International law enforcement operations result in AlphaBay, the largest online marketplace for selling illegal goods from malware to herion, and Hansa, going dark.In a one-two punch, international law enforcement authorities shut down AlphaBay and Hansa Market, which both sold illegal goods online including stolen identification documents, malware, counterf

Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.The Necurs botnet has begun delivering the Trickbot banking Trojan to financial institutions in the United States, a sign of increasingly larger and more complex attacks on the indus

Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.Healthcare networks are teeming with IoT devices from glucometers to infusion pumps, but a study found that the majority of IT decision makers may be operating with a false sense of security regarding t

The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.The Tor Project has teamed up with HackerOne to invite hackers to find vulnerabilities in its online anonymization platform used by 1.5 million citizens, journalists, privacy advocates, and dissidents around the globe.The n

Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.DevOps could be security's biggest boon for quickly mitigating the kinds of vulnerabilities that will be highlighted next week at Black Hat USA in Las Vegas. And in a departure from the show's typical doom-and-gloom demos of scary attacks and exp

Last month Facebook announced the second successful test of Aquila – a giant sun powered drone. Even though the technology is still in the makes and has a long way to go, Mark Zuckerberg has been very serious about connecting the world– Facebook recently surpassed the 2 billion users mark.  There is an opportunity for Facebook to continue its path of success

Earlier this month, news broke that authorities had seized the Dark Web marketplace AlphaBay, an online black market that peddled everything from heroin to stolen identity and credit card data. But it wasn’t until today, when the U.S. Justice Department held a press conference to detail the AlphaBay takedown that the other shoe dropped: Police in The N

Following today’s breaking news about U.S. and international authorities taking down the competing Dark Web drug bazaars AlphaBay and Hansa Market, KrebsOnSecurity caught up with the Dutch investigators who took over Hansa on June 20, 2017. When U.S. authorities shuttered AlphaBay on July 5, police in The Netherlands saw a massive influx of AlphaBay re

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and with a valid code signing certificate can be one of the easiest ways to get a shell in an organization. I

As part of zLab’s platform research team, I’ve tried to investigate an area of the kernel that wasn’t thoroughly researched before.  After digging into some of Apple’s closed-source kernel modules, one code chunk led to another and I’ve noticed a little-known module, which I’ve never seen before, called AppleAVE. AppleAVE 

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-1 iOS 10.3.3iOS 10.3.3 is now available and addresses the following:ContactsAvailable for: iPhone 5 and later, iPad 4th generation and later,and iPod touch 6th generationImpact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-2 macOS 10.12.6macOS 10.12.6 is now available and addresses the following:afclipAvailable for: macOS Sierra 10.12.5Impact: Processing a maliciously crafted audio file may lead toarbitrary code executionDescription: A memory corruption issue was addressed through improvedinput validation.CVE-2

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-3 watchOS 3.2.2watchOS 3.2.2 is now available and addresses the following:ContactsAvailable for: All Apple Watch modelsImpact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A buffer overflow issue was addressed through improve

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-4 tvOS 10.2.2tvOS 10.2.2 is now available and addresses the following:ContactsAvailable for: Apple TV (4th generation)Impact: A remote attacker may be able to cause unexpected applicationtermination or arbitrary code executionDescription: A buffer overflow issue was addressed through improved

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512APPLE-SA-2017-07-19-5 Safari 10.1.2Safari 10.1.2 is now available and addresses the following:SafariAvailable for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6,and macOS Sierra 10.12.6Impact: Processing maliciously crafted web content may lead to aninfinite number of print dialogsDescription: An issue existed