The Deep Web is that part of the internet where hackers sell exploit kits and stolen data. Such sites are often hard to find. Many require an invitation from someone else to join. Some, like AlphaBay, hide behind the Tor network. TrendLabs Security reports that data stolen from US hospitals is show
The massive DDOS attack on the Akamai CDN (content distribution network) that last year took down Netflix, Amazon, and others because of compromised IP cameras that were using a default password shined the spotlight on IoT security. In particular, there is the concern about attacks on heavy industri
As we have said before, it seems hardly a week goes by without an announcement of another security weakness found in Adobe Flash. This week we discuss two. HTML5 was supposed to replace Adobe Flash. The goal was to have a standard that browser designers could use to process video without having to
Metasploit is a tool that white hat hackers use to do penetration testing. No doubt criminals use it too. What Metasploit does is take exploits gathered by thousands of contributors and package them into scripts and a command line and web interface so that security admins and analysts can test if a
Microsoft publishes security bulletins and advisories here. Those warn of vulnerabilities in Microsoft products. You can sign up for updates via RSS or email here. They say: “To improve security protections for customers, Microsoft provides vulnerability information to major security software
A group of hackers known as Carbank, who in 2015 stole an incredible $1 billion USD from banks, have been again using RTF documents with embedded OLE objects to plant malware on computers. They send these documents in emails using phishing attacks. Then they use Google services on the machine to pla
The Tor browser is a tool used by Edward Snowden, journalists, US government workers traveling overseas, terrorists, criminals, pedophiles, and people downloading movies and doing chat to protect their IP address from discovery. But recently there was a zero day defect that unmasked the identity of
The drama, some might say circus, keeps unfolding around the Russian spying on the US election. What is remarkable is that President-elect Trump is at odds with the security apparatus he will soon inherit. He is saying he does not agree that the Russian government did the hacking. The US intelligenc
The Department of Homeland Security and FBI Have released technical details of the hacking of the Democrat Party and Clinton Campaign that they first described in this document in October. As President Obama promised, the government has released proof that this hacking came from Russian intelligence
It seems hackers also go after people who are supposed to be educated about the dangers of phishing: tech professionals. Last week I updated the DNS records for my personal email domain. So I was easily tricked when a few hours later I got this email that looks very much like it came from Google su
In what one could characterize as the worst banking hacker attack this year - and the only one to have ever caused a bank to shut down its site - Tesco Bank shut off online banking for all of its accounts after 40,000 of them were attacked. Hackers stole £2.5 million from 9,000 accounts. The bank st
The The New York Times, under the scary headline “Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say,” reported that Kryptowire security researchers reported that a Chinese firm Shanghai Adups Technology Co. Ltd has planted software on hundreds of thousands of Android devices and i
SHA-1 (Secure Hashing Algorithm 1) is an encryption algorithm used to encrypt traffic to and from SSL/HTTPS websites. It has some known security weaknesses. So it is being phased out and replaced with SHA-2 and SHA-3. Certificate authorities will quit issuing SHA-1 certificates in January 2017. Micr
What are some of the new security features in Windows 2016? Windows 2016 is the soon-to-be released version of Windows server software. The Server version of Windows is the software designed to power business, engineering, and other applications. It is not for desktop users. Prior to Windows 2016 t