RSA Influencers Identify Cybersecurity’s Top Issues
More interest, more news, and more money are swirling through the cybersecurity industry than perhaps ever before. Data breaches make headlines, shape elections, and lead to Congressional hearings. Artificial intelligence tools wow the public and stretch the limits of the imagination. And the 40,000 RSA Conference attendees pouring into San Francisco are not impressed. Cybersecurity […] more…Mirai-like Scanning Activity Detected From China, With Targets in Brazil
by Trend Micro IoT Reputation Service Team Our network monitoring system recently detected an enormous amount of Mirai-like scanning activity from China. From 1:00 p.m. UTC on March 31 to 12:00 a.m. UTC on April 3, our team detected an influx of activity coming from 3,423 IP addresses of scanners. Brazil appeared to be the […] more…Facebook’s Sandberg Says Other Cases of Data Misuse Possible
Facebook was aware more than two years ago of Cambridge Analytica’s harvesting of the personal profiles of up to 87 million users and cannot rule out other cases of abuse of user data, chief operating officer Sheryl Sandberg said. Sandberg, who joined Facebook in 2008 from Google, has been largely silent since the privacy scandal […] more…RSA to Acquire Behavioral Analytics Firm Fortscale
RSA on Thursday announced that it has entered an agreement to acquire Fortscale, a company that provides behavioral analytics solutions. Financial terms of the deal have not been disclosed. Fortscale’s technology is designed to identify threats using a combination of predictive, big data analytics and machine learning. It automatically identifies deviations from normal behavior and […] more…New Strain of ATM Jackpotting Malware Discovered
A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains […] more…Best Buy Hit by [24]7.ai Payment Card Breach
After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai. Similar to Delta and Sears, Best Buy contracted [24]7.ai for online chat/support services. The retailer says it will […] more…Microsoft Adds New Security Features to Office 365
Microsoft today announced new protections for Office 365 Home and Office 365 Personal subscribers, aimed at helping them recover files, protect data, and defend against malware. Courtesy of the newly announced protections, Office 365 Home and Office 365 Personal users can now recover their files after a malicious attack like ransomware, Kirk Koenigsbauer, Corporate Vice […] more…New macOS Backdoor Linked to Cyber-espionage Group
A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced […] more…Mitigating Digital Risk from the Android PC in Your Pocket
Security Teams Must Prioritize Risk Mitigation Against Android Malware Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users’ computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing […] more…Challenges in Securing Connected Hospitals
By Mayra Rosario Fuentes and Numaan Huq (Senior Threat Researchers) In our latest research paper on healthcare cybersecurity, Securing Connected Hospitals, which was produced in partnership with HITRUST, we examined internet-connected medical-related devices and systems such as databases, hospital admin consoles, and medical devices. We also looked into the supply chain, which has been an […] more…Understanding Code Signing Abuse in Malware Campaigns
Using a machine learning system, we analyzed 3 million software downloads, involving hundreds of thousands of internet-connected machines, and provide insights in this three-part blog series. In the first part of this series, we took a closer look at unpopular software downloads and the risks they pose to organizations. We also briefly mentioned the problem […] more…AWS Launches New Tools for Firewalls, Certificates, Credentials
Amazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials. Private Certificate Authority One of the new services is called Private Certificate Authority (CA) and it’s part of the AWS Certificate Manager (ACM). The Private CA allows […] more…Teen Gaming, Cybersecurity Specialist Training
Many of us parents have a love/hate relationship with teen gaming. While it seems to cast a spell over many kids and lure them into a trance, gaming does provide some quite welcome ‘time-out’ for all family members! But I can honestly say that in my household, disputes over allocated ‘Xbox’ time would be by […] more…North Korean Hackers Behind Online Casino Attack: Report
The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist […] more…New MacOS Backdoor Linked to OceanLotus Found
We identified a MacOS backdoor (detected by Trend Micro as OSX_OCEANLOTUS.D) that we believe is the latest version of a threat used by OceanLotus (a.k.a. APT 32, APT-C-00, SeaLotus, and Cobalt Kitty). OceanLotus was responsible for launching targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms. The attackers behind OSX_OCEANLOTUS.D […] more…IoT Security Firm Red Balloon Raises $22 Million
Red Balloon Security, a provider of embedded device security solutions, announced on Wednesday that it has secured $21.9 million through a Series A funding round led by Bain Capital Ventures. This latest round of funding brings the company’s total funding to $23.5 million. The company’s flagship Symbiote Defense technology helps customers to detect and defend […] more…More information
- CVE-2019-0725: An Analysis of Its Exploitability
- The Weekly Hash – December 7, 2012
- Baton Rouge database of police details exposed over killing of Alton Sterling
- UK Spy Agency Joins NSA in Sharing Zero-Day Disclosure Process
- Penn State Hershey Router Upgrades
- Apple unveils new Macs with faster M2 Pro, M2 Max chips
- Critical Apache Commons Text Flaw Compared to Log4Shell, But Not as Widespread
- Hacker groups penetrate sensitive Navy computer networks
- How to reclaim your privacy in Windows 10, piece by piece
- Tech Talk: Ways to Help Your Child Conquer Back-To-School Fears