News

0 Comments
In the wake of the Ryuk ransomware attack on the Tribune Publishing Company last month, security researchers are warning the threat to enterprises may be growing. In a research post published last week, threat detection vendor CrowdStrike in Sunnyvale, Calif., reported that Ryuk ransomware has accumulated more than $3.7 million in cryptocurrency payments since it
0 Comments
One major advantage of AI algorithms is their ability to rapidly find patterns across large data sets and to detect anomalies. At the simplest form, this involves creating a baseline model of what’s normal in an environment, and then flagging and investigating anomalies to that baseline, which could potentially be IoT threats. This can be
0 Comments
Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an
0 Comments
Security researchers have identified a global DNS hijacking campaign, which they say is likely the work of Iranian hackers. According to researchers from FireEye’s Mandiant Incident Response and Intelligence team, the DNS hijacking campaign targeted entities for the past two years across the Middle East and North Africa, Europe and North America “on an almost
0 Comments
The widespread popularity of SaaS applications, BYOD and millions of unsecure IoT devices has effectively eliminated the notion of a hardened perimeter where IT and security organizations can control access to their sensitive data. Software-defined perimeter (SDP) technology makes users and devices invisible and inaccessible to outside attacks. An alternative to VPN technology, SDP can
0 Comments
An Internet Explorer zero-day vulnerability that kindled some excitement and sparked a Microsoft out-of-band patch during the year-end holidays overshadowed a light January Patch Tuesday. To exploit the Internet Explorer zero-day bug (CVE-2018-8653), an attacker required a victim to view a specially crafted website that executes arbitrary code. Without Microsoft’s patch, the attacker would then
0 Comments
Madelyn Bacon and Casey Clark Cloud provider Data Resolution claimed North Korea was behind the ransomware attack on its systems on Christmas Eve. According to cybersecurity journalist Brian Krebs, Data Resolution was infected with the Ryuk ransomware, which is the same ransomware thought to be behind the attacks on Tribune Publishing Company’s network, which disrupted
0 Comments
A number of branch network security suppliers are touting their abilities to add software-defined WAN capabilities to their firewall platforms. In the meantime, SD-WAN suppliers continue to improve their native network security capabilities. Organizations must carefully evaluate their security and WAN requirements, as they select the appropriate architecture for their unique branch network needs. Many
0 Comments
Germany has been hit with the biggest hack in its history. A group of unknown hackers has leaked highly-sensitive personal data from more than 100 German politicians, including German Chancellor Angela Merkel, Brandenburg’s prime minister Dietmar Woidke, along with some German artists, journalists, and YouTube celebrities. The leaked data that was published on a Twitter
0 Comments
A cyberattack on Tribune Publishing Company LLC this weekend disrupted the printing operations of several major newspapers, including the Los Angeles Times and Chicago Tribune, but questions remain about the nature and attribution of the incident. The Tribune Publishing cyberattack, which was initially discovered Friday, involved malware that affected several of the company’s systems for
0 Comments
With data breaches becoming a daily reality, it’s nearly impossible to know which breaches will remain influential or impactful throughout the course of a year. For this cybersecurity roundup, we chose to focus on analyzing Under Armour, Cambridge Analytica-Facebook, Uber and Marriott Hotels as the most powerful 2018 cybersecurity incidents. Not all information security risks
0 Comments
Apple’s latest Transparency Report shows that access to user devices and data are more often being requested by government and non-government entities around the world — and so is the rate at which Apple complies with those requests. Government data requests have been on the rise for years, according to previous transparency reports by Apple
0 Comments
The U.S. Department of Justice on Thursday indicted two Chinese nationals accused of cyberattacks around the world in association with the Chinese state-sponsored hacking group known as APT10. The two individuals, Zhu Hua and Zhang Shilong, were indicted on several charges in connection with cyberattacks and intellectual property (IP) theft, including conspiracy to commit computer
0 Comments
Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter account controlled by the attackers. Most malware relies on communication with their command-and-control server
0 Comments
Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google’s Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw
0 Comments
Certified Information Systems Security Professional (CISSP) is an information security certification developed by the International Information Systems Security Certification Consortium, also known as (ISC)². The CISSP designation is a globally recognized, vendor-neutral standard attesting to an IT security professional’s technical skills and hands-on experience implementing and managing a security program. CISSP is a certification sought
0 Comments
The FBI just saved the Christmas. The U.S. Justice Department announced earlier today that the FBI has seized domains of 15 “DDoS-for-hire” websites and charged three individuals running some of these services. DDoS-for-hire, or “Booter” or “Stresser,” services rent out access to a network of infected devices, which then can be used by anyone, even
0 Comments
A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows operating system. SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them. The newly disclosed unpatched Windows zero-day
0 Comments
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked. In an internal memo sent to all employees