. home.aspx

TRENDING NEWS

home.aspx
   

    CISOS HAVE LIMITED CORPORATE INFLUENCE, ACCENTURE REPORTS

    Jul 12, 2018

    An Accenture study reveals that chief information security officers are lacking authority and visibility to effect change within their organizations. Chief information security officers are responsible for developing and establishing cyber-security strategies and policies with their organizations. Y...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52645264

    CRITICAL BUG BOUNTY REPORTS ON THE RISE, HACKERONE FINDS

    Jul 12, 2018

    The 2018 Hacker-Powered Security report reveals that there has been an increasing volume of critical security vulnerabilities reported by researchers in the past year. HackerOne released its 2018 Hacker-Powered Security Report on July 11, providing insights into the current state of the bug bounty m...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52655265

    IBM PEGS MEGA BREACH COST AT $350M, AS AVERAGE BREACH COST HITS $3.9M

    Jul 11, 2018

    The 2018 Cost of a Data Breach Study found that costs have risen in the past year as attacks become increasingly complex. The cost of data breaches has increased over the past year, according to the 2018 Cost of a Data Breach Study conducted by the Ponemon Institute and sponsored by IBM, which was r...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52605260

    TRAVEL INFORMATION LEAKED AT THOMAS COOK AIRLINES

    Jul 11, 2018

    A bug finder recently discovered that Thomas Cook Airlines had a security vulnerability for years, making it possible for hackers to systematically download hundreds of thousands of passenger flight details and personal data going back as far as 2013. The issue, rated a medium to high severity level...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52615261

    AT&T ACQUIRES ALIENVAULT, MIMECAST GRABS ATAATA

    Jul 10, 2018

    In an effort to expand its security solutions to small and medium-sized businesses (SMBs), global communications, media and entertainment and technology company AT&T has announced that it will acquire California-based security solutions company AlienVault. Combining AlienVault's threat intel...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52565256

    RANSOMWARE ATTACKS SPIKED IN FIRST HALF OF 2018, SONICWALL REPORTS

    Jul 10, 2018

    SonicWall's mid-year 2018 cyber-threat report reveals that there has been a 229 percent increase in ransomware attacks so far this year. The first half of 2018 has seen a resurgence in ransomware attacks, according to SonicWall's mid-year 2018 cyber-threat report released on July 10. For the...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52575257

    ZDI REPORTS RISE IN SECURITY VULNERABILITY DISCLOSURES

    Jul 09, 2018

    Trend Micro's Zero Day Initiative has already published 600 security advisories in 2018, paying out $1 million in awards to researchers. So far, 2018 has been a very busy year for Trend Micro's Zero Day Initiative, which is in the business of acquiring software vulnerabilities from security ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52525252

    TIMEHOP REPORTS DATA BREACH IMPACTING 21 MILLION USERS

    Jul 09, 2018

    An administrative account at Timehop was breached back in December 2017, but attackers didn't decide to start removing data until July 4. Social media service Timehop publicly disclosed on July 8 that it was the victim of a data breach that impacts 21 million users. The breach was discovered by ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52535253

    RESEARCHERS DISCOVER ANDROID APPS SPYING ON USERS' SCREENS

    Jul 06, 2018

    Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more. The good news, according to academic researchers, is that your phone most likely isn't secretly listening to your conversations. The ba...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52485248

    WORDPRESS 4.9.7 UPDATE FIXES PAIR OF SECURITY VULNERABILITIE

    Jul 06, 2018

    Millions of WordPress sites around the world were at risk from a pair of related file deletion vulnerabilities that potentially could have enabled an attacker to delete arbitrary files. A new version of open-source content management system WordPress, 4.9.7, was released on July 5 that patches a pai...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52495249

    GENTOO PUBLISHES INCIDENT REPORT AFTER GITHUB HACK

    Jul 05, 2018

    Maintainers of the Gentoo Linux distribution published an incident report on Wednesday after someone hijacked one of the organization’s GitHub accounts and planted malicious code. The attack started on June 28 and the hacker (or hackers) not only changed content in compromised repositories, bu...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52415241

    TREND MICRO CSO WARNS OF THE RISKS OF DIGITAL EXTORTION

    Jul 05, 2018

    After a 20-year career in the U.S Secret Service, Ed Cabrera joined Trend Micro in 2015, where he is now the chief cybersecurity officer, working with organizations to improve cybersecurity. Among the multiple challenges enterprises around the world face are ransomware and business email compromise ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52445244

    HACKERS CELEBRATE FOURTH OF JULY WITH GEODO BOTNET SPAM

    Jul 05, 2018

    Cofense warns that the Geodo botnet was busy ahead of the July 4 holiday, sending out Independence Day-themed messages in an attempt to trick users into clicking on a malicious link. While many Americans were busy getting ready to celebrate the July 4 holiday, spammers were busy trying to trick unsu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52455245

    HOW TO MANAGE SECURITY THREATS TO MOBILE DEVICES

    Jul 03, 2018

    As mobile device security threats increase, IT administrators should know what they are up against and develop strategies to secure mobile devices from cyberattacks. From beginning mobile app development to protecting end users, IT pros need to understand, address and educate on security threats to ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52405240

    FIVE WAYS DIGITAL ASSISTANTS POSE SECURITY THREATS IN HOME, OFFICE

    Jul 02, 2018

    Voice-activated digital assistants in the home—Echo, Cortana, Alexa and Siri—open up a host of new types of vulnerabilities, from issuing commands that aren’t audible to humans to exploiting the accessibility settings activated by digital assistants. Voice-activated digital assista...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52325232

    RESEARCHERS CREATE ATTACKS THAT COMPROMISE LTE DATA COMMUNICATION

    Jul 02, 2018

    Newly devised attacks on the Long-Term Evolution (LTE) high-speed wireless standard break the confidentiality and privacy of communication, a team of researchers claim. In a newly published paper (PDF), researchers from Ruhr-University Bochum and New York University Abu Dhabi present a set of attack...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52335233

    VULNERABILITIES PATCHED IN VMWARE ESXI, WORKSTATION, FUSION

    Jul 02, 2018

    VMware informed customers last week that it patched several vulnerabilities that can lead to a denial-of-service (DoS) condition or information disclosure in its ESXi, Workstation, and Fusion products. VMware described the flaws as out-of-bounds read issues in the shader translator component. An att...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52365236

    RISK & REPEAT: U.S. GOVERNMENT EYES OFFENSIVE CYBERATTACKS

    Jun 29, 2018

    The prospect of the U.S. government using offensive cyberattacks against foreign adversaries appears to be gaining steam. According to the New York Times, the Pentagon approved a policythat empowers the U.S. Cyber Command to initiate constant offensive cyberattacks designed to disrupt foreign networ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52285228

    MCAFEE DETAILS RISE IN BLOCKCHAIN THREATS, CRYPTOCURRENCY ATTACKS

    Jun 29, 2018

    McAfee's new 'Blockchain Threat Report' charts a dramatic rise in cryptomining malware and details four major attack vectors for cryptocurrency-related threats A new McAfee report on blockchain threats shows cryptomining malware grew more than 600% in the first quarter this year. McAfee&...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52295229

    EFF'S STARTTLS EVERYWHERE AIMS TO PROTECT EMAIL IN TRANSIT

    Jun 28, 2018

    The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing. The Electronic Frontier Foundation this week unveiled STARTTLS Everywhere, a new initiative that aims to secure email in tra...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52245224

    NEW TYPES OF AUTHENTICATION TAKE ROOT ACROSS THE ENTERPRISE

    Jun 28, 2018

    "If users are being asked to create and remember incredibly complex passwords, IT isn't doing its job," said Don D'Souza, a cybersecurity manager at Fannie Mae, based in Washington, D.C.

    IT professionals today are turning to two-factor authentication, relying on biom...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52255225

    HOW TO WPA3 CAN BOOST YOUR ORGANIZATION'S WIRELESS SECURITY

    Jun 28, 2018

    The Wi-Fi Alliance began certifying products for WPA3 this week, which will lead to wireless communications that are easier to set up and are more secure. he Wi-Fi Alliance has begun certifying wireless devices that meet the new WPA3 standard in a move that will make wireless communications more sec...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52375237

    FEMALE STUDENTS AWARDED CYBERSECURITY SCHOLARSHIPS

    Jun 27, 2018

    Three women chosen from a large pool of highly qualified candidates are the new recipients of Morphisec's Women in Cybersecurity Scholarship. An independent judge, Limor Elhayani, made the final determinations. Elhayani is vice president of threat engineering at Citi and has herself been the onl...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52205220

    TLBLEED ATTACK CAN EXTRACT SIGNING KEYS, BUT EXPLOIT IS DIFFICULT

    Jun 27, 2018

    A new side-channel attack on Intel chips, named TLBleed, can extract signing keys. But the researcher who discovered it said users shouldn't worry, because it's not the next Spectre. An interesting, new side-channel attack abuses the Hyper-Threading feature of Intel chips and can extract sig...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52215221

    PING ADDS AI-DRIVEN API PROTECTION WITH ELASTIC BEAM ACQUISITION

    Jun 26, 2018

    Ping Identity increased its focus on API security with the acquisition of Elastic Beam, a startup that uses artificial intelligence to apply behavioral security on enterprise APIs. BOSTON -- Ping Identity is moving beyond single sign-on and further into API security with its latest acquisition. At t...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52165216

    NEW WPA3 SECURITY PROTOCOL SIMPLIFIES LOGINS, SECURES IOT

    Jun 26, 2018

    Latest WPA3 security protocol update adds new features to the Wi-Fi access specification for simple and secure wireless access for individuals, as well as enterprises. Securing Wi-Fi access has long been an Achilles' heel for users of wireless networks -- especially for users of public networks,...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52175217

    AIR-GAPPED SYSTEMS TARGETED WITH WEAPONIZED USBS

    Jun 25, 2018

    A cyber-espionage group has been weaponizing presumably secure USB drives to target air-gapped critical systems. The Tick group, discovered by researchers at Palo Alto Networks Unit 42, reportedly targets organizations from Japan and South Korea with custom malware, including Minzen, Datper, Nioupal...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52125212

    NEW ENCRYPTED DOWNLOADER DELIVERS METASPLOIT BACKDOOR

    Jun 22, 2018

    A series of cyber-attacks targeting the Middle Eastern region use an encrypted downloader to deliver a Metasploit backdoor, AlienVault reports. The attacks start with a malicious document containing parts of an article about the next Shanghai Cooperation Organization Summit, originally published at ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52135213

    SECURITY PROS EXPECT RISE IN NATION-STATE ATTACKS

    Jun 22, 2018

    Nation-state attacks are a mounting concern for security professionals, who reportedly expect to see a rise in cyber-attacks amid the backdrop of increasing geopolitical tensions. According to a Tripwire survey conducted at Infosecurity Europe 2018, the vast majority of respondents anticipate more n...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52085208

    CHINA-BASED THRIP HACKING GROUP TARGETS U.S. TELECOMS

    Jun 22, 2018

    China-based Thrip hacking group used legitimate tools to attack companies in the U.S. and Southeast Asia. Plus, election officials didn't know about hacks, and more. A Chinese cyberespionage group has been using "living off the land" techniques to hack satellite, telecom and defense co...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52095209

    RISK & REPEAT: NEW ELECTION SECURITY BILL INTRODUCED

    Jun 21, 2018

    A new election security bill introduced by Democratic lawmakers would require paper trails and regular audits for all electronic voting machines, but the bill's prospects could be dim. The Protecting American Votes and Elections Act of 2018, which was introduced last week, is the latest legislat...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52045204

    TREND MICRO LAUNCHES MANAGED DETECTION AND RESPONSE SERVICE

    Jun 21, 2018

    Trend Micro's new managed service looks to provide organizations with threat hunting and response capabilities. Trend Micro announced on June 19 a Managed Detection and Response (MDR) service to assist security operations teams. MDR provides managed cyber-security services that benefit from arti...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52055205

    CYBER GROUP TARGETS SATELLITES, TELECOM

    Jun 20, 2018

    A cyber-espionage group infiltrated satellite, telecom and defense companies in the US and Southeast Asia, and evidence suggests that the campaign's objective was espionage. Identified by Symantec and announced on 19 June, the campaign originated from machines based in mainland China, according ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52005200

    SILVER PEAK SD-WAN ADDS SERVICE CHAINING, PARTNERS FOR CLOUD SECURITY

    Jun 20, 2018

    Silver Peak SD-WAN now allows service chaining for Forcepoint, McAfee and Symantec security VNFs. Also, ONF targets four technologies to develop -- and four supply chain partners to help. Silver Peak boosted its software-defined WAN security for cloud-based workloads with the introduction of three s...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=52015201

    TESLA'S TOUGH LESSON ON MALICIOUS INSIDER THREATS

    Jun 19, 2018

    The potential damages a company can suffer from malicious insiders became a harsh reality for Tesla CEO Elon Musk, who expressed his disappointment at learning he had a saboteur within the Tesla ranks. The individual who allegedly engaged in damaging sabotage against Tesla was reportedly an employee...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51965196

    CYLANCE ANNOUNCES $120 MILLION IN FUNDING

    Jun 19, 2018

    Endpoint security firm Cylance announced Tuesday afternoon that it has closed a $120 million funding round led by funds managed by Blackstone Tactical Opportunities and including other investors. The announcement was made hours after endpoint security rival CrowdStrike announced that it had raised m...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51975197

    PYROMINEIOT CRYPTOJACKER USES NSA EXPLOIT TO SPREAD

    Jun 18, 2018

    The latest malware threat based on the EternalRomance NSA exploit is PyRoMineIoT, a cryptojacker infecting IoT devices. But experts said the NSA shouldn't be held responsible for the damages. A new malware variant reads like the greatest hits of cyberthreats: a cryptojacker using an NSA exploit ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51925192

    MORE NEFARIOUS STRAIN OF ZACINLO MALWARE INFECTING WINDOWS 10 MACHINES

    Jun 18, 2018

    A new type of malware that is starting to spread to Windows 10 computers bypasses the operating system’s built-in security and implants itself so firmly that it’s extremely difficult to remove. A description of the latest version of the Zacinlo malware sounds like a nightmare scenario fo...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51935193

    MEXICAN CAMPAIGN WEBSITE ATTACKED WITH DDOS

    Jun 15, 2018

    A Mexican campaign site was hit with a distributed-denial-of-service (DDoS) attack during the final presidential debate, which comes mere weeks before the 1 July election, fomenting concerns of election security. The affected site, run by the National Action Party (PAN), targets front-runner Andr&ea...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51885188

    CONSUMERS CHOOSE EASY LOGIN OVER PASSWORDS

    Jun 15, 2018

    A majority of consumers who participated in a recent study said that if they had their druthers, they would prefer account logins that do not require passwords. According to a study conducted in April 2018 by research firm Blink and authentication technology company Trusona, over 70% of consumers wo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51895189

    CRYPTO-MINING MALWARE TOPS CHARTS, TARGETS APPS

    Jun 13, 2018

    For organizations that were hoping to see a decline in malware threats, there is no sign that crypto-mining malware will be going away anytime soon. In fact, crypto-mining malware continues to dominate among hackers while also sneaking its way into more mobile apps. According to Check Point’s ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51845184

    ADOBE ZERO-DAY FIX PRECEDES JUNE PATCH TUESDAY

    Jun 12, 2018

    Adobe closed a zero-day vulnerability last week, which Microsoft added to its June Patch Tuesday updates. Administrators have a lighter workload with about 50 exploits to address. Adobe closed a zero-day vulnerability last week, which Microsoft added to its June Patch Tuesday updates. Administrators...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51795179

    NON-JAVASCRIPT CRYPTOJACKING REAPS MORE THAN $144M, RESEARCHER FINDS

    Jun 12, 2018

    Cryptojacking attacks are finding success and have now gained the attention of the U.S Federal Trade Commission (FTC). Unauthorized crypto-currency mining, commonly referred to as cryptojacking, is a problem that doesn't seem to be slowing down and continues to be challenge for enterprises and i...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51805180

    MOBILE APP SECURITY RISKY ACROSS SECTORS

    Jun 12, 2018

    While mobile app security is an issue across all sectors, 50% of apps that come from media and entertainment businesses are putting users at risk. New research from BitSight found that a significant percentage of mobile apps across multiple industries have high-severity vulnerabilities. “Mobil...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51835183

    UNTANGLE UPDATES NG FIREWALL TO IMPROVE SD-WAN SECURITY

    Jun 11, 2018

    A new release of Untangle's firewall platform benefits from a shift to a newer version of the Debian Linux operating system as the base. Untangle will announce version 14.0 of its NG Firewall platform on June 12, providing new features that enhance the security capabilities of the Linux-based pl...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51755175

    POSTING PASSWORDS ON TRELLO LEADS TO LATEST DATA EXPOSURE MESS

    Jun 08, 2018

    Amazon Web Services and Google Groups have seen data exposures due to poor configurations by users. Now, some have accidentally shared passwords on Trello boards. Data exposures in web applications and cloud services are becoming more in fashion these days, and Trello is the latest service being use...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51765176

    TCL UNVEILS NEW BLACKBERRY KEY2 SECURITY-ENHANCED SMARTPHONE

    Jun 08, 2018

    The latest security enhanced BlackBerry phone, produced under license by TCL Communication, starts at $649 and will begin shipping later in June. BlackBerry may not be building its own smartphones anymore, but China's TCL Communication is hoping that won't prevent enterprise buyers from look...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51715171

    APPLE PLANS TO DISABLE FACEBOOK WEB TRACKING CAPABILITIES

    Jun 08, 2018

    Apple wants to protect its users from Facebook web tracking with the next version of Safari. Plus, genealogy website MyHeritage suffers data breach, and more. Apple plans to disable some Facebook web tracking capabilities in the next version of iOS and Mac operating systems. At the Apple Worldwide D...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51725172

    RISK & REPEAT: MORE TROUBLE FOR FEDERAL CYBERSECURITY

    Jun 07, 2018

    The latest government report on the state of federal cybersecurity brought more bad news for Washington, D.C. The Federal Cybersecurity Risk Determination Report and Action Plan, which was commissioned by the Office of Management and Budget and the Department of Homeland Security, found the vast maj...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51665166

    HACKER TAKEDOWN OF PAGEUP IS BAD NEWS FOR CLIENTS

    Jun 07, 2018

    Thousands of Australians are again being notified that their personal information was potentially compromised after a vendor that powers jobs and recruitment sites for companies around the world experienced a breach. The Australian Cyber Security Centre (ACSC) is investigating the breach of Australi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51675167

    BOARDS PUSH SECURITY, RUSH TO GDPR COMPLIANCE

    Jun 06, 2018

    IT leaders are prioritizing improvements in cybersecurity at a growing rate in an effort to fight cybercrime threats and become GDPR compliant, reports the Harvey Nash/KPMG CIO Survey 2018.  More than one-third of organizations surveyed in April reported that they did not expect to be compliant...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51625162

    OPERATION PROWLI MALWARE INFECTED 40,000 MACHINES

    Jun 06, 2018

    Researchers have discovered a traffic manipulation and cryptocurrency mining campaign infecting organizations across industries from finance to education and government. The Operation Prowli campaign has been spreading malware and malicious code to servers and websites around the world, and more tha...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51635163

    TENABLE EXTENDS CLOUD APPLICATION SECURITY SCANNING CAPABILITIES

    Jun 05, 2018

    Tenable is updating its cloud-delivered services capabilities, adding new connectors to support GCP and Azure, while also advancing web application discovery features. Tenable announced on June 5 that it is enhancing its Tenable.io cloud-based cyber-exposure platform with new capabilities to help en...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51585158

    IBM ENHANCES MAAS360 UNIFIED ENDPOINT MANAGEMENT PLATFORM

    Jun 05, 2018

    IBM adds a new policy recommendation engine to its MaaS360 unified endpoint management platform to help improve security configurations and compliance. IBM announced on June 4 that it is adding a pair of new capabilities to its MaaS360 with Watson unified endpoint management (UEM) platform. The new ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51605160

    US GOVERNMENT OFFERS DIRECTION IN FIGHT AGAINST DISTRIBUTED ATTACKS

    Jun 04, 2018

    Today’s topics include a U.S. government report warning about a lack of security tool use, and Google claiming its Pixel 2 encryption prevents even privileged attacks. In a 51-page report to the president publicly released May 30, the U.S. Department of Commerce and the Department of Homeland ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51535153

    US GOVERNMENT OFFERS DIRECTION IN FIGHT AGAINST DISTRIBUTED ATTACKS

    Jun 04, 2018

    Today’s topics include a U.S. government report warning about a lack of security tool use, and Google claiming its Pixel 2 encryption prevents even privileged attacks. In a 51-page report to the president publicly released May 30, the U.S. Department of Commerce and the Department of Homeland ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51545154

    YOKOGAWA STARDOM VULNERABILITY LEAVES HARDCODED CREDS IN ICS CONTROLLERS

    Jun 01, 2018

    A Yokogawa Stardom vulnerability leaves industrial control systems in critical infrastructure around the world at risk because of hardcoded credentials in the software. Industrial control systems around the world might be at risk as hardcoded credentials are found in flawed software. The Yokogawa St...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51495149

    ALL WOMEN ON DECK AT RESET CYBER CONFERENCE

    Jun 01, 2018

    With more than 15 female experts in cybersecurity scheduled to speak on the evolving cyber threat landscape, RESET, hosted by BAE Systems, claims to be challenging the status quo with its all-female speaker lineup. Scheduled for 14 June at the Kennedy Lecture Theatre, University College London (UCL)...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51505150

    US GOVERNMENT BOTNET REPORT WARNS ABOUT LACK OF SECURITY TOOL USE

    May 31, 2018

    A report to the president from the departments of Commerce and Homeland Security reveals gaps in the fight against distributed attacks and calls on the industry to do more. Botnets and automated distributed threats have been a growing problem in recent years. In a report to the president that was pu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51485148

    ENTERPRISE CYBERSECURITY STRATEGY: WHAT A CIO NEEDS TO KNOW

    May 31, 2018

    Digital transformation is leaving businesses exposed to more cyberattacks. At the MIT Sloan CIO Symposium, panelists explain how much cybersecurity expertise is expected of CIOs. With the global cost of cybercrime expected to reach $6 trillion by 2021, cybersecurity can't be an afterthought for ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51425142

    OPENSTACK OPERATORS DETAIL HOW THEY PATCHED FOR MELTDOWN, SPECTRE

    May 30, 2018

    When the Meltdown and Spectre CPU security vulnerabilities were publicly disclosed on Jan. 3, they set off a flurry of activity among IT users and cloud operators around the world. In a panel moderated by eWEEK at the OpenStack Summit in Vancouver, B.C., on May 24, operators detailed how they dealt ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51405140

    CATO'S NETWORK SECURITY FEATURE ON THE HUNT FOR THREATS

    May 30, 2018

    Cato Networks added a network security feature that detects and identifies threats within customer networks. The capability is built into Cato's SD-WAN platform, Cato Cloud. Cato Networks last week upped its SD-WAN-as-a-service offering Cato Cloud with the Cato Threat Hunting System, a network s...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51575157

    THREAT HUNTING TECHNOLOGY IS ON THE RISE, SO ARE THREATS

    May 29, 2018

    Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. More companies are adopting threat hunting functions, according to a recent survey from Crowd Research Partners, but detection of a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51435143

    THREAT HUNTING TECHNOLOGY IS ON THE RISE, SO ARE THREATS

    May 29, 2018

    Detection of advanced threats is the top challenge for 55% of security operations centers, according to a new survey, as more companies explore threat hunting programs. More companies are adopting threat hunting functions, according to a recent survey from Crowd Research Partners, but detection of a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51445144

    MORE DATA LEAKED FROM AWS BUCKET MISCONFIGURATIONS

    May 29, 2018

    Another Amazon S3 bucket misconfiguration breach, this time with AgentRun, has resulted in an insurance start-up exposing data for clients, including Cigna, Transamerica, SafeCo Insurance, Schneider Insurance, Manhattan Life, and Everest. Sensitive personal and medical information of thousands of in...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51385138

    CREATORS OF TRISIS MALWARE HAVE EXPANDED THEIR ICS ATTACKS

    May 25, 2018

    The group behind the Trisis malware attack on an oil and gas company in Saudi Arabia last year has also now hacked industrial firms in other countries, according to new research. Cybersecurity company Dragos Inc. published a report this week that identifies a new threat group called Xenotime as the ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51455145

    OKTA ADVANCES BUSINESS APPLICATION AUTHENTICATION WITH NEW SERVICES

    May 24, 2018

    With new and improved contextual awareness capabilities, paired with analytics, Okta is aiming to help enable the password-less future for authentication. Enterprise identity management vendor Okta announced a series of new products and updates on May 23 that aim to advance the state of access secur...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51355135

    HOW YOUR WEB BROWSER TELLS YOU WHEN IT'S SAFE

    May 23, 2018

    As Google moves to change how its Chrome browser flags insecure websites, rival browsers may be forced to follow suit. Here's how other browsers currently handle website security and what changes they have coming. Google last week spelled out the schedule it will use to reverse years of advice f...

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51305130

    U.S. DISRUPTS RUSSIAN BOTNET OF 500,000 HACKED ROUTERS

    May 23, 2018

    The US Justice Department said Wednesday that it had seized an internet domain that directed a dangerous botnet of a half-million infected home and office network routers, controlled by hackers believed tied to Russian intelligence. The move was aimed at breaking up an operation deeply embedded in s...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51315131

    GPON HOME ROUTERS ARE OVER THEMOON BOTNET

    May 23, 2018

    Dasan's gigabit-capable passive optical network (GPON) home routers are again the target of zero-day exploits using a new botnet called TheMoon, according to researchers at Qihoo 360 Netlab. While activity of TheMoon botnet emerged in 2014, it's only been seen adding internet of things (IoT)...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51345134

    LEGIT TOOLS EXPLOITED IN BANK HEISTS

    May 22, 2018

    Cyber criminals attacking the finance and other industry sector are continuing to exploit legitimate administration tools to hide their activities, highlighting the need for threat hunting, a report reveals. Common IT administration tools are being hijacked to act as invisibility cloaks for cyber cr...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51265126

    3.2 MILLION FILES REVEALED ON AWS S3 BUCKET

    May 22, 2018

    A Los Angeles County nonprofit that provides health and human services accidentally exposed about 3.2 million files on an unsecured AWS S3 bucket, according to the UpGuard cyber risk team. 211 LA County, a nonprofit organization serving LA County, was reportedly left publicly exposed online. The con...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51275127

    PARENT AND TEEN DATA LEAKED FROM MONITORING APP

    May 21, 2018

    A security researcher discovered two leaky servers of a California-based company, TeenSafe, which left the email addresses and passwords of parents and teens unprotected. According to ZDNet at least one of the servers used by the TeenSafe app leaked data from tens of thousands of accounts. TeenSafe ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51225122

    BANK ROBBING? THERE'S A VULNERABLE WEB APP FOR THAT

    May 21, 2018

    Gone are the days when criminals masked their identities and busted into a bank declaring, "This is a stick up!" According to Bank Attacks 2018, published today by Positive Technologies, cybercriminals are reaping big financial gains with relatively low risk by going online to rob banks. A...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51235123

    IS ARISTA MAKING RIGHT MOVE WITH CAMPUS SWITCHES?

