Month: September 2018

0 Comments
The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with. A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer Blog on Friday. What
0 Comments
Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 27 August 2014 Overview In late February 2014, the Dell SecureWorks Counter Threat Unit™ (CTU™) research team analyzed a family of file-encrypting ransomware being actively distributed on the Internet. Although this ransomware, now known as CryptoWall, became well-known in the first quarter of 2014, it has
0 Comments
A Romanian woman has pleaded guilty to charges relating to a major ransomware operation which took out over two-thirds of the CCTV cameras in Washington DC ahead of President Trump’s inauguration. Eveline Cismaru pleaded guilty to one count of conspiracy to commit wire fraud and one of computer fraud, with a potential combined maximum sentence
0 Comments
ESET researchers have discovered new DanaBot campaigns targeting a number of European countries Recently, we have spotted a surge in activity of DanaBot, a stealthy banking Trojan discovered earlier this year. The malware, first observed in campaigns targeting Australia and later Poland, has apparently expanded further, with campaigns popping up in Italy, Germany, Austria, and
0 Comments
A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab—can be exploited
0 Comments
Popular ad-blocker AdGuard has forcibly reset all of its users’ passwords after it detected hackers trying to break into accounts. The company said it “detected continuous attempts to login to AdGuard accounts from suspicious IP addresses which belong to various servers across the globe,” in what appeared to be a credential stuffing attack. That’s when
0 Comments
Summary Threat actors regularly develop new Trojan horse malware to fuel their operations and to ensure the longevity of their botnets. After the takedowns of the Gameover Zeus and Shylock botnets, researchers predicted that a new breed of banking malware would fill the void. In early June 2014, the Dell SecureWorks Counter Threat Unit™ (CTU™)
0 Comments
The infamous Magecart code has struck again, with an attack group this time using it to skim card details from customers of online retailer Newegg for a full month, according to researchers. The US-based, tech-focused e-tailer has yet to release a statement on the news, but RiskIQ, which has been following Magecart closely over the past
0 Comments
Companies of all sizes are adopting cloud-based services, such as Microsoft Office 365, as a way to give their end-users greater flexibility and easier access to core business applications.  This requires corporate IT departments to reexamine their current data security posture, including Data Loss Prevention policies to better monitor and control sensitive data that are
0 Comments
Cybercrooks use bogus apps to phish six online banks and cryptocurrency exchange Another set of fake finance apps has found its way into the official Google Play store. This time, the apps have impersonated six banks from New Zealand, Australia, the United Kingdom, Switzerland and Poland, and the Austrian cryptocurrency exchange Bitpanda. Using bogus forms,
0 Comments
The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg. Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according
0 Comments
Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 12 January 2015 Summary Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers discovered malware that bypasses authentication on Active Directory (AD) systems that implement single-factor (password only) authentication. Threat actors can use a password of their choosing to authenticate as any user. This malware was given the
0 Comments
New IoT malware detections have soared over 200% since 2017 to reach over 120,000, according to new stats from Kaspersky Lab. The Russian AV vendor claimed to have spotted 121,588 modifications of malware targeted at smart devices in the first half of 2018, a 273% increase on the 32,614 detected for the whole of last
0 Comments
Speaking at conferences can be daunting for presenters but often it is about striking the right balance between content and delivery As the (security) conference season draws nearer, my thoughts return to the many presentations I’ve suffered and inflicted over the past three decades. (Don’t get me wrong: there have also been many I’ve enjoyed.)
0 Comments
Security researchers have discovered an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices. Western Digital’s My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to
0 Comments
The large, legacy car industry has pinned a lot of hopes and dreams on innovative startups to build the next generation of automotive technology, and today the latest chapter in that story was revealed. WayRay, a Zurich-based developer of holographic augmented reality technology and hardware — used in head-up displays that project images into a driver’s
0 Comments
New variants of the Mirai and Gafgyt botnets are targeting unpatched enterprise devices, according to new research. Palo Alto Networks’ Unit 42 found the variants affect vulnerabilities in Apache Struts and in SonicWall’s Global Management System (GSM). The Mirai variant exploits the same vulnerability in Apache Struts that was behind the 2018 Equifax data breach,
0 Comments
A leading think tank has called for urgent regulatory and oversight mechanisms to be introduced to govern the use of machine learning technology by UK law enforcers. The Royal United Services Institute for Defence and Security Studies (RUSI), is the world’s oldest independent defense and security think tank. Its latest report, Machine Learning Algorithms and
0 Comments
by Danny Bradbury Five Senators have discovered that the State Department is breaking the law by not using multi-factor authentication (MFA or 2FA) in its emails. They’ve sent a letter to Secretary of State Mike Pompeo, and they want answers. The letter, from Senators Ron Wyden, Cory Gardner, Edward Markey, Rand Paul and Jeanne Shaheen, referenced
0 Comments
Politics and ransomware. No, it’s not a lost single from the Oasis back catalogue, but in fact a relatively recent tactic by ransomware developers looking to exploit the profiles of major politicians to install ransomware on victims’ computers. Donald Trump, Angela Merkel, and now Barack Obama all serve as lures for the unsuspecting. Despite its