Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Russia’s fearsome intelligence agency the FSB has been trying to decrypt Tor traffic since 2012, according to new reports stemming from a major breach of a Russian defense contractor. The firm in question, SyTech, was revealed to be working on several projects. It was breached by a group known as 0v1ru$, which defaced its website
0 Comments
by Danny Bradbury If you’ve been anywhere near Facebook this week, you’ve probably seen selfies of friends next to AI-generated images of what they’ll look like in a few decades. Underneath those posts, you’ll see comments from others warning them they’ve just signed over their soul to an obscure Russian company. That’s right, it’s time
0 Comments
Over one-third of global finance chief information officers (CIOs) acknowledge organizations experienced an outage in the last six months, according to a new study from Venafi, the leading provider of machine identity protection. The study queried more than 100 CIOs in the financial services industry from the U.S., U.K., France, Germany and Australia and found that financial
0 Comments
by Danny Bradbury Mozilla is expanding the privacy tools built into Firefox by integrating its Lockwise password manager directly into the browser and expanding its support for the Have I Been Pwned (HIBP) website. Lockwise is an app for iOS and Android, and an add-on for the desktop version of Firefox. It’s a password manager
0 Comments
Evidence suggests that new versions of malware families are linked to the elusive Ke3chang group, along with a previously unreported backdoor, according to researchers at ESET. The researchers have long been tracking the advanced persistent threat (APT) group and suspect that it operates out of China, according to today’s press release. Named Okrum by ESET,
0 Comments
The 2019 Security Awareness Report published by SANS Security Awareness, a division of SANS Institute, found that across many organizations, there is an increased emphasis on the need for awareness and training programs. According to the report, more than 75% of those who are currently responsible for security awareness and training are spending less than half
0 Comments
by Mark Stockley For the last two months the infosec world has been waiting to see if and when criminals will successfully exploit CVE-2019-0708, the remote, wormable vulnerability in Microsoft’s RDP (Remote Desktop Protocol), better known as BlueKeep. The expectation is that sooner or later a BlueKeep exploit will be used to power some self-replicating
0 Comments
Oracle will release its Critical Patch Update on July 16, 2019, which will include seven new fixes for the Oracle database server, according to a pre-release announcement.    “While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory,”
0 Comments
According to a survey of 100 healthcare professionals from hospitals to physician group practices, more than half of respondents are highly confident in the cybersecurity of their patient portals.  The State of Patient Identity Management report, published by LexisNexis® Risk Solutions, revealed that healthcare organizations (HCOs) have great confidence in their cybersecurity preparedness. While confidence in their cybersecurity
0 Comments
Security researchers have hacked hair straighteners from Glamoriser, according to Pen Test Partners. The UK firm bills itself as the maker of the “world’s first Bluetooth hair straighteners,” devices that users can link to an app so that the owner can set the heat and style settings and switch the straighteners off from within Bluetooth range.  Researchers
0 Comments
Having tracked the activities of threat actors suspected of being involved in a large number of malicious spam attacks targeting organizations based in Turkey, Sophos researchers determined that the attackers flew under the radar using Excel formula injections to deliver the payload.  “The threat actor predominantly targets victims based in Turkey using malspam email messages written
0 Comments
by Danny Bradbury Companies feel they are losing the cybersecurity battle, according to research released by Sophos this week. IT managers are inundated with cyberattacks from all directions and struggling to plug all the security gaps. In the survey, titled The Impossible Puzzle of Cybersecurity, Sophos surveyed 3,100 IT managers across 12 countries about their cybersecurity
0 Comments
Researchers have discovered a vulnerability impacting a leading manufacturer of managed kiosks found in hotels, businesses, retail and other industries that could allow a malicious actor access to the cloud database, according to Trustwave. Uniguest outsources secure, fully managed customer-facing technology solutions, but researchers reported that “based on the way their infrastructure is set up,
0 Comments
A new version of the advanced malicious surveillance tool, FinSpy, has been observed stealing information from global governments, law enforcement and NGOs, according to new research from Kaspersky. “The new implants work on both iOS and Android devices and can monitor activity on almost all popular messaging services, including encrypted ones, and hide their traces better
0 Comments
The Information Commissioner’s Office has announced an intention to fine Marriott International £99m for “infringements of the GDPR.” Relating to an incident that Marriott reported in November 2018, which saw approximately 339 million guest records exposed globally, of which around 30 million related to residents of 31 countries in the European Economic Area (EEA) and
0 Comments
The Department of Energy (DOE) engaged in conversations with industry partners in order to advance the cybersecurity of industrial control systems in the nation’s critical infrastructure, including power utilities and pipelines, according to FedScoop and E&E News. “Private entities and key agencies formed a consortium over concerns industrial control systems (ICS) are increasingly being targeted by
0 Comments
by Danny Bradbury Hackers just infiltrated virtual reality (VR), enabling them to manipulate users’ immersive 3D worlds. At the Recon cybersecurity show in Montreal, researchers Alex Radocea and Philip Pettersson demonstrated how to hack virtual reality worlds on three platforms. The first was VR Chat, a virtual chat room available via online gaming platform Steam
0 Comments
A cryptominer campaign has been targeting Linux-based servers using a new Golang malware, according to research published by F5 Labs.  Though not often seen in the threat landscape, the Golang malware was first identified in mid-2018 and has sustained throughout 2019. Researchers noted the latest operation, which has infected an estimated several thousand machines, began
0 Comments
by Lisa Vaas Bitcoin is eating up about seven gigawatts per year, according to a new tool from University of Cambridge’s Centre for Alternative Finance, called the Cambridge Bitcoin Electricity Consumption Index (CBECI). That’s a bit more than the entire country of Switzerland is using, according to the CBECI – a number that’s admittedly hard