    May 17, 2018

    Bloggers discuss Arista's new strategy to market campus switches, examine container security risks and ask the question of whether networking is a commodity. Arista Networks said it's jumping into the campus market with a new line of campus switches and cloud-based analytics software. Greg F...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51145114

    REPORT HIGHLIGHTS SECURITY RISK OF OPEN SOURCE CODE TO BUSINESS

    May 17, 2018

    Increased adoption of open source code is introducing vulnerabilities into commercial software, with many audited codebases containing the Apache Struts flaw that enabled the Equifax breach, a report shows. Most software includes known vulnerabilities and licence conflicts as open source adoption so...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51185118

    CATCH ICS ATTACKERS BY SHIFTING TO KILL CHAIN

    May 17, 2018

    Tracking the activity of nefarious groups affords defenders a deeper level of understanding that can be useful in not only understanding different types of threats but also in building defenses to withstand a cyber-attack. Today, Dragos released its updated profile on CHRYSENE ICS, one of the seven ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51195119

    DHS UNVEILS NATIONAL CYBERSECURITY RISK STRATEGY

    May 16, 2018

    The Department of Homeland Security (DHS) unveiled on Tuesday, 14 May, a new national strategy to be implemented to address evolving cybersecurity risks. The DHS strategy outlines strategic and operational goals and priorities to successfully execute the full range of the DHS secretary’s cyber...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51095109

    BARRACUDA LAUNCHES WEB APPLICATION FIREWALL AS A SERVICE

    May 16, 2018

    Barracuda is making its Web Application Firewall platform available in a cloud-delivered model that benefits from a new management interface and improved configuration. Barracuda Networks announced its cloud-delivered Web Application Firewall (WAF) service on May 16, providing organizations with a n...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51105110

    SIEMENS ISSUES ALERT, DOS VULNERABILITY

    May 16, 2018

    Siemens, an industrial security provider, has issued a security advisory for a newly discovered vulnerability (CVE-2018-4850) that could lead to a denial-of-service (DoS). The affected SIMATIC S7-400 CPUs improperly validate S7 communication packets, which could cause a DoS condition on a CPU. "...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51135113

    ENTERPRISE CYBER THREAT REMEDIATION INEFFECTIVE, STUDY SHOWS

    May 15, 2018

    Enterprise cyber threat remediation needs to improve in several key areas, according to an analysis of common remediation strategies. Common enterprise cyber threat remediation strategies are about as effective as random chance, a study has revealed. Some of the simple rule-based strategies do not p...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51045104

    ORGS FAILING TO IDENTIFY INSIDER THREAT BLIND SPOTS

    May 15, 2018

    Active insider threats are present in 100% of organizations, with companies failing to eliminate insider threat blind spots, according to new research from Dtex Systems. The user behavior intelligence provider analyzed anonymized data about user behaviors taking place on public and private sector or...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51055105

    DANISH RAILWAY COMPANY DSB SUFFERS DDOS ATTACK

    May 14, 2018

    Danish rail travelers found buying a ticket difficult yesterday, following a DDoS attack on the railway company DSB. DSB has more than 195 million passengers every year but, as reported by The Copenhagen Post, the attack on Sunday made it impossible to purchase a ticket via the DSB app, on the websi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51005100

    CRYPTO-MINING MALWARE TOPS MOST WANTED LIST

    May 14, 2018

    Cybercriminals have options when it comes to choosing their attack weapons, which is why malware authors are likely grateful to those criminals who choose to target unpatched server vulnerabilities with crypto-mining malware. According to the latest Global Threat Index published today by Check Point...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=51015101

    GEORGIA GOVERNOR VETOES CONTROVERSIAL CYBERSECURITY BILL

    May 11, 2018

    A controversial cybersecurity bill was vetoed by Georgia's governor this week after pressure from Microsoft and Google. Plus, IBM banned USB drives, and more. Georgia Governor Nathan Deal vetoed a cybersecurity bill this week that would have criminalized unauthorized computer access but granted ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50945094

    WHITE HAT SPOOFS 2FA, SENDS USER TO PHISHING PAGE

    May 11, 2018

    Social engineering tactics are the bread and butter of hackers. Preying on trust, malicious actors are able to lure users into sharing personal information, even login credentials. White hat hackers will often leverage these same tactics for good, which Kevin Mitnick, chief hacking officer, KnowBe4 ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50955095

    ANDROID P SECURITY IMPROVES AUTHENTICATION TRUST AND DATA PRIVACY

    May 10, 2018

    Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users. Mountain View, Calif. -- The newest Android P security enhancements make it clear that Google has been watching the news a...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50905090

    CSIT ANNOUNCES JOBS BOOST FOR CYBERSECURITY INDUSTRY

    May 09, 2018

    At CSIT’s eighth Annual World Cyber Security Summit it was announced that 10 new research and engineering jobs are being created at Queen’s University Belfast to meet the demands of new contracts and the rapidly growing cybersecurity industry in Northern Ireland. CSIT, the UK’s lea...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50845084

    A LOOK AT THE NEW LONDON CYBER INNOVATION CENTRE

    May 09, 2018

    At CSIT’s eighth Annual World Cyber Security Summit in Belfast Claire Cockerton, founder and CEO of Plexal, presented a session outlining the new London Cyber Innovation Centre, which will launch later this year and will be located on the Queen Elizabeth Olympic Park. The Centre, which will be...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50855085

    IT PROS NAME USERS, GDPR AS BIGGEST CLOUD COMPUTING SECURITY THREATS

    May 09, 2018

    The cloud is growing faster than companies can prepare for cloud computing security threats, a quartet of tech leaders say at a Boston forum. But managing risk is within reach. You know a technology has become standard when an institution founded before electricity plugs it in. Just look at The Hart...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50895089

    TWITTER FIXES BUG, ADVISES USERS TO RESET PASSWORDS

    May 08, 2018

    Today’s topics include Twitter advising users to reset their passwords after a bug discovery, and Microsoft releasing a preview of the next major Windows 10 update. Twitter announced on May 3 that it discovered an issue in its system that exposed user passwords to potential risk but added that...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50775077

    SYNACK RANSOMWARE USES DOPPELGANGING TECHNIQUE

    May 08, 2018

    Though known since September 2017, SynAck ransomware has a new variant found to be using Process Doppelgänging. According to Kaspersky Lab researchers who discovered the ransomware Trojan bypassing antivirus security by hiding in legitimate processes, this is the first time the Doppelgängi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50785078

    HACKERS MINE FOR CRYPTO-COINS ON IOT DEVICES

    May 07, 2018

    Cybercriminals looking to purchase malware are frequent flyers on dark web forums. Often, nefarious actors are in search of the attack that will deliver the greatest gains, which is why it might come as a surprise to learn that many criminals are rolling the dice on crypto-jacking connected devices....

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50735073

    HACKERS IN CHINA ARE PART OF MASSIVE GOVERNMENT GROUP, REPORT SAYS

    May 07, 2018

    Hacks that were previously thought to be the work of unrelated groups have actually been coordinated by China since at least 2009, according to researchers. There's a Chinese proverb that roughly translates to "One chopstick is easily broken, but a bundle of chopsticks is unbreakable."...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50745074

    BUSINESSES NOT READY FOR NETWORK IMPLICATIONS OF CLOUD NATIVE ARCHITECTURE

    May 04, 2018

    Composable applications can be built from connecting microservices that run in their own containers. This cloud-first approach requires a new approach to networking. The next iteration for cloud computing, Cloud 2.0, promises to deliver a flexible IT architecture where applications are built out of ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50695069

    TWITTER PASSWORD SECURITY BUG UNDERLINES NEED FOR INDUSTRY CHANGE

    May 04, 2018

    Twitter has revealed that a bug in its systems resulted in some passwords being stored in a log in clear text, underlining the need for alternative authentication methods, say industry commentators. Twitter has advised its users to change their passwords after discovering that a systems flaw had res...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50705070

    CYBERSECURITY PERVASIVENESS SUBSUMES ALL SECURITY CONCERN

    May 03, 2018

    Given the increased digitization of society and explosion of devices generating data (including retail, social media, search, mobile, and the internet of things), it seems like it might have been inevitable that cybersecurity pervasiveness would eventually touch every aspect of life. But, it feels m...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50605060

    FIELD SERVICE MOBILE APPS OFFER USABILITY, NEW FEATURES

    May 03, 2018

    Field service management software can be a great way to integrate mobile into a service company. Now, cloud-based platforms offer an accessible entry point for smaller businesses. As field service mobile apps become more robust and cloud-based, adoption grows with small businesses jumping on the ban...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50615061

    UK FIRMS INVEST IN CYBERSECURITY TO FOIL ATTACKS

    May 03, 2018

    There was good news for UK businesses this week after new stats from Beaming showed the number of cyber-attack victims fell by a fifth in 2017 from the previous year. The business ISP polled over 500 corporate bosses in micro-, small, medium and large businesses. Although around the same number of l...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50635063

    PLAINTEXT PASSWORD PROBLEM FOR SOME GITHUB USERS

    May 02, 2018

    Protecting passwords is a critical yet challenging part of cybersecurity. Yesterday, it became an issue for code repository site GitHub, which had to announce to a small number of its users that a flaw in its system had revealed passwords in plaintext on internal logs. Users received an email messag...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50555055

    SECURITY INDUSTRY WELCOMES CITY OF LONDON POLICE CYBER INITIATIVE

    May 02, 2018

    Security industry welcomes City of London Police cyber initiative. The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required. The City of London Police has launched an initiativ...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50565056

    ZUCKERBERG POKES FUN AT HIMSELF, TOUTS NEW APPS AT F8

    May 01, 2018

    Facebook CEO introduces several new functions, including a dating app, one that allows a group to share watching videos in real time, and new ways natural language processing and artificial intelligence will be used in future apps. On Day 1 of its annual F8 conference, Facebook on May 1 explained ho...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50495049

    SECURITY INDUSTRY WELCOMES NHS MOVE TO WINDOWS 10

    Apr 30, 2018

    Representatives of the security industry have welcomed the announcement that the NHS will be migrating to Windows 10 as part of a multi-million pound deal with Microsoft, but warn that the move will not be without its challenges. The Department of Health and Social Care has announced that it will tr...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50505050

    PHISHING THREATS STILL DWARF VULNERABILITIES, ZERO-DAYS

    Apr 30, 2018

    Proofpoint research shows that while phishing attacks now require victims to take more steps, the success rate for such attacks hasn't declined and enterprises are still on the defensive. Phishing threats continue to evolve and stay one step ahead of enterprise defenses, according to new researc...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50475047

    SECURITY PROS SUPPORT DATA COLLECTION REGULATIONS

    Apr 27, 2018

    While most security professionals believe that government officials lack a real understanding of the threats to digital privacy, they overwhelmingly agree that governments should regulate the way social media companies collect user data. At last week’s RSA Conference, more than 500 security pr...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50445044

    SENTINELONE CEO: ENDPOINT SECURITY MARKET FULL OF 'NOISE AND CONFUSION'

    Apr 27, 2018

    In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital investments have affected the endpoint security space. In part two of the interview with SentinelOne CEO Tomer Weingarten, he discusses how niche products and venture capital inves...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50625062

    FINNISH R&D AND UTILITIES IN LINE OF CYBER ESPIONAGE FIRE, SAY SECURITY POLICE

    Apr 26, 2018

    Finnish research and development, as well as critical infrastructure, are being targeted by state-backed cyber espionage attacks, says report. Foreign states are attempting to steal information about Finland’s critical infrastructure and product development, Finnish security intelligence servi...

    COMPUTER WEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50365036

    GDPR COMPLIANCE REQUIREMENTS DON'T COME CHEAP

    Apr 26, 2018

    GDPR has more teeth than any previous data privacy directive, but that looming threat hasn't motivated many companies to get their audit trail in order. Not ready for GDPR to go into effect next month? There's some good news and some bad news. The bad news: The European Union regulation has ...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50375037

    KEEP HACKERS LOCKED OUT OF HOTEL ROOMS

    Apr 26, 2018

    It’s rare to check into any hotel today and be handed an actual door key. Global hotel chains and hotels worldwide have transitioned from the lock and keys of old to an electronic system so that guests need only swipe a card in front of the door. But researchers at F-Secure Cyber Security Serv...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50385038

    CADENCE IN CHAOS: SOUNDS OF DDOS IN NETFLOW LOGS

    Apr 26, 2018

    For those who appreciate the healing power of music, new research could prove to be a magical security tool. By correlating traffic types from NetFlow logs with sounds of instruments, researchers at Imperva were able to translate changes in network traffic into song. Inspired by a TED Talk called &q...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50395039

    FIGHT TO GET SMBS PCI COMPLIANT A LOSING BATTLE

    Apr 26, 2018

    Being in compliance with different regulations has a bottom-line impact on business, but smaller organizations lack the time and knowledge necessary to engage with PCI (Payment Card Industry) programs. That's according to the Acquirer PCI Sentiment Survey recently released by Sysnet Global Solut...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50435043

    MAJOR TAKEDOWN OF SITE SELLING CYBERATTACKS

    Apr 25, 2018

    Administrators of the world's largest DDoS-as-a-service website webstresser.org were only yesterday reaping the rewards of their illicit enterprise. Today, they are under arrest thanks to the cooperative effort of international law enforcement agencies. Eruopol reported the success of Operation ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50325032

    IMPROVED SECURITY STANDARDS FOR ELECTRIC GRIDS

    Apr 24, 2018

    In an effort to address the growing threat of cyber-attacks to the national power grid, the Federal Energy Regulatory Commission (FERC) approved revised reliability standards for cybersecurity management controls. The Critical Infrastructure Protection standards, developed by the North American Elec...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50275027

    FACEBOOK CYBERSECURITY UNIVERSITY GRADUATES US VETERANS

    Apr 24, 2018

    Though it’s not quite graduation season, 33 US military veterans celebrated the completion of their 12-week course and became the first class to graduate from Facebook Cybersecurity University for Veterans on Saturday, April 21. Narrowing the cybersecurity skills gap demands that organizations...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50285028

    CILIUM 1.0 ADVANCES CONTAINER NETWORKING WITH IMPROVED SECURITY

    Apr 24, 2018

    The open-source effort aims to replace the decades-old IPtables model for Linux networking with a more modern approach for containers that improves performance and security. For last two decades, the IPtables technology has been the cornerstone of Linux networking implementations, including new cont...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50315031

    #RSAC: INFOSECURITY ‘SOLUTIONS’ ARE BECOMING THE PROBLEM

    Apr 23, 2018

    At the RSA conference in San Francisco in a session titled ‘Back to IT Security Basics: What’s getting lost in the buzz words’, Marc Potter of Netwrix urged information security professionals to turn a blind eye to threat buzzwords in favor of focusing on risk management. “Wh...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50235023

    WOMEN IN CYBERSECURITY DISCUSS HIRING, ADVICE AND BEING MENTORS

    Apr 23, 2018

    A panel of women cybersecurity professionals at the RSA Conference discussed ways to find the best job candidates, the best advice they've received and how to be better mentors. SAN FRANCISCO -- With diversity in infosec looming as an increasingly pivotal topic, a panel of female cybersecurity p...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50245024

    GOVERNMENT HACKING TACTICS QUESTIONED AT OURSA

    Apr 20, 2018

    The ACLU's Jennifer Granick took government hacking to task at the OURSA Conference this week, calling out mass surveillance techniques and the limited scope of search warrants. Jennifer Granick had harsh words at the Our Security Advocates Conference for the growing state of mass surveillance a...

    CYBERSECURITY NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50205020

    NEW IOS VULNERABILITY LETS ATTACKERS HACK IPHONE, IPAD

    Apr 19, 2018

    Syncing iTunes across devices via Wi-Fi is popular and convenient, but newly discovered attack scenarios could put iOS devices at risk. Symantec researchers discovered a flaw that if exploited would allow attackers to compromise devices. Named “Trustjacking,” the flaw exploits the trust ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50165016

    MICROSOFT WINDOWS DEFENDER FIGHTS PHISHING ON GOOGLE CHROME BROWSER

    Apr 19, 2018

    Microsoft is bringing the technology it uses to keep Edge users safe to a rival browser. Available now in the Chrome Web Store, the new Windows Defender Browser Protection extension for Google Chrome monitors web pages to help users avoid phishing schemes and socially-engineered attempts to lure the...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50195019

    THE FIVE MOST DANGEROUS NEW ATTACKS ACCORDING TO SANS

    Apr 19, 2018

    At the RSA Conference in San Francisco on April 18 2018, three leading instructors and contributors from the SANS institute shared what they believe to be the five most dangerous new attack techniques in cybersecurity. Repositories and Cloud Storage Data Leakage. Ed Skoudis named repositories and cl...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50115011

    IT MANAGERS LACK VISIBILITY INTO ALMOST HALF OF NETWORK TRAFFIC

    Apr 18, 2018

    IT managers lack visibility to about 45% of their organization’s network traffic, creating significant security challenges. In fact, nearly a quarter of them are blind to as much as 70% of their network traffic. Sophos’s global survey, The Dirty Secrets of Network Firewalls, polled more ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50125012

    U.S. UK GOVERNMENT SAY RUSSIA INCREASING INFRASTRUCTURE ATTACKS

    Apr 18, 2018

    A massive Russian-sponsored cyber-attack campaign is targeting routers, switches and other infrastructure devices to enable man-in-the-middle, espionage, hijacking and other attacks, according to U.S. and UK cyber-security authorities. In the first joint statement of its kind, U.S. and UK cyber-secu...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50155015

    DIVERSITY ESSENTIAL IN BUILDING CYBERSECURITY TALENT PIPELINE

    Apr 17, 2018

    In their RSA Conference session titled ‘Building the cybersecurity innovation pipeline’ in San Francisco on April 17 2018, Grant Bourzikas, CISO & VP McAfee Labs and Chatelle Lynch, SVP and Chief Human Resources Officer, McAfee Labs, discussed the importance of diversity in building ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50065006

    FACEBOOK, MICROSOFT AND 32 OTHERS FORM CYBER CONSORTIUM

    Apr 17, 2018

    A group of 34 tech companies, including Facebook and Microsoft, have formed a cybersecurity consortium, pledging to work together to “act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.” The group,...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50075007

    MOST WEB APPS CONTAIN HIGH-SEVERITY VULNERABILITIES

    Apr 16, 2018

    An analysis of web applications shows that 94% of applications tested had at least one high-severity vulnerability. According to Positive Technologies’ Web Application Vulnerabilities in 2017 report, collated through the security firm’s automated source code analysis through the PT Appli...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50015001

    HOW TO SOLVE INFOSEC PROBLEMS WITH CREATIVE SOLUTIONS

    Apr 16, 2018

    Speaking at BSides San Francisco today Katie Ledoux, manager of trust and security governance at Rapid7, presented a session exploring some creative solutions to infosec problems. Ledoux said that when fixing problems “managing little fires without losing sight of long-term goals is an issue t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=50025002

    COMPANIES MUST TAKE A SHARE OF CLOUD SECURITY RESPONSIBILITY

    Apr 13, 2018

    The cloud is seen as highly secure and more and more critical data is being held in public clouds, but organisations need to adapt their internal security processes. Organisations are struggling to protect their data amid a growing number of security breaches, new research from Oracle and KPMG has w...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49974997

    CYBER ATTACKERS CAN BREACH TARGETS IN HOURS, REPORT REVEALS

    Apr 13, 2018

    The majority of hackers claim they can breach an organisation within hours, while most security professionals admit they do not know what to look for. The majority of cyber attackers (71%) can breach a targeted organisation within 10 hours, and 18% claim they could breach a target in the hospitality...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49984998

    NATION-STATE ATTACKS TAKE 500% LONGER TO FIND

    Apr 12, 2018

    When it comes to threats that put your business at risk, gaining visibility into attacks remains a challenge. New research shows that in 50% of cases over the past 12 months, organizations had insufficient endpoint or network visibility to respond successfully. According to cybersecurity specialist ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49944994

    GOOGLE WILL DISTRUST ADDITIONAL CAS, IT PROS PREDICT

    Apr 12, 2018

    Although IT security professionals are troubled by future certificate authority (CA) incidents, very few have the tools needed to switch CAs quickly. The finding is significant given that, last year, researchers affiliated with Google decided that Symantec, and their affiliated CAs, had mis-issued t...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49954995

    DIVERSITY KEY TO MORE EFFECTIVE CYBER SECURITY, SAYS NCSC

    Apr 11, 2018

    Diversity in defence teams is key to improved cyber security, according to the UK’s National Cyber Security Centre (NCSC). To combat the cyber security threat, “we need to be the very best in the world at what we do,” said Nicola Hudson, NCSC director of communications. “We n...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49874987

    INFORMATICA CEO: ENTERPRISES IN 2018 FOCUS ON AI, DATA CATALOG

    Apr 10, 2018

    Data management cloud and enterprise software vendor Informatica has seen a surge in interest for data catalog as organizations grapple with the looming GDPR deadline and data privacy issues. Here's what else the company's CEO sees as big trends in data for 2018. The GDPR (General Data Prote...

    INFORMATIONWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49884988

    ORGANIZATIONS FAILING AT TIMELY DETECTION OF THREATS

    Apr 10, 2018

    Detection and remediation capabilities still need work at most organizations: Less than half of all organizations in a benchmark survey from LogRhythm were able to detect a major cybersecurity incident within one hour. Even more concerning, more than two-thirds said that even if they detected a majo...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49834983

    ORGS ARE HOLDING BACK ON CLOUD-BASED SECURITY

    Apr 10, 2018

    Enterprises are adopting the cloud much faster than their security teams can keep up – and misunderstanding about cloud environments is pervasive. The 2018 Enterprise Cloud Trends Report from iboss surveyed IT decision makers and office workers in US enterprises and found that 64% of IT decisi...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49844984

    17% OF WORKERS FALL FOR SOCIAL ENGINEERING ATTACKS

    Apr 09, 2018

    In tests that imitated the actions of hackers by sending emails to employees with links to websites, password entry forms and attachments, 17% of the messages would have led to a compromise of the employee's workstation and, ultimately, the entire corporate infrastructure if they had been real. ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49784978

    BUSINESS INCREASES USE OF ENCRYPTION IN THE CLOUD

    Apr 06, 2018

    The use of encryption has seen double-digit growth in the past year due to a number of security-related drivers, a study has revealed. The past year has seen the biggest growth in the use of encryption in the cloud, the Thales 2018 Global encryption trends study shows. The uptick in the adoption of ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49794979

    ONE-FIFTH OF OPEN-SOURCE SERVERLESS APPS HAVE CRITICAL VULNERABILITIES

    Apr 06, 2018

    More than 20% of open-source serverless applications contain critical security vulnerabilities, according to an audit by PureSec. An evaluation of 1,000 open-source serverless projects revealed that 21% of them contained one or more critical vulnerabilities or misconfigurations, which could allow at...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49724972

    HACKERS USE FLAW IN CISCO SWITCHES TO ATTACK CRITICAL INFRASTRUCTURE

    Apr 06, 2018

    Attackers are taking aim at critical infrastructure in multiple countries by exploiting a software flaw in some Cisco switches that has been a point of concern for more than a year. According to a blog post issued April 5 by Cisco’s Talos security unit, the cyber-attacks are exploiting what Ci...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49734973

    AVERAGE ATTACKER DWELL TIME NEARLY SIX MONTHS FOR EMEA, STUDY SHOWS

    Apr 04, 2018

    Firms in Europe, the Middle East and Africa take nearly six months to detect cyber attacks on average, a report reveals. The time taken by firms to detect breaches increased by 40% from 2016 to 175 days on average in 2017, according to the latest M-Trends report by security firm FireEye. This dwell ...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49644964

    RANSOMWARE PUTS PRESSURE ON INCIDENT RESPONSE

    Apr 04, 2018

    Ransomware is aimed at raising money, but does not typically involve the compromise of any data, which is simply encrypted, with payment demanded in return for the decryption key.

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49654965

    LAWYERS MORE INFLUENTIAL THAN IT STAFF IN CLOUD DEPLOYMENTS.

    Apr 03, 2018

    Traditionally considered risk-adverse, lawyers are twice as more influential than in-house technology staff, new research finds. Lawyers, not IT professionals and consultants, wield the most influence in the Asia-Pacific (APAC) region when it comes to cloud deployments, a new survey has found. Lawye...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49574957

    PANERA BREAD DATA BREACH DEMONSTRATES SECURITY WORST PRACTICES

    Apr 03, 2018

    Panera Bread executives ignored the warnings from a cyber-security researcher that customer data was exposed on its network until it was forced to deal with the bad publicity of an actual data breach. Imagine someone running in to your office and reporting that the building is on fire. Also imagine ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49604960

    GOOGLE BANS CRYPTO-CURRENCY MINING EXTENSIONS FROM CHROME STORE

    Apr 03, 2018

    Effectively immediately, developers are not permitted to upload extensions with crypto-currency mining features, company says. Google is making it harder for cyber-criminals to use Chrome browser extensions for crypto-currency mining. Effective immediately Google will no longer allow developers to u...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49614961

    SAKS, LORD & TAYLOR PAYMENT CARD BREACH AFFECTS 5 MILLION

    Apr 02, 2018

    Luxury department store behemoth Saks Fifth Avenue and sister stores Saks OFF 5TH and Lord & Taylor have become the latest retail victim of a data breach. The incident impacts 5 million payment cards that were used at stores in North America, from May 2017 to March 2018. Research firm Gemini Adv...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49564956

    COLLEGE KIDS TURN TO CRYPTO-MINING, RIDDLING HIGHER-ED NETWORKS

    Mar 30, 2018

    The higher-education landscape has become a fertile field for growing crypto-mining revenue. College students are crypto-mining from their dorm rooms, while outside actors are targeting their online activities for web-based attacks. According to Vectra’s 2018 RSA Conference Edition of its Atta...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49524952

    RESEARCH REPORTS REVEAL CONCERNS ABOUT IOT RISKS AND MICROSOFT FLAWS

    Mar 30, 2018

    New reports shed light on the current state of ransomware payouts and also reveals concerns about IoT cyber-risks. Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape. In the aggregate, the reports provide a snapshot of some to ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49534953

    IBM SECURITY LOOKS TO INCIDENT RESPONSE SERVICES FOR GROWTH

    Mar 30, 2018

    While IBM has made significant investments in acquiring cybersecurity vendors in recent years, the company now is turning its attention to security services like incident response. LAS VEGAS -- Despite increasing investments in cybersecurity from enterprises, IBM believes many organizations are stil...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49684968

    IBM REPORTS FEWER RECORDS BREACHED IN 2017 AS RANSOMWARE ESCALATES

    Mar 30, 2018

    The 2018 IBM X-Force Threat Intelligence Index reveals that 25 percent fewer records were breached in 2017 than in the prior year, but there is a big catch: The figure doesn't include records impacted by ransomware. IBM Security announced its 2018 X-Force Threat Intelligence Index on April 4, re...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49694969

    CYBERSECURITY AWARENESS DOESN'T FUEL BETTER PREPARATION: REPORT

    Mar 28, 2018

    New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident. The 2017 Cyberattack Storm Aftermath study, commissioned wit...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49444944

    LEGAL DEPARTMENTS STRUGGLE WITH GDPR ROLE

    Mar 28, 2018

    The General Data Protection Regulation (GDPR) is set to take effect on May 25, and research suggests that while businesses are busy scrambling to fill data protection officer (DPO) vacancies, other areas of the organization, especially the legal department, could be taken by surprise. According to a...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49454945

    BIT DISCOVERY LAUNCHES TO HELP IMPROVE WEBSITE ASSET INVENTORY

    Mar 28, 2018

    Jeremiah Grossman, founder of WhiteHat Security is throwing his hat back in the startup ring, launching Bit Discovery in a bid to help organizations with website asset inventory, which is a key cyber-security challenge. Startup Bit Discovery officially launched on March 27, led by cyber-security ind...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49484948

    ENERGY SECTOR ICS IS THE MOST-ATTACKED INFRASTRUCTURE

    Mar 27, 2018

    In the second half of 2017, nearly 40% of all analyzed industrial control systems (ICS) in energy organizations were attacked by malware at least once – closely followed by 35% of engineering and ICS integration networks. The cybersecurity of industrial facilities remains an issue that can lea...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49414941

    GOOGLE OFFERS DETAILS ON DDOS MITIGATION SERVICE FOR CLOUD PLATFORM

    Mar 26, 2018

    Google Offers Details on DDoS Mitigation Service for Cloud Platform. Google has released more details of its newly announced Cloud Armor system for mitigating distributed denial of service (DDoS) attacks. The service is one of about 20 security enhancements Google announced recently as part of a bro...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49494949

