MERS News Used in Targeted Attack against Japanese Media Company
Attackers used news of the Middle East Respiratory Syndrome (MERS) outbreak as hook in a spear-phishing email sent to an employee of a popular Japanese mass media company. Using a free account from Yahoo! Mail to easily pass through anti-spam filters, the attackers copied publicly available information from the Internet to lure the recipient to […] more…Magento e-commerce platform targeted with sneaky code
Attackers are using a sneaky method to steal payment card data from websites using Magento, eBay’s widely used e-commerce platform. Researchers from Sucuri, a company that specializes in securing websites, said the attackers can collect any data submitted by a user to Magento but carefully filters out anything that doesn’t look like credit card data. […] more…Phishers target middle management
Phishing scammers have infiltrated the enterprise and they’re finding easy prey, but it’s not in the C-suite as previously thought. Attackers are exploiting the multitasking, often overloaded middle management ranks, according to research by security and compliance firm Proofpoint. “2014 was clearly the year that attackers went corporate, and they targeted middle management because it’s profitable,” […] more…Adobe patches zero-day Flash Player flaw used in targeted attacks
Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group. Over the past several weeks, a hacker group identified as APT3 by security firm FireEye has used the vulnerability to attack organizations from the aerospace, defense, construction, engineering, technology, telecommunications […] more…Top 10 botnet targets in the U.S. and worldwide
Level 3 botnet research report Every day, the security team at network services provider Level 3 Communications monitors approximately 1.3 billion security events; mitigates roughly 22 distributed denial of service (DDoS) attacks; and removes, on average, one control and command (C2) server network. In its new botnet research report, “Safeguarding the Internet,” Level 3 uses its […] more…Privacy settings smackdown: Facebook vs. Twitter vs. LinkedIn vs. Google+
Not all privacy settings are created equal Image by ITworld/Stephen Sauer Nearly three-quarters of people with access to the Internet use social networking sites, a number that has skyrocketed since early 2005, according to the Pew Research Center. As social networks continue to permeate our everyday lives, so do the privacy and security risks associated […] more…Be paranoid: 10 terrifying extreme hacks
Any device with a computer chip can be hacked, but not all hacks are created equal. In fact, in a world where tens of millions of computers are compromised by malware every year and nearly every company’s network is owned, truly innovative or thought-provoking hacks are few and far between. These extreme hacks rise above […] more…Duqu spy group also targeted telecommunications companies
The group behind the Duqu cyberespionage tool has compromised at least two telecommunications operators and one electronic equipment manufacturer, in addition to a cybersecurity firm and venues that hosted high-level nuclear negotiations between world powers and Iran. On Wednesday, Moscow-based antivirus firm Kaspersky Lab, which has been deeply involved in exposing sophisticated cyberespionage campaigns over […] more…DevOps orchestration tools represent a new risk to the enterprise
Editor’s note: After publishing CSO’s original story, we asked the two main sources to write first-person accounts of the standing of DevOps in security. You can find the counterpoint here. What was once a new, exciting, seldom-used methodology is now picking up steam across all industries. DevOps is becoming a preferred software development technique, and […] more…Cybercriminals increasingly target point of sales systems
The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America—but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world. Hacked point-of-sale (PoS) terminals were responsible for 65 percent of the […] more…Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries
We first discovered MalumPoS, a new attack tool that threat actors can reconfigure to breach any PoS system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries. Oracle claims that MICROS is used in […] more…Google levels up security at I/O with secure comms tool, better authentication
Google targeted people’s growing digital insecurity at its I/O developer conference this week with a number of new products that aim to protect communications and improve authentication. Project Vault is a new hardware device created by Google’s Advanced Technology and Products (ATAP) lab for people who need the absolute highest security for their communications. The […] more…Lessons learned from Flame, three years later
Three years ago, on May 28th 2012, we announced the discovery of a malware known as Flame. At the same time we published our FAQ, CrySyS Lab posted their thorough analysis of sKyWIper. A few days earlier, Maher CERT published IOCs for Flamer. In short, Flame, sKyWIper and Flamer are different names for the same […] more…DNS Changer Malware Sets Sights on Home Routers
Home routers can be used to steal user credentials, and most people just don’t know it yet. Bad guys have found ways to use Domain Name System (DNS) changer malware to turn the most inconspicuous network router into a vital tool for their schemes. Attacks that use DNS changer malware aren’t new, but this is […] more…IDG Contributor Network: Twitter mining can help protect facilities
News of the death of Whitney Houston, the Boston Marathon bombings and the raid on Osama Bin Laden were all tweeted before traditional media picked-up on the stories. With over 350,000 tweets sent per minute, by people all over the world, all going about their everyday lives, breaking news can show up on Twitter immediately—far […] more…Attackers use email spam to infect point-of-sale terminals with new malware
Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice. Researchers from security firm FireEye recently came across a spam campaign that used rogue email messages masquerading as job inquiries. The emails had fake resumes attached that were actually Word documents with an […] more…More information
- What is a Botnet?
- Two Exploited Vulnerabilities Patched in Android
- How to keep ransomware from human resources
- Resolved: Altoona campus voice mail system.
- CISA Adds Recent iOS, SonicWall Vulnerabilities to ‘Must Patch’ List
- Toyota Germany Says Customer Data Stolen in Ransomware Attack
- Resolved: Turnitin services to be affected by maintenance on July 10
- Pirated mobile Android and Apple apps getting hacked, cracked and smacked
- Cyberattack, Ransomware Hobbles New Orleans City Government
- Is it Time to Add Vulnerability Wednesday?