Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
by Fyodor Yarochkin (Senior Threat Researcher) We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian […] more…How Machine Learning Can Help Identify Web Defacement Campaigns
By Federico Maggi, Marco Balduzzi, Ryan Flores, and Vincenzo Ciancaglini Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a […] more…Trojan watch
We continue to research how proliferation of IoT devices affects the daily lives of users and their information security. In our previous study, we touched upon ways of intercepting authentication data using single-board microcomputers. This time, we turned out attention to wearable devices: smartwatches and fitness trackers. Or more precisely, the accelerometers and gyroscopes inside […] more…Perspectives On Securing Our Election Systems
I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our […] more…What’s New in the World of Ransomware?
Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone […] more…McAfee Relaunches Award-Winning Online Safety Program for Kids
With an updated curriculum and new cybersecurity career module, McAfee’s Online Safety Program for Kids is set to reach new heights Online safety is an area that now touches nearly everyone – from corporate CEOs and governments to grandparents and children. It’s also why nearly 130 countries come together on Safer Internet Day to raise […] more…IoT Devices: The Gift that Keeps on Giving… to Hackers
McAfee Advanced Threat Research on Most Hackable Gifts You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. The sale of these “Internet-of-Things” (IoT) devices is expected to reach 600 million units this year[1] and, unfortunately, […] more…Why Social Engineering is a Scammer’s Secret Weapon
Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same. Social engineering can happen online, over the phone, or even in […] more…The Top 5 Scariest Mobile Threats
Halloween has to be one of my favorite holidays of the year. Creative costumes, buckets of candy, and pumpkin spice lattes make All Hallows’ Eve a memorable event for people of all ages. But what I love most about Halloween is the traditions associated with it: pumpkin carving, trick or treating and bobbing for apples […] more…Dnsmasq: A Reality Check and Remediation Practices
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options. Based on Censys and Shodan data, […] more…The Future of Cyber Safety: Could Artificial Intelligence Be The Silver Bullet?
Stay Safe Online Week 2017 Cyber safety: outsourcing to experts makes such sense! Like most multi-tasking millennium mums, I’m a BIG fan of outsourcing: ironing, cleaning and gardening – it just makes such sense! Why not get an expert involved so you can focus on the things you love? Smart, I say! But did you […] more…Oh No! 8 Signs that Grandma’s Getting Baited by a Catfish!
His name was Colonel Lance Shimmeroff. He was a retired U.S. Army officer and happened to be an ace Words With Friends player, according to my 75-year-old mother, who no one in the family could beat at the online game. They played the game often, and he impressed with his word combinations and witty banter. […] more…Instagram Takes Huge Step to Filter Bullies, Become a Kinder Social Hub
You’re a jerk. You’re a fat pig. You’re disgusting. It’s hard to imagine seeing these words written about anyone, but it happens every minute online. But hopefully, Instagram users will be noticing a kinder vibe thanks to the platform’s decision to automatically delete hateful, bullying comments. Instagram, the third most popular social network with 700 […] more…The New Intern-Net
By Cristina Barrera, Channel Team Intern in Plano, Texas. As a college student today, it often feels like it’s essential to get top grades, volunteer, participate in sports, play an instrument, and find a cure for a rare disease in my spare time just to get a job interview. And now, on top of this, […] more…Running from Ransomware: A Mobile User’s Guide
From the second my alarm goes off, my day goes 100 miles a minute. In addition to getting myself ready for work, I have to pack my kids some brag-worthy lunches, conquer the stack of unwashed dishes in the sink from the night before, and make sure that everyone is out the door on time. […] more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…More information
- Identifying and Mitigating SQL Injection in WordPress Plugins: A Case Study with Perfect Survey v1.5.1
- Apple-FBI Encryption Showdown Postponed, for Now
- Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover
- Fun with statistics: Who hates Java the most?
- Plone dismisses claim that flaw in its CMS was used to hack FBI
- Data Breach at Onsite Mammography Impacts 350,000
- Web vendor CafePress fined $500,000 for giving cybersecurity a low value
- Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown
- iPads for kids program sets off password security alarms for parents
- How to end a romance scam