Online Sandbox Services Used to Exfiltrate Data: Researcher
Attackers can use online sandbox services to exfiltrate data from an isolated network, a SafeBreach security researcher has discovered. The new research is based on the discovery that cloud anti-virus programs can be exploited for data pilfering. Last year, SafeBreach Labs’ Itzik Kotler and Amit Klein demonstrated proof-of-concept (PoC) malware abusing this exfiltration method, and […] more…Orbitz Data Breach Impacts 880,000 Payment Cards
Expedia-owned travel website Orbitz announced on Tuesday that it has discovered and addressed a data security incident affecting hundreds of thousands of users. In a statement provided to SecurityWeek and other news websites, Orbitz revealed that malicious actors apparently gained access to a legacy platform between October 1 and December 22, 2017. The attackers may […] more…AV Test Android Results 2018
2017 marked not only an explosion in mobile malware but also showed dramatic changes in the mobile landscape, setting up this year to be one of the riskiest years yet. In 2018, there will be an estimated five billion mobile subscribers worldwide which could be enticing bait for malware authors, who have ramped up the […] more…The Security Spending Paradox
A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches to information security and how to prevent being victimized by cyber-attacks. As always, the expo […] more…XM Cyber Unveils Automated Purple-Teaming at Speed and Scale
Israeli Cybersecurity Startup Launches Automated Advanced Persistent Threat (APT) Simulation Platform Penetration testing is the most effective method of testing whether existing security policy stands up against advanced attackers, but it doesn’t scale well to large, dynamic networks, and only provides a single conclusion at a specific point in time. The solution is clearly automation. XM […] more…Oil and Gas Sector in Middle East Hit by Serious Security Incidents
Many oil and gas companies in the Middle East reported suffering at least one serious security incident in the past year, according to a study conducted by Ponemon Institute on behalf of German industrial giant Siemens. Nearly 200 individuals responsible for overseeing cybersecurity risk in oil and gas companies in the Middle East have taken […] more…Telegram Must Give FSB Encryption Keys: Russian Court
Moscow – Russia’s Supreme Court on Tuesday ruled the popular Telegram messenger app must provide the country’s security services with encryption keys to read users’ messaging data, agencies reported. Media watchdog Roskomnadzor instructed Telegram to “provide the FSB with the necessary information to decode electronic messages received, transmitted, or being sent” within 15 days, it […] more…Coverity Scan Hacked, Abused for Cryptocurrency Mining
Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining. Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. […] more…The Ripple Effect of the Hansa Takedown
For nearly a decade we have witnessed the systemic rise and fall “dark net” markets. Each time a site is taken down by law enforcement, we see other, opportunistic ones capitalize on buyers looking for new places to purchase illegal goods. Last year we explored the takedowns of the popular black markets AlphaBay and Hansa […] more…AMD Chip Flaws Confirmed by More Researchers
Another cybersecurity firm has independently confirmed some of the AMD processor vulnerabilities discovered by Israel-based CTS Labs, but the controversial disclosure has not had a significant impact on the value of the chip giant’s stock. CTS Labs last week published a brief description of 13 allegedly critical vulnerabilities and backdoors found in EPYC and Ryzen […] more…Firefox Fails at Keeping Passwords Secure, Developer Claims
Recovering Encrypted Firefox Passwords via Brute Force Attacks is Easy, Developer Says Firefox does a poor job at securing stored passwords even if the user has set up a master password, a software developer claims. According to Wladimir Palant, author of the popular Adblock Plus extension, the password manager in Firefox and Thunderbird needs some […] more…F-Secure Looks to Address Cyber Security Risks in Aviation Industry
Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has certain conceptual similarities; including, for example, a vital operational technology infrastructure with increasing internet connectivity, and the associated cyber risks. It also has one major difference — […] more…Russian Cyberspies Hacked Routers in Energy Sector Attacks
A cyberespionage group believed to be operating out of Russia hijacked a Cisco router and abused it to obtain credentials that were later leveraged in attacks targeting energy companies in the United Kingdom, endpoint security firm Cylance reported on Friday. The United States last week announced sanctions against Russian spy agencies and more than a […] more…Preventing Business Email Compromise Requires a Human Touch
Human-powered Intelligence Plays a Critical Role in Defending Against Socially Engineered Attacks The FBI’s Internet Crime Complaint Center (IC3) declared Business Email Compromise (BEC) the “3.1 billion dollar scam” in 2016, an amount which then grew in the span of one year into a “5 billion dollar scam.” Trend Micro now projects those losses in […] more…California Bill Seeks to Adopt Strict Net Neutrality Despite FCC Ruling
As Americans wait to see whether net neutrality can gain enough support among lawmakers to invoke disapproval via the Congressional Review Act, individual states are not waiting — several are working on state laws to maintain net neutrality within their own borders. In December 2017, under the chairmanship of Ajit Pau, the FCC voted 3-2 […] more…US Accuses Russian Government of Hacking Infrastructure
The Russian government is behind a sustained hacking effort to take over the control systems of critical US infrastructure like nuclear power plants and water distribution, according to US cyber security investigators. A technical report released by the Department of Homeland Security on Thursday singled out Moscow as directing the ongoing effort that could give […] more…More information
- Microsoft Edge CVE-2018-8358 Security Bypass Vulnerability
- Microsoft ChakraCore Scripting Engine CVE-2018-8354 Remote Memory Corruption Vulnerability
- Telstra seeks IT specialists for billion-dollar Defence deal
- Awareness Training Firm CybeReady Opens U.S. Office With $5 Million Funding
- iTwo Maintenance December 2-4
- Don’t take fright – get web security right [PODCAST]
- Phisher Use Olympic Lottery Scams For Summer Games
- Five Slovenians arrested for $2.5M email banking fraud
- Pinterest diet spam – is the site doing enough to stop it?
- When it comes to IT hires, you get what you pay for