SECURITY EVANGELIST

Have you ever been worried about hackers taking control of your email or social media account? It’s scary thing to imagine, and it can happen even to the best of us. Fortunately, there are a number of ways available for you to recover them. This is the topic of the  article we published this week, which we recommend you check out. 

Security articles of the week (June 19-23, 2017)

The biggest story of the week, by far, was the huge leak of nearly 200 million American voters. However, because the fallout was limited to Americans, it didn’t take up as much headline space in other countries.

In any case, here are this week’s biggest cybersecurity stories:

1. How PayPal Protects Billions of Transactions

How does PayPal, one of the world’s largest internet payment companies with over 203 million active users, maintain a fraud loss rate of just .032 percent? Guru Bhatt, PayPal’s general manager of technology and head of engineering, says it comes down to a combination of sophisticated automation, machine learning, and human insight.

2. Meet 5 of the World’s Most Dangerous Hacker Groups

Hacking has come a long way from the days of maladjusted teenagers wreaking digital havoc from their basements. As Fortune explains in the cover story of our Jul. 1 issue, today the biggest and baddest hacker groups are backed by nation-states. They’re called “advanced persistent threats” or APTs, in the cyber jargon, a phrase meant to convey their supreme and underlying quality: ferocity. Below are a few of the most notorious—and feared—state-affiliated hacking groups around.

3. Why So Many Top Hackers Hail from Russia

Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs.

4. 198 million Americans hit by ‘largest ever’ voter records leak

A huge trove of voter data, including personal information and voter profiling data on what’s thought to be every registered US voter dating back more than a decade, has been found on an exposed and unsecured server, ZDNet has learned.

5. Virgin Media tells 800,000 customers to change passwords after routers found vulnerable to hackers

Virgin Media has warned 800,000 customers using its Super Hub 2 router to change their passwords because a security vulnerability could expose their passwords to hackers, enabling attackers to gain control of other smart devices on the network.

6. ‘How foul-mouthed hackers messed up my life’

It’s not normally a good idea to sign off your Powerpoint presentation pitching for work with an expletive.
But this is what Gary Berman did – albeit unknowingly.
Hackers had broken in to his home network via an internet-connected printer and sabotaged his files. Instead of signing off with “thank you”, the hackers changed the first word to something offensive.

7. WannaCry Ransomware Infects Australian Traffic Cameras, Human Error Blamed

It has been revealed that 55 traffic and speed cameras in the state of Victoria, Australia, have been accidentally infected with the WannaCry ransomware that struck organisations hard around the world last month.

8. Microsoft says ‘no known ransomware’ runs on Windows 10 S — so we tried to hack it

Microsoft claims “no known ransomware” runs on Windows 10 S, its newest, security-focused operating system. Microsoft touted the operating system as being less susceptible to ransomware because of its locked down configuration.

9. Google’s whack-a-mole with Android adware continues

Why can’t Google put a stop to adware on their official Android app marketplace? The analysis by Trend Micro researchers of a Trojan Android ad library dubbed Xavier tells the story.

10. How Hackers Manipulate Email to Defraud You and Your Customers

Internet fraud is one of the most common motivators of cybercrime. Millions of dollars are stolen every year from victims who are tricked into initiating wire transfer payments through social engineering tactics and computer breaches. This is typically accomplished using one of three methods: business email compromise (BEC), email account compromise (EAC), and spoofing.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve published an in-depth article about banking Trojans. This type of malware has been around for a very long time, but the past few years has seen it evolve new features and functionalities that make it much more terrifying than before.

Security articles of the week (June 12-16, 2017)

This week has seen a lot of interesting stories, and some of them have offered us information that is off the usually travelled path, such as how attackers try nearly 100,000 times to breach a system.

No more spoilers though, here are this week’s best cybersecurity stories:

1.         How a Single Email Stole $1.9 Million from Southern Oregon University

Southern Oregon University has announced that it is the latest organization to fall victim to a business email compromise (BEC) attack after fraudsters tricked the educational establishment into transferring money into a bank account under their control.

2.         The 15 worst data security breaches of the 21st Century

Data security breaches happen daily, in too many places at once to keep count. But what constitutes a huge breach versus a small one? CSO compiled a list of 15 of the biggest or most significant breaches of the 21st century.

