Cyber Security

This is where news and updates on Cyber Security are published on a daily basis.

0 Comments
“Download This application and Win Mobile Phone”, reads the message attempting to trick users into downloading a fake Huawei app Android users should watch out for new wormable malware that spreads through WhatsApp and lures the prospective victims into downloading an app from a website masquerading as Google Play. ESET malware researcher Lukas Stefanko looked
0 Comments
The infamous Emotet botnet operation has been disrupted, thanks to an international operation coordinated by Europol and Eurojust. Emotet’s infrastructure has been taken over as part of an “international coordinated action” between law enforcement agencies in Canada, France, Germany, Lithuania, Netherlands, Ukraine, the United Kingdom and the U.S., “with international activity coordinated by Europol and
0 Comments
Summary In response to the SolarWinds supply chain compromise, the U.S. National Security Agency (NSA) published an advisory describing advanced techniques that threat actors can use to maintain persistent access to compromised cloud tenants and exfiltrate sensitive data. Most of the public commentary about this advisory has focused on the theft of Active Directory Federation
0 Comments
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s no predetermined quarterly schedule for
0 Comments
Cybersecurity researchers today disclosed an unpatched vulnerability in Microsoft Azure Functions that could be used by an attacker to escalate privileges and escape the Docker container used for hosting them. The findings come as part of Intezer Lab‘s investigations into the Azure compute infrastructure. Following disclosure to Microsoft, the Windows maker is said to have
0 Comments
Increased digital adoption since the start of COVID-19 is leaving consumers more vulnerable to cyber-attacks, according to McAfee’s 2021 Consumer Security Mindset Report. The analysis found that Brits across all age groups have embraced new digital solutions amid ongoing social distancing restrictions. Nearly three-quarters purchased at least one connected device in 2020 and one in
0 Comments
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration
0 Comments
Application security threat modeling solutions provider IriusRisk has announced the appointment of Dr Gary McGraw to its threat modeling technical advisory board. Dr McGraw – who has a PhD in computer science and cognitive science – joins existing advisor Adam Shostack and will assist in the strategic direction and development of the AppSec firm. The
0 Comments
The Russian government has issued cybersecurity guidance to businesses in the country after claiming they are at risk of US reprisals for the recent SolarWinds attacks. The alert came late last week from the National Coordination Center for Computer Incidents (NKTsKI), an agency created in 2018 by KGB successor the Federal Security Service (FSB). It
0 Comments
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end application lifecycle
0 Comments
A former home security technician has admitted habitually hacking into customers’ home surveillance cameras to spy on people without their consent.  Telesforo Aviles accessed the accounts of around 200 customers more than 9,600 times over a period of four and half years while employed by security company ADT.  The 35-year-old carried out the cyber-intrusions for
0 Comments
The European Data Protection Board has issued new advice to hospitals regarding what action to take in the event of a cyber-attack. Currently released in draft form, the new set of recommendations urges healthcare providers hit with ransomware to report the attack even if no patient data is accessed or exfiltrated.  The guidelines state: “The internal documentation
0 Comments
Another in our occasional series demystifying Latin American banking trojans Vadokrist is a Latin American banking trojan that ESET has been tracking since 2018 and that is active almost exclusively in Brazil. In this installment of our series, we examine its main features and some connections to other Latin American banking trojan families. Vadokrist shares
0 Comments
Cyber attackers are relentlessly upping their games, and enterprise cybersecurity professionals have to do the same. That means moving from a reactive cybersecurity stance to a strategy that’s proactive and anticipatory. One way to do that is to launch a threat hunting program or enhance one that’s already underway. Threat hunting refers to the process
0 Comments
A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company’s name inadvertently
0 Comments
IoT and OT security firm Nozomi Networks has announced that enterprise security leader Barmak Meftah has joined its board of directors. Meftah brings more than 25 years of experience in building market-leading enterprise SaaS and cybersecurity companies to Nozomi Networks and most recently served as president of AT&T Cybersecurity where he established its cybersecurity division
0 Comments
Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks The United States’ Federal Bureau of Investigation (FBI) has issued a warning about campaigns where threat actors target employees worldwide with voice phishing (also known as vishing) attacks in order to steal their network credentials and