One third of enterprise iOS devices vulnerable to app, data hijacking attacks
Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable. The vulnerabilities allow for so-called Masque attacks because they involve the impersonation of existing apps or their components. […] more…Banks get attacked four times more than other industries
Modern-day criminals are still following Willie Sutton’s example of going after banks “because there’s where the money is.” According to a new report from Websense Security Labs, the average number of attacks against financial services institutions is four times higher than that of companies in other industries. In addition, a third of all initial-stage reconnaissance […] more…Digging Into the Deep Web
Mention the “Deep Web” and most people will instantly associate it with the part of the Internet used for nefarious and illegal activities. For others, it is this inaccessible side of the Web, the one that requires a lot of technical skill and know-how to reach. Although these assumptions are somewhat correct, they only cover […] more…Smartphone ‘kill switch’ effectively thwarts thieves
Smartphones thefts dropped sharply last year, thanks to security innovations such as Apple’s “Find My Phone” remote-locator feature. However, a surprising number of consumers still don’t protect their phones with password locks, according to a survey from Consumer Reports. An estimated 2.1 million Americans had phones stolen last year, down from 3.1 million in 2013, […] more…Windows Server 2003 End of Life: You Can’t RIP
Windows XP reached end of support last year and now it’s time for another end of life—Windows Server 2003. On July 14, 2015, this widely deployed Microsoft operating system will reach its end of life—a long run since its launch in April 2003. Estimates on the number of still-active Windows Server 2003 users vary from […] more…Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries
We first discovered MalumPoS, a new attack tool that threat actors can reconfigure to breach any PoS system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries. Oracle claims that MICROS is used in […] more…DNS Changer Malware Sets Sights on Home Routers
Home routers can be used to steal user credentials, and most people just don’t know it yet. Bad guys have found ways to use Domain Name System (DNS) changer malware to turn the most inconspicuous network router into a vital tool for their schemes. Attacks that use DNS changer malware aren’t new, but this is […] more…Grabit and the RATs
Not so long ago, Kaspersky clients in the United States approached Kaspersky researchers with a request to investigate a new type of malicious software that they were able to recover from their organizations’ servers. The malware calls itself Grabit and is distinctive because of its versatile behavior. Every sample we found was different in size […] more…Does CCTV put the public at risk of cyberattack?
The research was originally presented at DefCon 2014. It has been published as part of Kaspersky Lab’s support of Securing Smart Cities – a global not-for-profit initiative that aims to solve the existing and future cybersecurity problems of smart cities through collaboration between companies, governments, media outlets, not-for-profit initiatives and individuals across the world. Thomas […] more…Chrome Lure Used in Facebook Attack despite Google’s New Policy
Just how effective is it for cybercriminals to keep using Google Chrome and Facebook to infect their victims with malware? We’ve already seen both platforms be used as parts of malicious social engineering schemes. Both Google and Facebook are aware of this and have taken steps to protect their users. The number of times malicious […] more…Attack of the Solo Cybercriminals – Frapstar in Canada
By now cybercrime has become the fastest growing criminal enterprise of the 21st century, run by efficient organizations with great professionalism. Today, news headlines are mostly about large-scale breaches orchestrated by large criminal syndicates. But smaller one-man operations can be equally devastating to the unwitting home users and businesses. This reminds us that cyber criminals […] more…[1Q 2015 Security Roundup] Bad Ads and Zero Days: Reemerging Threats Challenge Trust in Supply Chains and Best Practices
Best practices are failing. No matter how good you are at sticking to them, they can no longer guarantee your safety against the simplest threats we saw last quarter. Malicious advertisements are in the sites you frequent, data-leaking apps come preinstalled in your gadgets, and data-encrypting malware run silently in your office networks. Even the […] more…Spam and Phishing in the First Quarter of 2015
Spam: features of the quarter New domain zones In January 2014 the New gTLD program of registration for new generic top-level domains designated for certain types of communities and organizations was launched. The main advantage of this program is the opportunity for organizations to choose a domain zone that is clearly consistent with their activities […] more…The Upload: Your tech news briefing for Tuesday, May 12
Verizon offers $4.4 billion for AOL Verizon said Tuesday that it plans to spend $4.4 billion to buy AOL, which was once a leader in Internet connectivity but has struggled to find its way as a content provider and online advertising platform. AOL still has a subscription business—anecdotally, aged users who don’t know they can […] more…The best way to protect passwords may be creating fake ones
Password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles’ heel: Usually, a single master password unlocks the entire vault. But a group of researchers has developed a type of password manager that creates decoy password vaults if a wrong master password […] more…Identifying and Dividing Networks and Users
Proper network segmentation is the most critical proactive step in protecting networks against targeted attacks. It is also important for organization to properly identify and categorize their own users and the networks they access. This is an important task as it allows an administrator to properly segment both user privileges and network traffic. Some users will […] more…More information
- Twenty Reasons To Jailbreak iOS 5
- Spam That Fits Your Website
- Large Florida School District Hit by Ransomware Attack
- Insulin-making cells created by Dolly-cloning method
- Security tech firms hit jackpot in Asia casino boom
- Weev invoices feds for ‘kidnapping’ him for 3 years
- Like WiFi at work? Then don’t work for the government
- "Dust Storm" Attackers Target Japanese Critical Infrastructure
- Nearly 2/3 of Industrial Companies Lack Security Monitoring
- Open-source project, Crypton, seeks to make encryption easier