    APPLE CEO CALLS FOR BETTER PRIVACY REGULATIONS

    Mar 26, 2018

    Apple’s CEO is calling for better data privacy regulations as Elon Musk joins Brian Acton in supporting the #DeleteFacebook campaign. The storm around Facebook’s controversial data sharing with Cambridge Analytica continued at the weekend despite efforts by the social networking firm&rsq...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49364936

    RANSOMWARE PUBLICITY HEIGHTENED AWARENESS BUT OTHER THREATS REMAIN, EXPERTS SAY

    Mar 26, 2018

    Due to several high profile attacks over the past year, ransomware is now well known across organisations, but there are other threats to be aware of, say cyber security experts. Publicity around ransomware has raised awareness about the cyber threat, but there are other serious security issues that...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49374937

    TLS 1.3 ENCRYPTION STANDARD MOVES FORWARD, IMPROVING INTERNET SECURITY

    Mar 26, 2018

    A decade after the last SSL/TLS web encryption standard was released, the IETF has finally settled on the 28th draft of the TLS 1.3 standard to be the next major protocol for internet security. After years of development and 28 drafts, the Internet Engineering Task Force has approved Transport Layer...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49404940

    CLOUD KEY TO CYBER DEFENCE, SAYS PALO ALTO NETWORKS

    Mar 23, 2018

    Organisations need to make sense of security intelligence and act on it faster to get ahead of attackers, and cloud-based security is one way of making that possible, according to Palo Alto Networks. Companies are moving to the cloud for greater agility, flexibility and resilience, and they should b...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49344934

    IT FACES CHALLENGES WITH FIREWALLS IN THE CLOUD

    Mar 22, 2018

    The cloud is redefining the role of the firewall, and an overwhelming 83% of IT professionals in a recent survey have concerns about deploying traditional firewalls in nontraditional topographies. According to Barracuda Networks’ Firewalls and the Cloud survey of 600 global IT professionals, c...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49354935

    RANSOMWARE OUT, CRYPTOJACKING IN

    Mar 22, 2018

    Cryptojacking attacks exploded by 8,500% in 2017 resulting from the sudden increase in cryptocurrency values. According to research released by Symantec, UK ranked as the fifth highest country worldwide, with a staggering 44,000% increase in coin-miner detections. With a low barrier to entry –...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49294929

    SOCS ARE OVERWHELMED AND FACE DEEP CHALLENGES

    Mar 21, 2018

    Even though companies are trying to get their arms around the ever-shifting threat landscape by implementing security operations centers (SOCs), research has revealed that excessive alerts, outdated metrics and limited integration are leading to over-taxed resources within the SOCs. Fidelis Cybersec...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49284928

    GOOGLE ADDS TO ITS CLOUD SECURITY OFFERING

    Mar 21, 2018

    Today, Google has announced more than 20 enhancements to its Cloud Security environment, with the aim to give more control to businesses operating in the Cloud. These announcements follow security announcements for Chrome Enterprise, which the company made last week. These enhancements include: VPC ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49244924

    ORBITZ ATTACK IMPACTS HUNDREDS OF THOUSANDS OF CONSUMERS

    Mar 20, 2018

    Popular travel-booking site Orbitz has likely been hacked, potentially exposing payment card information for people that bought plane tickets or booked hotel rooms over the course of two years. The company said that it has uncovered evidence that about 880,000 payment cards were possibly impacted, a...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49254925

    CYBERSECURITY TREND FORECAST: STREAMLINED, SIMPLIFIED SECURITY

    Mar 19, 2018

    In this SearchCIO Q&A, Javvad Malik discusses why streamlining infosec processes is becoming a top cybersecurity trend and how new tech influences the infosec industry. Simplicity will be the cornerstone of effective cybersecurity as companies strive to consolidate resources, according to Javvad...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49174917

    FACEBOOK ROCKED BY DATA BREACH SCANDAL AS INVESTIGATIONS LOOM

    Mar 19, 2018

    Facebook shares plunged Monday as the social media giant was pounded by criticism at home and abroad over revelations that a firm working for Donald Trump's presidential campaign harvested and misused data on 50 million members. Calls for investigations came on both sides of the Atlantic after F...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49204920

    LEAKED REPORT ON AMD CHIP FLAWS RAISES ETHICAL DISCLOSURE QUESTIONS

    Mar 16, 2018

    Researchers announced AMD chip flaws without the coordinated disclosure procedure, and a leak of the research to a short seller has raised further suspicions about the process. Explosive research on AMD chip flaws released this week that broke vulnerability disclosure guidelines has been further mar...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49214921

    RUSSIAN GOVERNMENT HACKING EARNS U.S. SANCTIONS, WARNINGS

    Mar 16, 2018

    The U.S. Treasury Department levied sanctions for Russian government hacking, as a joint alert from the FBI and DHS confirms election meddling and critical infrastructure attacks. The FBI and Department of Homeland Security issued a joint technical alert detailing Russian government hacking activity...

    TECHTARGET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49164916

    MINORITY CYBER-PROS ARE BETTER EDUCATED BUT PAID LESS

    Mar 15, 2018

    When it comes to diversity in the cybersecurity workforce, it turns out that minority representation is actually higher than in the broader US workforce as a whole (26% vs. 21%). However, these professionals are disproportionately found in non-management roles, and they tend to earn lower salaries w...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49124912

    RUSH TO THE CLOUD RISKS SECURITY BREACHES

    Mar 15, 2018

    Over half of cybersecurity professionals are reporting misalignment between them and the rest of the business when it comes to the cloud and security issues, according to new research by Palo Alto Networks. Across Europe and the Middle East, 70% of respondents to the survey said that a rush to the c...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49134913

    BLACKTDS EMERGES AS AN AS-A-SERVICE DRIVE-BY KIT FOR MALWARE DISTRIBUTION

    Mar 14, 2018

    A new traffic distribution system called BlackTDS has reared its head in the criminal underground, marketing itself as an as-a-service tool for malware distribution. The privately held BlackTDS was spotted by Proofpoint researchers in late December 2017. It offers a variety of services to its &ldquo...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49094909

    CHINESE APT15 GROUP STEALS UK MILITARY DOCS

    Mar 13, 2018

    A suspected Chinse APT group has been spotted raiding a UK government contractor for military and other sensitive documents. APT15 is also known as Ke3chang, Mirage, Vixen Panda GREF and Playful Dragon – a group operating for several years from servers registered in China and with Chinese lang...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49114911

    SLINGSHOT APT ACTOR SHOOTS ONTO THE SCENE

    Mar 09, 2018

    A new advanced persistent threat (APT) has launched onto the scene, dubbed Slingshot. It’s taking aim at the Middle East and Africa, carrying out espionage activities via compromised routers. According to Kaspersky Lab, the group has been active since at least 2012. It uses a custom malware to...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48984898

    UNIVERSITIES LAG IN DMARC ADOPTION

    Mar 09, 2018

    An analysis of the 3,614 domains operated by the top accredited colleges and universities in the US has revealed that 88.8% of their root domains lack protections against phishing attacks that spoof the institution’s email nomenclature. A report from email specialist 250ok shows that most of t...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48994899

    THESE POPULAR ROBOTS ARE DEFENSELESS AGAINST CYBERATTACKS

    Mar 09, 2018

    These robots are designed to be like humans in every way. At CES 2017, SoftBank showed off Pepper, a humanoid machine that could talk, move around and evaluate your mood. The robot, developed by the Japan-based telecommunications giant, can be found in malls, cruise ships and airports around the wor...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49024902

    YOUR SMART CAMERA MAY HAVE BEEN SPYING ON YOU

    Mar 09, 2018

    Researchers from Kaspersky Lab discover vulnerabilities that affect a popular smart camera, which could allow a hacker to see what it was seeing. This popular smart camera is supposed to keep a watchful eye, but it failed to see its own security flaws. At the Kaspersky Security Analyst Summit, resea...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=49034903

    YOUR SMARTPHONES ARE GETTING MORE VALUABLE FOR HACKERS

    Mar 08, 2018

    Security researchers are seeing a shift where attackers would much rather hit your smartphones than your computers. Your smartphone probably knows more about you than you do. It knows where you are at all times. It knows every person you talk to, and what you've said to them. It has your family ...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48904890

    TENABLE LAUNCHES LUMIN CYBER-EXPOSURE BENCHMARKING PLATFORM

    Mar 08, 2018

    New feature on Tenable's cloud-delivered services platform aims to help organizations better understand and prioritize vulnerabilities. Cyber-security vendor Tenable Inc. announced its new cyber-exposure benchmarking service called Lumin on March 8. Lumin is part of the tenable.io Software-as-a-...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48944894

    BLACKBERRY SUES FACEBOOK, INSTAGRAM, WHATSAPPS FOR INFRINGING PATENTS

    Mar 07, 2018

    BlackBerry, which has evolved from a specialized smartphone vendor into an enterprise software company, is suing Facebook and its Instagram and WhatsApp subsidiaries claiming these companies are infringing on messaging patents long held by BlackBerry. The seven-count, 117-page lawsuit, which was fil...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48954895

    THIS IS HOW MUCH YOUR APPLE ID IS WORTH ON THE DARK WEB

    Mar 07, 2018

    Got $15.39? That's the going rate for an Apple login. But it pales in comparison to the value of a PayPal account. The people behind Top 10 VPN, a review site for virtual private networks, has a breakdown of the going rates for various forms of login information. An Apple ID will fetch $15.39 on...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48914891

    MOBILE ADVERTISING TROJAN ATTACKS DECLINED IN 2017, KASPERSKY REPORTS

    Mar 07, 2018

    Security firm Kaspersky Lab released its annual Mobile Malware Evolution report on March 7, revealing that there was a decline in the volume of multiple types of mobile malware threats in 2017, though the overall number of mobile malware attacks grew. Kaspersky Lab mobile security products reported ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48874887

    NCSC WARNS CHARITIES OF CYBER-THREATS

    Mar 05, 2018

    The UK’s National Cyber Security Centre (NCSC) has released its first guidance document for charities, warning that the sector is “absolutely not immune” to attacks. The GCHQ spin-off penned a new blog post last week claiming that third sector workers may be overly trusting of unso...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48854885

    NIKON, SONY JOIN STARTUP SCENERA FOR BETTER SECURITY CAMERAS

    Mar 05, 2018

    An alliance called NICE hopes to make cameras smarter and let you expand what they can do as easily as adding apps to your smartphone. make your next internet-linked security camera as smart and as adaptable as your smartphone is. The effort, announced Monday and called the Network of Intelligent Ca...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48864886

    STARTUP XAGE LAUNCHES BLOCKCHAIN-PROTECTED IIOT SECURITY

    Mar 02, 2018

    We already know that in the internet of things, devices, sensors and cloud services all connect to get things done—things like security surveillance, collecting and recording weather information, enabling live bodycams on police officers, connected parking meters and so on. All these use cases...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48764876

    GALAXY S9 INTELLIGENT SCAN FAVORS UNLOCKING EASE OVER SECURITY

    Mar 01, 2018

    An in-depth look at Samsung's new biometrics verification system -- and how it stacks up against the iPhone X’s Face ID -- shows it's not quite safe enough for mobile payments. Unlocking the Galaxy S9 might be faster -- but that doesn't mean it's more secure. Samsung's newe...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48784878

    BUGCROWD RAISES $26M TO EXPAND BUG BOUNTY PLATFORM

    Mar 01, 2018

    Bug bounty platform vendor Bugcrowd announced on March 1 that it raised $26 million in a Series C round of funding. The company will use the funding to grow its go to market efforts and expand what its crowdsourced bug bounty platform is able to do for organizations. The new funding round was led by...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48794879

    US MARINES CONFIRM 21,000 DETAILS EXPOSED IN DATA BREACH

    Mar 01, 2018

    Personal data of thousands of US Marines, sailors and civilians has been accidentally disclosed after an unencrypted email was sent to the wrong email distribution list. According to Marine Corps Times, 21,426 people are affected by the breach, with truncated social security numbers, bank details, t...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48844884

    CYBERSECURITY AT POWER PLANTS NEEDS ADVICE IT CAN ACTUALLY USE

    Mar 01, 2018

    Imagine if every time you were sick, all your doctor did was tell you to take some medicine. That's it. No prescription, no details on what to take, when to take it, where to get it, or even whether you can take it. Just, "take medicine." That'd be completely useless information. T...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48754875

    THREAT HUNTING TAKES CENTER STAGE FOR SOCS

    Feb 27, 2018

    Threat management continues to challenge security operation centers (SOCs); new research reveals that detection of advanced threats remains the No. 1 challenge for SOCs (55%), followed by lack of security expertise (43%). According to Crowd Research Partners’ 2018 Threat Hunting Report, which ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48714871

    DATA CENTER IPS PRODUCTS PUT TO THE TEST

    Feb 26, 2018

    NSS Labs releases its test results for intrusion prevention systems, including products from Juniper and Fortinet. Intrusion prevention is a key component in many enterprise security strategies, especially in the data center where it plays a particularly critical role. After all, that’s where ...

    NETWORKCOMPUTING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48724872

    CROWDSTRIKE REVEALS TIME TO BREAKOUT AS KEY CYBER-SECURITY METRIC

    Feb 26, 2018

    Breaches don't actually happen at the speed of light: Security firm CrowdStrike has determined that the average time to breakout is less than two hours. Cyber-security vendor CrowdStrike released its 2018 Global Threat Report on Feb. 26, providing insights from the company's globally distrib...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48674867

    PHISHING SECURITY FIRM PHISHME REBRANDS AS COFENSE AFTER ACQUISITION

    Feb 26, 2018

    Phishing security vendor Cofense aims to provide a collaborative defense, enabling humans to become a stronger link in helping to improve email security. Phishing and email security is big business, and on Feb. 26, email security vendor PhishMe announced that it is being acquired by a private equity...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48684868

    APPLE ICLOUD SECURITY CHANGE IN CHINA RAISES PRIVACY QUESTIONS

    Feb 24, 2018

    The company is moving encryption keys for China-based users' data from the US to the Asian country. Some say that's bad for dissidents. Apple says the keys are safe. Apple has privacy advocates worried over a change in how it protects the data of iCloud users in China, according to a pair of...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48614861

    HOW TO RECOGNIZE AND THWART BUSINESS EMAIL COMPROMISE SCAMS

    Feb 23, 2018

    The reports that Nigerian criminals have managed to bilk businesses out of billions of dollars through sophisticated business email compromise schemes is alarming. What’s more alarming is that the hackers managed to break into the email accounts of accounts payable staff and modify the setting...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48624862

    US FEDERAL CONTRACTORS LAG IN CYBER BEST PRACTICES

    Feb 23, 2018

    The US federal government relies on tens of thousands of contractors and subcontractors – sometimes referred to as the federal “supply chain” – to provide critical services, hold or maintain sensitive data, deliver technology and perform key functions. When it comes to their ...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48534853

    CISOS SEE INCIDENTS GROWING AND PREPAREDNESS WANING

    Feb 23, 2018

    When it comes to cybersecurity and preparedness, a recent survey paints a grim picture: A full 66% of CISOs believe their organization will experience a data breach or cybersecurity exploit that will seriously diminish shareholder value in the future – even as security postures aren’t li...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48544854

    PHISHING TRENDS AND THEIR IMPACT ON FUTURE RISKS

    Feb 21, 2018

    At The European Information Security Summit (TEISS) 2018 Lesley Marjoribanks, head of ethical phishing, Royal Bank of Scotland, reflected on the key phishing trends observed in the last year and their impact on phishing risks for the future. The first notable phishing pattern of last year was impact...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48454845

    RISK AND COMPLIANCE MANAGEMENT MOVES TOWARDS COLLABORATION

    Feb 21, 2018

    Managing the impact of a data breach is the top priority in risk management, yet respondents in a recent survey also reported that they lack the budget and resources to do that effectively. Collectively, organizations today face an unprecedented volume and variety of information risks that have ente...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48514851

    C-LEVEL PRIORITIZES BREACH COSTS OVER CUSTOMER LOSSES

    Feb 21, 2018

    Most UK C-level executives that have suffered a breach care about the associated costs more than losing customers, according to new research from Centrify. The identity security vendor polled 800 CEOs, CFOs, CTOs, CIOs, and CISOs in US and UK organizations to compile its latest report, CEO Disconnec...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48524852

    NORTH KOREAN THREAT WIDENS TO TARGET MULTINATIONALS

    Feb 20, 2018

    The North Korean–linked hacking group known as Reaper is expanding its operations in both scope and sophistication, and it has now graduated to the level of an advanced persistent threat. According to FireEye, the threat actor has carried out long-term targeting of North Korea’s interest...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48434843

    TESLA FALLS TO CRYPTO-JACKERS

    Feb 20, 2018

    Telsa, the green-car, solar and satellite company headed by Elon Musk, has fallen victim to hackers and crypto-jackers. RedLock CSI researchers found that bad actors intruded into Tesla’s public cloud environment to gain unauthorized access to nonpublic Tesla data like vehicle telemetry and st...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48444844

    SIEMENS, AIRBUS AND OTHERS INK CHARTER ON CRITICAL INFRASTRUCTURE, IOT

    Feb 16, 2018

    A group of nine industrial giants have signed a charter on cybersecurity, focused on developing binding rules and standards around critical infrastructure and the internet of things (IoT). Siemens, Airbus, Allianz, Daimler Group, IBM, the Munich Security Conference, NXP, SGS and Deutsche Telekom hav...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48374837

    SPAM TICKED DOWNWARD IN 2017, BUT PHISHING WAS UP

    Feb 16, 2018

    The spam and phishing scene last year was a mixed bag: The average amount of spam in 2017 decreased to 56.63%, which is 1.68% less than in 2016. However, the number of phishing attacks increased – the Kaspersky Lab anti-phishing system was triggered 246 million times on the computers of Kasper...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48384838

    MALWARE SPIKES COINCIDED WITH 2017 GEOPOLITICAL INCIDENTS

    Feb 16, 2018

    A new report has linked outbreaks of malware activity to geopolitical events and tensions. Comodo Threat Research Labs’ Global Malware Report 2017 was compiled by former NSA analyst, Kenneth Geers and utilizes the company’s malware monitoring capabilities in over 190 countries worldwide,...

    INFOSECURITY-MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48484848

    OVER $100K AWARDED IN LATEST HACK THE AIR FORCE 2.0 BUG BOUNTY EFFORT

    Feb 15, 2018

    The U.S. Air Force has once again engaged with hackers in a bid to help improve the security of the Air Force's public facing digital assets. The 20-day Hack the Air Force 2.0 security initiative was operated by the HackerOne bug bounty platform and involved security researchers from 26 countrie...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48324832

    WINDOWS ANALYTICS HELPS ASSESS RISK OF MELTDOWN, SPECTRE ATTACKS

    Feb 14, 2018

    Microsoft is stepping up its efforts to help IT professionals better assess whether their Windows devices are protected against the industry-wide Meltdown and Spectre attack techniques. Publicly detailed in the beginning of this year, the two attacks allow malicious applications to bypass memory iso...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48354835

    CYBERSECURITY IS 'GREATEST CONCERN' AT SENATE THREATS HEARING

    Feb 13, 2018

    At the Senate Intelligence Committee’s annual "Worldwide Threats" hearing, the top US intelligence agencies put technology front and center. For the top intelligence agencies in the US, technology has pushed aside terrorism as a top national security threat. The leaders of six of tho...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48294829

    MICROSOFT BRINGS WINDOWS DEFENDER ATP TO WINDOWS 7, 8.1

    Feb 13, 2018

    Microsoft on Monday announced plans to make Windows Defender Advanced Threat Protection (ATP) available for Windows 7 SP1 and Windows 8.1 devices. First announced in early 2016, Windows Defender ATP was packed in Windows 10 in an attempt to harden the platform and provide users with a unified endpoi...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48304830

    AIR GAPS, FARADAY CAGES CAN'T DETER HACKERS AFTER ALL

    Feb 08, 2018

    Conventional wisdom says that if something isn’t connected to the outside, it can’t be hacked. But research shows that Faraday rooms and air-gapped computers that are disconnected from the internet will not deter sophisticated cyber-attackers. Air-gapped computers used for an organizatio...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48194819

    81% OF CYBERSECURITY PROS SEE VALUE IN THREAT INTELLIGENCE

    Feb 08, 2018

    The perceived value of threat intelligence is growing, with 68% of organizations currently creating or consuming data around the latest cybersecurity campaigns. According to the SANS 2018 Cyber Threat Intelligence Survey, about a fifth (22%) of organizations have plans to use threat intelligence in ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48204820

    WINDOWS 10 S BUILD 17093 HELPS USERS DITCH PASSWORDS

    Feb 08, 2018

    Microsoft's war against passwords has taken a new turn in Windows 10 preview build 17093. Most of the Redmond, Wash. software giant's employees is already using Windows Hello, the company's suite of biometric and secure authentication technologies, to log into their PCs at work Windows D...


    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48214821

    APPLE: THE LEAKED IPHONE SOURCE CODE IS OUTDATED

    Feb 08, 2018

    The company takes down crucial iPhone source code for iOS 9 posted on Github, but the code was up long enough to cause security concerns. Apple has responded to security concerns surrounding leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated. "Old sourc...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48234823

    WILL THE GREATEST FEAT AT THE PYEONGCHANG OLYMPICS BE STAVING OFF CYBERATTACKS?

    Feb 08, 2018

    Even a centuries old tradition like the Olympics cannot stave off the effects of digital transformation. As athletes, teams, businesses and visitors from around the world gather in Pyeongchang this month, technology will be playing a greater role than ever in the games, from the personal devices aug...

    CIODIVE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48264826

    2017: WORST YEAR EVER FOR DATA LOSS AND BREACHES

    Feb 06, 2018

    Last year set the record for both the most breaches and the most data compromised in a year, as several new trends (like a surge in cloud storage misconfigurations) characterized the proceedings. “The level of breach activity this year was disheartening,” said Inga Goddijn, executive vic...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48114811

    NHS TRUSTS HAVE ALL FAILED CYBER ESSENTIALS - REPORT

    Feb 06, 2018

    Every NHS Trust has failed to meet the recommended data security standards, a parliamentary committee has heard. These include accreditation to the government-backed Cyber Essentials Plus scheme, which aims to improve baseline security with a series of best practice steps organizations can take. Unl...


    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48134813

    LAYERED INSIGHT TAKES AIM AT CONTAINER SECURITY

    Feb 05, 2018

    The market and competition for container security technology is continuing to grow. Among the newest entrants in the space is Layered Insight which announced its new CEO Sachin Aggarwal on Feb. 5. The Layered Insight platform integrates multiple container security capabilities including assessment, ...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48164816

    WINTER OLYMPICS ATTACK EXPANDS WITH TOP-TIER SPYWARE

    Feb 05, 2018

    The espionage campaign against Winter Olympics targets has widened its net, with several second-stage implants providing attackers with top-tier spyware capabilities and the ability to achieve permanent persistence on victim machines. McAfee's Advanced Threat Research (ATR) recently released a r...


    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48074807

    EMPLOYEE PERCEPTIONS AND EMPLOYER POLICIES FOR WORKPLACE SAFETY ARE NOT ALIGNED

    Feb 05, 2018

    A new report says workplaces miss the mark in critical communication and planning, and could be unprepared to meet the future needs of employees. "Given the current landscape of the workforce, a company's ability to focus on an active shooter or workplace violence incident is absolutely par...


    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48084808

    GOOGLE REMOVES 89 MALICIOUS BROWER EXTENSIONS FROM CHROME WEB STORE

    Feb 02, 2018

    As it has done many times over the past year with unwanted Android applications on its Play store, Google has removed 89 browser extensions from its official Chrome web store after a security vendor identified them as being malicious.


    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48054805

    INTEL WORKING ON CPUS WITH MELTDOWN, SPECTRE PROTECTIONS

    Jan 26, 2018

    Intel is working on CPUs that will include built-in protections against the notorious Meltdown and Spectre attacks, CEO Brian Krzanich revealed on Thursday during a conference call discussing the company’s latest earnings report. Intel has released some microcode updates to address the vulnera...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47974797

    MASTERCARD TO IMPLEMENT BIOMETRICS FOR IN-STORE CARD PAYMENTS

    Jan 25, 2018

    Mastercard is implementing biometrics for card payments, with plans to go live by April 2019. The financial giant said that all consumers will be able to identify themselves with biometrics such as fingerprints or facial recognition whenever they pay in stores with Mastercard. Biometric options will...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=48014801

    QUALITY OF PASSWORD STRENGTH AND MFA ADOPTION IMPROVES

    Jan 24, 2018

    According to Okta’s global Businesses @ Work report, its requirement of a minimum of eight characters, at least one lowercase letter, one uppercase letter and a number, would only fit with the small percentage of passwords it surveyed from a list of publicly-exposed details. That list also sho...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47954795

    SAMSAM RANSOMWARE ATTACKS HIT HEALTHCARE FIRMS

    Jan 22, 2018

    Earlier this month, Hancock Health, headquartered in Greenfield, Indiana, was infected with the SamSam ransomware. This past weekend, Allscripts -- a major electronic health record (EHR) company headquartered in Chicago, IL -- confirmed that it had also been hit by Ransomware, which it described as ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47914791

    ONE IDENTITY ACQUIRES BALABIT TO MERGE IAM AND PAM

    Jan 19, 2018

    Identity and access management (IAM) provider One Identity has acquired privileged access management vendor Balabit. It is a deal that will see Balabit’s privileged account analytics and log management capabilities enhance its overall identity and access management portfolio. Financial terms o...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47894789

    GOOGLE BRINGS SECURITY ANALYTICS TO G SUITE

    Jan 18, 2018

    Google this week announced security center for G Suite, a tool that brings together security analytics, actionable insights, and best practice recommendations from Google.  The new tool provides a snapshot of important security metrics in one place, including information on suspicious device ac...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47924792

    CLOUDFLARE LAUNCHES REMOTE ACCESS TO REPLACE CORPORATE VPNS

    Jan 18, 2018

    Mobile and cloud computing have challenged the concept of perimeter security. There is no longer an easily definable perimeter to defend. VPNs are a traditional, but not ideal solution. Neither approach addresses the attacker who gets through the perimeter or into the VPN. Google long ago recognized...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47874787

    BRITON PLEADS GUILTY TO RUNNING MALWARE SERVICES

    Jan 17, 2018

    Goncalo Esteves, a 24-year-old man from the United Kingdom, has pleaded guilty to charges related to creating and running services designed to help cybercriminals develop malware that would not be detected by antivirus products. One of Esteves’ services was a website called reFUD.me. Created i...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47824782

    PURESEC EMERGES FROM STEALTH WITH SECURITY PRODUCT FOR SERVERLESS APPS

    Jan 17, 2018

    Tel Aviv, Israel-based startup PureSec emerged from stealth mode on Wednesday with a security platform designed for serverless architectures and a guide that describes the top 10 risks for serverless applications. Founded by Shaked Zin (CEO), Avi Shulman (VP of R&D) and Ory Segal (CTO), PureSec ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47844784

    FAKE MELTDOWN/SPECTRE PATCH INSTALLS MALWARE

    Jan 15, 2018

    Advantage of the massive attention the recently detailed Meltdown and Spectre CPU flaws have received, in an attempt to trick users into installing malware instead, Malwarebytes warns.  Made public in early January, Meltdown and Spectre are two new side-channel attack methods against modern pro...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47784778

    'MAMI' MAC MALWARE HIJACKS DNS SETTINGS

    Jan 12, 2018

    Researcher Patrick Wardle has analyzed what seems to be a new piece of malware designed to hijack DNS settings on macOS devices. The threat has other capabilities as well, but they do not appear to be active.The malware, dubbed OSX/MaMi by Wardle based on a core class named “SBMaMiSettings,&rd...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47734773

    AMD WORKING ON MICROCODE UPDATES TO MITIGATE SPECTRE ATTACK

    Jan 12, 2018

    AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs. Shortly after researchers revealed the Spectre and Meltdown att...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47754775

