigating “unauthorised intrusion into networks that Microsoft owns” between January 2017 and March 2017.

Microsoft has cast doubt on the Fireball campaign, believed to be a serious threat to consumers and the enterprise alike. According to Windows Defender researcher Hamish O’Dea, the recent reports relating to the Fireball cybercriminal campaign may have been “overblown.” A recent Check Point research paper claimed Rafotech, a large digital marketing agency based in Beijing,

A new analysis of documents leaked by whistleblower Edward Snowden details a highly-classified technique that allows the National Security Agency to “deliberately divert” US internet traffic, normally safeguarded by constitutional protections, overseas in order to conduct unrestrained data collection on Americans. According to the new analysis, the NSA has clandestine means of “diverting portions of

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupal’s core engine on Wednesday. The most pressing issue addressed by the update, which brings Drupal 8 to version 8.3.4 and Drupal 7 to Drupal 7.56, could have led to code execution, the content management software’s security team warned. The YAML

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings,

A bypass of PatchGuard kernel protection in Windows 10 has been developed that brings rootkits for the latest version of the OS within reach of attackers. Since the introduction of PatchGuard and DeviceGuard, very few 64-bit Windows rootkits have been observed; Windows 10’s security, in particular its mitigations against memory-based attacks, are well regarded. Researchers