Security

0 Comments
The Chinese hacking community operates by-and-large out in the open, using code words to avoid government scrutiny and benefitting from state support when attacks are aimed outside the country, according to a new report. While most news analysis of Chinese cyber-attacks focuses on state-sponsored campaigns, there is in fact a thriving and fast-maturing domestic cybercrime
0 Comments
by Lisa Vaas Here’s what the Wall Street Journal reported on Monday: Facebook has asked big banks to share their customers’ personal financial data, including card transactions and checking-account balances. And here, basically, was the response from anybody who’s ever heard of Cambridge Analytica: Hysterical laughter with a bit of “Oh, hell NO. We should
0 Comments
by Mark Stockley For two and a half years someone has been terrorising organisations by breaking in to their networks and infecting their computers with devastating, file-encrypting malware known as SamSam. The attacks are regular, but rarer and more sophisticated than typical ransomware attacks, and the perpetrators extort eye-watering, five-figure ransoms to undo the damage they
0 Comments
The FBI has been forced to post a public service announcement warning of the dangers of unprotected IoT devices. In another sign of the growing threat posed by compromised smart devices, the update late last week claimed that attackers are using them as proxies to maintain anonymity and obfuscate network traffic. Doing so enables them
0 Comments
A newly discovered adversarial group has been targeting operations in electrical utilities in the US, according to Dragos. The activity group, dubbed RASPITE, has reportedly been active in some capacity since early to mid-2017. Dragos has confirmed that RASPITE is now targeting ICS, specifically electric utilities in the US, Europe, Middle East and East Asia. While
0 Comments
by Lisa Vaas The DOJ announced on Wednesday that three alleged, “high-ranking” members of the notorious Fin7 cybercrime organization have been arrested. According to three federal indictments, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are allegedly members of a prolific, professional, highly adaptable hacking group widely known as Fin7, though
0 Comments
A national nonprofit organization, SecureSet Foundation, created by SecureSet Academy, aims to increase diversity in the cybersecurity workforce by offering financial assistance, according to a press release from SecureSet Academy. The creation of the SecureSet Foundation will enable individuals to enhance and build their professional skills in the field of cybersecurity, which will also help
0 Comments
The vast majority of small to medium-sized businesses (SMBs) rank security as their top priority, though less than a third of those organizations have a dedicated IT security professional on staff, according to 2018 SMB IT Security Report, released today by Untangle. More than 350 SMBs worldwide participated in the survey, which attempted to gauge their
0 Comments
The Department of Homeland Security (DHS) has announced the creation of a new cyber-risk management center intended to protect the nation’s banks, energy companies and other industries from potentially crippling cyber-attacks on critical infrastructure, according to agency officials who spoke at the 31 July cybersecurity summit hosted by DHS. DHS Secretary Kirstjen Neilsen led a
0 Comments
Attackers are leveraging a new technique that allows them to run a specious file that looks legitimate but is actually malicious, according to the research team at Cyberbit. The component object model (COM) hijacking technique, usually used for attackers as a persistence mechanism, also has evasive capabilities. A proof-of-concept experiment run by the Cyberbit research
0 Comments
By using the HiBids advertising platform, cyber-criminals have been delivering malicious advertisements to millions of victims worldwide in a large-scale malvertising and banking Trojan campaign, according to researchers at Check Point. These malicious ads can infect the PC or mobile device of the person viewing the ads with malware, such as a crypto-miner, ransomware or a banking
0 Comments
In an effort to deliver more robust application and data security solutions that protect enterprises against attacks from cyber-criminals, California-based Imperva Inc. announced that it will acquire the Los Angeles-based application security company Prevoty. The deal, which is expected to close in Q3 2018, has an estimated value of $140m. The Prevoty office will become an Imperva location.
0 Comments
A flaw in the website design for LifeLock, a company charged with protecting the identity of its online customers, resulted in millions of customer accounts being exposed, according to KrebsonSecurity. A vulnerability in the site, which reportedly lacked authentication and security, has been fixed, but the breach highlights the larger security concerns inherent in web application security. Of
0 Comments
Android users have been warned about another Exobot banking malware source code (v. 2.5) that was leaked online. It was first detected in May 2018 and has been dubbed “Trump Edition.” The leak is expected to result in a surge of malicious Android apps given that the malware source code is now available in dark
0 Comments
by Naked Security writer Happy SysAdmin Day! If you’re a System Administrator at work, then you’re definitely IT support at home as well. In fact, if you’re reading an article on Naked Security then you’re almost certainly the least non-technical user in your family, and that means you’re IT support at home too. And that