    SECURITY FLAWS FOUND IN MAJORITY OF SCADA MOBILE APPS

    Jan 11, 2018

    Researchers from IOActive and Embedi have conducted an analysis of SCADA mobile applications from 34 vendors and found vulnerabilities in a vast majority of them, including flaws that can be exploited to influence industrial processes. Two years ago, researchers Alexander Bolshev and Ivan Yushkevich...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47804780

    MICROSOFT PATCHES ZERO-DAY VULNERABILITY IN OFFICE

    Jan 09, 2018

    Microsoft’s January 2018 Patch Tuesday updates address more than 50 vulnerabilities, including a zero-day vulnerability in Office related to an Equation Editor flaw that has been exploited by several threat groups in the past few months. The zero-day vulnerability, tracked as CVE-2018-0802, ha...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47694769

    WORKING SMARTER, NOT HARDER: BRIDGING THE CYBER SECURITY SKILLS GAP

    Jan 09, 2018

    From WannaCry to NotPetya, 2017 brought with it a new wave of cyber-threats, with machine-speed attacks dominating the headlines on a regular basis. But while a lot of the commentary in the aftermath of ransomware attacks was either concerned with finding out who was behind the attacks, or lamenting...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47714771

    MICROSOFT WORD SUBDOC FEATURE ALLOWS PASSWORD THEFT

    Jan 05, 2018

    A feature in Microsoft Word that allows for the loading of sub-documents from a master document can be abused by attackers to steal a user’s credentials, according to Rhino Security Labs. Dubbed subDoc, the feature was designed to load a document into the body of another document, so as to inc...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47664766

    ANDROID TROJAN TARGETS 200+ GLOBAL FINANCIAL APPS

    Jan 05, 2018

    An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally. According to Quick Heal Security Labs, Banker A2f8a is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and texts to a malicious se...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47684768

    NECURS BOTNET FUELS MASSIVE YEAR-END RANSOMWARE ATTACKS

    Jan 02, 2018

    The Necurs botnet started 2017 with a four-month vacation, but ended the year sending tens of millions of spam emails daily as part of massive ransomware distribution campaigns. Considered the largest spam botnet at the moment, Necurs was the main driver behind the ascension of the Locky ransomware ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47624762

    FOREVER 21 PAYMENT SYSTEMS INFECTED WITH MALWARE FOR 7 MONTHS

    Jan 02, 2018

    Los Angeles-based fashion retailer Forever 21 informed customers last week that some of its payment processing systems had been infected with malware for a period of more than 7 months. The company learned about the breach in mid-October after being alerted by a third party, and customers were first...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47644764

    INTERNET-CONNECTED SONOS SPEAKERS LEAK USER INFORMATION

    Jan 02, 2018

    A vulnerability found in Internet-connected Sonos Play:1 speakers can be abused to access information on users, Trend Micro has discovered. By exploiting the issue, an attacker could learn a user’s musical preferences, get hold of their email address, and could even learn where the user lives ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47654765

    DIGIMINE MALWARE STEALS YOUR COMPUTER POWER TO MINE CRYPTO-CURRENCY

    Dec 27, 2017

    When new crypto-currency mining malware was discovered this week, the first reaction by many security managers was probably one of confusion. While most people know that crypto-currency is a term for digital currency such as Bitcoin, the idea of malware that mines money is something new. For that ma...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47614761

    VENUSLOCKER SWITCHES TACTICS FROM RANSOMWARE TO MONERO MINING

    Dec 22, 2017

    A new, but also familiar, malware attack scheme has emerged, targeting the cryptocurrency market: The VenusLocker group has switched its crosshairs from extortion via ransomware to mining Monero. According to the FortiGuard Labs team, an attack was observed targeting South Korea, which arrives via p...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47574757

    LITHUANIA BANS KASPERSKY SOFTWARE AS 'POTENTIAL' THREAT

    Dec 21, 2017

    Lithuania will ban Moscow-based cyber security firm Kaspersky Lab's products from computers managing key energy, finance and transport systems due to security concerns, authorities said Thursday. The Russian firm's software was banned from US government networks earlier this year amid allega...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47584758

    NORTH KOREA BEGINS POS ATTACKS WITH NEW MALWARE

    Dec 21, 2017

    North Korea is taking aim at point-of-sale systems as part of its ongoing criminal fundraising efforts. Proofpoint researchers have uncovered what it’s calling the first publicly documented instance of a nation-state targeting a POS-related framework for the theft of credit-card data, carried ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47514751

    BACKDOORED CAPTCHA PLUGIN HITS 300,000 WORDPRESS SITES

    Dec 20, 2017

    Through an update on December 4, code designed to trigger an automatic update process and download a ZIP file from the simplywordpress[dot]net domain was added to the plugin. The archive would extract and install itself over the copy of the Captcha plugin already running on site.  Inside the ZI...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47504750

    CAMBIUM WIRELESS NETWORKING DEVICES VULNERABLE TO ATTACKS

    Dec 19, 2017

    A researcher has discovered nearly a dozen security issues in ePMP and cnPilot wireless networking products from Cambium, including vulnerabilities that can be exploited to take control of devices and the networks they serve. Cambium’s ePMP and cnPilot wireless broadband solutions are used by ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47484748

    IT SECURITY SPENDING TO REACH $96 BILLION IN 2018: GARTNER

    Dec 08, 2017

    Gartner has predicted that worldwide information security spending will reach $86.4 billion in 2017; a seven percent growth over the year. Spending is expected to increase to $93 billion in 2018. The fastest growing sector is security services; especially in IT outsourcing, consulting and implementa...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47434743

    CHROME IMPROVES SECURITY FOR ENTERPRISE USE

    Dec 07, 2017

    Google is boosting the security of its browser with the release of Chrome 63, which brings a host of enhancements aimed at enterprises and also addresses 37 vulnerabilities. The new browser iteration, Google says, can better protect enterprises from potential dangers like ransomware, malware, and ot...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47364736

    AFTER US ALLEGATIONS AGAINST KASPERSKY LAB, UK RESPONDS

    Dec 07, 2017

    The British government has taken a cue from the U.S. government's concern about Kaspersky Lab's anti-virus software. The U.K.'s National Cyber Security Center, which advises organizations on cybersecurity matters and is part of intelligence agency GCHQ, now recommends that British govern...

    BANKINFOSECURITY.COM
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47314731

    KNOWN VULNERABILITIES WILL PLAGUE 2018 AS ATTACK SURFACE WIDENS

    Dec 06, 2017

    This year, cyberattacks continued to plague business leaders, with major breaches occurring due to known vulnerabilities. Trend Micro predicts this trend will continue in 2018 as corporate attack surfaces expand and expose more security holes. As information technology and operational technology (IT...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47334733

    DHS SAYS DRONE MAKER DJI HELPING CHINA SPY ON U.S.

    Dec 04, 2017

    A memo from the U.S. Department of Homeland Security (DHS) warns that China-based Da-Jiang Innovations (DJI), one of the world’s largest drone manufacturers, has been providing information on critical infrastructure and law enforcement to the Chinese government.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47294729

    IT STAFF BLAME THEMSELVES FOR SECURITY RISK

    Dec 01, 2017

    More than a third of IT professionals (35%) actually see themselves as the biggest internal security risk to networks within their organization. According to research from Balabit, while HR and finance departments are the easiest target for social engineering, it is in fact IT staff who pose the big...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47284728

    IMGUR DISCLOSES 2014 BREACH AFFECTING 1.7 MILLION USERS

    Nov 27, 2017

    Popular image hosting website Imgur notified users on Friday that hackers had stolen data associated with 1.7 million accounts as a result of a breach that occurred back in 2014. The company learned about the hack from Australian security expert Troy Hunt, operator of the Have I Been Pwned breach no...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47164716

    CRITICAL CODE EXECUTION FLAW FOUND IN EXIM

    Nov 27, 2017

    Serious vulnerabilities that can be exploited for remote code execution and denial-of-service (DoS) attacks have been found in the popular mail transfer agent (MTA) software Exim. Exim is an open source MTA for Unix systems created at the University of Cambridge. An analysis of more than one million...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47214721

    NECURS RETURNS WITH NEW SCARAB RANSOMWARE CAMPAIGN

    Nov 24, 2017

    The world's largest spam botnet, Necurs, is delivering a new version of the Scarab ransomware. The campaign started at 07:30 UTC on Thanksgiving Day. By 13:30 UTC, security firm Forcepoint had already blocked more than 12.5 million Necurs emails.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47144714

    EMEA SEES DOUBLE-DIGIT GROWTH FOR MANAGED SECURITY

    Nov 24, 2017

    The managed security services (MSS) market in Europe, Middle East and Africa (EMEA) is experiencing significant transformation, with double-digit growth in revenue. Frost & Sullivan’s research, EMEA Managed Security Services Market, Forecast to 2021, finds that the market was valued at $4....

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47154715

    RANSOMWARE TARGETS SMBS VIA RDP ATTACKS

    Nov 17, 2017

    A series of ransomware attacks against small-to-medium companies are leveraging Remote Desktop Protocol (RDP) access to infect systems, Sophos reports. As part of these attacks, the mallicious actors abuse a commonly found issue in many business networks: weak passwords.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47114711

    POOR SECURITY HABITS PLAGUE LARGE ENTERPRISES

    Nov 17, 2017

    Despite being ripe targets for cybercriminals, most large enterprises lack control over employee data access and follow weak password practices.  According to Preempt’s survey of 200 management-level professionals at organizations with 1,000 employees, employees have more access than they...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47134713

    HACKERS HELPED PENTAGON PATCH THOUSANDS OF FLAWS

    Nov 13, 2017

    Bug bounty programs and a vulnerability disclosure policy have helped the U.S. Department of Defense patch thousands of security holes in its systems. Nearly one year after it announced its vulnerability disclosure policy, the Pentagon received 2,837 valid bug reports from roughly 650 white hat hack...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47064706

    CHINESE CYBERSPIES DELIVER NEW MALWARE VIA CPL FILES

    Nov 13, 2017

    A China-linked cyber espionage group that may have been active since as early as 2010 has developed a new piece of malware that it has used in highly targeted attacks launched over the past year. The new malware, dubbed Reaver, was analyzed by researchers at Palo Alto Networks, who identified ten di...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47094709

    PHISHING POSES BIGGEST THREAT TO USERS: GOOGLE

    Nov 10, 2017

    A study conducted by Google over a one-year period showed that online accounts are most likely to become compromised as a result of phishing attacks. Between March 2016 and March 2017, Google researchers identified 12.4 million potential victims of phishing, roughly 788,000 potential victims of keyl...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47054705

    WIKILEAKS SAYS CIA IMPERSONATED KASPERSKY LAB

    Nov 09, 2017

    WikiLeaks has resumed its CIA leaks and it has now started publishing source code and other files associated with tools allegedly developed by the intelligence agency. In March, WikiLeaks began publishing documentation files describing what appeared to be CIA hacking tools as part of a leak dubbed V...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=47024702

    RUSSIA-LINKED SPIES DELIVER MALWARE VIA DDE ATTACK

    Nov 08, 2017

    The Russia-linked cyber espionage group tracked as APT28 and Fancy Bear has started delivering malware to targeted users by leveraging a recently disclosed technique involving Microsoft Office documents and a Windows feature called Dynamic Data Exchange (DDE).

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46984698

    GOOGLE PATCHES CRITICAL BUGS IN ANDROID

    Nov 07, 2017

    Google on Monday released its November 2017 set of security patches for Android to address 31 vulnerabilities, 9 of which are remote code execution issues rated Critical severity. A total of 9 vulnerabilities are related to the recently revealed KRACK attack.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46964696

    NEW GIBON RANSOMWARE EMERGES

    Nov 06, 2017

    A newly discovered ransomware family called "GIBON" is targeting all files on machines that it has managed to infect, except those located in the Windows folder. The ransomware is being sold on underground criminal forums for $500 and has been available there since at least May 2017.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46924692

    MULTI-VECTOR ATTACK ON ANDROID THROWS THE KITCHEN SINK AT VICTIMS

    Nov 06, 2017

    A multi-pronged attack on Android devices has been uncovered, which incorporates a bevy of threat vectors and social engineering tricks into a single scheme involving the Marcher Android banking Trojan. According to researchers at Proofpoint, attacks begin with a banking credential phishing scheme, ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46954695

    RUSSIAN 'FANCY BEAR' HACKERS ABUSE BLOGSPOT FOR PHISHING

    Nov 03, 2017

    The cyber espionage group known as Fancy Bear, which is widely believed to be backed by the Russian government, has been abusing Google’s Blogspot service in recent phishing attacks. Threat intelligence firm ThreatConnect spotted the use of the blogging service while analyzing attacks aimed at...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46874687

    POISONED GOOGLE SEARCH RESULTS LEAD TO BANKING TROJAN

    Nov 03, 2017

    A recently observed Zeus Panda banking Trojan attack used poisoned Google search results for specific banking related keywords to infect users, Cisco Talos researchers warn. As part of this attack, the actor behind Zeus Panda used Search Engine Optimization (SEO) to make their malicious links more p...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46884688

    ETERNALBLUE IS BACK, WITH NEW TRICKS

    Nov 03, 2017

    An email-server message block (SMB) blended threat has been uncovered, which uses the compromised machine as a stepping stone to propagate laterally via the EternalBlue exploit. Netskope Threat Research Labs said that the inclusion of the EternalBlue exploit is insidious because it will be launched ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46914691

    SMARTPHONE EXPLOITS EARN HACKERS OVER $500,000

    Nov 02, 2017

    White hat hackers earned more than half a million dollars at this year’s Mobile Pwn2Own competition after successfully demonstrating exploits against Samsung’s Galaxy S8, Apple’s iPhone 7 and Huawei’s Mate 9 Pro.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46834683

    ANALYSIS OF 3,200 PHISHING KITS SHEDS LIGHT ON ATTACKER TOOLS AND TECHNIQUES

    Nov 02, 2017

    Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium's login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials -...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46854685

    SERIOUS SQL INJECTION FLAW PATCHED IN WORDPRESS

    Nov 01, 2017

    A serious SQL injection vulnerability was patched on Tuesday by WordPress developers with the release of version 4.8.3. The flaw, discovered by Anthony Ferrara, can be exploited via WordPress plugins and themes to achieve SQL injection, which can often allow attackers to take control of vulnerable w...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46794679

    NEW "SILENCE TROJAN" USED IN ONGOING BANK ATTACKS

    Nov 01, 2017

    Security researchers from Kaspersky Lab are monitoring an ongoing cyber attack against primarily Russian, but also Malaysian and Armenian, financial institutions. The attack is new and has been dubbed 'Silence'.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46804680

    IBM HELPS BANKS PREVENT NEW ACCOUNT FRAUD

    Oct 31, 2017

    IBM Security announced on Tuesday the launch of a product designed to help banks and other service providers protect their customers against new account fraud (NAF). As an increasing number of financial institutions allow consumers to open new accounts via the Internet – without the need to ph...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46744674

    ONLY A THIRD OF US OFFICE WORKERS KNOW WHAT RANSOMWARE IS

    Oct 31, 2017

    The threat of ransomware is growing exponentially, yet only a third of US office workers know what it is. Intermedia’s latest 2017 Data Vulnerability Report, which surveyed 1,000 US knowledge workers, found that even with the increased publicity and impact of global ransomware attacks like Wan...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46774677

    NOTPETYA ATTACK HAD SIGNIFICANT IMPACT ON MERCK REVENUE

    Oct 30, 2017

    American pharmaceutical giant Merck reported last week that the recent NotPetya malware attack caused losses of hundreds of millions of dollars in revenue. The company’s financial results for the third quarter show that worldwide sales decreased by 2 percent to $10.3 billion compared to the sa...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46694669

    SAGE RANSOMWARE GETS ANTI-ANALYSIS CAPABILITIES

    Oct 30, 2017

    The Sage ransomware, which emerged toward the beginning of this year, has added new functionality that allows it to escalate privileges and evade analysis, Fortinet warns.The malware was highly active in early 2017, but hasn’t shown significant activity over the past six months.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46724672

    HOMEHACK FLAW ALLOWS SPYING VIA THE ROBOT VACUUM

    Oct 27, 2017

    Beware your vacuum robot: A vulnerability in LG Electronics’ smart-home line of appliances allows remote access and control of anything in the ecosystem—including refrigerators, ovens, dishwashers, washing machines and dryers, air conditioners and, yes, the vacuum cleaner.

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46714671

    PROFILING TOOL SUGGESTS 'BAD RABBIT' NOT FINANCIALLY MOTIVATED

    Oct 27, 2017

    Researchers at FireEye noticed that some of the websites redirecting users to the Bad Rabbit ransomware hosted a profiling framework, which could suggest that the attack was not financially motivated.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46674667

    BAD RABBIT' ATTACK INFRASTRUCTURE SET UP MONTHS AGO

    Oct 26, 2017

    The infrastructure used by the Bad Rabbit ransomware was set up months ago and an increasing amount of evidence links the malware to the NotPetya attack launched in late June, which some experts believe was the work of a Russian threat actor.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46634663

    MICROSOFT OPEN SOURCES WEBSITE SCANNING TOOL 'SONAR'

    Oct 26, 2017

    Microsoft announced this week the availability of Sonar, an open source linting and website scanning tool designed to help developers identify and fix performance and security issues. Developed by the Microsoft Edge team, Sonar has been made open source and donated to the JS Foundation.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46654665

    KASPERSKY MAY HAVE FOUND HOW RUSSIAN HACKERS STOLE NSA DATA

    Oct 25, 2017

    Security firm Kaspersky Lab has shared preliminary results from its investigation following media reports that Russian hackers used its software to steal sensitive NSA data from a contractor’s computer back in 2015.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46574657

    FIRMS INCREASINGLY TURN TO MACHINE LEARNING FOR SECURITY SOLUTIONS

    Oct 25, 2017

    Forty-seven percent of organizations have already deployed machine learning (ML) solutions, with another 23% engaged in pilot projects, to help detect increasingly sophisticated incursions and lower the cost of response.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46604660

    SIMULATED PHISHING FIRM KNOWBE4 RAISES $30 MILLION

    Oct 24, 2017

    Security awareness training and simulated phishing firm KnowBe4 has secured $30 million in Series B financing led by Goldman Sachs Growth Equity (GS Growth), with existing investor Elephant participating. It brings the total financing raised by KnowBe4 to $44 million.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46564656

    NEARLY 100 WHOLE FOODS LOCATIONS AFFECTED BY CARD BREACH

    Oct 23, 2017

    Amazon-owned Whole Foods Market informed customers last week that a recent hacker attack aimed at its payment systems affected nearly 100 locations across the United States.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46544654

    REAPER BOTNET HAS COME FOR THE INTERNET

    Oct 20, 2017

    According to Check Point’s research team, this new baddie, ominously dubbed “Reaper,” is recruiting IoT devices such as IP wireless cameras and DVRs at a far faster rate than the Mirai botnet did in 2016—and it already is estimated to have infected multiple devices in more th...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46524652

    PAYMENT CARDS STOLEN IN PIZZA HUT WEBSITE HACK

    Oct 16, 2017

    Pizza Hut U.S. informed customers over the weekend that their payment card and contact information may have been compromised after cybercriminals breached its website. According to the company, the hackers only had access to the site between the morning of October 1, 2017 through midday on October 2...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46474647

    DATA SAMPLE IN EQUIFAX HACK SCAM POSSIBLY FROM THIRD-PARTY SERVERS

    Oct 13, 2017

    A data sample provided last month by scammers trying to make a profit by claiming to have breached U.S. credit reporting agency Equifax may have been obtained from unprotected Amazon Web Services (AWS) instances owned by a different company.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46504650

    MALICIOUS REDIRECTS ON EQUIFAX, TRANSUNION SITES CAUSED BY THIRD-PARTY SCRIPT

    Oct 13, 2017

    Two of the “Big Three” U.S. credit reporting agencies, Equifax and TransUnion, were hit by a cybersecurity incident caused by the use of a third-party web analytics script.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46434643

    HIGH-TECH BRIDGE LAUNCHES FREE SERVICE FOR TESTING MOBILE APPS

    Oct 12, 2017

    Web security company High-Tech Bridge announced on Thursday the launch of a free online service that allows mobile application developers to test their iOS and Android apps.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46464646

    KASPERSKY IN FOCUS AS US-RUSSIA CYBER-TENSIONS RISE

    Oct 12, 2017

    The security software firm Kaspersky has become the focal point in an escalating conflict in cyberspace between the United States and Russia. The Russian-based company has been accused of being a vehicle for hackers to steal security secrets from the US National Security Agency.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46394639

    CLOUD APP SECURITY FIRM SHIFTLEFT EXITS STEALTH WITH $9 MILLION IN FUNDING

    Oct 11, 2017

    ShiftLeft emerged from stealth mode on Wednesday with a new solution designed to protect cloud applications and microservices, and with more than $9 million in funding.The company’s fully automated security-as-a-service (SECaaS) solution is designed to help organizations secure their applicati...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46424642

    HACKERS CAN EXECUTE CODE ON WINDOWS VIA DNS RESPONSES

    Oct 11, 2017

    One of the 62 vulnerabilities patched by Microsoft with the October security updates is a critical Windows flaw that allows remote attackers to execute arbitrary code on a targeted machine via specially crafted DNS responses.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46384638

    NEW ATMII MALWARE CAN EMPTY ATMS

    Oct 10, 2017

    A newly detailed malware targeting automated teller machines (ATM) allows attackers to completely drain available cash, Kaspersky Lab researchers have discovered.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46364636

    RESEARCH REPORTS STOLEN IN FORRESTER WEBSITE HACK

    Oct 09, 2017

    Forrester, one of the world’s most influential market research and advisory firms, informed customers late on Friday that its main website had been breached. According to Forrester Chief Business Technology Officer Steven Peltzman, a hacker accessed information provided to customers through th...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46274627

    DISQUS DISCLOSES 2012 BREACH IMPACTING 17 MILLION USERS

    Oct 09, 2017

    Commenting service Disqus informed customers on Friday of a data breach that apparently occurred back in 2012 and which affected roughly 17.5 million user accounts. Disqus learned of the breach from Troy Hunt, the Australian security expert who created the Have I Been Pwned breach notification servi...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46304630

    FORRESTER RESEARCH DISCLOSES LIMITED WEBSITE DATA BREACH

    Oct 09, 2017

    According to Forrester Research's preliminary investigation, attackers were able to gain access to forrester.com content that was intended to be limited exclusively to clients. "We recognize that hackers will attack attractive targets — in this case, our research IP," George F. C...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46324632

    FIN7 HACKERS CHANGE ATTACK TECHNIQUES

    Oct 09, 2017

    The financially-motivated FIN7 hacking group recently switched to a new delivery technique and has been employing a different malware obfuscation method, ICEBRG security researchers reveal.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46334633

    UTILITIES FEAR CYBERATTACKS COULD CAUSE ELECTRIC GRID DISRUPTIONS: SURVEY

    Oct 05, 2017

    Many utility executives from around the world believe cyberattacks could cause disruptions to electric distribution grids in the next five years, according to a report published on Wednesday by professional services company Accenture.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46244624

    CRITICAL REMOTE CODE EXECUTION FLAWS FOUND IN HPE IMC

    Oct 05, 2017

    HPE has released an update for its Intelligent Management Center (iMC) platform to address several vulnerabilities, including critical flaws that allow remote attackers to execute arbitrary code on affected systems.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46264626

    ACCENTURE: UTILITY GRIDS BRACE FOR CYBERATTACKS—WITH POOR DEFENSES

    Oct 04, 2017

    More than three-quarters of American utility execs are expecting an attack on the grid within the next five years—and are woefully unprepared to deal with it if it happens. A fresh report from Accenture, entitled Outsmarting Grid Security Threats, included interviews with more than 100 utility...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46214621

    MANY COMPANIES UNPREPARED FOR DNS ATTACKS: SURVEY

    Oct 03, 2017

    Many companies are not prepared to deal with DNS attacks, and a quarter of the ones that have already been hit reported significant losses, according to a survey conducted by Dimensional Research on behalf of network security firm Infoblox.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46154615

    BANKING TROJAN EXPLOITS CHAIN OF TRUST TO DECEIVE SECURITY TOOLS

    Oct 03, 2017

    A fresh iteration of a banking trojan has been uncovered that exploits an authentic VMware binary to deceive security tools into accepting errant activity. Cisco Talos first uncovered it being used in a campaign specific to Brazil.

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46174617

    GOOGLE PATCHES CRITICAL ANDROID FLAWS WITH OCTOBER 2017 UPDATES

    Oct 03, 2017

    Google this week released its October 2017 Android patches, which address a total of 14 vulnerabilities in the mobile platform, including five rated Critical severity. Split in two, the Android Security Bulletin—October 2017 resolves issues affecting various platform iterations, ranging from A...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46204620

    THREE IN FOUR DDOS TARGETS HIT MULTIPLE TIMES: IMPERVA

    Oct 02, 2017

    Amid an increase in frequency of repeat application layer distributed denial of service (DDoS) attacks during the second quarter of the year, over 75% of targets were hit multiple times, according to statistics from Imperva.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46134613

    SOPHISTICATED PHISHING ATTACKS TARGET INTERNET FREEDOM ACTIVISTS

    Sep 29, 2017

    The Electronic Frontier Foundation (EFF) revealed on Wednesday that employees of Internet freedom NGOs “Free Press” and “Fight for the Future” have been targeted in sophisticated spear-phishing attacks.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46124612

    ESPIONAGE ATTACK USES SCRIPTS FOR DATA EXFILTRATION

    Sep 28, 2017

    A recently detected espionage campaign is delivered via malicious emails, but maintains presence on compromised machines by using scripts instead of a binary payload, Malwarebytes researchers have discovered.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46094609

    FLAWS EXPOSE FLIR THERMAL CAMERAS TO REMOTE ATTACKS

    Sep 27, 2017

    Researchers have disclosed the details of several potentially serious vulnerabilities affecting thermal security cameras from FLIR Systems, said to be the world’s largest provider of thermal imaging cameras, components and imaging sensors.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46084608

    ANDROID MALWARE EXPLOITS DIRTY COW VULNERABILITY

    Sep 26, 2017

    Dubbed ZNIU, the malware attempts to exploit Dirty COW, which was disclosed in October 2016. The issue is caused by a race condition in the way the Linux kernel’s memory subsystem handles copy-on-write (COW) breakage of private read-only memory mappings.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46054605

    VOLUMETRIC ATTACKS AND THE IOT DOMINATE DDOS SCENE

    Sep 26, 2017

    Three out of every four distributed denial of service (DDoS) attacks employed blended, multi-vector approaches in the second quarter of 2017, tapping the internet of things (IoT) and ramping up the volume.

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46074607

    UNSIGNED APPS CAN STEAL MACOS KEYCHAIN PASSWORDS

    Sep 26, 2017

    Just as Apple launched the latest version of macOS, High Sierra 10.13, a researcher published a video to show how unsigned applications can steal data from the operating system’s Keychain password management system.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46014601

    REDBOOT RANSOMWARE MODIFIES MASTER BOOT RECORD

    Sep 25, 2017

    A newly discovered ransomware family has the ability to replace the Master Boot Record and modify the partition table, allowing the malware to function as a wiper. Dubbed RedBoot, the malware was clearly designed for destructive purposes, as even the file-encryption operation is of a similar nature:...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46034603

    FLASHPOINT DIGS INTO DARK WEB WITH SECURITY INTELLIGENCE API

    Sep 25, 2017

    Security startup Flashpoint is in the business of providing Business Risk Intelligence (BRI) to its customers and partners in a number of ways. On Sept. 26, Flashpoint is set to announce a new update for its API, providing an improved method for organizations to benefit from security intelligence.

