Isreal has the talent and capability in the world of cyber security. A country with limited resources but utilises their ingenuity to survive and thrive in the harshest of circumstances. Watch the video here from Vice on HBO. Posted on YouTube: https://www.youtube.com/watch?v=ca-C3voZwpM
Security
Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.
by Lisa Vaas The DOJ announced on Wednesday that three alleged, “high-ranking” members of the notorious Fin7 cybercrime organization have been arrested. According to three federal indictments, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are allegedly members of a prolific, professional, highly adaptable hacking group widely known as Fin7, though
A national nonprofit organization, SecureSet Foundation, created by SecureSet Academy, aims to increase diversity in the cybersecurity workforce by offering financial assistance, according to a press release from SecureSet Academy. The creation of the SecureSet Foundation will enable individuals to enhance and build their professional skills in the field of cybersecurity, which will also help
The UK government has pledged £100m to drive digital transformation in the police force, helping it tackle cybercrime and improve its controversial use of biometrics. The home secretary has already approved £70m of the Police Transformation Fund allocation to four projects. A National Enabling Programme will create a unified IT system across police forces to
by Paul Ducklin We’ll start this story right at the end: Users and sysadmins. Patch early, patch often. Vendors and programmers. Don’t store plaintext passwords. In this particular case, the vulnerable devices under attack are Mikrotik routers that haven’t been patched since April 2018. Security researcher Simon Kenin at Trustwave pieced the story together, following
The vast majority of small to medium-sized businesses (SMBs) rank security as their top priority, though less than a third of those organizations have a dedicated IT security professional on staff, according to 2018 SMB IT Security Report, released today by Untangle. More than 350 SMBs worldwide participated in the survey, which attempted to gauge their
by John E Dunn Reddit has suffered a “serious” data breach but seems unwilling or unable to put a figure on its size. There are two parts to this story – who is affected and the weakness the company says led to the breach itself. Dealing with users first, there are two groups in the
The Department of Homeland Security (DHS) has announced the creation of a new cyber-risk management center intended to protect the nation’s banks, energy companies and other industries from potentially crippling cyber-attacks on critical infrastructure, according to agency officials who spoke at the 31 July cybersecurity summit hosted by DHS. DHS Secretary Kirstjen Neilsen led a
by Lisa Vaas On 12 July, Los Angeles police arrested a 20-year-old college student from Boston at the LA International Airport. Bound for Europe, he was lugging a Gucci bag: only one piece of swag among many that prosecutors allege were bought with the proceeds of cryptocurrency that he ripped off in SIM swap scams.
Attackers are leveraging a new technique that allows them to run a specious file that looks legitimate but is actually malicious, according to the research team at Cyberbit. The component object model (COM) hijacking technique, usually used for attackers as a persistence mechanism, also has evasive capabilities. A proof-of-concept experiment run by the Cyberbit research
by Paul Ducklin Fake support scams aren’t new – they’ve been plaguing our phones, our ears and our wallets for years. They generally follow one of two main patterns: active or reactive. Active support scams rely on unlawfully acquired lists of phone numbers – the scammers call you, in blind disregard of any Do Not
By using the HiBids advertising platform, cyber-criminals have been delivering malicious advertisements to millions of victims worldwide in a large-scale malvertising and banking Trojan campaign, according to researchers at Check Point. These malicious ads can infect the PC or mobile device of the person viewing the ads with malware, such as a crypto-miner, ransomware or a banking
by Lisa Vaas Idaho prison officials said on Thursday that 364 inmates in five of the state’s prisons exploited vulnerable software in the JPay tablets they use for email, music and games in order to pump up the cash balances of their accounts. The inmates transferred nearly $225K into their JPay accounts, according to the
During a 29 July interview on “Face the Nation,” Sen. Jeanne Shaheen (D-N.H.) expressed concern over widespread phishing attacks against the Senate and political parties, according to The Hill. “I don’t know who else is on the list but I do know that we’ve had an experience in our office with people getting phishing emails with
by Lisa Vaas Kurkure is PepsiCo’s finger-licking, lip-smacking, Indian corn puff snack. PepsiCo is happy to tell anybody who’ll listen that it makes Kurkure in state-of-the-art, automated, hygienic, food-safety-award-winning, certified factories. Here’s a 5-minute video of the process on YouTube. As you can see, we’re talking rice meal, edible vegetable oil (palm oil), corn meal,