3.         Report: 19% of business passwords ‘easily compromised’

Despite high profile breaches continuing to make headlines, weak passwords remain an issue for enterprises worldwide, leading to breaches and other security issues. An average of 19% of enterprise professionals use poor quality passwords or shared passwords that make their accounts “easily compromised,” according to a new report from security firm Preempt.

4.         Relentless Attackers Try Over 100,000 Times Before They Breach a System

One of the big reasons why security teams struggle to keep up with threats is because the bad guys are relentless with their attack attempts. The security community has long warned enterprises of the scope of cybercriminal efforts to seek out vulnerable targets of opportunity through automated attack tools. But sometimes it is hard to take in the scale of it all without a number to back it up. New research out this week from security start-up tCell did just that.

5.         Samsung Left Millions Vulnerable to Hackers Because It Forgot to Renew a Domain, Researchers Say

Samsung, the most popular smartphone maker in the world, left millions of customers vulnerable to hackers after it let expire a domain that was used to control a stock app installed on older devices, security researchers say.

6.         One million people affected by WSU data breach

Names and personal data of about a million people may have been compromised in a burglary involving Washington State University property. This month the university started alerting people who could be impacted.

7.         Report predicts banks to get €4.7bn fines in first 3 years under GDPR

A new report is “conservatively” forecasting that European finance organisations are about to shell out  €4.7 billion in first three years after the GDPR comes into power thanks to data breaches which they don’t currently have to declare.

8.         Advanced CIA firmware has been infecting Wi-Fi routers for years

Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That’s according to secret documents posted Thursday by WikiLeaks.

9.         WannaCry is North Korean, security researchers say

Nearly a month after it struck devices around the globe, new information has emerged surrounding the major WannaCry ransomware attack.

The BBC says British officials from the National Cyber Security Centre (NCSC) are now claiming infamous North Korean cyber-criminal group Lazarus was behind the attack.

10.      Scam App in Apple’s Top 10 Rakes in $80K Per Month

One of Apple’s top 10 productivity apps—“Mobile protection :Clean & Security VPN”—has been pulled from the Apple store after it was uncovered as a scam—and an obvious one at that, starting with the grammar issues in its name.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Business types will be interested in the latest article we’ve published this week: Your Essential Guide to Cyber Liability Insurance. As the name implies, it covers the basics of cybersecurity insurance, and why it’s such a good idea for businesses to consider.

Security articles of the week (June 5-9, 2017)

An unusually quiet week, with few major hackings, leaks, breaches and what not. Chances are the summer vacation has started for most malicious hackers out there. Or it can just be a temporary lull and next week we’ll have Pandemonium again.

In any case, here are this week’s top cybersecurity stories:

1.         Internet cameras have hard-coded password that can’t be changed

Security cameras manufactured by China-based Foscam are vulnerable to remote take-over hacks that allow attackers to view video feeds, download stored files, and possibly compromise other devices connected to a local network. That’s according to a 12-page report released Wednesday by security firm F-Secure.

2.         Outdated Operating Systems, Browsers Correlate with Real Data Breaches

Study shows companies running out-of-date OSes were three times more likely to suffer a data breach, and those with the outdated browsers, two times more likely.

3.         How computer security pros hack the hackers

If you want to meet a really smart hacker, talk to a cybersecurity defender. These talented professionals are working every day to make cybercrime harder and less lucrative.

4.         Android Malware ‘Dvmap’ Delivered via Google Play

Researchers at Kaspersky Lab recently came across a new Trojan designed to target Android smartphones. The malware, delivered via the Google Play store, is capable of rooting devices and it leverages some new techniques to achieve its goal.

5.         14-Year-Old Japanese Boy Arrested for Creating Ransomware

Japanese authorities have arrested a 14-year-old boy in Osaka, a prefecture and large port city, for allegedly creating and distributing a ransomware malware.

6.         Online Voting Is a Terrible Idea

After the onslaught of computer intrusions suffered by US institutions and political parties in the 2016 presidential election, the decade-old issue of electoral systems’ security was brought back into the public discourse. The American people had the concrete fear their vote too might be manipulated. They worried the election could be factually hacked.

7.         Botnet activity rises by 69 percent

There has been an increase of 69 percent in botnet activity. These botnets are led by the Ursnif malware, allowing cyber criminals access they need to kick off long-term intrusions. Other tools are also used for surveillance and espionage, like TrickBot, DELoader and Zeus Panda.