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46044604

    VERIZON ENGINEER EXPOSES INTERNAL SYSTEM DATA

    Sep 25, 2017

    Researchers discovered an unprotected Amazon Web Services (AWS) S3 bucket containing potentially sensitive information associated with a system used internally by Verizon.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45994599

    MASSIVE SPAM RUNS DISTRIBUTE LOCKY RANSOMWARE

    Sep 22, 2017

    Locky ransomware, the infamous threat that dominated malware charts in 2016, is being aggressively distributed in a series of spam runs that have been ongoing for several weeks, security researchers warn.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=46004600

    FORMBOOK INFOSTEALER ATTACKS RAMPING UP

    Sep 21, 2017

    Attacks involving a rather unknown information stealing malware family dubbed "FormBook" have become increasingly frequent recently, fueled by the threat’s cheap price and the availability of a cracked builder, Arbor Networks security researchers warn.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45934593

    SOFTWARE SECURITY MATURITY TICKS UPWARD IN 2017

    Sep 21, 2017

    Synopsys has released BSIMM8, the latest version of the well-known software security maturity model, along with stats on its usage that show a slight uptick in security preparedness among vertical enterprises. The eighth iteration of the Building Security in Maturity Model (BSIMM) is based on real-w...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45954595

    CCLEANER ATTACK SHOWS NEED TO BOLSTER SOFTWARE DEVELOPMENT SECURITY

    Sep 20, 2017

    The software supply chain is increasingly under threat by attackers who seek to turn legitimate software programs into Trojan horses that can compromise millions of computers. On Monday, security-software firm Avast announced that its popular system-cleaning program CCleaner—developed by Pirif...

    EWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45904590

    INFRARED CAMERAS ALLOW HACKERS TO JUMP AIR GAPS

    Sep 20, 2017

    A team of researchers from Israel has developed a piece of malware that demonstrates how hackers can abuse security cameras with infrared (IR) capabilities to send and receive data to and from an air-gapped network.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45914591

    SEC SAYS IT WAS HACKED IN 2016

    Sep 20, 2017

    The United States Securities and Exchange Commission (SEC) said late Wednesday that it was the victim of a cyber-attack in 2016 that may have allowed hackers to profit through trading on non-public information in its EDGAR filing system. “In August 2017, the Commission learned that an incident...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45924592

    ANDROID AV APP COLLECTED DATA ON TENS OF MILLIONS USERS

    Sep 19, 2017

    Tens of millions of Android users potentially had their information collected by a security application distributed through Google Play, Check Point security researchers warn. Called DU Antivirus Security, the software had between 10 and 50 million downloads when the security researchers alerted Goo...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45854585

    CYBERSECURITY, AI, IOT ALL MAJOR DRIVERS OF THE INTERNET'S FUTURE

    Sep 19, 2017

    There are many forces that are shaping the future of the internet today, from artificial intelligence (AI) and cyberthreats to the internet of things (IoT) and the rising role of government—all of which impact key areas, including digital divides, personal freedoms and rights, as well as media...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45884588

    MILLIONS DOWNLOAD "EXPENSIVEWALL" MALWARE VIA GOOGLE PLAY

    Sep 18, 2017

    A newly discovered Android malware that managed to infect at least 50 applications in Google Play has been downloaded between 1 million and 4.2 million times, Check Point researchers warn. Dubbed ExpensiveWall, the threat was designed to send fraudulent premium SMS messages and to charge users&rsquo...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45774577

    THREAT REPORT SAYS 1 IN 50 IOS APPS COULD LEAK DATA

    Sep 18, 2017

    A new global threat report for the mobile ecosystem shows that iOS provides a bigger threat than is often perceived. While the insecurities of the Android operating system are well-documented, the report notes that 1 in 50 iOS apps used in enterprise environments could potentially leak sensitive dat...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45804580

    MOST WANTED MALWARE: BANKING TROJANS COME TO THE FORE AGAIN

    Sep 18, 2017

    The Zeus, Ramnit and Trickbot banking trojans all appeared in the top 10.  These Trojans work by identifying when the victim is visiting a banking website, and then use keylogging or web injects to harvest basic login credentials or more sensitive information such as PIN numbers. Alternatively,...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45814581

    NEW ATTACK FINGERPRINTS USERS USING WORD DOCUMENTS

    Sep 18, 2017

    Distributed as attachments to phishing emails, these documents were in OLE2 format and contained links to PHP scripts located on third-party web resources. As soon as a user opens the files in Microsoft Office, the application accesses one of the links, resulting in the attackers receiving informati...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45834583

    FLAWS PATCHED IN TREND MICRO MOBILE SECURITY FOR ENTERPRISE

    Sep 18, 2017

    A patch released last week by Trend Micro for its Mobile Security for Enterprise product resolves several vulnerabilities, including remote code execution issues rated critical and high severity. Trend Micro Mobile Security for Enterprise is designed to provide organizations visibility and control o...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45844584

    MOZILLA IMPLEMENTS FASTER DIFFIE-HELLMAN FUNCTION IN FIREFOX

    Sep 15, 2017

    Mozilla on this week revealed plans to introduce a new key establishment algorithm in Firefox to improve both security and performance of the web browser. Called Curve25519, and designed by Daniel Julius Bernstein, the algorithm is a high-security elliptic-curve-Diffie-Hellman function deemed suitab...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45734573

    EQUIFAX BLAMES BREACH ON APACHE STRUTS FLAW

    Sep 14, 2017

    The vulnerability allows remote attackers to execute arbitrary commands via a string in a crafted Content-Type HTTP header, and was patched in March 2017. In an updated statement on its Equifax Security website, it said that it has been “intensely investigating the scope of the intrusion with ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45764576

    DHS ORDERS GOVERNMENT AGENCIES TO STOP USING KASPERSKY PRODUCTS

    Sep 14, 2017

    The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company’s ties to Russian intelligence. The DHS told agencies that they have 3...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45714571

    U.S. ENERGY DEPARTMENT INVESTS $20 MILLION IN CYBERSECURITY

    Sep 13, 2017

    The United States Department of Energy announced on Tuesday its intention to invest up to $50 million in the research and development of tools and technologies that would make the country’s energy infrastructure more resilient and secure. Over $20 million of that amount has been allocated to p...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45684568

    NEW KEDI RAT USES GMAIL TO EXFILTRATE DATA

    Sep 13, 2017

    A newly discovered remote access Trojan (RAT) capable of evading security scanners communicates with its command and control (C&C) server via Gmail, Sophos has discovered. Dubbed Kedi, the RAT was designed to steal data and is being spread via spear-phishing emails, the security researchers say....

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45694569

    APACHE STRUTS FLAW INCREASINGLY EXPLOITED TO HACK SERVERS

    Sep 12, 2017

    Security firm Imperva has detected thousands of attacks attempting to exploit a recently patched remote code execution vulnerability affecting the Apache Struts 2 open source development framework.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45644564

    LINUX MALWARE COULD RUN UNDETECTED ON WINDOWS: RESEARCHERS

    Sep 12, 2017

    A new Windows 10 feature that makes the popular Linux bash terminal available for Microsoft’s operating system could allow for more malware families to target the operating system, Check Point researchers claim. Called Windows Subsystem for Linux (WSL), the feature exited beta a couple of mont...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45654565

    APACHE STRUTS FLAW REPORTEDLY EXPLOITED IN EQUIFAX HACK

    Sep 11, 2017

    A vulnerability affecting the Apache Struts 2 open-source development framework was reportedly used to breach U.S. credit reporting agency Equifax and gain access to customer data. Equifax revealed last week that hackers had access to its systems between mid-May and late July.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45574557

    XAFECOPY ANDROID MALWARE EMPTIES BANK ACCOUNTS

    Sep 11, 2017

    WAP—a forerunner of mobile internet capability—provides the ability to load text-based, specially crafted mobile websites via non-smart phones. While it’s almost never used anymore, Kaspersky noted that mobile carriers still support parts of the technology, including a billing feat...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45624562

    HACKERS EXPLOIT RECENTLY PATCHED APACHE STRUTS FLAW

    Sep 08, 2017

    A critical remote code execution vulnerability patched earlier this week in the Apache Struts 2 open-source development framework is already being exploited in the wild. The flaw, tracked as CVE-2017-9805, affects applications that use the REST plugin with the XStream handler for XML payloads, and i...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45564556

    MASSIVE CREDIT BUREAU HACK RAISES TROUBLING QUESTIONS

    Sep 08, 2017

    It could be the worst-ever data breach for American consumers, exposing some of the most sensitive data for a vast number of US households. The hack disclosed this week at Equifax, one of the three major credit bureaus which collect consumer financial data, potentially affects 143 million US custome...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45604560

    BITDEFENDER OFFERS UP TO $1,500 IN PUBLIC BUG BOUNTY PROGRAM

    Sep 07, 2017

    The Romania-based security firm has been running a bug bounty initiative since late 2015, and it has now decided to launch a public program on Bugcrowd in an effort to take advantage of the skills of the 60,000 hackers registered on the platform.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45524552

    SIRI, ALEXA, GOOGLE NOW VULNERABLE TO ULTRASOUND ATTACKS

    Sep 07, 2017

    A team of researchers from the Zhejiang University in China have demonstrated how several popular speech recognition systems can be controlled using ultrasound via an attack method they have dubbed “DolphinAttack.”

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45534553

    TARGETED ATTACKS LEVERAGE POWERPOINT FILE FOR MALWARE DELIVERY

    Sep 06, 2017

    Threat actors are leveraging malicious PowerPoint files and a recently patched Microsoft Office vulnerability to target UN agencies, foreign ministries, international organizations, and entities interacting with international governments, Fortinet warns.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45494549

    MULTIPLE VULNERABILITIES FOUND IN MOBILE BOOTLOADERS

    Sep 05, 2017

    A team of security researchers from the University of California, Santa Barbara has discovered a series of code execution and denial of service vulnerabilities in the bootloaders of popular mobile platforms.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45454545

    FAKE CHROME FONT UPDATE ATTACK DISTRIBUTES BACKDOOR

    Sep 05, 2017

    A malicious campaign targeting users of the Chrome web browser on Windows systems recently started distributing a remote access Trojan, security researchers have discovered. First spotted in December 2016, the attack is tied to the EITest compromise chain, and has been observed distributing the Flee...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45464546

    ANDROID SECURITY: MULTIPLE BOOTLOADER BUGS FOUND IN MAJOR CHIPSET VENDORS' CODE

    Sep 04, 2017

    Smartphone bootloader firmware should be secure even if the operating system is compromised. But researchers have found five flaws in major chipset vendors' code that leave the process vulnerable. The vulnerabilities have been found by a group of researchers from the University of California, Sa...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45444544

    SERIOUS VULNERABILITIES DISCLOSED IN MODEMS USED BY AT&T'S U-VERSE SERVICE

    Sep 01, 2017

    Five vulnerabilities have been found in Arris-manufactured home networking equipment supplied in AT&T's U-verse service. The vulnerabilities are considered so trivial to exploit that they have been disclosed to the public without waiting for remedial work from either Arris or AT&T.

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45434543

    700 MILLION RECORDS FOUND ON SERVER POWERING ONLINER SPAMBOT

    Aug 31, 2017

    A Paris-based malware researcher known as Benkow has discovered more than 700 million records used by the Onliner spambot on a misconfigured server. The records comprise a large number of email addresses, passwords and SMTP configurations. Researcher Troy Hunt has subsequently added the lists to his...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45374537

    CIA'S "ANGELFIRE" MODIFIES WINDOWS' BOOT SECTOR TO LOAD MALWARE

    Aug 31, 2017

    Wikileaks on Thursday published documents detailing AngelFire, a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to load and execute implants on Windows-based systems.Similar to other “Vault7” tools that Wikileaks unveiled over the past several months, such as Grasshopp...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45394539

    LOCKY RANSOMWARE REARS ITS HEAD IN BIG AUGUST CAMPAIGNS

    Aug 30, 2017

    The Locky ransomware is continuing its resurgence, with a second wave of new but related attacks that build on a variant uncovered in early August. A few weeks ago, Locky changed its encryption extension to .lukitus, which means "locked" in Finnish. That variant is still impossible to decr...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45334533

    BREACH AT USED TECH GOODS SELLER CEX EXPOSES TWO MILLION CUSTOMERS

    Aug 30, 2017

    CeX, a second-hand technology goods chain, is notifying up to 2 million of its online customers that their personal details may have been compromised. CeX operates more than 350 shops in the UK, and more than 100 overseas (including around a dozen in America, 20 in Australia, and 20 in India). The d...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45354535

    MASSIVE ‘ONLINER’ SPAMBOT HOLDS 711 MILLION EMAIL ADDRESSES

    Aug 30, 2017

    Security researchers have uncovered one of the largest single spambots ever seen, loaded with 711 million email records. The so-called 'Onliner' spambot was discovered by researcher 'Benkow' who claimed it has been in use since at least 2016, spreading a banking trojan called Ursnif....

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45364536

    NHS LANARKSHIRE CANCELS OPS AFTER WEEKEND RANSOMWARE BLITZ

    Aug 29, 2017

    An NHS Scotland organization has suffered a second major ransomware-related outage, just months after it was struck by the infamous WannaCry attacks of May. The Bitpaymer variant is said to have struck NHS Lanarkshire on Friday, affecting some key services over the weekend. According to a spokespers...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45284528

    JIMMY BANKING TROJAN REUSES NUKEBOT CODE

    Aug 29, 2017

    A recently discovered modification of the Neutrino banking Trojan reuses parts of the NukeBot source code that was made publicly available earlier this year, Kaspersky Lab researchers discovered. Dubbed Jimmy, the newly discovered malware shows close resemblance to NeutrinoPOS, but features a restru...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45304530

    NORTH KOREA ACCUSED OF STEALING BITCOIN TO BOLSTER FINANCES

    Aug 29, 2017

    North Korea (DPRK) appears to be targeting bitcoin (both users and exchanges) as a means to counter the increasing effect of international sanctions. Earlier this month the UN Security Council unanimously imposed new sanctions targeting the country's primary exports. Dwindling coal exports to Ch...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45324532

    TECH FIRMS UNITE TO NEUTRALIZE WIREX ANDROID BOTNET

    Aug 28, 2017

    Black clouds on the internet do sometimes have a silver lining. Global attacks such as those from Mirai last year and WannaCry/NotPetya this year have fomented informal collaborative global responses -- one of which happened this month when multiple competitive vendors collaborated in the research a...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45264526

    GOOGLE INTRODUCES APP ENGINE FIREWALL

    Aug 25, 2017

    Google on Thursday informed cloud platform customers that the beta release of its App Engine firewall is available for testing. The Google App Engine firewall allows developers and administrators to easily allow or block traffic from specified IP addresses by defining a set of rules and ordering the...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45234523

    POC RELEASED FOR DANGEROUS IOS KERNEL EXPLOIT

    Aug 25, 2017

    Proof-of-concept (PoC) code has been released for recently patched iOS vulnerabilities that can be chained to take full control of a mobile device. The flaws could also be useful for a jailbreak, according to the researcher who found them. iOS 10.3.2, which Apple released in mid-May, patches seven A...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45244524

    ZERODIUM OFFERS $500,000 FOR MESSAGING, EMAIL APP EXPLOITS

    Aug 24, 2017

    Zerodium has made some changes to its exploit acquisition program and the company is now offering up to $500,000 for remote code execution and privilege escalation vulnerabilities affecting popular instant messaging and email applications.The firm has decided to publish separate payout lists for mob...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45204520

    US WARSHIP COLLISIONS RAISE CYBERATTACK FEARS

    Aug 23, 2017

    A spate of incidents involving US warships in Asia, including a deadly collision this week off Singapore, has forced the navy to consider whether cyberattackers might be to blame. While some experts believe that being able to engineer such a collision would be unlikely, given the security systems of...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45164516

    ANDROID MALWARE FOUND ON GOOGLE PLAY ABUSES ACCESSIBILITY SERVICE

    Aug 23, 2017

    A dropper discovered by researchers on Google Play abuses accessibility services in a unique way to deliver Android malware. The threat was analyzed by experts at Zscaler and Securify after finding an app on Google Play named “Earn Real Money Gift Cards.” The application hides a variant ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45174517

    NEW SECURITY, COMPLIANCE FEATURES ADDED TO CISCO SPARK

    Aug 22, 2017

    Cisco announced on Monday that it has added some important security, compliance and analytics features to its Spark collaboration platform. Launched in March 2015, Cisco Spark provides cloud-based tools for team messaging, online meetings and whiteboarding. One year after its launch, the company ann...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45124512

    DDOS THREAT INCREASES WHILE MIRAI BECOMES 'PAY-FOR-PLAY'

    Aug 22, 2017

    The DDoS threat is increasing again. Pbot can generate 75 Gbps from just 400 nodes and Mirai has been commoditized. However, despite the growing number of attacks, the overall trend seems to be for more frequent, smaller attacks. These are the primary takeaways from a new Q2 study into internet traf...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45134513

    ENERGY MANAGEMENT SYSTEMS EXPOSE DEVICES TO ATTACKS

    Aug 21, 2017

    Researchers have demonstrated a new class of fault attacks possible due to the poor security design of energy management systems present in most modern computing devices. Energy management is an important feature of modern computers, particularly in the case of mobile devices, as it helps increase b...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45074507

    TURLA CYBERSPIES USE NEW DROPPER IN G20 ATTACKS

    Aug 21, 2017

    The Russia-linked cyber espionage group known as Turla has been using a new malware dropper in attacks apparently aimed at entities interested in G20, security firm Proofpoint reported last week. G20 is an international forum for governments and central banks from all continents. The G20 Summit was ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45084508

    PLAYSTATION SOCIAL MEDIA ACCOUNTS HACKED

    Aug 21, 2017

    A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday. OurMine, a Saudi-based security firm, specializes in breaching high-profile accounts in order to advertise its 'prowess' and...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45094509

    CODE LINKED TO MALWARETECH AND KRONOS PUBLISHED IN 2009

    Aug 21, 2017

    A piece of code linked to both the British researcher Marcus Hutchins, known online as MalwareTech, and the banking Trojan named Kronos was first published in 2009. Hutchins became famous and was named a “hero” after he helped stop the WannaCry ransomware attack by registering a domain t...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45114511

    CYBERATTACK LEAVES MILLIONS WITHOUT MOBILE PHONE SERVICE IN VENEZUELA

    Aug 11, 2017

    A massive cyberattack that took down government websites in Venezuela earlier this week also has left seven million mobile phone users without service, the government said Thursday. A group that calls itself The Binary Guardians claimed responsibility for attacks that targeted the websites of the go...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45014501

    COMMAND EXECUTION FLAW AFFECTS SEVERAL VERSION CONTROL SYSTEMS

    Aug 11, 2017

    Several popular version control systems are affected by a potentially serious command execution vulnerability. The developers of the impacted products have released updates this week to patch the security hole. The flaw affects version control systems such as Git (CVE-2017-1000117), Apache Subversio...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45044504

    ORGS HAVE FAILED TO MAKE NECESSARY SECURITY IMPROVEMENTS SINCE WANNACRY & PETYA

    Aug 10, 2017

    More than two-thirds of security professionals are not confident their organizations have made necessary security improvements since the WannaCry and Petya attacks earlier this year, according to new research from Tripwire. The firm’s survey found that, despite the severity and damage caused b...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=45004500

    NORTH KOREA CAMPAIGNS SHOW LINK BETWEEN KONNI AND DARKHOTEL

    Aug 09, 2017

    Decoy documents used in two recent cyber espionage campaigns apparently aimed at entities linked to North Korea show a connection between the DarkHotel attacks and a piece of malware named KONNI. KONNI is a remote access trojan (RAT) that managed to stay under the radar for more than 3 years. The ma...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44934493

    FUZZING TESTS SHOW ICS PROTOCOLS LEAST MATURE

    Aug 09, 2017

    Fuzzing tests conducted last year by customers of Synopsys, a company that provides tools and services for designing chips and electronic systems, revealed that protocols used in industrial control systems (ICS) are the least mature. Fuzzing is a testing technique designed for finding software vulne...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44984498

    SOLAR PANEL FLAWS PUT POWER GRIDS AT RISK: RESEARCHER

    Aug 08, 2017

    A researcher has identified many vulnerabilities in widely used solar power systems and he believes some of these flaws could allow hackers to cause large-scale outages, but the affected vendor says his claims are exaggerated. In a scenario he calls “Horus,” which stems from the name of ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44924492

    MICROSOFT PATCHES WINDOWS SEARCH FLAW EXPLOITED IN ATTACKS

    Aug 08, 2017

    Microsoft’s Patch Tuesday updates for August 2017 address a total of 48 vulnerabilities in Windows, Internet Explorer, Edge, SQL Server, SharePoint Server, Office and Outlook. Microsoft has classified 25 of the flaws as critical and 21 as important. Two of the patched vulnerabilities were disc...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44944494

    SCHNEIDER ELECTRIC, CLAROTY PARTNER ON INDUSTRIAL NETWORK SECURITY

    Aug 07, 2017

    Energy management and automation giant Schneider Electric has teamed up with industrial cybersecurity startup Claroty to offer its customers solutions for protecting industrial control systems (ICS) and operational technology (OT) networks. Claroty, which emerged from stealth mode in September 2016 ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44894489

    CHINA'S WEB USERS FEAR LOSING TOOLS TO BYPASS 'GREAT FIREWALL'

    Aug 07, 2017

    Enterprising internet users in China fear the tools they use to tunnel through the country's "Great Firewall" may soon disappear, as Beijing tightens its grip on the web. Tens of millions of people are estimated to use Virtual Private Networks (VPNs) to bypass Chinese internet restrict...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44914491

    HACKERS CAN USE GIT REPOS FOR STEALTHY ATTACK ON DEVELOPERS

    Aug 04, 2017

    Malicious actors can abuse GitHub and other services that host Git repositories for stealthy attacks aimed at software developers, experts showed recently at the Black Hat security conference in Las Vegas. Clint Gibler, security researcher at NCC Group, and Noah Beddome, security researcher and Dire...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44874487

    RUSSIAN HACKER SENTENCED TO PRISON FOR EBURY BOTNET ATTACKS

    Aug 04, 2017

    A 41-year-old Russian citizen has been sentenced to 46 months in prison by a court in the U.S. state of Minnesota for his role in a cybercrime scheme involving a botnet powered by the Linux malware known as Ebury. Maxim Senakh was indicted in the U.S. in January 2015 and was later arrested by author...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44884488

    SHADES OF SONY: SCOPE OF HBO HACK WIDENS

    Aug 03, 2017

    The hackers that broke into HBO’s systems have apparently gained access to much more than a few pieces of content, according to reports. A security contractor from IP Echelon hired by HBO to remove leaked material from online sources found that the hackers stole “thousands of Home Box Of...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44844484

    AMAZON SUSPENDS SALES OF BLU SMARTPHONES OVER SECURITY, PRIVACY CONCERNS

    Aug 02, 2017

    Amazon has suspended the sale of BLU Android smartphones after learning that there might be a potential security issue on select devices. The giant online retailer has decided to make the BLU phones unavailable on its website despite their great popularity after Kryptowire security researchers revea...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44804480

    WANNACRY INSPIRES BANKING TROJAN TO ADD SELF-SPREADING ABILITY

    Aug 02, 2017

    Although the wave of WannaCry and Petya ransomware has now been slowed down, money-motivated hackers and cyber criminals have taken lessons from the global outbreaks to make their malware more powerful. Security researchers have now discovered at least one group of cyber criminals that are attemptin...

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44834483

    IRAN-LINKED HACKERS USE "MIA ASH" HONEY TRAP TO COMPROMISE TARGETS

    Aug 01, 2017

    A threat group said to be associated with Iranian government-directed cyber operations is believed to be operating a fake online persona to target organizations in the Middle East with malware, SecureWorks researchers say. Known as COBALT GYPSY or TG-2889, the threat group was previously associated ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44764476

    NETFLIX HELPS IDENTIFY APIS AT RISK OF APPLICATION DDOS ATTACKS

    Aug 01, 2017

    Netflix has published tools and information to help defenders identify systems that could be leveraged by malicious actors for damaging application layer distributed denial-of-service (DDoS) attacks. Akamai’s State of the Internet report for the first quarter of 2017 shows that application lay...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44794479

    AIRLINES ALERT CUSTOMERS, EMPLOYEES OF CYBERSECURITY INCIDENTS

    Jul 31, 2017

    Several North American airlines alerted customers and employees in the past days about various types of cybersecurity incidents, including system breaches, data leaks and credential stuffing attacks. Virgin America said it detected unauthorized access to information systems containing employee and c...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44704470

    AIRLINES ALERT CUSTOMERS, EMPLOYEES OF CYBERSECURITY INCIDENTS

    Jul 31, 2017

    Several North American airlines alerted customers and employees in the past days about various types of cybersecurity incidents, including system breaches, data leaks and credential stuffing attacks. Virgin America said it detected unauthorized access to information systems containing employee and c...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44714471

    MORTGAGE PHISHING SCAMS TARGET BIG PAYOUTS

    Jul 31, 2017

    Over the last few years, business email compromise (BEC) scams have rocketed -- costing victims $1.45 billion in 2016 alone (FBI report). Now a new related threat has emerged -- the mortgage phishing scam -- that seems likely to follow a similar trajectory. It is early days and the scam -- like BEC ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44754475

    HACKERS TAKE OVER US VOTING MACHINES IN JUST 90 MINUTES

    Jul 30, 2017

    Today, election hacking is not just about hacking voting machines, rather it now also includes hacking and leaking dirty secrets of the targeted political parties—and there won’t be a perfect example than the last year's US presidential election. But, in countries like America, even ...

