Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Nordstrom is the latest victim in a long line of data breaches suffered across the retail sector, according to The Seattle Times. The Seattle-based retailer suffered a data breach in which a wide range of personal information was exposed. In addition to disclosing employee names, their Social Security numbers and dates of birth, checking account and
0 Comments
by Paul Ducklin Here at Naked Security, we’ve written about steganography before. Steganography is a fascinating trick for sending secret messages – and it’s intriguingly different from cryptography, even though the two techniques are often lumped together as if they were the same. Simply put, cryptography scrambles messages so that only the intended recipient can
0 Comments
To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs. The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System
0 Comments
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams. According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the
0 Comments
Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine. In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it
0 Comments
by Paul Ducklin This week: hyperthreading considered harmful, how to avoid lock screen hacks, and what happens when cryptocurrency exchanges implode. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. LISTEN NOW (Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.) If you enjoy the podcast, please share it
0 Comments
In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks’ networks. “The operation known as ‘FASTCash’ has enabled Lazarus,
0 Comments
A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November blog post, researchers said that if the vulnerability is exploited, it would give shop managers – employees of the store that can manage orders, products and
0 Comments
On November 5, Symantec announced that it acquired Appthority and Javelin Networks in an effort to enhance its endpoint security solutions, adding key technology integrations to Symantec’s Integrated Cyber Defense Platform. Through its acquisition of Appthority, Symantec will enable its customers to analyze mobile apps and identify malicious behaviors and vulnerabilities. Building Appthority’s technology into Symantec
0 Comments
Studying Android’s November security bulletin, you’ll notice that there’s a fair amount to patch. In total, there are 36 vulnerabilities assigned a CVE, and another 17 relating to Qualcomm components rather than Android itself. Within Android, four rated are critical and 13 rated as high. If there’s a standout it might be CVE-2018-9527, simply because it’s
0 Comments
Malicious browser extensions have been blamed for the theft of private messages and data from 81,000 Facebook users recently discovered for sale on a cybercrime forum. According to the BBC Russian Service investigation, samples of the data were discovered in September being hawked for 10 cents per account on an English-language forum with Russian connections.
0 Comments
Researchers found two vulnerabilities that could impact popular wireless access points and compromise enterprise networks if exploited, according to TechCrunch. The pair of bugs were reportedly found in chips built by Texas Instruments. Networking device makers such as Aruba, Cisco and Meraki commonly build the Bluetooth Low Energy chips into their line-up of enterprise wireless access points. While the
0 Comments
by Lisa Vaas Anonymous Coward, in commenting on a report from The Register about vulnerabilities that expose people’s browsing histories, pithily sums up potential repercussions like so: Sweetheart, whats this ‘saucyferrets.com’ site I found in your browsing history? If you value your privacy and your ferret predilections, be advised that in August, security researchers from
0 Comments
Iran’s critical infrastructure and strategic networks were attacked with what is reportedly a more sophisticated variant of the decade-old Stuxnet attack, according to Reuters. Iran’s head of civil defense agency, Gholamreza Jalali, told reporters that the newly discovered next-generation of Stuxnet that was trying to enter the systems consisted of several parts. At a live
0 Comments
Emails continue to be cyber-criminals’ vector of choice for distributing malware and phishing, according to a report released today by Proofpoint. The Quarterly Threat Report Q3 2018 found that the frequency of email fraud attacks and the number of individuals targeted per organization are continuing to rise. Credential-stealing banking Trojans comprised 94% of malicious payloads, and
0 Comments
In his keynote speech at the Securing the Enterprise 2018 conference in Cambridge, MA, BT Security president Mark Hughes said that when it comes to the threats enterprises and government are facing, the global network is telling us that old strategies don’t work. In the face of ongoing cyber-attacks, mounting privacy concerns and daily data
0 Comments
A new technique to escape malware detection has been used in a malicious campaign targeting smartphones, according to The Media Trust. In today’s blog post, Michael Bittner, digital security and operations manager at The Media Trust, revealed that the campaign involved third-party code that enabled smart malware delivery. The malware, dubbed JuiceChecker-3PC by The Media
0 Comments
In what it is calling the “most significant tech acquisition of 2018,” IBM announced today that it will acquire Red Hat, a global provider of open source cloud software. The two companies have finalized an agreement subject to Red Hat shareholder and regulatory approvals, which is expected to close in late 2019. According to IBM,