8.         Move Over, Mirai: Persirai Now the Top IP Camera Botnet

The success of the massive Mirai botnet-enabled DDoS attacks of last year has spawned a lot of me-too malware designed to break into and exploit vulnerable Internet of Things devices.

One such malware family that appears to have achieved more success than rivals is Persirai, a botnet malware targeting Internet Protocol (IP) cameras.

9.         Malicious Downloader Uses Mouse-Hovering to Deliver Banking Trojan

A malicious downloader waits for users to hover over modified text or an image file as a means of delivering a banking trojan.

10.    Sneaky hackers use Intel management tools to bypass Windows firewall

When you’re a bad guy breaking into a network, the first problem you need to solve is, of course, getting into the remote system and running your malware on it. But once you’re there, the next challenge is usually to make sure that your activity is as hard to detect as possible. Microsoft has detailed a neat technique used by a group in Southeast Asia that abuses legitimate management tools to evade firewalls and other endpoint-based network monitoring.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

This week, we’ve had over 20 cybersecurity experts take part in our latest expert roundup, which sought to answer the question: “What is the best educational cybersecurity book?”. Be sure to check out the full article for all the answers and recommended good reads!

Security articles of the week (May 29 – June 2, 2017)

Things have finally settled down a bit after the momentous WannaCry attack, and we’re now back to our regular pattern. Unfortunately, the people who made WannaCry possible, the ShadowBrokers, still have many tricks up their sleeve.

1.  Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks.

The Shadow Brokers is the same hacking group who leaked NSA’s built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace.

2.     Dark Web Hackers Are Attacking Each Other Relentlessly

Cybercriminals operating inside the Dark Web continuously launch attacks and surveillance attempts designed to disrupt their fellow black hats, new Trend Micro research has revealed.

3.     ShadowBrokers Hacker Group To Publish More NSA Code

New batch of stolen code to be auctioned by hacker group, despite earlier pledge to shut down operation

Hacker collective ShadowBrokers have warned that they will release in July a fresh batch of stolen code reportedly from the National Security Agency (NSA).

4.     Plastic surgery patients face extortion in wake of clinic data breach

Thousands of private photos have been leaked by cybercriminals following the hack of a Lithuanian cosmetic surgery clinic.

A hacking group, using the nickname “Tsar Team”, leaked images it claims came from the Grozio Chirurgija clinic servers. The group spaffed the data after targeted health facility’s customers failed to meet extortionate payment demands.

5.     ‘Lone Wolf’ Criminal Hacker Gets Doxed Thanks To Series Of Dumb Mistakes

A cybercriminal from Eastern Europe who has been hacking a Chinese company for years appears to have carelessly exposed his own real identity.

6.     Vulnerability affecting 1,000+ apps is exposing terabytes of data

A newly discovered backend data exposure vulnerability, dubbed HospitalGown, highlights the connection between mobile apps and insecure backend databases. Appthority documented more than 1,000 apps with this vulnerability, and researched in detail 39 applications with big data leaks, which exposed an estimated 280 million records.

7.     The Changing Face of Criminal Behavior

This infographic by the University of Cincinnati shows how traditional criminals slowly switch over to cybercrime. Cybercrime is more lucrative to malicious hackers than crimes such as car stealing or burglary.

8.     Judy malware campaign victimized as many as 36.5 million Android users

A malware campaign on Google Play has victimized as many as 36.5 million Android users with adware known as “Judy.”

Researchers at Check Point discovered 41 apps laden with the auto-clicking adware on the Play Store. After receiving word from the researchers, Google removed the programs from its app marketplace. But that wasn’t before the apps achieved between 4.5 million and 18.5 million downloads.

9.     Chrome bug that lets sites secretly record you ‘not a flaw’, insists Google

There’s a Google Chrome “bug” (depending on who you ask) that allows sites to surreptitiously record audio and visual, all without an indicator light. As BleepingComputer reports, AOL web developer Ran Bar-Zik discovered the issue – which Google says is not a security vulnerability – while at work, when he was dealing with a website that ran WebRTC code.