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44724472

    RESEARCHERS DEMO PHYSICAL ATTACK VIA CAR WASH HACK

    Jul 28, 2017

    LAS VEGAS - BLACK HAT USA - Researchers have created proof-of-concept (PoC) exploits to demonstrate how hackers can cause physical damage to vehicles and injure their occupants by remotely hijacking a connected car wash. The attack was detailed in a presentation at the Black Hat security conference ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44674467

    UNPATCHED CISCO AUTONOMIC NETWORKING FLAWS DISCLOSED AT BLACK HAT

    Jul 27, 2017

    Cisco published advisories on Wednesday to inform users of several unpatched vulnerabilities affecting the Autonomic Networking feature of it IOS and IOS XE software. The flaws, some of which rated “high severity,” were disclosed this week by a researcher at the Black Hat security confer...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44604460

    MICROSOFT LAUNCHES WINDOWS BUG BOUNTY PROGRAM

    Jul 27, 2017

    Microsoft announced on Wednesday the launch of a Windows bug bounty program with payouts ranging between $500 and $250,000. Microsoft has been running several bug bounty programs, but none of them have covered all features of Windows. As part of the new program, the company is prepared to pay out a ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44614461

    IRANIAN CYBERSPY GROUPS SHARE MALWARE CODE

    Jul 27, 2017

    Two cyberspy groups believed to be operating out of Iran, tracked by security firms as OilRig and Greenbug, have apparently shared malware code, according to researchers at Palo Alto Networks. While cyber espionage groups sponsored by the same government often try to keep their campaigns separate, i...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44654465

    NEW WINDOWS BACKDOOR LINKED TO SAMBACRY LINUX MALWARE

    Jul 26, 2017

    The cybercriminals who had recently delivered a cryptocurrency miner to Linux servers by exploiting the Samba vulnerability known as EternalRed and SambaCry are believed to have developed a backdoor designed for Windows systems. The new malware, detected by Kaspersky Lab products as Backdoor.Win32.C...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44594459

    CROWDSTRIKE LAUNCHES CYBERSECURITY SEARCH ENGINE

    Jul 25, 2017

    Cloud-based endpoint security firm CrowdStrike announced on Tuesday that it has expanded the capabilities of its Falcon platform by adding a powerful search engine. The search engine is powered by Falcon MalQuery, which CrowdStrike claims is more than 250 times faster than other malware search tools...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44564456

    BRITON PLEADS GUILTY TO MIRAI ATTACKS IN GERMAN COURT

    Jul 24, 2017

    A British man pleaded guilty last week in a German court to launching a cyberattack that resulted in more than one million customers of telecommunications provider Deutsche Telekom experiencing Internet disruptions. German media has identified the 29-year-old man as “Peter Parker” and &l...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44494449

    INTERNET BUG BOUNTY PROJECT RECEIVES $300,000 DONATION

    Jul 24, 2017

    The Internet Bug Bounty (IBB), a project whose goal is to make the Web safer by rewarding white hat hackers who find vulnerabilities in core Internet infrastructure and open source software, announced on Friday that it has secured a $300,000 donation. Facebook, GitHub and the Ford Foundation, one of...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44514451

    RESEARCHER ANALYZES PSYCHOLOGY OF RANSOMWARE SPLASH SCREENS

    Jul 24, 2017

    The 'splash screens' of seventy-six different types of ransomware have been analyzed by a cyber-psychologist from De Montfort University. Commissioned by SentinelOne, the subsequent report 'Exploring the Psychological Mechanisms used in Ransomware Splash Screens' (PDF) is designed to...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44544454

    ONE IN TEN U.S. ORGANIZATIONS HIT BY WANNACRY: STUDY

    Jul 24, 2017

    A recent survey discovered that the vast majority of organizations in the United States weren’t prepared for the WannaCry ransomware attack, but just one in ten ended up being infected by the malware. WannaCry stormed the world in mid-May by leveraging a previously patched exploit called Etern...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44554455

    UNDETECTED FOR YEARS, STANTINKO MALWARE INFECTED HALF A MILLION SYSTEMS

    Jul 21, 2017

    A massive botnet that remained under the radar for the past five years managed to infect around half a million computers and allows operators to “execute anything on the infected host,” ESET researchers warn. Dubbed Stantinko, the botnet has powered a massive adware campaign active since...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44464446

    ETHEREUM HACKERS MAKE OFF WITH $30M

    Jul 20, 2017

    The bad news continued for Ethereum this week after it emerged yesterday that a further $30m worth of the crypto-currency had been stolen thanks to a critical bug in wallet software from provider Parity Technologies. In a security alert on Wednesday, Parity refused to divulge the nature of the vulne...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44424442

    SEGWAY MINIPRO FLAWS PUT RIDERS AT RISK OF INJURY

    Jul 20, 2017

    The Ninebot by Segway miniPRO hoverboard-style electric scooter is affected by several vulnerabilities that can be exploited to take control of the device and possibly injure the rider, security consulting firm IOActive warned. The Segway miniPRO is accompanied by a mobile application that allows us...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44434443

    NEW CYBERX TECHNOLOGY PREDICTS ICS ATTACK VECTORS

    Jul 20, 2017

    Industrial cybersecurity and threat intelligence firm CyberX announced on Thursday the availability of a new simulation technology that allows organizations to predict breach and attack vectors on their networks. The new industrial control systems (ICS) security service, named ICS Attack Vector Pred...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44454445

    TWO IRANIANS CHARGED WITH HACKING US DEFENSE TECHNOLOGY MAKER

    Jul 19, 2017

    Two Iranian nationals have been charged by the US government for hacking a US defense technology maker in a bid to steal and sell software used in ammunition design. According to the US Department of Justice, Mohammed Reza Rezakah, 39, and others, hacked Arrow Tech, a Vermont-based engineering consu...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44384438

    SECURITY COULD BE WEAKENED IF UK-EU DATA FLOWS ARE HINDERED POST-BREXIT

    Jul 18, 2017

    The UK government’s security could be weakened as a result of hindered data transfers between the UK and EU post-Brexit. That’s according to an inquiry by the Lords Select Committee in a report dubbed 'Brexit: the EU data protection package', which examines the overhaul of the EU...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44394439

    TWO IRANIANS CHARGED IN U.S. OVER HACKING DEFENSE MATERIALS

    Jul 18, 2017

    Two Iranians were indicted Monday in the United States with hacking a defense contractor and stealing sensitive software used to design bullets and warheads, according to the Justice Department. According to the newly unsealed indictment businessman Mohammed Saeed Ajily, 35, recruited Mohammed Reza ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44354435

    BACKDOOR USES FFMPEG APPLICATION TO SPY ON VICTIMS

    Jul 17, 2017

    A recently observed feature-rich backdoor is capable of spying on its victim’s activities by recording full videos with the help of the "FFmpeg" application, Malwarebytes warns. Detected as Backdoor.DuBled and written in .NET, the malware is distributed through a JS file containing a...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44304430

    ASHLEY MADISON OFFERS $11 MILLION IN DATA BREACH SETTLEMENT

    Jul 17, 2017

    Ruby Life Inc., the owner and operator of the online adultery service Ashley Madison, has offered to pay $11.2 million to individuals affected by the 2015 data breach. Ashley Madison was breached in July 2015 by hackers who had threatened to leak the personal details of the website’s customers...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44314431

    CRITICAL WEBEX FLAWS ALLOW REMOTE CODE EXECUTION

    Jul 17, 2017

    Cisco has updated the WebEx extensions for Chrome and Firefox to address critical remote code execution vulnerabilities identified by researchers working for Google and Divergent Security. Google Project Zero’s Tavis Ormandy and Cris Neckar of Divergent Security, a former member of the Chrome ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44344434

    RESEARCHERS REMOTELY HIJACK ORACLE OAM 10G SESSIONS

    Jul 13, 2017

    Two security researchers recently discovered an issue with improperly configured Oracle Access Manager (OAM) 10g that can be exploited by remote attackers to hijack sessions from unsuspecting users. The issue, security researchers Nabeel Ahmed and Tom Gilis discovered, is related to the OAM authenti...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44244424

    DEMOCRACY AT RISK FROM POOR CYBERSECURITY, FOREIGN INTERFERENCE: SURVEY

    Jul 13, 2017

    For more than a year, a single thread has dominated American news: foreign interference in US elections. It started in June 2016 in the run-up to the 2016 presidential election, when the Democratic National Committee (DNC) announced it had been hacked, and CrowdStrike accused Russia-based Cozy Bear ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44274427

    LOCKPOS POINT OF SALE MALWARE EMERGES

    Jul 12, 2017

    A newly discovered Point of Sale (PoS) malware is being delivered via a dropper that is manually loaded and executed on the targeted systems, Arbor Networks Security researchers warn. The new threat was associated with command and control (C&C) servers used by Flokibot in a campaign targeting Br...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44214421

    DARKTRACE RAISES $75 MILLION AT $825 MILLION VALUATION

    Jul 12, 2017

    Darktrace, a cybersecurity startup that leverages machine learning and mathematics to detect threats, announced on Tuesday that it has raised $75 million in a Series D financing round which values the company at $825 million. Founded in 2013 by senior members of the UK's GCHQ and other intellige...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44234423

    POST-BREACH SHARE PRICES PLUMMET BELOW NASDAQ AVERAGE

    Jul 11, 2017

    When it comes to the business impact of data breaches, companies that have suffered a compromise of at least 1 million records average suffered an immediate post-breach decrease in share price of 0.43%, about equal to their average daily volatility. The security and privacy advice and comparison web...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44164416

    HACKERS ABLE TO TURBO-CHARGE DJI DRONES WAY BEYOND WHAT'S LEGAL

    Jul 11, 2017

    Drone hackers in the UK are busy at work exploiting the application security shortcomings of a major manufacturer to circumvent restrictions, including flight elevation limits. DJI says it has pushed out a firmware update to nip the problem in the bud, but one expert The Register spoke to maintains ...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44194419

    ELDERLY AUSSIE CHARGED FOR PART IN RANSOMWARE TECH SUPPORT SCAM

    Jul 11, 2017

    A 75-year-old Australian man has been charged with money laundering offenses in connection with a tech support ransomware scam worth over AU$1 million (£590K, $762K). The Queensland resident was arrested last Friday and will appear in court on August 3, according to Queensland Police. The susp...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44124412

    ENTERPRISE COMPLEXITY REQUIRES NEW SECURITY APPROACHES

    Jul 10, 2017

    Quick detection of a cyber-attack can lead to double-digit reductions in business impact from the incident. But businesses need to re-architect their security platforms in order to get there. New insight detailed in a report from Aberdeen Group reveals that doubling detection and response speed to c...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44134413

    POS MALWARE HITS AVANTI PAYMENT KIOSKS

    Jul 10, 2017

    Micro markets solutions provider Avanti Markets has informed customers that their personal, payment card and biometric data may have been stolen by cybercriminals who managed to infect some of its kiosks with malware. According to the company, which serves 1.6 million customers across 46 U.S. states...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44094409

    EX-GCHQ BOSS: ENCRYPTION BACKDOORS ARE A THREAT TO ALL

    Jul 10, 2017

    Former GCHQ boss Robert Hannigan has argued that governments should never force tech companies to build encryption backdoors in their products and services as it will weaken security for the majority. Speaking on BBC Radio Four’s Today program, Hannigan went further than he did when in charge ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44114411

    SPYDEALER MALWARE STEALS PRIVATE DATA FROM POPULAR ANDROID APPS

    Jul 08, 2017

    A recently discovered Android Trojan can exfiltrate private data from more than 40 applications, Palo Alto Networks security researchers have discovered. Dubbed SpyDealer, the malware is capable of stealing sensitive messages from communication apps using the Android accessibility service feature, a...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44104410

    CIA TOOLS FOR STEALING SSH CREDENTIALS EXPOSED BY WIKILEAKS

    Jul 07, 2017

    WikiLeaks has published documents detailing BothanSpy and Gyrfalcon, tools allegedly used by the U.S. Central Intelligence Agency (CIA) to steal SSH credentials from Windows and Linux systems. A document dated March 2015 describes BothanSpy as a tool that steals credentials for active SSH sessions f...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44034403

    GOOGLE PATCHES CRITICAL VULNERABILITIES IN ANDROID

    Jul 06, 2017

    The July 2017 Android Security Bulletin was split in two partial security patch level strings: the 2017-07-01 security patch level that addresses issues in the platform itself, and the 2017-07-05 security patch level, which resolves device-specific vulnerabilities in various components supplied by m...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44044404

    HACKERS TARGET PROMINENT CHINESE-LANGUAGE NEWS SITES

    Jul 06, 2017

    Several prominent Chinese-language news websites that are blocked in China have been targeted in malware, phishing and reconnaissance attacks, according to a new report from the University of Toronto’s Citizen Lab group. Citizen Lab learned of the attacks after being contacted by China Digital...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43994399

    FAKE WANNACRY RANSOMWARE USES NOTPETYA S DISTRIBUTION SYSTEM

    Jul 05, 2017

    The NotPetya wiper wasn’t the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports. Called FakeCry, the ransomware was delivered to M.E.Doc users on June 27, th...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44004400

    FAKE WANNACRY RANSOMWARE USES NOTPETYA'S DISTRIBUTION SYSTEM

    Jul 05, 2017

    The NotPetya wiper wasn’t the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports. Called FakeCry, the ransomware was delivered to M.E.Doc users on June 27, th...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=44064406

    CYBER SECURITY CHALLENGE CEO STEPHANIE DAMAN REMEMBERED

    Jun 27, 2017

    Stephanie Daman, CEO of Cyber Security Challenge UK, has died at the age of 56 following a long battle with cancer. Reported on the Cyber Security Challenge website, her obituary read: “During nearly five years at the helm of Cyber Security Challenge UK, Stephanie oversaw a step change in the ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43974397

    GHOSTHOOK ATTACK TARGETS WINDOWS 10 VULNERABILITY

    Jun 26, 2017

    Last week, CyberArk Labs demonstrated an attack that can enable the installation of rootkit malware under Windows 10 64-bit. The proof-of-concept attack overrides the operating system's PatchGuard feature. Microsoft's PatchGuard was designed to prevent malicious code from patching the kernel...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43984398

    WIKILEAKS DETAILS CIA'S AIR-GAPPED NETWORK HACKING TOOL

    Jun 23, 2017

    WikiLeaks published several documents on Thursday detailing a tool allegedly used by the U.S. Central Intelligence Agency (CIA) to hack air-gapped networks through USB drives. Dubbed “Brutal Kangaroo,” it has been described by its developer as a tool suite designed for targeting closed n...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43914391

    HOMELAND SECURITY: PUTIN’S HACKERS TRIED TO CRACK ELECTORAL NETWORKS IN 21 US STATES

    Jun 22, 2017

    Russian attempts to hack key American election systems are more advanced than first thought, according to Homeland Security officials on Wednesday. In a public hearing into election hacking held by the US Senate Intelligence Committee, the Department of Homeland Security's acting director of the...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43884388

    SPEAR PHISHING CAMPAIGN TARGETS PALESTINIAN LAW ENFORCEMENT

    Jun 21, 2017

    Palestinian law enforcement agencies and other targets within Palestine were targeted in a spear phishing campaign delivering malware to remotely control infected systems, Talos researchers reveal. The actor behind this campaign “has appeared to have used genuine documents stolen from Palestin...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43844384

    MEDIAN DWELL TIME FOR HACKERS DROPS TO 49 DAYS

    Jun 21, 2017

    The dwell time for hackers inside victim networks fell by nearly half over the past year, although the time from intrusion to containment of such threats remained virtually the same, according to Trustwave. The security firm’s 2017 Trustwave Global Security Report is comprised of analysis from...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43854385

    TIME TO DETECT COMPROMISE IMPROVES, WHILE DETECTION TO CONTAINMENT WORSENS: REPORT

    Jun 21, 2017

    Throughout 2016, Trustwave investigated hundreds of data breaches in 21 different countries, and conducted thousands of penetration tests across databases, networks and applications. An analysis of key findings from this activity is presented in the 2017 Trustwave Global Security Report published Tu...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43864386

    WANNACRY MALWARE HITS TRAFFIC CAMERAS IN AUSTRALIA

    Jun 21, 2017

    The latest big thing in malware, WannaCry, has been spotted wreaking its havoc in Australia, Victoria Police has confirmed. The ransomware has infected 55 red light cameras and speed cameras in the state of Victoria via private camera operator Redflex. "Our advice at this stage is that a softwa...

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43874387

    SOUTH KOREAN HOSTING FIRM PAYS $1 MILLION RANSOM

    Jun 20, 2017

    The web host was hit June 10 by the ransomware attack, at 1:30 a.m. local time, leading to 153 of the company's Linux servers being forcibly encrypted. The company says it immediately reported the attack to authorities and launched an investigation, and was initially hopeful government cybersecu...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43794379

    KOREAN HOSTER COUGHS UP $1 MILLION TO RANSOMWARE EXTORTERS

    Jun 20, 2017

    A South Korean web hosting firm has agreed to pay over $1m in Bitcoins (BTC) to regain access to its files after it and thousands of businesses it supports were hit by ransomware last week. Nayana was infected by the Erebus ransomware, hitting 153 of its Linux servers and over 3400 customer websites...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43804380

    WORKAROUNDS PROVIDED FOR HPE SITESCOPE VULNERABILITIES

    Jun 19, 2017

    Several potentially serious vulnerabilities have been found in HPE SiteScope, and while patches are not available, users can apply workarounds to prevent attacks. HPE SiteScope is an agentless performance and availability monitoring software for distributed IT infrastructures, including servers, net...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43774377

    CANADA: HACKERS TARGETED COUNTRY'S 2015 ELECTION, MAY TRY AGAIN

    Jun 18, 2017

    Canada's electronic eavesdropping agency warned Friday that hackers and foreign states may try to sway its elections in 2019, after so-called hacktivists tried but failed to influence the 2015 ballot that brought Justin Trudeau's Liberals to power.In a report, the Communications Security Est...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43754375

    ULSTER UNIVERSITY ALSO SUFFERED RANSOMWARE OUTAGE THIS WEEK

    Jun 16, 2017

    A second UK university has been hit by a major ransomware attack this week, as new figures showed the country is the most frequently targeted by the malware in Europe. The attack appears to have struck Northern Ireland’s Ulster University on the same day a ransomware outage affected University...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43724372

    GERMANY READY TO UNDERMINE ENCRYPTION IN TERROR FIGHT

    Jun 16, 2017

    Germany has become the latest Western nation to signal its intent to undermine encryption in the name of preventing terrorism. Central and state-level ministers have apparently expressed dismay that terrorists are using apps such as WhatsApp and Signal to communicate out of the reach of the authorit...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43734373

    U.S. WARNS OF NORTH KOREA'S 'HIDDEN COBRA' ATTACKS

    Jun 14, 2017

    The United States Computer Emergency Readiness Team (US-CERT) released a technical alert on Tuesday on behalf of the DHS and the FBI to warn organizations of North Korea’s “Hidden Cobra” activities, particularly distributed denial-of-service (DDoS) attacks. The threat actor dubbed ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43644364

    WINDOWS XP RECEIVES PATCHES FOR MORE 'SHADOW BROKERS' EXPLOITS

    Jun 14, 2017

    Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups. The tech giant informed customers in mid-April that a series of ...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43654365

    INTERNET HYGIENE STILL STINKS DESPITE BOTNET AND RANSOMWARE FLOOD

    Jun 14, 2017

    Network security has improved little over the last 12 months – millions of vulnerable devices are still exposed on the open internet, leaving them defenceless to the next big malware attack. A follow-up audit by Rapid7 – the firm behind the Metasploit pen-testing tool – found that ...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43674367

    SLEW OF WIMAX ROUTERS OPEN TO HIJACKING, SPYING AND BOTNET ENSLAVEMENT

    Jun 14, 2017

    A vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers, allows an attacker to change the password of the admin user and gain access to the device, wreaking a range of havoc from there. According to SEC Consult, once an attacker is in, he or she can gain access to the devi...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43684368

    FLOKIBOT BANKING MALWARE: INDIA ON ALERT

    Jun 13, 2017

    Because India was hit hard by the WannaCry ransomware campaign, security experts are warning financial institutions to prepare for other malware attacks, including those that use Flokibot, aka Floki Bot. The Trojan virus, which targets point-of-sale devices and is available for $1,000 on underground...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43604360

    SAMBACRY FLAW EXPLOITED TO DELIVER CRYPTOCURRENCY MINER

    Jun 12, 2017

    A recently patched Samba flaw known as EternalRed and SambaCry has been exploited in the wild to deliver a cryptocurrency miner to vulnerable machines, researchers warned. These attacks, observed by both Kaspersky and Cyphort, were launched shortly after the existence of the security hole was brough...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43574357

    MACRANSOM RAAS POTENTIALLY CREATED BY COPYCATS

    Jun 12, 2017

    A newly discovered ransomware family targeting Mac users is using the Ransomware-as-a-service (RaaS) distribution model and uses code copied from previous MacOS ransomware, Fortinet researchers warn. Dubbed MacRansom, the threat uses a web portal hosted on TOR, but samples aren’t readily avail...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43594359

    DEFAULT ACCOUNT, DEBUG TOOL EXPOSE CISCO PRIME USERS TO ATTACKS

    Jun 09, 2017

    Cisco informed customers this week that its Prime Data Center Network Manager (DCNM) is affected by two critical vulnerabilities that can be exploited for remote code execution and to access the product’s administrative console. One of the flaws, tracked as CVE-2017-6639, is related to the lac...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43534353

    IS SD-WAN A STANDALONE TECHNOLOGY OR PART OF A SOLUTION?

    Jun 08, 2017

    Having been in the field of Information Technology for 30+ years, I continue to find it interesting that what looks like new technology is very seldom completely new, or in a lot of cases, even new at all. We’ve recently been looking at IoT, and how it’s similar to Industrial Controls an...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43554355

    "PLATINUM" CYBERSPIES ABUSE INTEL AMT TO EVADE DETECTION

    Jun 08, 2017

    The cyber-espionage group tracked by Microsoft as “Platinum” has started abusing a component of Intel’s Active Management Technology (AMT) in attacks aimed at organizations in Southeast Asia. The activities of the Platinum group, which has been active since at least 2009, were expo...

    SECURITY WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43494349

    SECURITY STARTUP’S PREDICTIVE RISK MAP IDS BREACH SCENARIOS

    Jun 07, 2017

    Security startup Balbix launched this week, announcing the general availability of its predictive breach-risk platform and $8.6 million in investor funding from Mayfield. “Nobody is doing predictive risk [assessment],” said Gaurav Banga, CEO and founder of Balbix. He also founded endpoin...

    SDXCENTRAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43524352

    ENCRYPTION LEAVES AUTHORITIES 'NOT IN A GOOD PLACE': FORMER US INTELLIGENCE CHIEF

    Jun 07, 2017

    James Clapper, Barack Obama's former director of National Intelligence, has said the issue of criminals and terrorists going dark by using end-to-end encrypted systems is causing issues in the United States. "The so-called going dark phenomenon -- a situation that was dramatically accelerat...

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43454345

    LEAKED DOCUMENTS SHOW US VOTE HACKING RISKS

    Jun 06, 2017

    Security experts have warned for years that hackers could penetrate electronic voting systems, and now, leaked national security documents suggest a concerted effort to do just that in the 2016 US election. An intelligence report revealed this week showed a cyberattack that targeted more than 100 lo...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43464346

    NEW METHOD USED TO DELIVER MALWARE VIA POWERPOINT FILES

    Jun 05, 2017

    Cybercriminals have been leveraging a new technique, which involves PowerPoint files and mouseover events, to get users to execute arbitrary code on their systems and download malware.It’s not uncommon for malicious actors to deliver malware using specially crafted Office files, particularly W...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43374337

    GOOGLE ANNOUNCES CTF COMPETITION

    Jun 05, 2017

    Google announced on Friday the dates and prizes for the company’s second annual capture the flag (CTF) competition. The qualifying round, for which nearly 200 teams have already signed up, will take place on June 17 and 18. The top 10 teams will be invited to one of Google’s offices for ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43384338

    MIXED REACTIONS TO PM'S CALLS TO REGULATE CYBER SPACE TO PREVENT TERRORISM

    Jun 05, 2017

    Prime minister Theresa May’s call for regulation of the internet to prevent terrorism planning has drawn support from some quarters but criticism from others Hours after the latest attack in London that killed seven and injured dozens more, the prime minister said the internet was a “saf...

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43414341

    HACK BACK LAW WOULD CREATE CYBER VIGILANTES

    Jun 05, 2017

    Tom Graves (R-GA) released an update to the initial Active Cyber Defense Certainty Act (ACDC) that intends to exempt victims of cyber attacks from being prosecuted for attempting to hack back at their attackers under the Computer Fraud and Abuse Act (CFAA). If enacted, the law allows organizations t...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43424342

    YAHOO PAYS OUT THOUSANDS OF DOLLARS FOR SERIOUS FLAWS

    Jun 05, 2017

    Yahoo has awarded thousands of dollars to a couple of researchers who managed to find serious vulnerabilities in the company’s systems. The bug bounty hunters published blog posts over the weekend describing their findings. An expert who uses the online moniker “Th3G3nt3lman” said ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43444344

    KMART CYBER ATTACK HIGHLIGHTS POS VULNERABILITIES

    Jun 02, 2017

    The company did not say how many stores or customers were affected, but said it immediately launched a thorough investigation and engaged leading third-party forensic experts to review its systems and secure the affected part of the network.

    COMPUTERWEEKLY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43354335

    PUTIN: PATRIOTIC RUSSIANS COULD BE BEHIND ELECTION HACKS

    Jun 02, 2017

    Russian President Vladimir Putin says patriotic citizens may have launched politically motivated cyberattacks against foreign countries, but denied any government involvement in such operations.Following accusations that Russian state-sponsored hackers interfered with the recent elections in the Uni...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43364336

    U.S. DEFENSE CONTRACTOR EXPOSES SENSITIVE MILITARY DATA

    Jun 01, 2017

    Sensitive data belonging to the U.S. National Geospatial-Intelligence Agency (NGA) was left exposed on the Internet by defense and intelligence contractor Booz Allen Hamilton, a security firm revealed on Wednesday. The NGA is a combat support and intelligence agency working under the Department of D...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43294329

    IS CYBERSECURITY PART OF YOUR CUSTOMER SERVICE POLICY?

    Jun 01, 2017

    If a data breach can happen to Home Depot and Target, it can happen to us,” says Lee Bailey, Director of IT Security and Operations for ABC Fine Wine & Spirits, a mid-sized business in Florida with 140 locations and around 1,000 employees.

    SECURITYMAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43314331

    NEST'S FACIAL RECOGNITION SECURITY CAMERA SEES YOU IN 4K

    May 31, 2017

    When Nest Director of Product Marketing Maxime Veron first revealed the $299/£299 Nest Cam IQ indoorsecurity camera to me via Google Hangout, I wasn't particularly impressed. At a glance, the IQ looks a lot like the Nest Cam Outdoor, but it's indoor-only and costs a hundred bucks more....

    CNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43234323

    VENDORS INVESTIGATING IMPACT OF SAMBA VULNERABILITY

    May 31, 2017

    Companies that provide network-attached storage (NAS) appliances, routers and other types of networking devices have started investigating the impact of a recently disclosed Samba vulnerability on their products. Updates released last week for Samba, the software suite that provides file and print s...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43254325

    SHADOW BROKERS LAUNCH SUBSCRIPTION SERVICE FOR FRESH EXPLOITS, ZERO-DAY LEAKS

    May 31, 2017

    While the world scrambled to fight off the WannaCry ransomware which caused serious disruption to core services worldwide, the Shadow Brokers threat group were planning to cash in on the market for exploits used to deliver such malware.

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43274327

    CYBERCRIMINALS REGULARLY BATTLE IT OUT ON THE DARK WEB

    May 30, 2017

    People operating criminal services on Tor and other darknets attack each other frequently, a study by Trend Micro shows. Apparently, there's very little love lost between criminals in the cyber underworld. A study of the Dark Web by Trend Micro shows that cybercriminals attack each other with al...

    DARKREADING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43264326

    CHINA'S CYBER SECURITY LAW: THE IMPOSSIBILITY OF COMPLIANCE?

    May 29, 2017

    SHANGHAI - China’s much-anticipated Cyber Security Law (CSL) will come into effect on 1 June 2017.  The new law is the first comprehensive law to address cyber security concerns at the national level and to some extent consolidates cyber activities captured in other laws and regulations. ...

    FORBES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43204320

    EUROCACS TOP 10 CYBER RISKS DETAILED

    May 29, 2017

    Malware, DDoS attacks and human behavior remain among the top cyber-risks. In a presentation on the top ten cybersecurity risks facing organizations at the ISACA EuroCACS conference in Munich, Raef Meeuwisse, director of cybersecurity and data privacy governance at Cyber Simplicity and ISACA London ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43214321

    COMPANIES ARE INVITING ANOTHER WANNACRY TYPE RANSOMWARE ATTACK IN A RUSH TO IMPLEMENT GST

    May 26, 2017

    Companies are rushing to get ready for implementation of the Goods and Services Tax (GST) and in the process, they are not catering to security loopholes, thus inviting another ransomware WannaCry type attack.In a hurry to meet the deadline, a number of key security elements is not being addressed.

    BUSINESS INSIDER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43164316

    GOOGLE PATCHES NEXUS 6 SECURE BOOT BYPASS

    May 25, 2017

    One of the vulnerabilities addressed by Google in its  May 2017 security patches allowed the bypass of Nexus 6’s Secure Boot through kernel command-line injection, HCL Technologies researchers reveal. By exploiting the flaw, an attacker with physical access to the device or one with autho...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43174317

    RUSSIA'S DISINFORMATION EFFORTS HIT 39 COUNTRIES: RESEARCHERS

    May 25, 2017

    Russia's campaign of cyberespionage and disinformation has targeted hundreds of individuals and organizations from at least 39 countries along with the United Nations and NATO, researchers said Thursday. A report by the Citizen Lab at the University of Toronto revealed the existence of "a m...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43184318

    CAUGHT IN THE BREACH – WHAT TO DO FIRST

    May 25, 2017

    Security experts have been saying for more than a decade that it is “not if, but when” an organization will be hacked. So, the more relevant question, posed in the title of a panel discussion at Wednesday’s MIT Sloan CIO Symposium is: “You Were Hacked: Now What?”Indeed,...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43144314

    PATCH THE SAMBA BUG BEFORE A NETWORK WORM EXPLOITS IT

    May 25, 2017

    Software will always have bugs. The challenge is finding and closing them before attackers figure out what kind of damage they can cause by exploiting them. In the case of the Samba networking utility, the remote code execution bug can be potentially exploited by a network worm, which means the addr...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43154315

    FORMER WHITE HOUSE CIO: TIME TO GET ONBOARD WITH BETTER IDEAS

    May 25, 2017

    Whether it’s attracting more people to the cyber-field, taking a more effective approach to preventing social engineering, or the modernization of federal IT, we need to hit the reset button and come up with better ideas. That’s the view of Theresa Payton, president and CEO at Fortalice ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43114311

    NEW JAFF RANSOMWARE VARIANT EMERGES

    May 24, 2017

    Although it dominated headlines over the past couple of weeks, WannaCry wasn’t the only ransomware family running rampant. Another active threat was Jaff, a ransomware family that emerged just days before the WannaCry outbreak.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43124312

    WANNACRY: THE NORTH KOREA DEBATE

    May 24, 2017

    Researchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.Symantec this week doubled down on its theory that the epic WannaCry ransomware worm was the handiwork of hackers out of North Korea, but some secur...

