News – April 2018


  • Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

    April 18, 2018

    It’s time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Read more… Source: The Hacker News  

  • 75% of consumers won’t buy your product if they don’t trust you to protect their data

    April 17, 2018

    Consumers are increasingly concerned over their data privacy and security when deciding what products and services to use, according to a new survey from IBM conducted by the Harris Poll. Some 78% of the 10,000 consumers surveyed said that a company’s ability to keep their data private is “extremely important.” However, only 20% said they “completely ...

  • Automated Bots Growing Tool For Hackers

    April 17, 2018

    The use of automated bots is becoming more prevalent for novice attackers as tools become more available, researchers found. A honeypot experiment, detailed by Cybereason at this year’s RSA Conference, showed the commoditization of using bots to perform low-level tasks. The honeypot showed an automated bot come in and lay the groundwork – by exploiting vulnerabilities and ...

  • China’s ZTE deemed a ‘national security risk’ to UK

    April 17, 2018

    Britain’s cyber-security watchdog has warned telecommunications companies against dealing with the Chinese manufacturer ZTE, citing “potential risks” to national security. The US commerce department has imposed a seven-year-ban on companies selling products and services to ZTE – which makes mobile phones and network equipment – alleging it failed to crack down on personnel who sold sensitive ...

  • Proposal Gives EU Judges Power To Demand Data Across Borders

    April 17, 2018

    The ‘e-evidence’ law would force tech firms to hand over data within as little as six hours The European Commission is to publish proposed rules on Tuesday that would give national judges in the EU the ability to compel tech companies to quickly hand over information stored outside the bloc, in cases of serious crime. The digital evidence ...

  • Europe Tells ICANN Its GDPR Compliance Plans Need More Work

    April 16, 2018

    The internet supervisory body says it will continue to press for a moratorium on GDPR enforcement while it works to makes changes The European Commission’s data  protection advisory body has said it continues to have “concerns” about plans to bring the internet’s WHOIS service into compliance with sweeping new data rules set to come into force in Europe ...

  • US, UK cyber cops warn Russians are rooting around in your routers

    April 16, 2018

    American and British crimefighters have launched another round of pin-the-tail-on-the-Russians – with a warning that Moscow-backed hackers are trying to subvert the world’s network devices. The US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) on Monday issued a joint Technical Alert describing a global assault ...

  • Casino Gets Hacked Through Its Internet-Connected Fish Tank Thermometer

    April 15, 2018

    Internet-connected technology, also known as the Internet of Things (IoT), is now part of daily life, with smart assistants like Siri and Alexa to cars, watches, toasters, fridges, thermostats, lights, and the list goes on and on. But of much greater concern, enterprises are unable to secure each and every device on their network, giving cybercriminals ...

  • The cybersecurity skills gap caused 40% of IT pros to stall their cloud migrations

    April 15, 2018

    Though virtually all organizations are moving some assets to the cloud, a lack of cybersecurity talent is slowing migration for 40% of IT professionals, according to a Monday report from McAfee. Of the 1,400 IT professionals surveyed worldwide, 97% said their organization is using some type of cloud service—up from 93% last year. However, those with ...

  • Hackers Found Using A New Code Injection Technique to Evade Detection

    April 13, 2018

    While performing in-depth analysis of various malware samples, security researchers at Cyberbit found a new code injection technique, dubbed Early Bird, being used by at least three different sophisticated malware that helped attackers evade detection. As its name suggests, Early Bird is a “simple yet powerful” technique that allows attackers to inject malicious code into a legitimate ...

  • Britain Launches Cyber Attack Against ISIL Terrorists

    April 12, 2018

    Cyber offensive…UK conducts major offensive cyber-campaign” against the Islamic State group The United Kingdom has made a rare public admission that it has carried out a cyber offensive against the Islamic State terrorist group. The admission, by the director of the intelligence agency GCHQ Jeremy Fleming, is the first time that this country has specifically eroded the ...

  • ‘Dark web’ targeted in crime crackdown by Government

    April 11, 2018

    Criminals are emboldened by the anonymity of the dark web, which has become a platform for horrific abuse, the Home Secretary will say today. New funding to crack down on the “dangerous” dark web will be launched by Amber Rudd in a speech at the Government’s flagship event for cybersecurity. Read more… Source: Sky News  

  • Company insiders behind 1 in 4 data breaches – study

    April 10, 2018

    The admins among you will be unsurprised to discover that, more than a quarter of the time, data breaches across the world originated between the chair and the keyboard of organisation “insiders”. And no, we don’t mean they clicked on a dodgy link… The latest edition of Verizon’s Data Breach Investigations Report (DBIR) found that 25 ...

  • Cisco mess from 2017 becomes tool for state-sponsored infrastructure attacks and defacements

    April 9, 2018

    Cisco’s Smart Install software has become the vector for a series of infrastructure attacks and politically-motivated defacements. Cisco’s own Talos security limb reports that bad actors, some likely state-supported, have been scanning Switchzilla devices to see if they run Smart Install. The tool is insecure-by design because its purpose is to allow deployment of brand-new switches ...

  • Cyber Dam Busters could give Australia’s military an asymmetric edge

    April 9, 2018

    The Australian Defence Force (ADF) has a “distinct battlefield edge” because it has fully integrated its military offensive capability into ADF operations. But a “modest” additional investment would give it “an asymmetric capability against future adversaries”, according to the International Cyber Policy Centre (ICPC) at the Australian Strategic Policy Institute (ASPI). “Having synchronised operations with traditional ...

  • Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

    April 9, 2018

    A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager (EPV) solutions help organizations securely manage their sensitive passwords, controlling privileged accounts passwords across a wide range of client/server and mainframe operating ...

  • Delta Confirms Breach Of Customer Payment Details

    April 5, 2018

    Hackers have had access to Delta customer payment data for over six months after third party breach US airline Delta Air Lines and American department store Sears Holding have both confirmed a data breach, after an incident involving a third party tech provider. Delta said that it was notified last week by 7.ai, a company that provides online chat ...

  • 1.5 billion sensitive files exposed by misconfigured servers, storage and cloud services

    April 5, 2018

    Researchers have discovered over 1.5 billion sensitive files including payroll information, credit card details, medical data, and patents for intellectual property are exposed online, putting consumers and businesses at risk of theft, cybercrime, and espionage. But the information exposed online — which amounts to a total of 12,000 terabytes of data — isn’t there as a ...

  • Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

    April 5, 2018

    A malware family called Rarog is becoming an appealing and affordable tool for hackers to launch cryptocurrency mining attacks, researchers say. They say the Trojan is low priced, easily configurable and supports multiple cyrptocurrencies, making it an appealing option for hackers. Palo Alto Networks’ Unit 42 research team, which posted a blog on Wednesday after tracking Rarog for months, ...

  • A new Mirai-style botnet is targeting the financial sector

    April 5, 2018

    A botnet made up of hijacked internet-connected televisions and web cameras has a new target, security researchers have found. Three financial sector institutions have become the latest victims of distributed denial-of-service (DDoS) attacks in recent months. New research by Recorded Future’s Insikt Group published Thursday points to what’s likely to be the IoTroop botnet, used to pummel financial ...