Security

0 Comments
On the heels of Iran driving a disinformation campaign on Facebook, researchers have discovered a spoofed university login page that appears to be part of a larger credentials theft campaign believed to be the work of COBALT DICKENS, a threat group associate with the Iranian government.  According to the Counter Threat Unit (CTU) research team
0 Comments
Two recent ransomware campaigns have earned attackers over $1m. According to Bleeping Computer, those behind the Ryuk ransomware earned over $640,000, while those operating a scam tactic to convince people there was a compromising video of the victim made $500,000 according to Motherboard. While the sextortion phishing scam was widespread, it did ask for $1400
0 Comments
Completing its acquisition of AlienVault, as revealed in July, AT&T will turn the threat intelligence vendor into its standalone Cybersecurity Solutions Division. To be led by AlienVault CEO Barmak Meftah and AT&T Business CEO Thaddeus Arroyo, the division will combine AlienVault’s foundational unified security management platform and Open Threat Exchange with AT&T’s suite of managed
0 Comments
A leading US healthcare organization (HCO) has admitted that a phishing attack last September may have led to the compromise of highly sensitive data on nearly half a million patients. Georgia-based Augusta University Health claimed it was notified by investigators on July 31 that a September 2017 phishing attack on hospital staff may have given the
0 Comments
New research from think tank Parliament Street has revealed that The National Health Service (NHS) has misplaced almost 10,000 records in the last year. Parliament Street liaised with 68 NHS Trusts to examine levels of reported missing or lost patient records, compiling its findings into the report NHS Data Security: Protecting Patient Records. The total
0 Comments
by Danny Bradbury Mozilla has wiped 23 extensions from its directory of Firefox browser add-ons after finding what it says were inappropriate functions in the code. The incident follows a report last week that German security add-on ‘Web Security’ had been misbehaving. Mozilla had highlighted the add-on in a blog post promoting a collection of
0 Comments
The increased number of firewalls within security infrastructures has created challenges, leaving many organizations struggling with basic firewall management, according to a new report from FireMon. In its fourth annual State of the Firewall report, FireMon polled 334 C-suite executives, IT practitioners and security professionals at global companies of all sizes to understand both the
0 Comments
by Danny Bradbury The Trump administration has rolled back rules that outlined how to launch cyberattacks on other nations. The decision, which has been under consideration for much of the year, could herald a more hawkish approach to cyberwarfare within the US government. Signed in 2012, the original Obama-era Presidential Policy Directive 20 (PPD-20) replaced
0 Comments
The Obama Presidential Policy Directive 20 (PPD-20) that outlined the interagency communications required for the US to deploy cyber-weapons was reversed by President Trump, according to a report from the Wall Street Journal Wednesday 15 August. Infosecurity Magazine contacted the White House for comment, but the Trump administration reportedly has not issued an official statement
0 Comments
Penetration tests help organizations gain a better understanding of how protected they are against cyber-attacks, and when Kaspersky Lab’s performed several dozen cybersecurity assessment tests on corporate networks, it found that the overall level of protection against external attackers was low or extremely low for almost half of the analyzed companies. The report, Security Assessment of Corporate
0 Comments
A campaign that began weeks ago and targeted approximately 2,700 Fortune 100 banking institutions in the US and around the world with a widespread botnet attack came to a sudden halt as of 15:37 EST on 15 August, according to researchers at Cofense. The phishing emails appeared to be coming from India and contained the
0 Comments
It likely comes as no surprise that cyber-criminals are financially motivated, but according to new research, many nefarious actors in the cyber world are also driven to a life of digital crime by ego as well as socioeconomic and psychological factors. As follow-up to the recent report Under the Hoodie: Lessons from a Season of
0 Comments
RSA Security has said it recovered over five million compromised cards from underground marketplaces and other sources in the last quarter, a 60% increase on the previous three months. The security vendor’s Quarterly Fraud Report for Q2 2018 also revealed that the threats facing consumers and brands have evolved slightly, with mobile playing a greater role.
0 Comments
by Paul Ducklin At the recent DEF CON cybersecurity conference in Las Vegas, macOS security researcher Patrick Wardle did something that the responsible disclosure doctrine says is a bit naughty. He “dropped 0day” on Apple’s macOS, meaning that he publicly revealed an exploit for which no patch is yet available. Exploits against unpatched vulnerabilities are
0 Comments
The vast majority of IT security professionals believe election infrastructure is at risk and that attackers will target voting data in transit, according to the latest stats from Venafi. The security vendor polled over 400 cybersecurity pros in the US, UK and Australia about their views on the subject, ahead of key mid-term elections in
0 Comments
The Chinese hacking community operates by-and-large out in the open, using code words to avoid government scrutiny and benefitting from state support when attacks are aimed outside the country, according to a new report. While most news analysis of Chinese cyber-attacks focuses on state-sponsored campaigns, there is in fact a thriving and fast-maturing domestic cybercrime