Security

0 Comments
The new year is a time for resolutions and promises of change, so much so that even malware has returned from a bit of time off with some new features, including a new Flash exploit, according to Malwarebytes head of investigations, Jérôme Segura. The Fallout exploit kit (EK) took a little respite over the first few
0 Comments
by John E Dunn The Have I Been Pwned? (HIBP) website has revealed another huge cache of breached email addresses and passwords discovered last week circulating among criminals. Named “Collection #1”, its statistics are as impressive as they are worrying: 87GB of data, 12,000 files, and 1.16 billion unique combinations of email addresses and passwords.
0 Comments
An attack leveraging the open-source Build Your Own Botnet (BYOB) framework has reportedly been intercepted by Israeli cybersecurity firm Perception Point’s incident response team. According to the team, this appears to be the first time the BYOB framework has been found to be used for fraudulent activity in the wild. While these tactics and techniques have
0 Comments
A malicious MS Word document, titled “eml_-_PO20180921.doc,” has been found in the wild, and according to researchers at Fortinet’s FortiGuard Labs, the document contains auto-executable malicious VBA code. Victims who receive and open the document are prompted with a security warning that macros have been disable. If the user then clicks on “enable content,” the NanoCore
0 Comments
Despite the burgeoning IoT market, organizations made limited progress on IoT security in 2018, according to a new report from Gemalto. Though there is evidence of incremental improvements, security measures are being outpaced by the rapid growth of IoT, which is on track to hit 20 billion devices by 2023. The survey queried 950 IT
0 Comments
by John E Dunn Microsoft has vexed its users with another misbehaving update. The latest problem occurred on 8 January when enterprise users running Windows 7 or Windows Server 2008 R2 with a Key Management Service (KMS) started complaining on Microsoft’s TechNet forums and Reddit that they were seeing two errors, the first relating to licensing,
0 Comments
Three different vulnerabilities in the Schneider Electric EVlink Parking electric vehicle charging station, which could have allowed an attacker to halt the charging process, have been patched, according to Positive Technologies. Researchers discovered the vulnerabilities, CVE-2018-7800, CVE-2018-7801 and CVE-2018-7802, in charging stations used at parking environments in several countries, including at offices, hotels, supermarkets, fleets and municipals. The
0 Comments
A research team of experts from Graz University of Technology, Boston University, NetApp, CrowdStrike, and Intel has published findings on page cache attacks. Unlike Spectre and Meltdown, this attack is a first-of-its-type, hardware-agnostic, side-channel attack that can remotely target operating systems such as Windows and Linux and effectively exfiltrate data, bypassing security precautions. In explaining the
0 Comments
by John E Dunn With every new hack, it’s becoming clearer that older forms of two-factor authentication (2FA) are no longer the reassuring security protection they once were. The latest and perhaps most significant is that researcher Piotr Duszyński has published a tool called Modlishka (Polish: “Mantis”) capable of automating the phishing of one-time passcodes
0 Comments
For the second time in less than two months, the New York Times has reported that a progressive group of Democrats allegedly leveraged social media sites in a secret project intended to spread false information and sway the 2017 Senate race in Alabama. According to the New York Times, “The ‘Dry Alabama’ campaign, not previously
0 Comments
The healthcare sector continues to be the target of cyberattacks, with Managed Health Services (MHS) of Indiana Health Plan announcing recently that a third-party data breach potentially exposed up to 31,000 patients’ personal data in one of two security incidents the company has disclosed in the past month. The organization reportedly manages Indiana’s Hoosier Healthwise
0 Comments
by Danny Bradbury Old Twitter posts could reveal more about you than you think, according to a research paper released this month. Tweets could reveal places you visited and things you did, even if you didn’t explicitly mention them. Researchers from the Foundation for Research and Technology in Greece and the University of Illinois found
0 Comments
Using a new penetration testing tool to automate phishing attacks, hackers can potentially bypass two-factor authentication (2FA), according to a new post published by security researcher Piotr Duszynski. The tool was written to intentionally make phishing campaigns as easy and effective as possible, said Duszynski. Dubbed Modlishka, a Polish word that means “mantis,” the tool
0 Comments
IcePick-3PC has impacted a range of businesses, from publishers to e-commerce, across a variety of industries, including retail and healthcare, according to researchers from The Media Trust’s digital security and operations (DSO) team. The malware strain was first identified in spring 2018 and is able to steal device IPs en masse.   When it was initially detected,
0 Comments
by John E Dunn For decades hot tubs were simple water-bearing garden luxuries that owners looked forward to relaxing in of an evening. More recently, manufacturers started adding exciting Internet of Things (IoT) features that product marketing departments worked themselves into a lather promoting as the next must-have. These IoT-enabled hot tubs look identical to
0 Comments
Network and endpoint security company, Sophos, announced today that it has acquired Avid Secure, a cloud infrastructure security company that uses artificial intelligence to deliver cloud security analytics, according to a press release. No further details about the acquisition have been released, though a spokesperson for the company said in an email that Sophos will
0 Comments
The Advanced Cyber Security Center (ACSC) has published its first annual report, “Leveraging Board Governance for Cybersecurity, the CISO / CIO Perspective,” the results of which highlight the need for boards to be active governance partners in collaborative cyber defense. Recognizing the shared value of collaboration across organizational functions and between and among organizations when
0 Comments
The Marriott breach announced on November 30, 2018, was initially suspected to have compromised the data of nearly 500 million customers, but on Friday the Starwood company updated its database security incident advisory to reflect what it now believes to be a more realistic and slightly smaller number of guests that were impacted. After weeks of
0 Comments
by John E Dunn For anyone who believes vein authentication is more secure than fingerprints or facial recognition, we have good news – researchers have just showed how the technology can be beaten. Before we explain why that statement isn’t a contradiction, let’s dive a bit deeper into what researchers Jan Krissler and Julian Albrecht
0 Comments
A unique phishing template using fake fonts to evade detection and to better steal user credentials for a major US bank has been discovered, according to new research from Proofpoint. Researchers identified what they are calling a first-of-its kind phishing template that uses fake fonts to exploit web font features typically used by developers to deploy a
0 Comments
Researchers at Trend Micro discovered spyware that had successfully disguised itself as a legitimate Android application. Initially found in a game called Flappy Birr Dog, the malware has been widely distributed, affecting users from 196 different countries. According to research, the application was available on Google Play and had more than 100,000 recorded downloads from