Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Over 40,000 credentials for accounts on government portals around the world have been leaked online, and are most likely up for sale on the dark web. Russian security firm Group-IB said usernames and cleartext passwords were available for various local and national government entities across more than 30 countries. It’s not clear exactly how they
0 Comments
The coming year will see a mix of old and new as phishing is supercharged with AI but reported vulnerabilities continue to cause organizations problems, according to Trend Micro. The security giant claimed in its predictions report this week that phishing will continue to grow in popularity as exploit kits fade. The number of detections
0 Comments
by John E Dunn What’s the safest way for a criminal to buy counterfeit banknotes? Curiously, it’s not necessarily from the dark web, as 235 people now “detained” by police have just discovered. According to Europol, between 19 November and 3 December police forces in 13 countries searched 300 properties, uncovering caches of drugs, guns
0 Comments
The NHS will be banned from buying any more fax machines from next month as the government looks to upgrade the health service to more modern and secure communications platforms. Health secretary Matt Hancock has also ordered a complete ban on their use by March 2020, as part of a plan to bring the NHS into
0 Comments
by Danny Bradbury WordPress users are facing another security worry following the discovery of a massive botnet. Attackers have infected 20,000 WordPress sites by brute-forcing administrator usernames and passwords. They are then using those sites to infect even more WordPress installations. The botnet, which WordPress security company Wordfence discovered last week, infects sites using a
0 Comments
by Danny Bradbury Twelve US states are suing an electronic healthcare record provider who lost 3.9 million personal records in 2015. The Attorneys general of Arizona, Arkansas, Florida, Indiana, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Nebraska, North Carolina, and Wisconsin clubbed together to file suit against Indiana-based Medical Informatics Engineering (MIE) and its subsidiary NoMoreClipboard (NMC)
0 Comments
According to the EU GDPR (General Data Protection Regulation) Implementation Review Survey conducted by IT Governance, six months after the GDPR went into effect, the majority of organizations are failing to implement the mandatory regulations. The study included 210 responses from participating organizations ranging in size from fewer than 10 to more than 1,001 employees from across
0 Comments
A series of cyber-robbery attacks have been targeting financial organizations in Eastern Europe, according to new research from Kaspersky Lab. Researchers found that the series of attacks, dubbed DarkVishnya, have affected at least eight banks in the region, with estimated losses running into the tens of millions of dollars. Based on data collected through Kaspersky Lab’s
0 Comments
If you’re among the holdouts still running Flash, you have some more updating homework to do. Adobe has issued an out-of-band patch after researchers spotted a Flash zero-day flaw being exploited in the wild. The discovery was made by Qihoo 360 which on 29 November noticed a targeted APT (Advanced Persistent Threat) attack against a
0 Comments
Australia has followed the UK in passing its own draconian surveillance laws which could force technology providers to engineer de facto backdoors into their end-to-end encryption products. The opposition Labor Party stood aside at the eleventh hour to let the bill pass, on the understanding that its amendments would be passed in the new year,
0 Comments
by Paul Ducklin On the Naked Security podcast this week: Marriott’s huge and scary data breach, a bug in software management software could be a data thief’s goldmine, and a self-righteous “hacker” prints out an advert on 50,000 internet printers. With Anna Brading, Mark Stockley, Matthew Boddy and Paul Ducklin. LISTEN NOW (Audio player above
0 Comments
Speaking at Black Hat Europe 2018 in London Vijay Thaware, security response lead at Symantec and Niranjan Agnihotri, associate threat analysis engineer at Symantec, explored the rise of a threat called ‘Deep Fakes.’ According to the speakers, Deep Fake defines the theft of the human face (a crucial means of identity) for malicious gain in
0 Comments
Security researchers have patched a critical security flaw in popular container orchestration tool Kubernetes which could allow third parties to remotely control targeted systems. Organizations running previous versions were urgently requested to upgrade to Kubernetes v1.10.11, v1.11.5, and v1.12.3. The issue will also be addressed in the upcoming v1.13.0 release, according to Google staff software engineer, Jordan Liggitt.
0 Comments
Eugene Kaspersky has vowed that his firm will continue its mission to protect global organizations after a US court threw out its appeal to have a ban on federal use of its products overturned. On Friday, a US Court of Appeals for the District of Colombia Circuit upheld a district court ruling that the September
0 Comments
Hotel chain Marriott has confirmed widespread reports of a significant data breach with the sensitive details of 500 million customers possibly compromised. In an online statement, the company said: “On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security
0 Comments
The majority of financial firms rank cyber-resilience as their top concern, with people, visibility and third-party risk key challenges, according to the Financial Conduct Authority (FCA). The UK regulator’s latest report, Cyber and Technology Resilience: Themes from cross-sector survey 2017 – 2018, is based on interviews with nearly 300 firms over the past 24 months.
0 Comments
by Lisa Vaas A popular massage-booking app has spilled the beans on 309,000 customer profiles, including comments from their masseurs or masseuses on how creepy their customers are. The app’s wide-open, no-password-required database was discovered by researcher Oliver Hough, who tipped off TechCrunch. Hough said in a tweet on Tuesday that the breach was caused
0 Comments
Dell has admitted suffering a potential breach after detecting suspicious activity on its network in early November. The computer giant claimed it “detected and disrupted” the attackers, who were trying to access customer data from the Dell.com e-commerce platform. Affected information was apparently limited to the names, email addresses and hashed passwords of an undisclosed