    DARK READING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43134313

    FEW FIRMS WILL BE READY FOR NEW EUROPEAN BREACH DISCLOSURE RULES, FINES

    May 24, 2017

    The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready.Recent surveys show that most companies are not prepared for the regulations. According to a recent SailPoin...

    ITNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43094309

    RUSSIAN HACKERS INFECTED 1 MILLION PHONES WITH BANKING TROJAN

    May 23, 2017

    The Russian Interior Ministry announced on Monday that authorities dismantled a major cybercrime gang that had stolen nearly $900,000 from bank accounts after infecting more than one million Android smartphones with a Trojan.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43014301

    NEW PRODUCT ALLOWS EASY ADDITION OF MULTI-FACTOR AUTHENTICATION TO ANY APPLICATION

    May 23, 2017

    The correct balance between strong security and excessive control is difficult. Without strong security, such as multi-factor authentication (MFA), organizations will be breached. With excessive control (such as MFA always and everywhere), business will be impeded, employees will be disgruntled, and...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43044304

    WANNACRY RANSOMWARE: TOOLS DECRYPT FOR FREE

    May 23, 2017

    Good news for many victims of WannaCry: Free tools can be used to decrypt some PCs that were forcibly encrypted by the ransomware, providing the prime numbers used to build the crypto keys remain in Windows memory and have not yet been overwritten.

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43054305

    2017 HAS ALREADY RACKED UP 1,200 BREACHES--ON PACE FOR WORST YEAR EVER

    May 23, 2017

    With more than 1,200 breaches and a massive 3.4 billion records exposed already, 2017 is on pace to be yet another worst year on record for breach activity.Risk Based Security’s Q1 2017 DataBreach QuickView Report found that in particular, the practice of emulating a trusted party and requesti...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43064306

    QATAR'S STATE NEWS AGENCY HACKED BY 'UNKNOWN ENTITY': OFFICIAL

    May 23, 2017

    Qatar said Wednesday its official state news agency was hacked and subsequently carried a "false statement" on sensitive regional topics attributed to the country's Emir, Sheikh Tamim bin Hamad Al-Thani.Amid an apparent wide-scale security breach it was also reported that the agency...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43074307

    CRITICAL DOS FLAWS PATCHED IN ASTERISK FRAMEWORK

    May 22, 2017

    Updates released on Friday for the Asterisk communications framework address three critical denial-of-service (DoS) vulnerabilities discovered by Sandro Gauci, a penetration tester and researcher who specializes in VoIP and communications systems.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43034303

    RANSOMWARE WANNACRY TO ATTACK INDIAN BANKING SYSTEM SOON: CYBER EXPERT SMEALSTATEMENT

    May 22, 2017

    The bank said the attack, which exploited "a flaw" in the Windows operating system, illustrates just how many businesses have delayed upgrading their operating systems to Windows 10. It has been reported that a new ransomware "WannaCry" is spreading widely, RBI advisory to the ba...

    THE SMEAL STATEMENT
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42994299

    RANSOMWARE: PREPARE FOR MORE, BIGGER, WORSE – AND CLOSER TO HOME

    May 22, 2017

    Despite WannaCry bringing in a fairly paltry amount in ransom considering the scale of the attack, the worst is far from over, experts have warned. Brace yourself: the same vulnerability that allowed WannaCry to spread across the globe in May can still allow far greater havoc. And South Africa is on...

    DAILY MAVERICK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=43004300

    WIKILEAKS DETAILS MALWARE MADE BY CIA AND U.S. SECURITY FIRM

    May 22, 2017

    WikiLeaks has published documents detailing another spy tool allegedly used by the U.S. Central Intelligence Agency (CIA). The latest files describe “Athena,” a piece of malware whose developers claim it works on all versions of Windows.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42954295

    CHINA KILLED OR JAILED UP TO 20 US SPIES IN 2010-12: REPORT

    May 21, 2017

    Beijing systematically dismantled CIA spying efforts in China beginning in 2010, killing or jailing more than a dozen covert sources, in a deep setback to US intelligence there, The New York Times reported Sunday.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42974297

    RESEARCHER CREATES TOOL TO UNLOCK WANNACRY-INFECTED WINDOWS XP FILES

    May 19, 2017

    A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42984298

    ZOMATO BREACH EXPOSES 17 MILLION USERS

    May 19, 2017

    Some 17 million users are said to have been affected after restaurant search platform Zomato was breached this week.In a security update outlining what happened, the firm’s chief technologist, Gunjan Patidar, said the stolen information included user IDs, names, usernames, email addresses and ...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42874287

    CODE STOLEN AFTER DEVELOPER INSTALLED TROJANIZED APP

    May 19, 2017

    In a perfect example of how a breach could have an unexpected impact, application builder Panic on Wednesday announced that it experienced source code theft after a developer unknowingly installed a Trojanized application in early May.The specific app was HandBrake, a video converting tool that expe...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42884288

    MICROSOFT WITHHELD UPDATE THAT COULD HAVE SLOWED WANNACRY: REPORT

    May 19, 2017

    American software giant Microsoft held back from distributing a free security update that could have protected computers from the WannaCry global cyber attack, the Financial Times reported Thursday.In mid-march, Microsoft distributed a security update after it detected the security flaw in its XP op...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42894289

    ZOMATO ACKNOWLEDGES BREACH AFFECTING 17 MILLION

    May 19, 2017

    In a rare acknowledgment of a data breach by an Indian company, online restaurant guide and food ordering service Zomato says 17 million users' email addresses and hashed passwords were stolen from its database. The company has 120 million users. On late Thursday night, Zomato updated its blog s...

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42934293

    EU AUTHORITIES FIGHT BACK AGAINST "BLACK BOX" ATM ATTACKS

    May 18, 2017

    Europol has announced that a total of 27 related arrests have been made since the ATM black box threat first emerged in 2015. Eleven arrests have been made in France, four in Estonia, three in the Czech Republic and Norway, and two in The Netherlands, Romania and SpainA black box attack is a logical...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42904290

    CYBERATTACKS PROMPT MASSIVE SECURITY SPENDING SURGE

    May 18, 2017

    The fight against cyberattacks has sparked exponential growth in global protection spending, with the cyber security market estimated at $120 billion this year, more than 30 times its size just over a decade ago.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42914291

    DON'T GRIPE IF YOU HAND YOUR PC TO GEEK SQUAD AND THEY RAT YOU OUT TO THE FEDS – JUDGE

    May 18, 2017

    A judge has ruled that people who give their knackered computers to Best Buy's Geek Squad for repairs have no comeback if technicians find and report any illegal material to the Feds.The ruling, by US District Court Judge Cormac Carney, came this week over the case of Dr Mark Rettenmaier, a prom...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42924292

    ZAMBIA RECRUITS ISRAELI CYBER SECURITY FIRM

    May 18, 2017

    Israel-based cyber security company CyGOV wants to partner with Zambia's government to establish a cyber-security institute in the country to help combat threats.CyGOV chief strategy officer Eli Ben-Meir said that if left unchecked, cybercrime has the potential to reverse economic growth in Zamb...

    ITWEB AFRICA
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42824282

    ANOTHER LARGE-SCALE CYBERATTACK UNDERWAY: EXPERTS

    May 18, 2017

    Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

    TRIBUNE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42844284

    WANNACRY ATTACK LIFTS CYBER SECURITY STOCKS

    May 17, 2017

    The cyber security industry has been jolted into Wall Street’s sights by the WannaCry attack that has caused problems for IT professionals across the world.Investors have pushed up the share prices in a range of companies offering defence against internet attackers.

    FINANCIAL TIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42744274

    UKRAINE'S PRESIDENCY SAYS WEBSITE ATTACKED BY RUSSIA

    May 17, 2017

    The Ukrainian presidency said its website had been attacked by Russia in apparent retaliation for Kiev's decision to block prominent Moscow-based social networks. "We have been witnessing the Russian response to the president's decree about closing access to Russian social networks,&quo...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42754275

    WORDPRESS LAUNCHES PUBLIC BUG BOUNTY PROGRAM

    May 17, 2017

    The WordPress security team announced this week the launch of a public bug bounty program that covers the WordPress content management system (CMS) and several related assets.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42764276

    SHADOW BROKERS PROMISES EXPLOIT OF THE MONTH CLUB

    May 17, 2017

    The group whose leak of U.S. spying tools aided the WannaCry outbreak says it will soon sell fresh software exploits and intelligence. It also hinted that the blame for the WannaCry outbreak should go to Microsoft and the U.S. government.

    BANKINFOSECURITY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42774277

    RANSOMWARE FEAR-FLINGER UIWIX FAILS TO LIGHT

    May 17, 2017

    A ransomware variant, dubbed Uiwix, that abuses the same vulnerability as WannaCrypt has turned out to be something of a damp squib.Uiwix omits the kill switch domain that was instrumental in shutting down the spread of WannaCrypt while retaining its self-replicating abilities, Danish security firm ...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42784278

    CRITICAL SQL INJECTION FLAW PATCHED IN JOOMLA

    May 17, 2017

    A Joomla update released on Wednesday patches a critical SQL injection vulnerability that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites.The flaw, discovered by Sucuri researcher Marc-Alexandre Montpas and tracked as CVE-2017-8917, affects Joomla 3.7.0 and ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42804280

    OVER 200 BROOKS BROTHERS STORES HIT BY PAYMENT CARD BREACH

    May 17, 2017

    U.S. clothing retailer Brooks Brothers, which operates more than 400 stores worldwide, informed customers last week that cybercriminals had access to its payment processing systems for nearly one year.According to the company, attackers installed malware designed to capture payment card data at many...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42814281

    IT'S 2017 – AND YOUR MAC, IPAD, IPHONE CAN ALL BE PWNED BY AN E-BOOK

    May 16, 2017

    Apple has released security updates for both of its main operating systems, along with iTunes, Apple Watch, and Apple TV. All should be installed as soon as possible before they are exploited by miscreants.

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42664266

    BOTNET SPREAD VIA NSA HACKING TOOLS FOR WEEKS

    May 16, 2017

    The ransomware attack that stormed the world over the past several days wasn’t the first to leverage the leaked EternalBlue/DoublePulsar NSA hacking tools for distribution, Proofpoint researchers have discovered.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42704270

    SECURITY SHIELD SLINGERS ARE LOVING PREZ TRUMP'S CYBERSECURITY ORDER

    May 16, 2017

    US President Donald Trump's cybersecurity executive order, signed on Thursday after a series of delays, will make federal agency heads accountable for protecting their networks. On the other side of the fence, computer security product makers have broadly welcomed the policy, which also calls on...

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42714271

    WANNACRY'S 'KILL SWITCH' MAY HAVE BEEN A SANDBOX-EVASION TOOL

    May 16, 2017

    Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature. The WannaCry ransomware "kill switch" a security researcher commandeered on Saturday that ultimately curbed the epidemic spread of the attack worldwide may not have been a kill switch after all...

    DARKREADING
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42724272

    VIETNAM'S APT32 MARKS A NEW CHAPTER IN CYBER-ESPIONAGE

    May 16, 2017

    An advanced threat group that conducts targeted intrusions at large multinational businesses with interests in Vietnam has been brought to light, code-named APT32. According to FireEye, the group has carried out compromises in firms across multiple industries and targeted foreign governments, dissid...

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42614261

    HACKERS HIT BELL CANADA, ACCESS CUSTOMER INFORMATION

    May 16, 2017

    Bell Canada on Monday said that an unknown hacker managed to access customer information on nearly 2 million customers, including email addresses, customer names and/or telephone numbers.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42634263

    GOOGLE TO SCRUTINIZE WEB APPLICATIONS REQUESTING USER DATA

    May 15, 2017

    In the light of a recent phishing attack targeting Gmail users, Google is updating its app identity guidelines and is implementing a more thorough review process for new web applications that request user data.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42644264

    WANNACRY RANSOMWARE ATTACKS: EUROPOL CHIEF URGES ORGS TO PATCH SYSTEMS

    May 15, 2017

    In the wake of the weekend’s ransomware attacks [dubbed WannaCry] that hit multiple industries and services in 150 countries worldwide, Europol chief Rob Wainwright has urged organizations to patch their systems amid concerns about continuing attacks.

    INFOSECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42624262

    CYBERSECURITY STOCKS RISE AFTER GLOBAL 'RANSOMWARE' ATTACK

    May 15, 2017

    LONDON (Reuters) - Cybersecurity stocks and tracker products rose at the European open on Monday after a global "ransomware" attack disrupted car factories, hospitals, shops and schools around the world.

    USNEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42534253

    DON'T PAY RANSOMWARE DEMANDS, CYBERSECURITY EXPERTS SAY

    May 15, 2017

    Cybersecurity experts have warned businesses against meeting hackers’ demands for money in the wake of the “unprecedented” attack on hundreds of thousands of computer systems around the world.

    THEGUARDIAN
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42564256

    HACKERS ALIGNED WITH VIETNAM GOVERNMENT ARE ATTACKING FOREIGN COMPANIES, SAYS REPORT

    May 15, 2017

    Hackers have been carrying out cyberattacks on multinational companies operating in Vietnam for several years now, seeking types of information that suggest a possible connection to the Vietnamese government, according to a Monday report.

    CNBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42574257

    STATE BRACED FOR ‘CRUCIAL TEST’ OF COMPUTER SECURITY

    May 15, 2017

    State agencies and businesses are on alert on Monday morning amid fears that a computer virus that has wrought havoc across the world could spread to Ireland as people return to work.

    THE IRISH TIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42584258

    SMALL BUSINESS RISKS BEING LEFT BEHIND IN AUSTRALIA'S VIRTUOUS CYBER SECURITY PLANS

    May 15, 2017

    It's now a year since the launch of the Australian Cyber Security Strategy. Could progress be better? Of course. But the progress is good. Actually, it's great. The collaboration between government and the private sector has had a fresh wind touch its sails and the level of cyber security co...

    THE AUSTRALIAN FINANCIAL REVIEW
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42594259

    CYBERSECURITY PROFESSIONALS WARN WORSE IMPACT MAY YET BE FELT

    May 15, 2017

    Asian governments and businesses reported some disruptions from the WannaCry ransomware worm on Monday but cybersecurity experts warned of a wider impact as more employees turned on their computers and checked e-mails.

    CYPRUS MAIL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42604260

    MICROSOFT BASHES NSA FOLLOWING MASSIVE RANSOMWARE ATTACKS

    May 15, 2017

    Microsoft this weekend unleashed its wrath on the National Security Agency, alleging it was responsible for the ransomware attack that began last week and has spread to thousands of corporate, government and individual computer systems around the world.

    TECHNEWSWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42674267

    CYBER SECURITY STOCKS RISE IN WAKE OF GLOBAL 'RANSOMWARE' ATTACK

    May 15, 2017

    A global "ransomware" attack disrupting factories, hospitals, shops and schools spurred investors on Monday to buy stocks expected to benefit from a pickup in cyber security spending by companies and government agencies.

    REUTERS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42684268

    MOZILLA REVAMPS BUG BOUNTY PROGRAM

    May 12, 2017

    Mozilla announced on Thursday that it has relaunched its web security bug bounty program. White hat hackers are now provided clear information on how much money each type of vulnerability can earn them.Mozilla has been running a bug bounty program since 2004.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42464246

    'RISK': INSIDE THE INNER SANCTUM OF WIKILEAKS' ASSANGE

    May 12, 2017

    The enigmatic champion of a global movement for transparency and democracy. A Russian stooge. A West-hating attention-seeker. A cold fish with questionable attitudes and alleged diabolical sexual mores.Julian Assange has been labeled all of these -- and many things besides -- since starting out as a...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42474247

    SOP BYPASS IN MICROSOFT EDGE LEADS TO CREDENTIAL THEFT

    May 12, 2017

    A bug in Microsoft Edge could allow for bypassing the Same Origin Policy (SOP) and for stealing user passwords in plain text, stealing cookies, spoofing content, and other vulnerabilities, independent security researcher Manuel Caballero says.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42494249

    EXPERTS EXPECT SIMULTANEOUS CYBER ATTACKS ON MULTIPLE FIRMS: SURVEY

    May 12, 2017

    Nine in 10 global cyber security and risk experts believe that cyber risk is systemic and that simultaneous attacks on multiple companies are likely in 2017, according to a study by American International Group.More than half of survey respondents say a simultaneous attack on five to 10 companies is...

    INSURANCE JOURNAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42524252

    ROCKWELL UPDATES STRATIX ROUTERS TO PATCH CISCO IOS FLAWS

    May 11, 2017

    Rockwell Automation has released a firmware update for its Allen-Bradley Stratix 5900 services router to address tens of vulnerabilities patched over the past few years in Cisco’s IOS software.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42434243

    MICROSOFT PATCHES EDGE FLAWS DISCLOSED AT PWN2OWN

    May 11, 2017

    Microsoft this week patched several memory corruption vulnerabilities in the Edge web browser that were disclosed at the 2017 Pwn2Own hacking competition. The white hat hackers who signed up for this year’s Pwn2Own earned a total of more than $800,000 for vulnerabilities in Windows, macOS, Ubu...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42444244

    THREE CHINESE HACKERS FINED $9 MILLION FOR STEALING TRADE SECRETS

    May 11, 2017

    Three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks.

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42504250

    ALL ONEPLUS DEVICES VULNERABLE TO REMOTE ATTACKS DUE TO 4 UNPATCHED FLAWS

    May 11, 2017

    One of the unpatched vulnerabilities allows Man-in-the-Middle (MitM) attack against OnePlus device users, allowing a remote attacker to downgrade the device’s operating system to an older version, which could then expand the attack surface for exploitation of previously disclosed now-patched v...

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42514251

    VULNERABILITY ALLOWED HACKERS TO STEAL ICLOUD KEYCHAIN SECRETS

    May 10, 2017

    Apple has recently patched a Keychain vulnerability that could have been exploited by man-in-the-middle (MitM) attackers to obtain sensitive user information. The details of the flaw were disclosed on Monday by the researcher who reported it to the vendor.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42314231

    U.S. ALERTED FRANCE TO RUSSIA HACK TARGETING MACRON: NSA

    May 10, 2017

    The head of America's National Security Agency said Tuesday that Russia was behind the 11th-hour hack of French President-elect Emmanuel Macron's campaign team, and that US officials had informed France a cyber-attack was underway.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42324232

    MICROSOFT PATCHES ZERO-DAYS EXPLOITED BY RUSSIA-LINKED HACKERS

    May 10, 2017

    Microsoft’s Patch Tuesday updates for May 2017 address tens of vulnerabilities, including several zero-day flaws exploited by profit-driven cybercriminals and two notorious Russia-linked cyber espionage groups.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42334233

    BITKANGOROO RANSOMWARE DELETES USER FILES

    May 10, 2017

    A piece of ransomware currently in development is deleting users’ files if the ransom isn’t paid within a given period of time. Dubbed BitKangoroo, the malware doesn’t appear to be the work of a skilled developer and can encrypt only files located in the Desktop folder at the momen...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42344234

    USER SECURITY IS A RESPONSIBILITY, NOT AN EXCUSE

    May 10, 2017

    Ask an IT person what the weakest link in their organization’s security is, and you’ll invariably get a witty take on the same derisive answer: “Meatware.” “Our walking, talking vulnerabilities.” “PEBKAC” (problem exists between keyboard and chair).

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42354235

    U.S. REPORTEDLY TIPPED OFF FRENCH TO CAMPAIGN HACK

    May 10, 2017

    WASHINGTON -- The United States watched Russians hack France's computer networks during the election and tipped off French officials before it became public, a U.S. cyber official told the Senate on Tuesday.France's election campaign commission said Saturday that "a significant amount o...

    NWADG
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42374237

    EUROPE EMERGES AS MAJOR SOURCE OF CYBER ATTACKS: REPORTS

    May 10, 2017

    With 73% of all malware being delivered by phishing, it remains the attackers' primary attack methodology. Thirty percent of all detected attacks targeted end-user applications; the most common of which are Flash, Internet Explorer and Silverlight. The Netherlands is second only to the US as the...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42404240

    ASUS PATCHES VULNERABILITIES IN RT ROUTERS

    May 10, 2017

    Asus RT-AC and RT-N devices that are not running the latest firmware version are vulnerable to a series of CSRF, JSONP and XSS vulnerabilities that allow malicious actors to disclose information, change device settings, or inject code.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42414241

    RSAUTIL RANSOMWARE DISTRIBUTED VIA RDP ATTACKS

    May 10, 2017

    The author of a newly discovered ransomware family is hacking into remote desktop services to upload the malware alongside a bunch of other tools.In addition to the malware itself, the package of files that the malware’s developer drops after hacking into remote desktop services includes a var...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42424242

    USER SECURITY IS A RESPONSIBILITY, NOT AN EXCUSE

    May 09, 2017

    Ask an IT person what the weakest link in their organization’s security is, and you’ll invariably get a witty take on the same derisive answer: “Meatware.” “Our walking, talking vulnerabilities.” “PEBKAC” (problem exists between keyboard and chair).In ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42364236

    MICROSOFT FIXES ANTIMALWARE ENGINE FLAW FOUND BY GOOGLE EXPERTS

    May 09, 2017

    It took Microsoft less than three days to patch a critical remote code execution vulnerability found by Google Project Zero researchers in the company’s Malware Protection Engine. Most users don’t need to take any action as the affected products should be updated automatically.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42244224

    GOOGLE TIGHTENS OAUTH RULES TO COMBAT PHISHING

    May 09, 2017

    Following last week’s phishing attack against Gmail users, Google is planning tightened OAuth rules to prevent similar incidents from occurring. Phishing emails, which impersonate a trusted source to trick the recipient into opening a malicious attachment or clicking a suspicious link, have lo...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42254225

    YAHOO PAID OUT $2 MILLION IN BUG BOUNTY PROGRAM

    May 09, 2017

    Yahoo reported on Monday that between the launch of its bug bounty program in 2013 and December 2016 it had paid out a total of more than $2 million. A comparison to the previous report shows that the Internet giant awarded bounty hunters roughly $400,000 in 2016.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42264226

    FCC SAYS WEBSITE DOWNTIME CAUSED BY DDOS ATTACKS

    May 09, 2017

    The U.S. Federal Communications Commission (FCC) said its website was disrupted by distributed denial-of-service (DDoS) attacks on Sunday night, not due to a large number of attempts to submit comments on net neutrality.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42294229

    FCC SAYS IT WAS VICTIM OF CYBERATTACK AFTER JOHN OLIVER SHOW

    May 08, 2017

    The Federal Communications Commission is claiming its website was hit by a cyberattack late Sunday night. The attack came shortly after comedian John Oliver urged viewers of his HBO show "Last Week Tonight" to file comments on the site in support of the agency's net neutrality rules, w...

    THEHILL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42304230

    HIGH-PROFILE TARGETS ATTACKED VIA SOFTWARE UPDATE MECHANISM

    May 08, 2017

    A recently discovered cyber-attack targeting high-profile technology and financial organizations is using a compromised software update mechanism for malware delivery, Microsoft security researchers reveal.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42214221

    GOOGLE RESEARCHERS FIND "WORST" WINDOWS RCE FLAW

    May 08, 2017

    Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich claim to have found a critical vulnerability in Windows. The details of the flaw will likely be disclosed in 90 days from now even if a patch is not available.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42234223

    MICROSOFT ISSUES EMERGENCY PATCH FOR CRITICAL RCE IN WINDOWS MALWARE SCANNER

    May 08, 2017

    Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable.Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend.

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42284228

    APT10’S DEVASTATING CYBER ATTACK SHOWS ANTI-VIRUS DEFENCES CAN'T BE RELIED ON

    May 05, 2017

    The China-based APT10 hacking, cyber security technology and organisations in general are failing the industry There is a brutal lesson in the revelation that the China-based APT10 hackers have breached the cyber defences of some of the world’s biggest commercial and governmental organisations...

    INFORMATION AGE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42204220

    TURLA CYBERSPIES DEVELOPING MAC OS X MALWARE

    May 05, 2017

    The Russia-linked cyberespionage group known as Turla has been working on developing a Mac OS X version of its Snake malware framework, researchers at Fox-IT revealed this week.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42134213

    HACKERS EXPLOIT SS7 FLAWS TO LOOT BANK ACCOUNTS

    May 04, 2017

    Cybercriminals have exploited vulnerabilities in the SS7 protocol to bypass security mechanisms and steal money from bank accounts. Researchers have warned about the threat for years and these types of attacks have recently become a reality.SS7, which stands for Signalling System No. 7, is a telepho...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42154215

    AN ARMY OF THOUSANDS OF HACKED SERVERS FOUND MINING CRYPTOCURRENCIES

    May 04, 2017

    A new botnet consisting of more than 15,000 compromised servers has been used to mine various cryptocurrencies, earning its master around $25,000 per month.Mining cryptocurrencies can be a costly investment, as it requires an enormous amount of computing power, but cybercriminals have found an easy ...

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42164216

    CYBERSECURITY IN 2017: TECHNOLOGY, GROWTH AND A NEW TAX-SAVING OPPORTUNITY

    May 04, 2017

    From the denial-of-service-attack (DDoS) against Dyn, Inc. to hacking during the last election cycle to compromised Yahoo accounts, last year emphasized the importance of top-notch cybersecurity for all businesses and organizations.

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42174217

    CYBERSECURITY IN 2017: TECHNOLOGY, GROWTH AND A NEW TAX-SAVING OPPORTUNITY

    May 04, 2017

    From the denial-of-service-attack (DDoS) against Dyn, Inc. to hacking during the last election cycle to compromised Yahoo accounts, last year emphasized the importance of top-notch cybersecurity for all businesses and organizations.

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42184218

    GOOGLE DOCS PHISHING SCAM DOUSED AFTER CATCHING FIRE

    May 04, 2017

    A phishing scam that tricked people with what appeared to be Google Docs links was doused by the internet giant after spreading wildly on Wednesday.The purpose of the scam, and the culprits behind it, remained unknown late in the day.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42074207

    GOOGLE DOCS – MASSIVE PHISHING ATTACK

    May 04, 2017

    Some Google Docs users, mainly in the US, have been victims of a massive phishing attack that potentially gave attackers access to their email, address book, calendar, and docs.Google raced to patch the issue so this article is a commentary on why so many people were fooled into giving hackers their...

    ITWIRE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42104210

    UNPATCHED WORDPRESS PASSWORD RESET FLAW DISCLOSED

    May 04, 2017

    A researcher has disclosed the details of a WordPress vulnerability that can be exploited by an unauthenticated attacker to reset a targeted user’s password. The flaw was reported to WordPress months ago, but it still has not been patched.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42114211

    REAL-WORLD SS7 ATTACK — HACKERS ARE STEALING MONEY FROM BANK ACCOUNTS

    May 03, 2017

    Security researchers have been warning for years about critical security holes in the Signaling System 7 (SS7) that could allow hackers to listen in private phone calls and read text messages on a potentially vast scale, despite the most advanced encryption.

