- Hacker-built drone can hunt, hijack other drones
- Malware still running rings around security tools, eThreatz testing finds
- 2 million stolen login credentials discovered for Facebook, Google, LinkedIn, Twitter, other sites
- Conventional insurance may not cover cyber security breaches: Centre for Internet Safety
- Botnet snatches 2 million logins for Facebook, ADP payroll processor and other sites
The developers of the popular vBulletin commercial Internet forum software are investigating a potential exploit and advised users to delete the "install" directory from their deployments as a precaution.
Researchers at Sucuri, a firm focused on website security awareness and attack recovery, have discovered attackers using a known, but a rather uncommon method of maintaining access to an already compromised server: They're hiding backdoors inside the headers of legitimate image files.
Security researchers have discovered a new Apache web server backdoor that is so stealthy it leaves almost no trace of its redirection behaviour on the hard drive or in server log files.
Researchers at Sucuri and Eset say the attacks, which delivers the Blackhole malware kit to site visitors, leaves no trace on servers
A group of hackers that are infecting Web servers with rogue Apache modules are also backdooring their Secure Shell (SSH) services in order to steal login credentials from administrators and users.
Sign up now »
Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.