Top IT Security Bloggers

  • French Dark Bets: Betting On Euro 2016

    Trend Micro - Security Intelligence
    While French underground marketplaces are typically located in the "Dark Web", recently they ventured out onto YouTube to advertise the newest addition to their services: online gambling.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    French Dark Bets: Betting On Euro 2016
  • Billion-dollar scams: The numbers behind BEC fraud

    Symantec Security Response Blogs
    More than 400 companies are targeted with BEC scams every day. Find out more and learn how to stay protected.

    Twitter Card Style: 

    Business email compromise (BEC), or CEO fraud, continues to be the bane of companies in 2016. BEC scams are low-tech financial fraud in which spoofed emails from CEOs are sent to financial staff to request large money transfers. While they require little expertise and skill, the financial rewards for the fraudsters can be high.
    read more
  • Privacy warning over Pokémon Go app for iOS as it grabs full access to players' Google accounts

    Graham Cluley
    As if there weren't enough headlines about malicious bogus Pokémon Go apps for Android, and thieves using the game ambush and rob unsuspecting players, privacy concerns have now been raised about the iOS edition of the app.
    Adam Reeve found that players of the iOS version of Pokémon Go who signed into the app via Google, were unwittingly giving the Nintendo game - developed by Nantic - full access to their Google account:
    Let me be clear - Pokemon Go and Niantic can now:

    Read all your email
    Send email as you
    Access all your Google drive documents (including deleting them)
    Look at your search history and your Maps navigation history
    Access any private photos you may store in Google Photos
    And a whole lot more

    And they have no need to do this - when a developer sets up the “Sign in with Google” functionality they specify what level of access they want - best practices (and simple logic) dictate you ask for the minimum you actually need, which is usually just simple contact information.
    Other players of Pokémon Go - including popular security tweeter @SwiftOnSecurity - confirmed that the app had grabbed full access to their Google accounts.
    I like to imagine this is a cockup rather than a conspiracy, and that the game's developers do not have any malicious intent, but this really doesn't sound good at all.
    Hopefully a new fixed version of the Pokémon Go app for iOS will be released sooner rather than later.
    In the meantime, players may wish to revoke the game's access to their Google account.
  • Security analyst banned for disclosing vulnerabilities in web forums

    Graham Cluley
    Is NeighbourNet taking reports of vulnerabilities in its platform seriously?
    David Bisson reports.
  • Serial Swatter, Stalker and Doxer Mir Islam Gets Just 1 Year in Jail

    Krebs on Security
    Mir Islam, a 21-year-old Brooklyn man who pleaded guilty to an impressive array of cybercrimes including cyberstalking, "doxing" and "swatting" celebrities and public officials (as well as this author), was sentenced in federal court today to two years in prison. Unfortunately, thanks to time served in this and other cases, Islam will only see a year of jail time in connection with some fairly heinous assaults that are becoming all too common.
  • Lawsuit filed against Snapchat for showing adult content to minors

    Graham Cluley
    A teenage boy has filed a lawsuit against the real-time picture chatting service Snapchat after he was greeted with a seedy photo collage of Disney characters.
    David Bisson reports.
  • Pokémon Go: Real World Risks of Apps

    Trend Micro - Cloud Security Blog
    As the virtual world of technology and the real world of our physical lives come into greater convergence, the chances for them to come together in bad and dangerous ways increases. Over the weekend, we’ve gotten to see the latest way that these two worlds can collide with bad consequences in the form of a...
  • COBIT 5, Creating an Audit Program and Enabling Compliance

    Last year I wrote an article that discussed using COBIT 5 to audit cyber controls, in this instance the Australian Signals Directorate (ASD) Top 4. At the time of writing this article I had the privilege of being an expert reviewer on a draft ISACA white paper on creating an audit program. This white paper has now been released.In the Australian government, as with all governments around the world, compliance against legislative and regulatory requirements is an important factor for the vario...
  • Datadog bitten by data breach, kills all passwords

    Sophos - Naked Security
    Hackers took a bite out of SaaS platform Datadog, breaching multiple servers on Friday. Fortunately, it protects passwords with bcrypt.
  • Big “carding gang” bust announced by Europol: 105 arrests across 15 countries

    Sophos - Naked Security
    15 countries, 105 people, a pile of duty free shops, a stack of cloned cards...and €5 million in glitzy goods

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place