IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last […] more…How To Sidestep Popular Social Scams
Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you […] more…APT review of the year
What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it’s never possible to really understand the motivations of some attacks or the developments behind them. Still, with the benefit of hindsight, let’s […] more…Firefox adds in-browser notification of breached sites
Mozilla has added a data breach notification to Firefox that warns the browser’s users when their email address and credentials may have been obtained by hackers. Dubbed Firefox Monitor, the free breach notification service debuted in September after some testing during the summer. Anyone — not only Firefox users — can steer to the service […] more…Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
by Fyodor Yarochkin (Senior Threat Researcher) We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian […] more…How Machine Learning Can Help Identify Web Defacement Campaigns
By Federico Maggi, Marco Balduzzi, Ryan Flores, and Vincenzo Ciancaglini Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a […] more…Streamin’ in the Sun – Your Essential Checklist for Safely Watching this Summer’s Biggest Events Online
With several major European sporting events, music festivals and a huge royal wedding on the way, this summer is set to be filled with many must-see moments. For those occasions where a television isn’t close by or the content is not freely available, many of us may resort to streaming services so that we can […] more…WannaCry One Year Later: Looking Back at a Milestone
Has it been a year? It seems longer. When the WannaCry ransomware attack hit tens of thousands of individuals and business around the world on May 12, 2017, it wasn’t the first time we had seen ransomware, but its impact was unique and lasting. We’ve all known for decades about hackers, information thefts, computer viruses […] more…Perspectives On Securing Our Election Systems
I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our […] more…The Top 5 Scariest Mobile Threats
Halloween has to be one of my favorite holidays of the year. Creative costumes, buckets of candy, and pumpkin spice lattes make All Hallows’ Eve a memorable event for people of all ages. But what I love most about Halloween is the traditions associated with it: pumpkin carving, trick or treating and bobbing for apples […] more…The Future of Cyber Safety: Could Artificial Intelligence Be The Silver Bullet?
Stay Safe Online Week 2017 Cyber safety: outsourcing to experts makes such sense! Like most multi-tasking millennium mums, I’m a BIG fan of outsourcing: ironing, cleaning and gardening – it just makes such sense! Why not get an expert involved so you can focus on the things you love? Smart, I say! But did you […] more…To Unplug Or Not To Unplug? That Is The Holiday Question
If you’re heading away these holidays, it’s likely you’ve workshopped the idea of whether to ‘unplug’ – and I’m not referring to turning off your electricity. Unplugging means turning off devices and disconnecting from the internet – yes, a digital detox! Deep breaths, people, we can talk about this calmly. New research commissioned by McAfee […] more…McAfee Applauds “Cyber Scholarship Opportunities Act of 2017”
By Lisa Depew, Head of Industry and Academic Outreach, McAfee The “Cyber Scholarship Opportunities Act of 2017,” which is sponsored by Sens. Roger Wicker (R-Miss.) and Tim Kaine (D-Va.) and was recently approved by the Senate Commerce, Science and Transportation Committee, is welcome news for those increasingly worried about the cybersecurity workforce shortage. A report […] more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…10 Tips To Stay Safe Online
With hacks, scams, malware and more, the Internet can feel like a dangerous place these days. And, the recent proliferation of devices, from smartphones and tablets to Internet-connected appliances, has opened us up to even greater risks. But the good news is that by taking just a small handful of security measures we can greatly […] more…Malware: 5 Tips for Fighting the Malicious Software
Malware—the term seems to be at the center of the news every day, with each headline telling of a new way the cyber threat has inserted itself into our lives. From an entire attack campaign on banks worldwide, to a strain residing within medical devices, to a variant that has learned to self-heal, the list […] more…More information
- Adobe Flash Player APSB16-29 Multiple Unspecified Memory Corruption Vulnerabilities
- Resolved: Changes to ANGEL Login for beginning of fall semester
- Companies move to drop college degree requirements for new hires, focus on skills
- iPhones are a security threat to the state, China claims
- ‘Baby yoga’ video throws Facebook into a culture/censorship war
- Resolved: email.psu.edu software upgrade
- Critical Vulnerabilities Allow Takeover of D-Link Routers
- ICO to investigate Tesco following data security claims
- Apple could bring Face ID to iPad Pro
- Samsung officially debuts Galaxy S10 smartphone after weeks of rumors, leaks