10.     Windows XP crashed too much to spread WannaCrypt

Yes, WannaCrypt can infect all those machines that still run Windows XP, but because XP is so flaky the zombie boxen are unlikely to have contributed much to the spread of the worm.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

We’ve had a lot to write about this week. WannaCry, EternalBlue, Uiwix, BlueDoom. It seemed like we had an unending stream of cyber attacks. On top of that, we’ve written a quick guide on how to patch the EternalBlue vulnerability and also how a business can secure its IT network. Here’s a list of everything:

Security articles of the week (May 15-19, 2017)

Without a doubt, the WannaCry attack was the biggest even of the week. No, scratch that. It was the biggest even of the year, so far. The closest thing we can compare it to is the Mirai botnet attack in late last year.

But hidden in the shadow of the WannaCry attack however, are other big stories which each deserves attention.

Here is this weeks cybersecurity roundup:

1.     Twitter abandons ‘Do Not Track’ privacy protection

Twitter was one of the first companies to support Do Not Track (DNT), the website privacy policy. Now, Twitter is abandoning DNT and its mission to protect people from being tracked as they wander over the web.

2.     WannaCry Ransomware Decryption Tool Released; Unlock Files Without Paying Ransom

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

Adrien Guinet, a French security researcher from Quarkslab, has discovered a way to retrieve the secret encryption keys used by the WannaCry ransomware for free, which works on Windows XP, Windows 7, Windows Vista, Windows Server 2003 and 2008 operating systems.

3.     FCC votes to overturn net neutrality rules

The US Federal Communications Commission has voted to overturn rules that force ISPs to treat all data traffic as equal.

Commissioners at the agency voted two-to-one to end a “net neutrality” order enacted in 2015.

4.     Zomato Hacked! Database of 17 Million Users Stolen

Restaurant search website Zomato has announced that it has suffered a major security breach, resulting in the theft of a user database containing 17 million users’ names, email addresses and passwords.

5.     Ransomware attack: How a nuisance became a global threat

Ransomware was already becoming a higher priority before the WannaCry epidemic of last week, but it’s clear that it has now made the shift from nuisance to serious threat.

Ransomware has been an irritation for more than a decade, but only in the last few years has it become a real problem.

6.     Bell Canada Hack Hits 1.9 Million Customers

Bell Canada says an anonymous hacker has obtained some customers’ names and telephone numbers as well as email addresses.

The telecommunications giant says illegally accessed information included approximately 1.9 million active email addresses and approximately 1,700 customer names and active phone numbers.

7.     Bloke charged under UK terror law for refusing to cough up passwords

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials.

8.     Facebook is losing the fight against the spread of fake news

Leaked photos showing how Obama practiced Islam in the White House! Trump’s legalization of bald-eagle hunting! … The president’s cancellation of Saturday Night Live!!!

What do they have in common?

They’re all fake news, they’ve all been debunked, and yet you can still find those “news” articles on Facebook.

9.     More than 600K User Accounts Exposed in DaFont Database Theft

A hacker compromised more than 600,000 users’ accounts when they stole a database operated by the font sharing site DaFont.

In early May 2017, the currently unnamed hacker stole a site database containing 699,464 usernames, email addresses, and hashed passwords after hearing of other attacks launched against it.

10.  DocuSign admits hackers accessed its customer email database, sent out malware

DocuSign has now discovered that hackers managed to breach its systems and gain access to a system that allowed the attackers to send out emails to DocuSign’s customers.

By the way: if you want to see what we’re reading and dive straight into the most important security news from the industry and beyond, we’ve set up a Flipboard magazine just for that. You can browse through it right now.

Security Tips and Tricks from Top Experts
2016.06.27 SLOW READ

50+ Internet Security Tips & Tricks from Top Experts

Expert Roundup Software Patching
2016.04.06 SLOW READ

15+ Experts Explain Why Software Patching is Key for Your Online Security

27 Cyber Security Experts
2015.08.25 SLOW READ

The Most Common Mistakes These 27 Cyber Security Experts Wish You’d Stop Doing

Comments

Howdy, I do think your blog could possibly be having internet browser compatibility problems. When I look at your web site in Safari, it looks fine but when opening in IE, it’s got some overlapping issues. I just wanted to provide you with a quick heads up! Aside from that, fantastic site!

Thanks for letting us know. Are you sure your browser resolution is set to the standard for your desktop resolution? We’ve found that other readers experienced this and, when they set their browser resolution to normal, the issue was gone. The fastest way to do this is to hold CTRL and press 0.

And thanks for the awesome feedback!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
158 queries in 8.019 seconds