A new type of NetSpectre attack requires no malware or malicious JavaScript, because it instead attacks victims through network connections, according to researchers at Graz University of Technology. Four scientists at the university have published findings on a new type of Spectre attack in a paper entitled NetSpectre: Read Arbitrary Memory over Network. The paper
by Danny Bradbury Google has cracked down on apps that mine for cryptocurrency, banning them entirely from its official Google Play Store. The company quietly updated its developer policy page with the following statement: We don’t allow apps that mine cryptocurrency on devices. We permit apps that remotely manage the mining of cryptocurrency. The policy
UK Card Not Present (CNP) fraud losses have fallen for the first time since 2011, despite rising levels in many European countries, according to new stats from FICO. The fraud prevention firm’s latest interactive map is built on data from Euromonitor International and UK Finance. It revealed that the UK saw the biggest reduction in
Hundreds of tech-savvy inmates at several Idaho correctional facilities have been caught exploiting a software vulnerability on their state-funded tablets to artificially increase account balances. Officials claimed that 364 prisoners had been caught hacking the JPay tablets which are provided to allow them access to email, music and games. The software exploit apparently allowed them
by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 23 July 2018 WhatsApp limits message forwarding in response to lynchings Facebook, Google, Microsoft and Twitter make leaving easier Mobile security – how to have your cake and eat it [PODCAST]
The US government has repeated warnings of state-sponsored cyber-attacks made possible by infiltrating the software supply chain. The report from the National Counterintelligence and Security Center (NCSC) reveals insight into foreign economic and industrial espionage against the US. It calls out China, Russia and Iran as “three of the most capable and active cyber actors
In an effort to deliver more robust application and data security solutions that protect enterprises against attacks from cyber-criminals, California-based Imperva Inc. announced that it will acquire the Los Angeles-based application security company Prevoty. The deal, which is expected to close in Q3 2018, has an estimated value of $140m. The Prevoty office will become an Imperva location.
A flaw in the website design for LifeLock, a company charged with protecting the identity of its online customers, resulted in millions of customer accounts being exposed, according to KrebsonSecurity. A vulnerability in the site, which reportedly lacked authentication and security, has been fixed, but the breach highlights the larger security concerns inherent in web application security. Of
Android users have been warned about another Exobot banking malware source code (v. 2.5) that was leaked online. It was first detected in May 2018 and has been dubbed “Trump Edition.” The leak is expected to result in a surge of malicious Android apps given that the malware source code is now available in dark
by John E Dunn When does a pop-up blocker stop being a pop-up blocker and turn into something altogether different? According to AdGuard researcher Andrey Meshkov, the answer might be when the pop-up blocking function appears to obscure an ulterior motive – spying on a user’s web traffic as a way of profiling them. The
by Paul Ducklin Every time we write about HTTP versus HTTPS there’s quite a kerfuffle, with questions and comments flying around… …Do I need it? Why should I bother? How does this affect me? Won’t it cost me money? I don’t have any secrets, so what’s the deal? Well, following Tuesday’s news that the latest
by Naked Security writer Happy SysAdmin Day! If you’re a System Administrator at work, then you’re definitely IT support at home as well. In fact, if you’re reading an article on Naked Security then you’re almost certainly the least non-technical user in your family, and that means you’re IT support at home too. And that
by Lisa Vaas Come the end of 2020, it will be time to stick a fork in Adobe Flash. That’s when, if you’ll forgive the mixed metaphor, the malware petri dish will officially be toast. Unfortunately, that doesn’t mean that government agencies are going to toss Flash into the compost pile After all, the government
by John E Dunn It’s an attack that will make many in the shipping industry feel very nervous for the second time in a year – the US network of one of the world’s largest shipping companies, COSCO (China Ocean Shipping Company), has been hit by a disruptive ransomware attack. So far, the company has
by Paul Ducklin As you know by now – or can just pretend to know if you didn’t – it’s #SysAdminDay. More precisely, it’s System Administrator Appreciation Day 2018 – the day when you are expected to appreciate your sysadmins, in word and in deed. The sys in sysadmin, of course, means “the computer systems