Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Have you recently tried to ditch a mobile app, only to have it keep following you around? If so, you may be a victim of a new crop of uninstall trackers that go beyond letting app developers track bugs and poor user experience: they also let developers track app users “the instant” they give them the
0 Comments
While data breaches result in huge losses for the victims, criminals are cashing out on fraudulent purchases by working with deceitful communities that offer such services as shipping labels, according to Flashpoint. In today’s blog post, “Drop Networks, Label-Creation Services Sustain Shipments of Fraudulent Purchases,” analysts Luke Rodeheffer and Mike Mimoso detail the mechanics, methods
0 Comments
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
0 Comments
Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM’s X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center. With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness,
0 Comments
Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used
0 Comments
Security researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server
0 Comments
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey
0 Comments
Despite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra. Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and
0 Comments
GreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET. Back in December of 2015, when approximately 230,000 people suffered a blackout after the APT group BlackEnergy attacked a power grid in Ukraine, researchers at ESET reportedly detected
0 Comments
Supporters of President Trump who want to date like-minded individuals had Emily Moreno, a former aide to Sen. Marco Rubio, to thank for creating the Donald Dater app, but their gratitude might have fallen flat after their information was leaked on the day the app was launched. According to Time, Monero confirmed the leak was discovered on
0 Comments
by Lisa Vaas Were you one of the dozens of people who got a bizarre Twitter message yesterday? Does anyone know what this twitter notification could possibly mean? https://t.co/iY6hQNLOgy — Nigella Lawson (@Nigella_Lawson) October 16, 2018 The messages were a long string of what looked like random numbers and letters. They were so mystifying that
0 Comments
A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher. While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an
0 Comments
by Louisa Hardwick Canberra’s US embassy accidentally exposed details of one of its more enticing get-togethers last week, after an employee distributed a meeting invite to an undisclosed number of email recipients, The Guardian reported. Gavin Sundwall, US Mission to Australia public affairs counsellor, was, however, unperturbed, by what he claimed was a “training error”:
0 Comments
An attack aimed at Central Asian diplomatic organizations, dubbed the Octopus Trojan, is able to disguise itself as a popular online messenger, according to researchers at Kaspersky Lab. The Trojan, a malicious program for Windows, has possible links to DustSquad, a Russian-language cyber-espionage actor that focuses on Central Asian users that Kaspersky researchers have been monitoring
0 Comments
by Paul Ducklin What is this Facebook breach? The breach was announced by Facebook itself on 28 September 2018. It worked something like this… Facebook has a View As feature that lets you preview your profile as other people would see it. This is supposed to be a security feature that helps you check whether
0 Comments
In analyzing global cybercrime patterns ThreatMetrix found that identity spoofing, fueled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry. Additionally, the Q2 2018 Gaming & Gambling Report discovered that location (IP) spoofing attacks increased 257% year-over-year, making it the fastest growing attack vector in the space. Because
0 Comments
On October 11, 2018, WikiLeaks published AmazonAtlas, a 20-page document from late 2015 containing the addresses and operational details for more than 100 of Amazon’s data centers, one of which indicates an affinity for the comedy of Jerry Seinfeld. In addition to revealing the information about the data centers, located in 15 cities across nine countries,
0 Comments
A new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team. Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the malware’s behavior is similar to that of the current iteration of the
0 Comments
by John E Dunn Kanye West did something incredibly unwise during his visit to the White House this week that had nothing to do with making the media and a famously impatient President Trump sit through a 10-minute expletive-laced monologue. Pulling out an iPhone XS to show the assembled throng a picture of the hydrogen-powered
0 Comments
UK supermarket giant Morrisons is in the Court of Appeal this week fighting to have overturned a judgement that it should compensate employees after a major insider data leak. A High Court judge ruled last year that the company was “vicariously liable” for the actions of one of its employees, former internal auditor Andrew Skelton,
0 Comments
Google just unsealed information about an apparently exploitable bug in WhatsApp that could have allowed a malevolent caller to take over your device. Just answering a call could have been enough to land you in trouble. Project Zero researcher Natalie Silvanovich found a buffer overflow that could be triggered by data transmitted as part of
0 Comments
Centrify has spun out its Identity-as-a-Service (IDaaS) service into a new company, which it has named Idaptive. The move will allow Centrify to move its focus to privileged access, as part of its strategy around the zero trust concept, while Idaptive’s offering includes single single-on, adaptive multi-factor authentication, enterprise mobility management and user behavior analytics