Security Hot Topics

By GE Scott Knauss - Security Guy | Current security trends and hot topics curated by Scott, CEO of ITS LLC.

Google Chrome under attack: Have you used one of these hijacked extensions? | ZDNet

Recent versions of several Chrome extensions have been compromised to spread malicious ads.<p>Attackers have been phishing developers to compromise …

Information Security

Server Management Software Discovered Harboring Backdoor

ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.<p>…

Information Security

How a one man hacking operation was able to infiltrate international firms | ZDNet

Phishing and malware campaign looked like the work of a cyber criminal gang -- but researchers have tracked it back to a lone attacker in Nigeria.<p>An …

Security

Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi | ZDNet

Researchers say the APT28 hacking group has scraped the EternalBlue exploit from Shadow Brokers' public dump and is using it to steal data from hotel …

Security

Researchers Put Windows Defender in a Sandbox to Show Microsoft How It's Done

Software experts from Trail of Bits — a well-known security R&D company — have sandboxed Windows Defender, the default antivirus solution that ships …

Information Security

Wells Fargo Says It May Have Created More Fake Accounts

Wells Fargo, already struggling to rebuild its reputation after a scandal over the creation of fraudulent bank accounts, signaled on Friday that it could have more bad news coming.<p>The bank said in a regulatory filing that its review of potentially unauthorized accounts could reveal a “significant …

Banking

iOS Device Ransom Attacks Continue to Target Users in U.S. and Europe

A few years ago, a number of users in Australia were victimized by attackers remotely locking iPhones, iPads, and Macs using Find My iPhone on iCloud. Compromised devices typically displayed Russian ransom messages demanding payments of around $50 to $100 for the device to be unlocked.<p>At the time, …

Security

Security audits reveal poor state of corporate cyber defences

Critical vulnerabilities detected in 47% of corporate systems investigated in security audits by Positive Technologies

Information Security

FBI arrests WannaCry's 'accidental hero' in connection with Kronos banking trojan

Marcus Hutchins, aka MalwareTech, the British security researcher who was credited with stopping the hard-hitting WannaCry ransomware worm that hit …

Cybersecurity

New Trojan Never Saves a File during Its Infection Chain

A new trojan leverages a fileless infection chain in that it never saves a file to the machine, thereby making analysis via a sandbox more difficult. …

Malware

Need a new password? Don't choose one of these 306 million

Troy Hunt, the security expert behind Have I Been Pwned (HIBP), has released 306 million previously-pwned passwords in a bid to help individuals and companies ramp up their online security. The passwords have been mined from dozens of data breaches, and now anyone can download them for free.<p>HIBP …

Security

'Invisible Man' malware runs keylogger on your Android banking apps

Top tip: Don't fetch and install dodgy Flash updates from random websitesA new breed of Android malware is picking off mobile banking customers, …

Kaspersky Lab

Ransomware shuts down 1 in 5 small businesses after it hits

Ransomware hit one third of small-to-medium businesses worldwide last year, and experts say the "human factor" was often to blame.<p>When it comes to ransomware, it only takes one person to cripple the kingdom.<p>That's the assessment of cybersecurity company Malwarebytes, which has found as many as one …

Cybersecurity

Healthcare Execs Report Rise in Data Breaches and HIPAA Violations

IT executives, however, increasingly believe they are "completely ready" to withstand a cybersecurity attack on their healthcare system.

Cybersecurity

Pen Testing: How Far Should You Let White Hat Hackers Go?

sponsored by<p>Attorney Kay Lam-MacLeod Discusses Defining the Goals Jeremy Kirk (jeremy_kirk) • July 31, 2017<p>Penetration tests can reveal holes in an …

White Hat

Hackers Find Fresh WordPress Sites Within 30 Minutes

This entry was posted in WordPress Security on July 31, 2017 by Mark Maunder 50 Replies<p>Last week our team attended Black Hat and DefCon in Las Vegas, …

Information Security

It’s 2017 and Hayes AT modem commands can hack luxury cars

<b>Updated</b> Telematics torched in BMWs, Infinitis, Nissan Leaf and some FordsA bunch of mid-age Ford, Infiniti, Nissan and BMW vehicles are carrying …

Information Security

Hackers could install malware on your Amazon Echo to secretly 'wiretap' you

Security researchers have discovered that the Amazon Echo is vulnerable to attacks that could allow a hacker to install malware capable of secretly …

Amazon

MTNL broadband services hit by malware attack, over 10,000 users affected

State run Mahanagar Telephone Nigam Ltd (MTNL) has been hit by a malware attack in Delhi. The issue which is now under control as per the company, …

Internet

Malware? In my Docker container? It's more common than you think

<b>Black Hat</b> Researchers say software prisons can hide nasty attack payloadsDocker containers are the perfect disguise for malware infections, warn …

Information Security

British hacker-for-hire convicted in Germany for role in Deutsche Telekom cyberattack

The 29-year-old computer hacker was arrested by British authorities in February 2017.<p>The 29-year-old British hacker who admitted to launching the …

Security

Wannacry Inpires Worm-like Module in Trickbot

The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says …

Information Security

These were the best hacks at Black Hat and Defcon this year | ZDNet

If you weren't in Las Vegas for the heat and hacking, we've got you covered.<p>Black Hat Briefings and Def Con, the two annual security conferences you …

Information Security

Cisco bugs leave network automation vulnerable to attack

Packet snooping, certificate slip, and denial-of-serviceA slip in certificate handling is one of three bugs in Cisco's Autonomic Networking software.…

Information Security

Ransomware 'here to stay', warns Google study

<b>Cyber-thieves have made at least $25m (£19m) from ransomware in the last two years, suggests research by Google.</b><p>The search giant created thousands of virtual victims of ransomware to expose the payment ecosystem surrounding the malware type.<p>Most of the money was made in 2016 as gangs realised how …

Black Hat

Humble Book Bundle: Cybersecurity presented by Wiley

$45 worth of awesome games Pay what you want Redeem on Steam Support charity Bundles sold<p>Over $1,687 worth of awesome stuff Pay what you want Redeem …

Cybersecurity

BBC - Newsnight: Susan Watts: New flaws in chip and pin system revealed

In order to see this content you need to have both Javascript enabled and Flash installed. Visit BBC Webwise for full instructions. If you're reading via RSS, you'll need to visit the blog to access this content.<p><b>Most of us do not think twice about paying for something in a high street shop by</b> …

Banking

At hacker summit, a new focus on preventing brazen attacks

LAS VEGAS (AP) — Against a backdrop of cyberattacks that amount to full-fledged sabotage, Facebook chief security officer Alex Stamos brought a sobering message to the hackers and security experts assembled at the Black Hat conference in Las Vegas. In effect, he said, it's time to grow up.<p>Too many …

Security

How the coffee-machine took down a factories control room

I made a throwaway account for this because with the posts on my normal account people could easily figure out which company I work for.I'm a …

Coffeemakers