Security

0 Comments
Despite the session’s name, “Two Points of View: Collaboration and Disclosure: Balancing Openness About Cyber Security with Managing Risk and Reputation,” panelists at today’s Infosecurity North America conference were actually in agreement about sharing threat intelligence.  Moderated by Joseph Gittens, director, standards, Security Industry Association, the panelists explored the different channels by which information can and
0 Comments
Finding and keeping talent in the cybersecurity industry is a challenge for organizations of all sizes around the globe. As a result, the talent market is highly competitive, which is why a panel of experts came together at this year’s Infosecurity North America conference in New York to talk about building an effective cybersecurity team
0 Comments
by John E Dunn Cybercriminals have returned to old-school manual hacking tactics to boost the efficiency of targeted extortion, according to research conducted for the SophosLabs 2019 Threat Report. Ransomware attacks are nothing new, but well known examples like CryptoLocker or WannaCry have tended to be opportunistic and indiscriminate. To penetrate their targets they rely on
0 Comments
Nordstrom is the latest victim in a long line of data breaches suffered across the retail sector, according to The Seattle Times. The Seattle-based retailer suffered a data breach in which a wide range of personal information was exposed. In addition to disclosing employee names, their Social Security numbers and dates of birth, checking account and
0 Comments
To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs. The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System
0 Comments
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams. According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the
0 Comments
Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine. In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it
0 Comments
In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks’ networks. “The operation known as ‘FASTCash’ has enabled Lazarus,
0 Comments
by Paul Ducklin This week: hyperthreading considered harmful, how to avoid lock screen hacks, and what happens when cryptocurrency exchanges implode. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. LISTEN NOW (Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.) If you enjoy the podcast, please share it
0 Comments
A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November blog post, researchers said that if the vulnerability is exploited, it would give shop managers – employees of the store that can manage orders, products and
0 Comments
With no explanation, the Supreme Court declined to hear an appeal of the net neutrality case, according to The Hill.  Justice Kavanaugh and Chief Justice John Roberts recused themselves from the vote.  In opting not to hear the case, SCOTUS leaves in place the existing high court ruling that the FCC has the authority to regulate
0 Comments
A new Consumer Data Protection Act was proposed on October 31 by Senator Ron Wyden from Oregon. The senator has long been an advocate of cybersecurity and privacy issues, and his new bill proposes strict penalties – including fines and prison time – for companies that violate consumer privacy, according to a press release. The
0 Comments
Researchers found two vulnerabilities that could impact popular wireless access points and compromise enterprise networks if exploited, according to TechCrunch. The pair of bugs were reportedly found in chips built by Texas Instruments. Networking device makers such as Aruba, Cisco and Meraki commonly build the Bluetooth Low Energy chips into their line-up of enterprise wireless access points. While the
0 Comments
by Lisa Vaas Anonymous Coward, in commenting on a report from The Register about vulnerabilities that expose people’s browsing histories, pithily sums up potential repercussions like so: Sweetheart, whats this ‘saucyferrets.com’ site I found in your browsing history? If you value your privacy and your ferret predilections, be advised that in August, security researchers from
0 Comments
Iran’s critical infrastructure and strategic networks were attacked with what is reportedly a more sophisticated variant of the decade-old Stuxnet attack, according to Reuters. Iran’s head of civil defense agency, Gholamreza Jalali, told reporters that the newly discovered next-generation of Stuxnet that was trying to enter the systems consisted of several parts. At a live
0 Comments
Emails continue to be cyber-criminals’ vector of choice for distributing malware and phishing, according to a report released today by Proofpoint. The Quarterly Threat Report Q3 2018 found that the frequency of email fraud attacks and the number of individuals targeted per organization are continuing to rise. Credential-stealing banking Trojans comprised 94% of malicious payloads, and