Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

Independence Blue Cross, a Philadelphia-based health insurer notified thousands of its members this week that a data breach had exposed some of their protected health information (PHI), according to Healthcare Informatics. On July 19, 2018, Independence Blue Cross’s privacy office announced a breach in which the personal information of approximately 17,000 members – fewer than
As the cyber industry continues to evolve, it becomes increasingly difficult for organizations to stay ahead of the curve, making the ever-changing threat landscape a major concern for many businesses, according to the 2018 Travelers Risk Index published by The Travelers Indemnity Company. Evolving threats and new digital developments make cyber a top concern for large technology,
A Romanian woman has pleaded guilty to charges relating to a major ransomware operation which took out over two-thirds of the CCTV cameras in Washington DC ahead of President Trump’s inauguration. Eveline Cismaru pleaded guilty to one count of conspiracy to commit wire fraud and one of computer fraud, with a potential combined maximum sentence
The infamous Magecart code has struck again, with an attack group this time using it to skim card details from customers of online retailer Newegg for a full month, according to researchers. The US-based, tech-focused e-tailer has yet to release a statement on the news, but RiskIQ, which has been following Magecart closely over the past
New IoT malware detections have soared over 200% since 2017 to reach over 120,000, according to new stats from Kaspersky Lab. The Russian AV vendor claimed to have spotted 121,588 modifications of malware targeted at smart devices in the first half of 2018, a 273% increase on the 32,614 detected for the whole of last
A leading think tank has called for urgent regulatory and oversight mechanisms to be introduced to govern the use of machine learning technology by UK law enforcers. The Royal United Services Institute for Defence and Security Studies (RUSI), is the world’s oldest independent defense and security think tank. Its latest report, Machine Learning Algorithms and
by Danny Bradbury Five Senators have discovered that the State Department is breaking the law by not using multi-factor authentication (MFA or 2FA) in its emails. They’ve sent a letter to Secretary of State Mike Pompeo, and they want answers. The letter, from Senators Ron Wyden, Cory Gardner, Edward Markey, Rand Paul and Jeanne Shaheen, referenced
Normal service was finally resumed at Bristol airport yesterday after two days of ransomware-related outages caused a blackout of flight information screens. Staff were forced to hand-write regular updates on whiteboards to provide passengers with crucial information on flight arrival and departure details, while additional airport staff were deployed to help answer questions from anxious
by Naked Security writer Get yourself up to date with everything we’ve written in the last seven days – it’s weekly roundup time. Monday 10 September 2018 Apple’s new tool will make it easier for law enforcement to request data Supermicro servers fixed after insecure firmware updating discovered North Korean programmer charged for Sony, WannaCry
In response to reports that the US State Department is lagging in its implementation of basic cybersecurity standards, a group of bipartisan senators have written a letter to Secretary of State Mike Pompeo urging him to augment security mechanisms and improve compliance. The senators point out that the password-only approach is not reliable protection, particularly
Microsoft Office documents accounted for the delivery of nearly half of all malicious macros in August 2018, according to Cofense. A recent blog post found that the macro remains the email attachment of choice for delivering malicious payloads. Of all the mechanisms analyzed, 45% of attackers used these documents to delivery malicious macros, including Geodo,
The ICO has received 500 calls each week to its breach reporting helpline since the GDPR came into force in May, but around a third of these don’t meet the minimum threshold, according to the deputy commissioner of operations. James Dipple-Johnstone told the CBI Cyber Conference in London this week that the UK privacy watchdog
The website of Edinburgh University was still down at the time of writing after the institution suffered a major cyber-attack during its Freshers’ Week. Service provider Jisc told local reporters that it believes the university’s is the only domain affected. A spokesman told the Edinburgh Evening News that the university has “rigid measures in place”
by Danny Bradbury California looks set to regulate IoT devices, becoming the first US state to do so and beating the Federal Government to the post. The State legislature approved ‘SB-327 Information privacy: connected devices’ last Thursday and handed it over to the Governor to sign. The legislation introduces security requirements for connected devices sold in
Microsoft released fixes for over 60 CVEs yesterday as part of its monthly update round, three of which have been publicly disclosed and one which was being actively exploited in the wild. CVE-2018-8440 is an Elevation of Privilege vulnerability in Windows Advanced Local Procedure Call (ALPC) which was disclosed by researcher and Twitter user @SandboxEscaper
by John E Dunn Is the Keybase secure messaging browser extension safe to use or not? Respected researcher Wladimir Palant (of AdBlock Plus fame) is so convinced that it isn’t that he has recommended users “uninstall the Keybase browser extension ASAP,” after he discovered what looks like a gap in its claim to offer end-to-end
Germany-based researchers found a way to spoof certificates, even those protected with PKI-based domain validation, according to the Register. With nothing more than a laptop, the group was able to steal credentials and eavesdrop on certificate authorities. “We evaluated the attack against a number of CAs and we set up a live (automated) demo against one
An analysis of ICS (industrial control systems) computers revealed a consistent increase in the percentage of attacks, according to a new ICS CERT report from Kaspersky Lab.   The Kaspersky Lab report, Threat Landscape for Industrial Automation Systems in H1 2018, indicated that 41.2% of ICS computers protected by Kaspersky Lab solutions were attacked by