WannaCry “Hero” Pleads Guilty to Writing Malware in US Court

The man who reverse-engineered WannaCry has pleaded guilty in a US court to two counts of creating and spreading malware.

Read more

Microsoft Office now the most targeted platform, as browser security improves

Microsoft Office has become cybercriminals’ preferred platform when carrying out attacks, and the number of incidents keeps increasing, Kaspersky Lab researchers said during the company’s annual conference, Security Analyst Summit, in Singapore. Boris Larin, Vlad Stolyarov and Alexander Liskin showed that the threat landscape has changed in the past two years and urged users to keep their software up-to-date and to avoid opening files that come from untrusted sources to reduce the risk of infection.

To read this article in full, please click here

(Insider Story)

Read more

What is the EU’s revised Payment Services Directive (PSD2) and its impact?

New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the U.S. and other regions of the world. The PSD2 brings two major changes to the payments industry: It mandates stronger security requirements for online transactions through multi-factor authentication (MFA) and it forces banks and other financial institutions to give third-party payment services providers access to consumer bank accounts if account holders give their consent.

To read this article in full, please click here

(Insider Story)

Read more

0xACB/viewgen: Payload generator to achieve RCE on .NET servers through leaking the machineKey

machineKey is the key used to sign/encrypt data for round trips, among other things. It has uses in persisting state

Read more

Banking-Grade Credential Stuffing: The Futility of Partial Password Validation

The author is misunderstanding what that security control is for… It’s not there to prevent password reuse, it’s there to

Read more

pyEmbed – Small script for Embedding Malicious Python Code into Inconspicuous Python Code

Couldn’t the same be said for all penetration testing/offensive tools and utilities? If the security community turns a blind eye

Read more

Questionnaire about Information Security Awareness (Working adults +20)

Hmm – in general, to keep the audience engaged, you might want to split the samples/tasks in groups, potentially adding

Read more

pe3zx/huawei-block-list: Captured DNS requests from Huawei P30 Pro to a block list

If you use something like WeChat it automatically uploads all of your contacts to a Chinese government server when you

Read more