Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Groups of cyber-criminals vying for supremacy on the dark web are sabotaging each other’s attempts to skim customer card details from victim e-commerce sites, according to researchers. Two groups spotted by Malwarebytes head of investigations, Jérôme Segura, had both infected the Brazilian website of sportswear brand Umbro with the infamous Magecart skimming code. The first
0 Comments
A security researcher used Twitter to warn users about about malware embedded in fake apps available on Google Play. Lukas Stefanko, malware researcher at ESET, reported the malicious apps to the Google security team, noting that 13 apps have been installed more than 560,000 times. While the app downloads, an additional Android Package Kit (APK) called
0 Comments
In an attempt to undermine the security industry’s effort to educate end users about phishing campaigns, malicious actors are evolving in their tactics, according to Zscaler. In a recent blog published by Zscaler Threat LabZ, Deepen Desai and Rohit Hegde detailed findings of new research into phishing activities. According to the findings, Microsoft, Facebook and PayPal
0 Comments
A Mirai variant has been discovered targeting unpatched Linux servers, shifting the use of the malicious payload beyond the internet of things (IoT), according to new research from NETSCOUT ASERT. Using their honeypot network to monitor the tens of thousands of daily exploit attempts for the Hadoop YARN vulnerability, Arbor’s Security Engineering and Response Team
0 Comments
by Louisa Hardwick This week on the podcast: musings about keyloggers and the Vision Direct data breach; a holiday gift guide Creep-O-Meter; and the dangers of Black Friday for online shoppers (and every other day of the year)! With Paul Ducklin, Anna Brading, and Mark Stockley. LISTEN NOW (Audio player above not working? Download MP3, listen
0 Comments
The number of data security incidents reported to the Information Commissioner’s Office (ICO) has jumped 29% from Q1 to Q2, according to the latest figures. While 3146 incidents were reported to the watchdog between April and June this year, the number rose to 4056 for the succeeding three months, highlighting the continued impact of the
0 Comments
The government is failing to act with a “meaningful sense of purpose or urgency” to tackle the growing threat to critical national infrastructure (CNI), despite itself acknowledging the risks, according to a new parliamentary report. The Joint Committee on the National Security Strategy report comes days after it criticized slow government progress on addressing crucial
0 Comments
In a targeted campaign directed at multiple organizations across law enforcement, media, pharmaceutical and other public sectors, hackers with alleged ties to the Russian government have been trying to infiltrate US government computers and networks, according to a new report published by FireEye. Malicious phishing activity believed to be conducted by the advanced persistent threat (APT)
0 Comments
The Media Trust has discovered a recent malvertising campaign involving Apple Pay that is part of a large-scale phishing and redirect campaign targeting iPhone users visiting premium newspapers and magazines. In today’s blog post, Michael Bittner, digital security and operations manager at The Media Trust wrote that the campaign was discovered when the security team
0 Comments
New research revealed that 86% of IT and security leaders believe their organization needs to improve its awareness of internet of things (IoT) threats, according to Trend Micro. Connected devices are increasingly being used as gateways to the corporate networks. By compromising these devices, attackers can gain access to the greater corporate network, where they
0 Comments
In April, with the GDPR deadline and its requirement for data portability looming, Instagram released the long-anticipated download your data tool. The feature gave users the ability to download images, posts and comments. Unfortunately, Instagram turned the task of downloading your data into an exercise in exposing people’s passwords in plain text. Thankfully, the bug
0 Comments
by John E Dunn If you’re one of the 100,000+ users of AMP for WP, good news – the popular plugin for implementing Accelerated Mobile Pages returned to WordPress.org last week. AMP is a Google technology through which users of publishing partners such as WordPress can create pages that will load faster on mobile devices. Doing
0 Comments
by Mark Stockley What will you be doing this Black Friday? Me? I’m super excited, I’ll be… It’ll be great because… …oh I can’t lie. Like a lot of people who work in IT I’ll be hiding under my desk, waiting for it all to pass and trying to fend off all the adverts, emails
0 Comments
According to Wikipedia, Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. The tags contain electronically-stored information. Passive tags collect energy from a nearby RFID reader’s interrogating radio waves.   Why do we need RFID identity theft protection? Today, identity theft is at our doorstep- people can access confidential information
0 Comments
Vision Direct has apologized after customers’ personal and financial details were found to have been leaked. According to a statement, the data was compromised between November 3 and 4 2018 “when entering data on the website and not from the Vision Direct database” and included full names, billing addresses, email addresses, passwords and telephone numbers.
0 Comments
A San Diego, California–based communications provider, Voxox, exposed a database containing at least 26 million text messages, including password reset links, two-factor authentication (2FA) codes and shipping notifications. The database was not password protected, which lead to the exposure of the personal information, phone numbers and 2FA codes in near real time. “Unfortunately, these 26 million
0 Comments
A security flaw in Instagram’s Download Your Data, a tool released in April this year, reportedly could have exposed user passwords, but the bug has now been fixed, according to multiple news reports. Apparently, the issue was that as part of the Download Your Data process, a URL containing the user’s password would have been emailed to
0 Comments
by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 12 November 2018 How to fit all of Shakespeare in one tweet (and why not to do it!) Headmaster fired over cryptocoin mining on the school’s dime Botnet pwns 100,000 routers
0 Comments
US lawmakers have been warned of the growing risk to national and corporate security posed by Chinese efforts to dominate 5G infrastructure and the IoT supply chain. The US-China Economic and Security Review Commission’s 2018 report to Congress claimed that significant state support for these technologies, along with alleged cyber-espionage, IP theft and other measures, have
0 Comments
In his opening keynote presentation kicking off the second day of this year’s Infosecurity North America conference in New York, the technical director of cybersecurity threat operations center for the NSA, Dave Hogue, talked about how innovations in policy, technology, and people can lead to break-through results in one of the largest 24-7-365 operational environments across the
0 Comments
It’s months past when the EU’s General Data Privacy Regulations (GDPR) went into effect, and many are wondering, “Where are we now?” Among the many aspects of the GDPR talked about at today’s Infosecurity North America conference, Nashira Layade, SVP, CISO at Realogy Holdings Corp., and Elena Elkina, partner at Aleada Consulting, spent a bit