Monthly Archives: January 2019
Reading the ENISA Threat Landscape Report 2018
According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. I’m proud to present […]
Authorities shut down XDEDIC marketplace in an international operation
A joint operation conducted by law enforcement agencies in the United States and Europe allowed seizing the xDedic marketplace. Law enforcement agencies in the US and Europe announced the seizure […]
Cobalt cybercrime gang abused Google App Engine in recent attacks
The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. The Cobalt hacking group has been using Google App Engine to distribute malware through […]
Anatova ransomware – Experts believe it will be a dangerous threat
Security experts at McAfee have discovered a new malware, dubbed Anatova ransomware, that has been spotted infecting computers worldwide The name Anatova is based on a name in the ransom […]
DHS issues emergency Directive to prevent DNS hijacking attacks
DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks. The notice was […]
Federal Shutdown is No Holiday for Identity Thieves
by Yan Ross, ICFE Director of Special Projects As the federal shutdown enters its second month without a resolution in sight, the effects on consumers, businesses and non-profits are being […]
Armor Detects and Neutralizes 681 Million Cyber Attacks Launched at its Cloud Customers in 2018
Armor, a leading global cloud security provider, reported that during 2018 it detected and neutralized over 681 million cyber attacks launched at its 1,200 cloud customers. Armor’s customers are in […]
Detecting Persistent Cloud Infrastructure/Hadoop/YARN Attacks Using Security Analytics
By Oleg Kolesnikov of the Securonix Threat Research Team The Securonix Threat Research Team has been actively investigating and closely monitoring persistent malicious attacks impacting exposed cloud and server infrastructure and has […]
Prioritization to Prediction: Getting Real About Remediation.
Getting Real About Remediation In an ideal world, security teams would patch every vulnerability as soon as it was discovered. But that isn’t possible. There are more vulnerabilities than there […]
Huge Data Breach Now Uncovered: Collection #1
Collection #1 dump, 773 million emails, 21 million passwords The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million […]
DarkHydrus adds Google Drive support to its RogueRobin Trojan
Security experts attributed new malicious campaigns to the DarkHydrus APT group (aka Lazy Meerkat), threat actors used a new variant of the RogueRobin Trojan and leveraged Google Drive as an […]
Four Methods for Encrypting Sensitive Data in a Cloud Environment
The scale of organizations moving their business processes to a hybrid or cloud environment continues to grow year after year. Data storage, easy collaboration, on-premises integrations with frequented web and […]
The Inevitability of Cyber Crime
Think of all the ways you could be a victim of a crime. Do you register any of those as inevitable? In nearly every case, it’s not even close with […]
The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC
On 21 January 2019, the CNIL’s restricted committee imposed a financial penalty of 50 Million euros against the company GOOGLE LLC, in accordance with the General Data Protection Regulation (GDPR), […]
A flaw in vCard processing could allow hackers to compromise a Win PC
A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC The security expert John Page […]
Experts unveil a “to-do” list of pressing cybersecurity challenges for 2019 and further
Key players, including public bodies, need to take a proactive approach and lead the way in adopting a responsible behaviour to tackle cybersecurity challenges, says the Kosciuszko Institute in the […]
Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’
Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant […]
A Guide to Cybersecurity Conversations For the C-Suite In 2019
In 2019, drive more business value from your cybersecurity investments. It’s easy to get caught up in the numbers but what it comes down to is MORE. More connectivity. More points of […]
Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections
Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability […]
Security Product Spotlight: datashur Pro – encrypted USB device
I was invited by iStorage (https://istorage-uk.com) to test their datashur PRO USB storage device. It looks a bit like an ordinary USB stick but it’s hardened both physically and in […]
Ironic turn … Kaspersky Labs helped NSA to catch alleged data thief
Kaspersky was a long accused to support Russian intelligence, in an ironic turn, source now revealed it helped to catch alleged NSA data thief Kaspersky was a long accused to […]
Youngster behind massive data leak of German politicians data
A 20-year-old hacker was arrested for the recent massive data leak that impacted hundreds of German politicians. According to the authorities, the man had already confessed. The German authorities have […]
Overcoming the Cybersecurity Staffing Drought
Companies won’t ever be able to hire enough qualified pros. Partnering with full-service cybersecurity providers is now a viable alternative. By Gary Fish Introduction Whether you’re responsible for managing IT […]
JW’s Signature Cybersecurity Conference comes to The George Washington University
On January 31, 2019 on The George Washington University campus at the Jack Morton Auditorium, The GreenHouse Group LLC will be hosting JW’s Signature Cybersecurity Conference. Join top cyber professionals […]
ReiKey app for macOS can detect Mac Keyloggers using event taps
ReiKey is a free tool that allows to scan and detect keylogger that install persistent keyboard “event taps” to intercept your keystrokes. Good news for macOS users, a new open […]
Dark Overlord hacking crew publishes first batch of confidential 9/11 files
The Dark Overlord published the first batch of decryption keys for 650 confidential documents related to the 9/11 terrorist attacks. The Dark Overlord hacking group claims to have stolen a […]
Experts analyzed the distribution technique used in a recent Emotet campaign
ESET analyzed the distribution technique used by cyber criminals in new Emotet campaign that has recently affected various countries in Latin America. In November, experts from ESET uncovered a massive […]
Your Security Auditing Is Failing You, and Here’s Why
by Mickey Bresman, co-founder, Semperis A new report on cyber-attacks caught my attention. Carbon Black’s November 2018 Quarterly Incident Response Threat Report finds that hackers are increasingly destroying security logs […]
Facebook tracks non-users via Android Apps
New thunderclouds on Facebook, the social network giant is accused of tracking non-users via Android apps. According to a report presented by Privacy International yesterday at 35C3 hacking conference held in Germany, […]
The Solution to Cyber Workforce Shortfalls
As malicious software exposures increases and skilled adversaries continue to meet with success at stealing information, qualified cybersecurity professionals remain scarce. Regent University’s multi-tiered training pipeline is primed to fill […]