Yearly Archives: 2018
Hackers target financial firms hosting malicious payloads on Google Cloud Storage
Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the […]
Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are […]
Researcher disclosed a Windows zero-day for the third time in a few months
Security researcher SandboxEscaper released a working proof-of-concept (PoC) exploit for a new Windows zero-day vulnerability. Hacker Discloses New Unpatched Windows Zero-Day Exploit On Twitter The security researcher SandboxEscaper is back […]
Special Report: Cybersecurity predictions for SMBs in 2019
Sean McGrath, privacy expert and cybersecurity advocate at BestVPN.com The cybersecurity breaches that make the headlines tend to focus on household names – the likes of Uber, Equifax, HBO, Facebook […]
Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool
Researchers at Palo Alto Networks discovered that the Russian-linked Sofacy APT has written a new version of their Zebrocy backdoor using the Go programming language. The Sofacy APT group has been […]
Twitter uncovered a possible nation-state attack
Twitter discovered a possible nation-state attack while it was investigating an information disclosure flaw affecting its platform. Experts at Twitter discovered a possible state-sponsored attack while they were investigating an information disclosure […]
Germany’ BSI chief says ‘No Evidence’ of Huawei spying
The head of Germany’s BSI admitted that since now there is no proof espionage activity conducted through Huawei technology. US first, and many other countries after, have decided to ban […]
Twitter fixed a bug that could have exposed Direct Messages to third-party apps
Researcher Terence Eden discovered that the permissions dialog when authorizing certain apps to Twitter could expose direct messages to the third-party. The flaw is triggered when apps that require a PIN to […]
Cyber attack hit the Italian oil and gas services company Saipem
Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week. Saipem has customers in more than 60 countries, including […]
RSA® CONFERENCE ANNOUNCES INITIAL 2019 KEYNOTE SPEAKERS
Information on additional speakers and session content coming in the new year BEDFORD, MA – Dec. 12, 2018 – RSA Conference, the world’s leading information security conferences and expositions, today […]
News Alert: December Patch Tuesday
Updates for Windows, Office, .Net Framework, Adobe, Firefox and More by Chris Goettl, Director of Product Management, Security, Ivanti If you saw the Patch Tuesday forecast for December, the reality […]
WordPress botnet composed of +20k installs targets other sites
Experts from security firm Wordfence discovered a Botnet of 20,000 WordPress Sites Infecting other WordPress installs. Experts from security firm Wordfence uncovered a botnet composed of over 20,000 WordPress sites […]
Risk Management of Third-Party Vendors: The Devil is in the Details
Third-party vendors are critical assets to business practices. However, without the proper risk assessment policies in place, they can also represent some of the largest potential threats to an organization’s […]
Evidence in Marriott’s subsidiary Starwood hack points out to China intel
According to a report published by the Reuters, the massive Marriott data breach was carried out by Chinese state-sponsored hackers. According to the Reuters, people investigating the Marriot data breach believe that it […]
Email accounts of top NRCC officials were hacked in 2018
Threat actors had access to the email accounts of at least four NRCC aides and spied on thousands of sent and received emails for several months. The email system at […]
Bug Bounty Hackers Bill Introduced into the US Senate
A bipartisan pair of US Senators introduced a bill that would require the US Department of Homeland Security to create an ongoing program to allow security experts to report bugs […]
Ever-Growing Need for Privacy Results in a Boom for Multi-Party Computing Adoption
by Nigel Smart Cryptography is the technology one turns to if you want to keep data private; a concern which is becoming more important in today’s digital world. Legislators are […]
New strain of Ransomware infected over 100,000 PCs in China
Security experts reported a new strain of malware spreading in China, the malicious code rapidly infected over 100,000 PCs in just four days. Unfortunately, the number of infections is rapidly […]
Quora data breach: hackers obtained information on roughly 100 million users
Another day another illustrious victim of the data breach, the popular question-and-answer website Quora suffered a major data breach that exposed 100 million users. On Monday, the popular question-and-answer website Quora […]
Six Essential Questions about “ePrivacy”
by Alex van der Wolk, Privacy + Data Security Group Global Co-Chair, Morrison & Foerster In the realm of privacy and personal data, 2018, thus far, has been all about […]
A CISOs ‘Playbook’: Practice How You Fight
by David ‘Moose’ Wolpoff, CTO and co-founder, Randori Despite CISOs and organizations making huge investments in security – with more tools and solutions on the market than ever before – […]
Moscow’s New Cable Car closed due to a ransomware infection
Two days after Moscow opened a new cable car system hackers infected its computer systems with ransomware. The cable car system is long over 700 meters and spans across the Moscow […]
New PowerShell-based Backdoor points to MuddyWater
Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar […]
Marriott Suffers Massive Breach – Affects 500 Million Customers
The personally identifiable information (PII) of as many as 500 million guests at Starwood hotels has been compromised and Marriott said that it’s discovered that unauthorized access within its Starwood […]
Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins
Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via […]
Going From One Against Many to Many Against Many: The Future of Security Collaboration
Industry-wide, security teams are duplicating time and resources to complete similar investigations, workflows and threat responses. With a skilled staffing shortage of an anticipated 3.5 million security jobs by 2021, […]
VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition
VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability (CVE-2018-6983) that was […]
It’s Cyber Monday every day at Regent University’s cyber range
Cyberattacks affect the lives of everyone, from business owners required to safeguard assests and data to children growing up with tablets in their hands. It’s a reality reinforced daily with […]
US Government is asking allies to ban Huawei equipment
US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal The Wall Street Journal reported that the US Government is urging its […]
Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW
Hackers targeted Drupal web servers chaining some known vulnerabilities, including Drupalgeddon2 and DirtyCOW issues. Security experts at Imperva reported an attack against Drupal Web servers running on Linux-based systems. Hackers exploited the Drupalgeddon2 flaw […]