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42124212

    EUROPOL PROBING IS SETTING UP OF SOCIAL NETWORK

    May 03, 2017

    The Hague - European police are probing whether the Islamic State group and other extremists are setting up a social network to spread propaganda, gain funding and avoid security crackdowns, an official said Wednesday.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42084208

    WORDPRESS ATTACKS POWERED BY ROUTER BOTNET DROP RAPIDLY

    May 03, 2017

    A botnet powered by compromised home routers has been apparently shut down. It is unclear if the botnet operators decided to pull the plug on their operation or if the disruption was caused by law enforcement.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41994199

    TRAVEL TECH GIANT SABRE INVESTIGATING DATA BREACH

    May 03, 2017

    Travel technology giant Sabre revealed that it has launched an investigation after detecting unauthorized access to sensitive information processed through one of its systems.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42004200

    USA TODAY OWNER GANNETT HIT BY PHISHING ATTACK, NEARLY 18000 EMPLOYEES' ACCOUNTS POSSIBLY COMPROMISED

    May 03, 2017

    Gannett, which owns more than 100 newspapers across the US, including USA Today, has been hit with an email phishing attack, potentially compromising the accounts of nearly 18,000 current and former employees. The media company said hackers may have accessed employees' personal data after severa...

    IBTIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42044204

    MALWARE-LADEN MUSIC PLAYER APP DOWNLOADED BY THOUSANDS OF USERS FOUND IN GOOGLE PLAY STORE

    May 03, 2017

    Security researchers have found a music player app in the Google Play Store, which has already been downloaded by thousands of users, to be riddled with malicious malware. Going by the name "Super Free Music Player", the app was uploaded to Google Play on 31 March and has already garnered ...

    IBTIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42054205

    FAST-GROWING CYBERSECURITY FOR SLACK STARTUP BEGINS HIRING PUSH AFTER FUNDING REACHES $4.85M

    May 02, 2017

    Wiretap, which makes cybersecurity software for office collaboration suites such as Slack and Yammer, has raised another $1.85 million from new investors including Rev1 Ventures. That brings its three-month total raised to $4.85 million, less than a year since the software launched.

    THE BUSINESS JOURNALS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41974197

    ORGANIZATIONS SLOW TO DETECT DAMAGING CYBER ATTACKS, STUDY FINDS

    May 02, 2017

    Public and private organizations globally are getting slower at detecting and responding to distributed denial of service (DDoS) attacks as they become larger and more complex, new research shows.

    THEHILL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41984198

    NETGEAR PATCHES RCE FLAWS IN ROUTERS, SWITCHES

    May 02, 2017

    Netgear recently informed customers that it has released firmware updates for some of its routers and switches to address remote code execution and other types of vulnerabilities.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42014201

    EVOLUTION AND ESCALATION: TWO KEY CYBER THREAT TRENDS

    May 02, 2017

    Existing threats escalated and new threats emerged in a turbulent 2016. Ransomware spiked, IoT-based DDoS threatened the internet, political subversion and sabotage grew, and hackers moved towards non-malware based attacks -- or 'living off the land'. These and more threats are highlighted i...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=42024202

    CHINA-LINKED SPIES USE RECENT ZERO-DAY TO TARGET FINANCIAL FIRMS

    May 02, 2017

    A cyber espionage group has targeted analysts working at major financial firms using a recently patched Microsoft Office vulnerability, Proofpoint reported last week.The threat actor, tracked by the security firm as TA459, has been active since at least 2013 and it’s believed to be operating o...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41954195

    PCS WITH INTEL SERVER CHIPSETS, LAUNCHED IN PAST 9-YEARS, CAN BE HACKED REMOTELY

    May 01, 2017

    A critical remote code execution (RCE) vulnerability has been discovered in the remote management features on computers shipped with Intel processors for nearly a decade, which could allow attackers to take control of the computers remotely.

    THE HACKER NEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41964196

    TRICKERBOT TROJAN TARGETS PRIVATE BANKING

    May 01, 2017

    Recent attacks associated with the TrickBot banking Trojan have been targeting private banks, and the threat is also sharpening its focus on business banking, IBM's X-Force security team warns.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41924192

    NORTH KOREA-LINKED HACKER GROUP POSES SERIOUS THREAT TO BANKS: KASPERSKY

    May 01, 2017

    A North Korea-linked hacking group responsible for multiple financial and destructive attacks is believed to be the most serious threat against banks, security firm Kaspersky Lab says.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41934193

    SNMP AUTHENTICATION BYPASS PLAGUES NUMEROUS DEVICES

    Apr 28, 2017

    The Simple Network Management Protocol (SNMP) embedded in some Internet connected devices allows an attacker to bypass authentication by simply sending random values in specific requests, security researchers have discovered.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41864186

    FIN7 HACKERS CHANGE PHISHING TECHNIQUES

    Apr 28, 2017

    A recently uncovered threat group referred to as FIN7 has adopted new phishing techniques and is now using hidden shortcut files (LNK files) to compromise targets, FireEye security researchers reveal.The financially-motivated threat group has been active since late 2015 and was recently found to hav...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41874187

    TRICKBOT BANKING TROJAN STEPS UP ATTACKS AGAINST UK TARGETS

    Apr 28, 2017

    IBM X-Force researchers warn that this sophisticated malware family is fast becoming one of the most prevalent forms of data-stealing banking TrojansA sophisticated Trojan malware operation is targeting financial organisations across the globe -- but with a particular focus on the UK banking sector....

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41904190

    RANSOMWARE ATTACKS GROW BY 50% AS CYBERESPIONAGE SOARS, VERIZON DATA BREACH REPORT FINDS

    Apr 28, 2017

    Ransomware is rapidly becoming a popular go-to malware for cybercriminals as attacks jumped a whopping 50% over the past year. According to Verizon's 2017 Data Breach Investigations Report released on Thursday (27 April), malicious actors extorted millions of dollars from people and organisation...

    IBTIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41914191

    STATE-AFFILIATED HACKERS RESPONSIBLE FOR NEARLY 1 IN 5 EXTERNAL DATA BREACHES: VERIZON DBIR

    Apr 27, 2017

    The Verizon Data Breach Investigations Report (DBIR) is industry's go-to analysis of security incidents and successful breaches over the previous year. The latest report was published Thursday.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41884188

    NEW SCADA FLAWS ALLOW RANSOMWARE, OTHER ATTACKS

    Apr 27, 2017

    SINGAPORE — ICS CYBER SECURITY CONFERENCE — Mission-critical control systems that don’t pose an obvious risk can be hijacked and leveraged for attacks by profit-driven cybercriminals and other threat actors, researchers warned.Cybercriminals have been increasingly relying on ransom...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41794179

    ESSENTIAL TO ENSURE FOOL PROOF CYBER SECURITY: PP CHAUDHARY

    Apr 27, 2017

    It is essential to ensure fool proof cyber security along with expansion of IT, this was suggested by Union Minister of state for Electronics and IT PP Chaudhary.“There is a need to ensure foolproof cyber security along with expansion of IT and IT enabled facilities since hacking or crashing o...

    NORTHEAST TODAY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41804180

    HOW A CYBER ATTACK TRANSFORMED ESTONIA

    Apr 27, 2017

    Cyber-attacks, information warfare, fake news - exactly 10 years ago Estonia was one of the first countries to come under attack from this modern form of hybrid warfare. It is an event that still shapes the country today. Head bowed, one fist clenched and wearing a World War Two Red Army uniform, th...

    BBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41814181

    CYBER CRIMINALS NOW EXECUTING POLITICALLY DEVASTATING ATTACKS: SYMANTEC

    Apr 27, 2017

    Explaining how simple tactics lead to unprecedented outcomes, a new report from global cybersecurity firm Symantec said on Wednesday that cyber criminals are executing politically devastating attacks to undermine a new class of targets.

    FACTORDAILY
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41824182

    DOD LAUNCHES "HACK THE AIR FORCE" BUG BOUNTY PROGRAM

    Apr 27, 2017

    Following the success of the “Hack the Pentagon” and “Hack the Army” initiatives, the U.S. Department of Defense announced on Wednesday the launch of the “Hack the Air Force” bug bounty program. “Hack the Air Force” will be the Pentagon’s largest...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41834183

    ​FALSEGUIDE MALWARE VICTIM COUNT JUMPS TO 2 MILLION

    Apr 26, 2017

    An estimated 2 million Android users have now fallen victim to malware mistakenly downloaded from Google Play, which was initially reported to have affected approximately 600,000 users.

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41764176

    CYBERSECURITY PLAN LAUNCHED BY ACSGN

    Apr 26, 2017

    Australia’s cybersecurity capabilities will be increased after the launch of a new industry-led strategy. The Australian Cyber Security Growth Network’s Cyber Security Sector Competitiveness Plan is designed to help Australia’s cybersecurity solutions sector realise its full potent...

    TECHNOLOGY DECISIONS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41774177

    NEW STRAIN OF LINUX MALWARE COULD GET SERIOUS

    Apr 26, 2017

    A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat. Eset on Tuesday disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware.

    TECHNEWSWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41704170

    CHIPOTLE INVESTIGATING PAYMENT CARD BREACH

    Apr 26, 2017

    Fast-casual restaurant chain Chipotle Mexican Grill, which has more than 2,000 locations in the United States and other countries, informed customers on Tuesday that its payment processing systems have been breached.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41724172

    FLAWS IN HYUNDAI APP ALLOWED HACKERS TO STEAL CARS

    Apr 26, 2017

    South Korean carmaker Hyundai has released updates for its Blue Link mobile applications to address vulnerabilities that could have been exploited by hackers to locate, unlock and start vehicles.The Blue Link application, available for both iOS and Android devices, allows users to remotely access an...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41734173

    STUDY SAYS NEW MINDSET REQUIRED TO RESPOND TO CYBER THREATS

    Apr 25, 2017

    Businesses recognize security as a growing imperative, but many remain on the defensive, fighting cyber threats with dated tactics and training, according to a report by CompTIA. The Evolution of Security Skills report calls on companies to adopt proactive measures to identify weak links before they...

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41744174

    MORE BUDGET IS SPENT ON PROPERTY RELATED RISKS VS. CYBER RISK

    Apr 25, 2017

    Organizations now believe that their cyber assets are more valuable than plant, property and equipment assets, even though they are spending four times more budget on insurance protecting cyber risks.

    SECURITY MAGAZINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41754175

    WEBROOT TAGS WINDOWS FILES, FACEBOOK AS MALICIOUS

    Apr 25, 2017

    An update released by Webroot has caused the company’s home and business products to flag legitimate files and websites as malicious. While the faulty update was only available for less than 15 minutes on Monday, many customers took to social media and Webroot’s forum to complain that it...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41644164

    NORTHERN IRELAND BOY HELD OVER TALKTALK CYBER ATTACK TO FIGHT IDENTIFICATION RULING

    Apr 25, 2017

    The 15-year-old is seeking to overturn a ruling that the Department of Justice cannot be compelled to implement a law banning the press from naming juveniles suspected of crimes before they are charged.

    BELFAST TELEGRAPH
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41654165

    RUSSIAN HACKERS WHO TARGETED CLINTON APPEAR TO ATTACK FRENCH CANDIDATE MACRON

    Apr 25, 2017

    The campaign of the French presidential candidate Emmanuel Macron has been targeted by what appears to be the same Russian operatives responsible for hacks of Democratic campaign officials before last year’s U.S. presidential election, a cybersecurity firm has warned in a new report.

    THE ATLANTA JOURNAL-CONSTITUTION
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41664166

    WITH CYBER ATTACKS ON THE RISE, BUSINESS CONTINUITY PLANS ARE MORE VITAL THAN EVER

    Apr 25, 2017

    With more and more UK businesses falling victim to cyberattacks each year, it’s no secret that many firms still have a lot to do when it comes to cybersecurity. The problem is that an attack of this nature can create total chaos for businesses of all sizes, so when these incidents do occur, it...

    ITPROPORTAL
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41674167

    CAR HACKING'S DYNAMIC DUO OFFERS TO SAVE OTHERS $1M IN RESEARCH

    Apr 25, 2017

    Two famed car hackers claim they can save fellow tinkerers and security researchers a lot of time and money – by handing over their tools and blueprints for free. The pair boast the gear is worth over a million bucks.

    THE REGISTER
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41684168

    KELIHOS BOTNET AUTHOR INDICTED IN U.S.

    Apr 24, 2017

    The alleged author of the Kelihos botnet has been charged in an eight-count indictment returned by a federal grand jury in Bridgeport, Connecticut, after being arrested in Spain earlier this month.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41694169

    LOCKY RANSOMWARE RETURNS IN NEW NECURS-DRIVEN CAMPAIGN

    Apr 24, 2017

    Locky was the dominant ransomware in 2016, but was less active in the first quarter of 2017. Now the threat is back with a new Necurs-driven campaign, which was first spotted on April 21. Necurs is a major botnet with estimates last year of up to 1.7 million captive computers.According to SophosLabs...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41574157

    DENMARK SAYS RUSSIA HACKED DEFENSE MINISTRY EMAILS

    Apr 24, 2017

    Denmark on Monday denounced Moscow's "aggressive" behavior after a report accused Russian hackers of infiltrating the defense ministry's email accounts. "This is part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia," D...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41584158

    CARDINAL RAT REMAINED HIDDEN FOR TWO YEARS

    Apr 24, 2017

    A recently discovered remote access Trojan (RAT) that abuses Excel macros in an innovative way has been active for more than two years, Palo Alto Networks security researchers reveal.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41594159

    DENMARK ACCUSES RUSSIA OF HACKING DEFENSE

    Apr 24, 2017

    Russia has been accused of having hacked the Danish Ministry of Defense and gained access to its employees’ emails in 2015 and 2016, local media reported on Sunday. Defense Minister Claus Hjort Frederiksen was quoted by Danish news agency Ritzau as saying that the group behind the hacking is l...

    THE FILIPINO TIMES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41604160

    INVESTORS FUND NEWEST PLAYER IN JAPAN'S CYBERSECURITY MARKET

    Apr 24, 2017

    The company is the result of investment by Blue Ridge Networks, Information Services; International-Dentsu; Sompo Japan Nipponkoa; DaI-ichi Life Insurance Holdings; PCI Holdings; and Daiko DenshiTsushi.

    THE SECURITY BRIEF
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41614161

    SCHOOLS SEEN AS DATA-RICH TARGETS BY HACKERS, BUT ALSO AS BREEDING GROUND FOR CYBER WORKFORCE

    Apr 24, 2017

    Weak security controls and droves of useful data are attracting hackers, but a new report argues schools could do more to break the chain of cyber illiteracy.

    EDSCOOP
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41624162

    ARREST OF WIKILEAKS'S ASSANGE A 'PRIORITY': US TOP COP

    Apr 21, 2017

    "We are going to step up our effort and already are stepping up our efforts on all leaks," Sessions, America's top cop, said at a news conference in response to a reporter's question about a US priority to arrest Assange.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41494149

    MEET THE MAN CHARGED WITH GROWING AUSTRALIA’S CYBER SECURITY INDUSTRY

    Apr 21, 2017

    Last December Craig Davies, former head of security for Atlassian, was named head of the government’s new Cyber Security Growth Centre launched with $31.9 million of funding over three years.

    COMPUTERWORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41504150

    FLAWS ALLOWED HACKERS TO BYPASS LASTPASS 2FA

    Apr 21, 2017

    Design flaws in LastPass’ implementation of two-factor authentication (2FA) could have been exploited by hackers to bypass the protection mechanism and gain access to user accounts.Martin Vigo, one of the Salesforce researchers who in November 2015 reported finding several vulnerabilities in L...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41524152

    CYBER SECURITY COMPROMISES HIT 90% OF AUSTRALIAN ORGANISATIONS

    Apr 21, 2017

    Almost all Australian organisations were affected by cybersecurity attacks in 2015-2016, with 90% reporting an attempted or successful attempt in a survey by the Australian Cyber Security Centre (ACSC).

    OUT-LAW
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41534153

    'THE PREVENTION OF CYBER ATTACKS IS ALMOST IMPOSSIBLE' - WHAT ARE TOP LAW FIRMS DOING TO PROTECT THEMSELVES?

    Apr 21, 2017

    Technology provides law firms and their clients with an enormous upside, which they are uniformly keen to discuss. But first there is the significant, and less discussed, downside.“IT security is possibly the number one issue. Any managing partner who isn’t having sleepless nights over i...

    LEGAL WEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41554155

    DRUPAL PATCHES CRITICAL ACCESS BYPASS FLAW

    Apr 20, 2017

    Updates released for versions 8.2 and 8.3 of the Drupal content management system (CMS) address a critical access bypass vulnerability. The flaw, discovered by Drupal developer Samuel Mortenson and tracked as CVE-2017-6919, has been classified as critical by the Drupal security team, but it only aff...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41424142

    AUSTRALIA'S BOLD PLAN FOR CYBERSECURITY GROWTH

    Apr 20, 2017

    The Australian Cyber Security Growth Network (ACSGN) aims to triple the size of the nation's cybersecurity industry sector, from just over AU$2 billion in revenues today, to AU$6 billion.

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41434143

    HONG KONG TO TIGHTEN CYBER SECURITY RULES AFTER BROKER HACKS

    Apr 20, 2017

    Hong Kong plans to toughen information security rules after a series of embarrassing hacks at the city's brokers, the securities regulator said on Thursday. The draft rules would likely include requirements for two-step authentication for account log-in and for brokers to notify clients when a t...

    REUTERS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41444144

    SHOULD WE WORRY THE GENERAL ELECTION WILL BE HACKED?

    Apr 20, 2017

    “Brexit vote site may have been hacked” warned the headlines last week after a Commons select committee published its report into lessons learned from the EU referendum.

    THE GUARDIAN
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41454145

    CISCO FIXES SERIOUS FLAWS IN SECURITY, OTHER PRODUCTS

    Apr 20, 2017

    Cisco has released software updates for its Firepower, IOS, Adaptive Security Appliance (ASA) and Unified Communications Manager (Unified CM) products to address high severity denial-of-service (DoS) vulnerabilities. One of the flaws, identified as CVE-2016-6368, can affect several products running ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41464146

    WHY YOU MUST BUILD CYBERSECURITY INTO YOUR APPLICATIONS

    Apr 20, 2017

    One of the largest changes underway in the way we create software is that cybersecurity is no longer an afterthought, but instead is being built into every application. The challenge many companies face is how to keep up and make sure the software they create is just as safe as the products they buy...

    FORBES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41474147

    TRUMP'S CYBERSECURITY MYSTERY: 90 DAYS IN, WHERE'S THE PLAN?

    Apr 19, 2017

    On Jan. 6, weeks before he was due to become president, Donald Trump sat down with U.S. intelligence officials for a two-hour briefing at Trump Tower on cyberattacks conducted during the U.S. election. The meeting resulted in a pledge: a plan to counter cyberattacks against the U.S. within 90 days o...

    NETWORK WORLD
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41354135

    CHROME, FIREFOX USERS EXPOSED TO UNICODE DOMAIN PHISHING

    Apr 19, 2017

    Malicious actors can create legitimate-looking phishing domains by leveraging the fact that some popular web browsers fail to properly protect their users against homograph attacks.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41374137

    FLAW IN DRUPAL MODULE EXPOSES 120,000 SITES TO ATTACKS

    Apr 19, 2017

    A critical vulnerability has been found in a Drupal module used by many websites. While the flaw has been fixed, Drupal developers initially advised users to migrate as the affected module had not been updated for several years.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41384138

    EXTREME CYBERSECURITY VISIBILITY: YOU CAN'T SECURE WHAT YOU CAN'T MEASURE

    Apr 19, 2017

    You often hear that “You can’t manage what you can’t measure.” But it seems to me that there are some corollaries in the world of security, namely: You can’t improve security systems you can’t monitor. You can’t secure networks you can’t monitor.

    FORBES
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41394139

    'NEARLY HALF' OF FIRMS HAD A CYBER-ATTACK OR BREACH

    Apr 19, 2017

    Nearly half (46%) of British businesses discovered at least one cybersecurity breach or attack in the past year, a government survey has indicated. That proportion rose to two-thirds among medium and large companies. Most often, these breaches involved fraudulent emails being sent to staff or securi...

    BBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41404140

    MICROSOFT: LATEST 'SHADOW BROKERS' EXPLOITS ALREADY PATCHED

    Apr 18, 2017

    The hacker group calling itself “Shadow Brokers” has made public another batch of files allegedly obtained from the NSA-linked threat actor tracked as the Equation Group. Microsoft has assured customers that these new exploits don’t affect up-to-date systems.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41284128

    CYBER THREATS ARE GROWING MORE SERIOUS, AND ARTIFICIAL INTELLIGENCE COULD BE THE KEY TO SECURITY

    Apr 18, 2017

    In a constantly evolving digital threat landscape, where firewalls and antiviruses are considered tools of antiquity, companies are looking to more technologically advanced means of protecting crucial data.

    CNBC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41294129

    HACKERS EXPLOIT JAPAN’S MOBILE GAMERS WITH FAKE FANTASY CASH

    Apr 18, 2017

    Gamers beware: hackers offering free virtual trinkets don’t care about your passwords or personal data, but your employer’s most closely guarded secrets.  An employee at a Japanese high-tech company learned this the hard way, duped by a fake giveaway for 300 magic stones for the sma...

    THESTAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41314131

    4 CYBER ATTACKS WE'LL NEVER FORGET

    Apr 17, 2017

    It's hard to imagine life without the Internet. Browsing the web has become so second nature to us that we share sensitive information through our e-mails and social media accounts each day without second thought, and hackers know it.

    THE HUFFINGTON POST
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41214121

    FOREIGN OFFICE ‘TARGETED BY SUSTAINED CYBER-ATTACK’

    Apr 17, 2017

    The Foreign Office was targeted by sophisticated hackers last year in a sustained attack that lasted for a period of several months, according to computer security researchers. Beginning in April 2016 a hacking organisation called Callisto Group targeted Foreign Office staff with highly targeted ema...

    SILICON
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41224122

    WHY YOU CAN’T AFFORD NOT TO TRAIN VETERANS IN CYBER SECURITY

    Apr 17, 2017

    My experience in the information technology sector began roughly 15 years ago this month. I was a young man with a new family struggling from job to job. Many of the jobs I had during the early years were well-paying jobs, however, I never kept one for very long. Looking back (hindsight is always 20...

    CSOONLINE
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41234123

    ARGUS CYBER SECURITY HACKS CAR USING DONGLE DEVICE

    Apr 17, 2017

    Argus Cyber Security, the Israeli cybersecurity company, said late last week that it was able to hack into a vehicle’s internal communication system using a device installed in cars by insurance companies to track driving patterns, or for car owners who want in-vehicle Wi-Fi.

    PYMNTS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41244124

    SYNACK INC. BRINGS HACKER-POWERED INTELLIGENCE FOR CYBERSECURITY

    Apr 17, 2017

    A cyber security startup company called Synack Inc. has come up with the first hacker-powered intelligence platform. It raised $21.25 million funding from Microsoft Ventures. Cybersecurity is one of the major concerns for each and every company at present. Security breaches, vulnerabilities, and hac...

    TECH NEWS INC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41254125

    BIND UPDATES PATCH THREE VULNERABILITIES

    Apr 13, 2017

    The Internet Systems Consortium (ISC) announced this week that updates released for the DNS software BIND patch several denial-of-service (DoS) vulnerabilities that can be exploited remotely.

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41144114

    OUTER-SPACE HACKING A TOP CONCERN FOR NASA'S CYBERSECURITY CHIEF

    Apr 13, 2017

    NASA scientists glean valuable data about powerful space explosions and the energy of black holes from their Swift and Fermi satellites. The projects were supposed to last a few years. Instead, they’ve survived for more than a decade. That’s great for researchers but a challenge for Jean...

    THESTAR
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41154115

    EVERY UK BUSINESS GOT HIT BY CYBER-ATTACK 43,000 TIMES IN Q1 2017

    Apr 13, 2017

    OK so Beaming says UK businesses suffered, on average, 43,000 cyber-attacks in the first quarter of 2017 – each. If this number sounds way too big, then it would be even more interesting to hear that this is actually seven per cent lower than what was going on in the same period last year.

    SEAD FADILPASIC
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41164116

    MELBOURNE IT SUFFER DENIAL-OF-SERVICE ATTACK, THOUSANDS OF WEBSITES INACCESSIBLE

    Apr 13, 2017

    As many as 500,000 Australian websites were rendered inaccessible for up to 90 minutes on Thursday morning, after Melbourne IT's domain name system servers NetRegistry and TPP Wholesale suffered a cyberattack. Customers took to forums such as Whirlpool to vent their fury at Melbourne IT for the ...

    FINANCIAL REVIEW
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41174117

    HOW SHOULD I PROTECT MY WINDOWS PC FROM MALWARE AND VIRUSES?

    Apr 13, 2017

    It’s complicated. I’ve spent more than 20 years recommending various anti-virus programs as an essential part of any Windows setup. However, Windows has changed, and the threat landscape has changed. I am no longer sure that a third-party AV program is essential, and some of them may be ...

    THE GUARDIAN
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41184118

    RANSOMWARE: WHY ONE VERSION OF THIS FILE-ENCRYPTING NIGHTMARE NOW DOMINATES

    Apr 13, 2017

    Ransomware boomed last year, with the malicious file-encrypting software rising to become arguably the biggest menace on the web. While hundreds of ransomware variants extorted payments from victims in return for unlocking files, it was Locky which was the most dominant family.

    ZDNET
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41194119

    MICROSOFT PATCHES OFFICE, IE FLAWS EXPLOITED IN ATTACKS

    Apr 12, 2017

    Microsoft’s security updates for April 2017 address more than 40 critical, important and moderate severity vulnerabilities, including three zero-day flaws that have been exploited in attacks. According to Microsoft, the updates resolve flaws affecting Edge, Internet Explorer, Windows, Office, ...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41074107

    ADOBE PATCHES FLASH, READER FLAWS EXPLOITED AT PWN2OWN

    Apr 12, 2017

    Adobe released security updates for several of its products on Tuesday to address a total of 59 vulnerabilities, including flaws disclosed last month at the Pwn2Own 2017 hacking competition. A majority of the security holes, 47 to be precise, have been patched in the Windows and Mac versions of Adob...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41084108

    PREVENTING CYBER ATTACKS -- THIS TIME IT'S PERSONAL

    Apr 12, 2017

    Security professionals are putting pressure on themselves to secure their organization's systems according to the findings of a new report. The 2017 Security Pressures Report from managed security specialist Trustwave surveyed over 1,600 security decision makers around the world and finds that w...

    BETANEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41114111

    BREXIT VOTER REGISTRATION WEBSITE MAY HAVE SUFFERED DDOS ATTACK AT THE HANDS OF RUSSIA OR CHINA

    Apr 12, 2017

    The Brexit process is now officially underway, but there is still a good deal of talk about the validity of the outcome. A number of members of parliament have expressed concerns that a foreign government may have interfered with the referendum, making it difficult or impossible for people to regist...

    BETANEWS
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41124112

    US TAKES DOWN HUGE BOTNET AS SPAIN ARRESTS NOTORIOUS RUSSIAN HACKER

    Apr 11, 2017

    US authorities moved Monday to take down a global computer botnet behind the massive theft of personal data and unwanted spam emails, as Spain arrested the notorious Russian hacker who operated it. US authorities say the Russian, Piotr or Peter Levashov, had operated the Kelihos network of tens of t...

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41004100

    WIKILEAKS CIA FILES LINKED TO ESPIONAGE GROUP

    Apr 11, 2017

    Researchers at Symantec have analyzed the Vault 7 files published in recent weeks by WikiLeaks and determined that they are very similar to ones used by a cyberespionage group tracked by the security firm as “Longhorn.”The Vault 7 leaks cover exploits and tools allegedly used by the U.S....

    SECURITYWEEK
    READ MORE

    https://Informationsecurity.report/news-article.aspx?ID=41024102