Saks, Lord & Taylor Stores Hit by Data Breach
A data breach at Saks Fifth Avenue and Lord & Taylor stores in North America exposed customer payment card data, parent company Hudson’s Bay Company (HBC) announced on Sunday. The hack, which also impacted its discount store brand Saks OFF 5TH, did not appear to affect HBC’s e-commerce or other digital platforms. “We identified the […] more…Would Facebook and Cambridge Analytica be in Breach of GDPR?
The Cambridge Analytica (CA) and Facebook accusations over the U.S. 2016 presidential election campaign, and to a lesser extent between CA and the UK’s Brexit VoteLeave campaign, are — if proven true — morally reprehensible. It is not immediately clear, however, whether they are legally reprehensible. The matter is currently under investigation on both sides […] more…Crypto Mining Rampant in Higher Education
Figures from an analysis of 4.5 million monitored devices across 246 companies show that for every 10,000 devices and workloads, 165 contain active threats. The majority are given a low (113) or medium (18) threat priority; but 34 are ranked high or critical, requiring immediate attention. Deeper analysis of these figures in Vectra’s 2018 Attacker […] more…Separating the Signal from Noise
In security operations, we frequently talk about the difficulties in separating the signal from the noise to detect legitimate threats and disregard false alarms. Data overload is a common problem and triage becomes a critical skill to hone and develop. As the chief information security officer (CISO) for McAfee, I am aware at multiple levels […] more…Ransomware Hits City of Atlanta
A ransomware attack — possibly a variant of SamSam — has affected some customer-facing applications and some internal services at the City of Atlanta. The FBI and incident response teams from Microsoft and Cisco are investigating. The city’s police department, water services and airport are not affected. The attack was detected early on Thursday morning. […] more…Growing Mistrust Threatens Facebook After Data Mining Scandal
As Facebook reels from the scandal over hijacked personal data, a movement to quit the social network gathered momentum Wednesday, portending threats to one of the most powerful internet firms. In a sign of the mood, one of those calling it quits was a high-profile co-founder of the WhatsApp messaging service acquired by Facebook in […] more…Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion […] more…Oil and Gas Sector in Middle East Hit by Serious Security Incidents
Many oil and gas companies in the Middle East reported suffering at least one serious security incident in the past year, according to a study conducted by Ponemon Institute on behalf of German industrial giant Siemens. Nearly 200 individuals responsible for overseeing cybersecurity risk in oil and gas companies in the Middle East have taken […] more…F-Secure Looks to Address Cyber Security Risks in Aviation Industry
Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has certain conceptual similarities; including, for example, a vital operational technology infrastructure with increasing internet connectivity, and the associated cyber risks. It also has one major difference — […] more…Microsoft Publishes Bi-annual Security Intelligence Report (SIR)
Microsoft’s 23rd bi-annual Security Intelligence Report (SIR) focuses on three topics: the disruption of the Gamarue (aka Andromeda) botnet, evolving hacker methodologies, and ransomware. It draws on the data analysis of Microsoft’s global estate since February 2017, including 400 billion email messages scanned, 450 billion authentications, and 18+ billion Bing webpage scans every month; together […] more…Cyber-Attack Prevention Firm Solebit Raises $11 Million
Tel Aviv-based cyber-attack prevention firm Solebit Labs, currently establishing new global headquarters in Silicon Valley, has announced completion of an $11 million Series A funding round led by ClearSky Security. Solebit was founded in 2014 by Boris Vaynberg, Meni Farjon, and Yossi Sara — all of whom graduated from Israel’s IDF technology units. The funding […] more…Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia. Third party security researchers named the MuddyWater campaign as such because of the difficulties in attributing the attacks. […] more…DDoS Attacks in the Netherlands Reveal Teen Gamers on Troublesome Path
At the end of January, the Netherlands was plagued by distributed denial of service (DDoS) attacks targeting various financial institutions, tech sites, and the Dutch tax authorities. At the time of the attacks it was unclear who was responsible, and this led to speculation among security experts. Coincidentally, the attacks started a few days after […] more…First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services
By Lorin Wu We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has […] more…qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
by Jaromir Horejsi (Threat Researcher) We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infecting Microsoft Word’s Normal template (normal.dot template) upon which all new, blank Word documents are based. Further scrutiny into qkG also […] more…KRACKs Against Wi-Fi Serious But Not End of the World
On October 12, researcher Mathy Vanhoef announced a set of Wi-Fi attacks that he named KRACKs, for key reinstallation attacks. These attack scenarios are against the WPA2 authentication and encryption key establishment portions of the most recent set of protocols. The technique is through key reinstallation. The attack can potentially allow attackers to send attacker […] more…More information
- Github hit by massive password guessing attack
- PGP, TrueCrypt-encrypted files CRACKED by GBP300 tool
- Microsoft Exchange Server CVE-2018-8604 Tampering Security Bypass Vulnerability
- Microsoft Criticized Over Handling of Critical Power Platform Vulnerability
- Resolved: Box not available.
- Microsoft Word Intruder Revealed – inside a malware construction kit
- Apple Working on Patch for New Year’s Eve macOS Flaw
- Update: e-steward, imaging, and anti-virus/WSUS services are down
- Microsoft Edge CVE-2017-0065 Information Disclosure Vulnerability
- Honeywell to Open Industrial Cyber Security Center Singapore