Microsoft Adds New Security Features to Office 365
Microsoft today announced new protections for Office 365 Home and Office 365 Personal subscribers, aimed at helping them recover files, protect data, and defend against malware. Courtesy of the newly announced protections, Office 365 Home and Office 365 Personal users can now recover their files after a malicious attack like ransomware, Kirk Koenigsbauer, Corporate Vice […] more…Financial Services DDoS Attacks Tied to Reaper Botnet
Recorded Future’s “Insikt” threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size […] more…Unprotected Switches Expose Critical Infrastructure to Attacks: Cisco
Cisco has advised organizations to ensure that their switches cannot be hacked via the Smart Install protocol. The networking giant has identified hundreds of thousands of exposed devices and warned that critical infrastructure could be at risk. The Cisco Smart Install Client is a legacy utility that allows no-touch installation of new Cisco switches. Roughly […] more…Intel Discontinues Keyboard App Affected by Critical Flaws
Serious vulnerabilities have been found in Intel’s Remote Keyboard application, but the company will not release any patches and instead advised users to uninstall the app. Introduced in June 2015, the Intel Remote Keyboard apps for Android and iOS allow users to wirelessly control their Intel NUC and Compute Stick devices from a smartphone or […] more…Improved Visibility a Top Priority for Security Analysts
Security Analysts Require Improved Visibility as well as Improved Threat Detection Vendors listen to existing and potential customers to understand how to improve their products over time. At the smallest level, they use focus groups. At the largest level they employ market research firms to query thousands or more respondents from relevant employments and industry […] more…Mitigating Digital Risk from the Android PC in Your Pocket
Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing […] more…Delta, Sears Hit by Card Breach at Online Services Firm
Delta Air Lines, Sears Holdings and likely other major companies have been hit by a payment card breach suffered last year by San Jose, CA-based online services provider [24]7.ai. In a brief statement published on Wednesday, [24]7.ai revealed that it had notified a “small number” of client companies of a security incident impacting payment card […] more…Understanding Code Signing Abuse in Malware Campaigns
Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem […] more…AWS Launches New Tools for Firewalls, Certificates, Credentials
Amazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials. Private Certificate Authority One of the new services is called Private Certificate Authority (CA) and it’s part of the AWS Certificate Manager (ACM). The Private CA allows […] more…Facebook to Offer ‘Clearer’ Terms on Privacy, Data Use
Facebook said Wednesday it is updating its terms on privacy and data sharing to give users a clearer picture of how the social network handles personal information. The move by Facebook follows a firestorm over the hijacking of personal information on tens of millions of users by a political consulting firm which sparked a raft […] more…Facebook Says 87 Million May be Affected by Data Breach
Facebook said Wednesday personal data on as many as 87 million users was improperly shared with British political consultancy Cambridge Analytica. The new figure eclipses a previous estimate of 50 million in a further embarrassment to the social network roiled by a privacy scandal. The announcement came as Facebook unveiled clearer terms of service to […] more…Companies Have Little Control Over User Accounts and Sensitive Files: Study
Lack of Control Over Sensitive Files Leaves Companies Open to GDPR Failure Security teams are urged to assume intruders are already on their networks. The quantity and frequency of data loss breaches lends credence to that assumption. The implication is that perimeter defenses are insufficient, and that sensitive data needs to be locked down as […] more…North Korean Hackers Behind Online Casino Attack: Report
The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist […] more…Critical Vulnerability Patched in Microsoft Malware Protection Engine
An update released this week by Microsoft for its Malware Protection Engine patches a vulnerability that can be exploited to take control of a system by placing a malicious file in a location where it would be scanned. The Microsoft Malware Protection Engine provides scanning, detection and cleaning capabilities for security software made by the […] more…IoT Security Firm Red Balloon Raises $22 Million
Red Balloon Security, a provider of embedded device security solutions, announced on Wednesday that it has secured $21.9 million through a Series A funding round led by Bain Capital Ventures. This latest round of funding brings the company’s total funding to $23.5 million. The company’s flagship Symbiote Defense technology helps customers to detect and defend […] more…Breaches Increasingly Discovered Internally: Mandiant
Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant. The company’s M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. […] more…More information
- Mini-review: A week with Apple’s lumpy new iPhone battery case
- BEC Losses Surpassed $1.7 Billion in 2019: FBI
- China says willing to work with US against hacking
- 100,000 Impacted by Jewish Home Lifecare Data Breach
- Bigger, better #HackWEEKDAY at this year’s HITBSecConf
- An Analysis of the “Destructive” Malware Behind FBI Warnings
- Drupal: Attacks Started Within Hours Of Patch Release
- This Is the Year Donald Trump Kills Net Neutrality
- The Truth About Micro-Segmentation: It’s Not About the Network (Part 1)
- Adobe drags Google into Microsoft’s Patch Tuesday