Philip Choo

0 Comments
The company credits hardware-based two-factor authentication with practically eliminating the problem of phishing attacks that have targeted its own employees of late Google has announced a hardware security key that is intended to keep users of its services safe from account-takeover attacks. Dubbed “Titan Security Key”, the piece of hardware includes firmware developed by Google
0 Comments
Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers investigated activities associated with the BRONZE BUTLER (also known as Tick) threat group, which likely originates in the People’s Republic of China (PRC). BRONZE BUTLER’s operations suggest a long-standing intent to exfiltrate intellectual property and other confidential data from Japanese organizations. Intrusions observed by CTU™ researchers
0 Comments
Summary In late 2015, Secureworks® Counter Threat Unit™ (CTU) researchers began tracking financially motivated campaigns leveraging SamSam ransomware (also known as Samas and SamsamCrypt). CTU™ researchers associate this activity with the GOLD LOWELL threat group. GOLD LOWELL typically scans for and exploits known vulnerabilities in Internet-facing systems to gain an initial foothold in a victim’s
0 Comments
by Lisa Vaas Kurkure is PepsiCo’s finger-licking, lip-smacking, Indian corn puff snack. PepsiCo is happy to tell anybody who’ll listen that it makes Kurkure in state-of-the-art, automated, hygienic, food-safety-award-winning, certified factories. Here’s a 5-minute video of the process on YouTube. As you can see, we’re talking rice meal, edible vegetable oil (palm oil), corn meal,
0 Comments
by Danny Bradbury Google has cracked down on apps that mine for cryptocurrency, banning them entirely from its official Google Play Store. The company quietly updated its developer policy page with the following statement: We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency. The policy
0 Comments
UK Card Not Present (CNP) fraud losses have fallen for the first time since 2011, despite rising levels in many European countries, according to new stats from FICO. The fraud prevention firm’s latest interactive map is built on data from Euromonitor International and UK Finance. It revealed that the UK saw the biggest reduction in
0 Comments
Hundreds of tech-savvy inmates at several Idaho correctional facilities have been caught exploiting a software vulnerability on their state-funded tablets to artificially increase account balances. Officials claimed that 364 prisoners had been caught hacking the JPay tablets which are provided to allow them access to email, music and games. The software exploit apparently allowed them
0 Comments
The US government has repeated warnings of state-sponsored cyber-attacks made possible by infiltrating the software supply chain. The report from the National Counterintelligence and Security Center (NCSC) reveals insight into foreign economic and industrial espionage against the US. It calls out China, Russia and Iran as “three of the most capable and active cyber actors
0 Comments
Summary During 2017, the cryptocurrency market grew nearly 20-fold, reportedly increasing from approximately $18 billion to more than $600 billion (USD). Those gains amplified threat actors’ interest in accessing the computing resources of compromised systems to mine cryptocurrency. Secureworks® incident response (IR) analysts responded to multiple incidents of unauthorized cryptocurrency mining in 2017, and network
0 Comments
In an effort to deliver more robust application and data security solutions that protect enterprises against attacks from cyber-criminals, California-based Imperva Inc. announced that it will acquire the Los Angeles-based application security company Prevoty. The deal, which is expected to close in Q3 2018, has an estimated value of $140m. The Prevoty office will become an Imperva location.
0 Comments
A flaw in the website design for LifeLock, a company charged with protecting the identity of its online customers, resulted in millions of customer accounts being exposed, according to KrebsonSecurity. A vulnerability in the site, which reportedly lacked authentication and security, has been fixed, but the breach highlights the larger security concerns inherent in web application security. Of
0 Comments
Summary In 2017, Secureworks® Counter Threat Unit™ (CTU) researchers continued to track GOLD SKYLINE, a financially motivated Nigerian threat group involved in business email compromise (BEC) and business email spoofing (BES) fraud. During the investigation, CTU™ researchers discovered a previously unidentified BEC group that they have named GOLD GALLEON. Unlike other BEC groups, GOLD GALLEON
0 Comments
Dalton and Flowsynth help create and test packet captures Thursday, November 16, 2017 By: Counter Threat Unit Research Team When crafting intrusion detection system (IDS) and intrusion prevention system (IPS) rules for engines such as Suricata and Snort, it is imperative that the rules behave and perform as expected. Validation requires testing, but capturing the