U.S. Energy Firm Fined $2.7 Million Over Data Security Incident
An energy firm in the United States has been fined $2.7 million over a data security incident that resulted in the exposure of critical cyber assets. The North American Electric Reliability Corporation (NERC) revealed last month that an unnamed power company had agreed to pay the massive penalty and take action to avoid future leaks. […] more…Organizations Failing Painfully at Protecting, Securing Privileged Accounts
Legal Requirement for Cyber Insurance May be Necessary to Protect Privileged Credentials The need to manage privileged accounts is understood by practitioners and required by regulators, but poorly implemented in practice. Eighty percent of organizations consider privileged account management (PAM) to be a high priority; 60% are required by regulators to demonstrate privileged account management; […] more…SAP Patches Decade-Old Flaws With March 2018 Patches
SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. A total of 10 Security Notes were included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released […] more…Blocking of Broadcom-Qualcomm Tie-up Highlights 5G Security Fears
The unusual move by President Donald Trump blocking a proposed takeover of Qualcomm by Singapore-based chip rival Broadcom highlights growing concerns about the rise of Chinese competitors in the telecom sector and related national security issues. Trump issued an order Monday barring the proposed $117 billion acquisition, citing credible evidence such a deal “threatens to […] more…Facebook Flaws Exposed Friend Lists, Payment Card Data
A researcher last year discovered some information disclosure vulnerabilities in Facebook that exposed users’ friend lists and partial payment card information. The social media giant patched one of the flaws within hours. Web security consultant Josip Franjković had been analyzing the Facebook application for Android when he identified a flaw that allowed him to obtain […] more…5 biggest healthcare security threats for 2018
Consumers are more worried now about their protected health information (PHI) being compromised, thanks to high-profile breaches like Anthem and Allscripts. The recent RSA Data Privacy Report surveyed 7,500 consumers in Europe and the US. It showed that 59 percent of the respondents were concerned about their medical data being compromised. Thirty-nine percent were worried […] more…Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia. Third party security researchers named the MuddyWater campaign as such because of the difficulties in attributing the attacks. […] more…Understanding How Bitcoin Mining Poses Security Risks
From 2017 to 2018, the cost of one Bitcoin increased over one thousand percent. This rapid growth dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process […] more…Exploiting the User PII Held in Everyone’s Web Browser
Browsers are the single most used application today. Everyone uses at least one browser, whether in the office or at home. But not everyone realizes just how much personal data is left hanging around inside their browsers; nor how easy it is for third-parties to extract it. read more more…New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime
Between Uber, Equifax, and a handful of others, the U.S. has witnessed major data breaches in the past year that have compromised the personal information of millions, leaving them to deal with the possibility of identity theft. And the impact is not lost on consumers, as according to a recent McAfee survey, 61% of consumers […] more…A Model for Human and Machine Interaction: Human-Machine Teaming Grows up
Security operation centers (SOCs) are struggling to keep up with attackers, and artificial intelligence (AI) has failed to deliver significant improvements. The industry has been successful at applying AI to malware detection and user and entity behavior analytics (UEBA) using deep neural networks and anomaly detection. But other core SOC jobs such as monitoring, triage, […] more…The global cyber war is heating up: Why businesses should be worried
Last Friday, the Department of Justice indicted 13 Russians and three Russian companies for interfering with the 2016 elections. Also last week, several countries including the U.S., the U.K., Canada, Australia, and Denmark accused Russia of being behind last summer’s NotPetya attack. [ How much does a cyber attack really cost? Take a look at […] more…What Are Serverless Apps?
The smartphone market has exploded in recent years, leading to the development of over 4 million mobile apps. For mobile developers, this is both a blessing and a challenge, since there are a lot of things to think about when it comes to bringing an application to market. But with the advent of cloud computing, […] more…Could You Have a Toxic Relationship with Your Smartphone?
It’s the elephant in the room no one wants to talk about: our devotion to and dependence on our smartphones. For most of us, our children included, smartphones have become an appendage; a limb of voracious digital consumption and social obligation that keeps us scrolling, refreshing, swiping, and responding with no end in sight. Any friend […] more…New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation
by Veo Zhang, Jason Gu, and Seven Shen Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed […] more…Lazarus Resurfaces, Targets Global Banks and Bitcoin Users
This blog was written with support and contributions provided by Asheer Maholtra, Jessica Saavedra Morales, and Thomas Roccia. McAfee Advanced Threat Research (ATR) analysts have discovered an aggressive Bitcoin-stealing phishing campaign by the international cybercrime group Lazarus that uses sophisticated malware with long-term impact. This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed […] more…More information
- Microsoft Office CVE-2017-0029 Denial of Service Vulnerability
- Malicous Chrome Extensions Stealing Roblox In-Game Currency, Sending Cookies via Discord
- Phish or legit – Can you tell the difference?
- Uber’s self-driving cars are off to a rough start
- Study finds firmware plagued by poor encryption and backdoors
- Is Windows 10 a secret Slack slayer?
- CISA Says Many Victims of SolarWinds Hackers Had No Direct Link to SolarWinds
- Security Utah CTO Steps Down Following Data Breach
- Microsoft Windows Common Controls CVE-2015-1756 Remote Code Execution Vulnerability
- Mobile subscriber identity numbers can be exposed over Wi-Fi