News


  • Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report

    November 2, 2018

    Technology company Microsoft has routinely shared the financial details of Indian bank customers with intelligence agencies in the United States, DNA reported on Tuesday. According to the newspaper, the Reserve Bank of India flagged its concerns on the matter in a risk assessment report it has placed before banks’ audit committees. The central bank found that the data ...

  • Radisson Hotel Group suffers data breach, customer info leaked

    November 1, 2018

    The chain accounts for over 1,400 hotels in over 70 countries and includes the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection. Radisson Rewards members were directly informed on October 30 and 31 that a security incident was discovered on the first of the month which may have involved the leak of ...

  • Researchers find Stuxnet, Mirai, WannaCry lurking in industrial USB drives

    November 1, 2018

    Removal storage and USB thumb drives are a serious security incident waiting to happen, new research suggests. When we consider threats to our industrial systems, specifically crafted malware, such as the Industroyer strain which cut off the power to the city of Kiev in Ukraine for an hour, often comes to mind. Industrial players have a problem. Many ...

  • Australian defence contractor Austal hit by data breach

    November 1, 2018

    Australian prime defence contractor and shipbuilder Austal informed  the Australian Securities Exchange (ASX) of a data breach after the market closed on Thursday evening. The company said it alerted “stakeholders” who were potentially hit by the breach, but said no information affecting national security or the company’s operations was stolen, although a number of staff emails and ...

  • Two Zero-Day Bugs Open Millions of Wireless Access Points to Attack

    November 1, 2018

    Two zero-day vulnerabilities in Bluetooth Low-Energy chips made by Texas Instruments (and used in millions of wireless access points) open corporate networks to crippling stealth attacks. Adversaries can exploit the bugs by simply being approximately 100 to 300 feet from the vulnerable devices. A compromised access point can then lead to an attacker taking control of ...

  • Cisco zero-day exploited in the wild to crash and reload devices

    November 1, 2018

    The Cisco security team has revealed earlier the existence of a zero-day vulnerability affecting products that run Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The vulnerability has been exploited in the wild, according to a security advisory the company published a few hours ago. No patches are available at the time of writing. Cisco says it ...

  • Mattis establishes DOD task force to protect critical tech, information

    November 1, 2018

    Secretary of Defense James Mattis has established a task force whose sole purpose is to better secure the Department of Defense’s important technology and information. Mattis issued a memo dated Oct. 24 creating the Protecting Critical Technology Task Force (PCTTF) to report to the deputy secretary of Defense and the vice chairman of the Joint Chiefs of Staff. “Working with our partners ...

  • Utilities, Energy Sector Attacked Mainly Via IT, Not ICS

    November 1, 2018

    Stealing administrative credentials to carry out months-long spy campaigns is a top threat. While industrial control systems (ICS) are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report on Energy and ...

  • New Stuxnet Variant Allegedly Struck Iran

    October 31, 2018

    A malware similar in nature to Stuxnet but more aggressive and sophisticated allegedly hit the infrastructure and strategic networks in Iran. Details about the supposed new attack are superficial at the moment, as there are no details about the supposed attack, the damage it caused or its targets. A report on Wednesday from Israeli evening news bulletin ...

  • Coming soon: Better collaboration, sharing with U.S. allies, IC CIO Sherman says

    October 31, 2018

    The U.S. intelligence community is working to improve collaboration and communication with its Five Eyes allies and beyond. Intelligence community CIO John Sherman plans “in just a couple weeks” to convene CIOs from Five Eyes allied nations — Australia, Canada, New Zealand and the United Kingdom — “to work through some of these issues” concerning intelligence collaboration ...

  • Emotet malware gang is mass-harvesting millions of emails in mysterious campaign

    October 31, 2018

    A notorious malware family that has been on a resurgent path since last year has received a major update this week that will send shivers down any organization’s back. According to a report from Kryptos Logic shared earlier today with ZDNet, the Emotet malware family has started mass-harvesting full email messages from infected victims, starting yesterday. The Emotet group ...

  • New SamSam ransomware campaign aims at targets across the US

    October 30, 2018

    SamSam ransomware is still plaguing organisations across the US, with fresh attacks against 67 new targets — including at least one involved with administering the upcoming midterm elections. The malware is designed in such a way that it in addition to encrypting files and data across target networks, it also goes after backups as a means ...

  • Millions of Voter Records Up for Sale Ahead of the US Midterm Elections

    October 30, 2018

    As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. Voter information is rich with details that could help an attacker learn enough about the victim to steal their identity. Cybersecurity company Carbon Black, at least one market on the dark web lists for sale voter ...

  • IoT Flaw Allows Hijacking of Connected Construction Cranes

    October 30, 2018

    An attacker can send spoofed commands to the crane’s controller. A connected construction crane, from Telecrane, has a vulnerability that would allow cyberattackers to intercept its communications and take the equipment over. The internet of things (IoT) continues to add new types of objects to its footprint, as industries start leveraging connectivity to increase productivity, accuracy and ...

  • Dead Web Apps Haunt 70 Percent of FT 500 Firms

    October 30, 2018

    Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses. A study of abandoned websites owned by leading global corporations hammers home the point that old web applications need to be properly mitigated or retired. Otherwise, these resources often haunt a firm long after they have been forgotten. Researchers at High-Tech Bridge used ...

  • New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

    October 30, 2018

    It’s only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts’ private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass ...

  • DHS: Election officials inundated, confused by free cyber-security offerings

    October 29, 2018

    Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google’s Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. ...

  • Demand for cryptocurrency skills surges, but lacks cyber security expertise

    October 29, 2018

    Trend Micro warns the lack of cybersecurity skills in cryptocurrency environments could be dangerous for firms. Demand for skills in cryptocurrencies is growing, but security expertise isn’t keeping up, leaving businesses open to attack, a report by Trend Micro has revealed. In the cryptocurrency world, businesses are seeking employees with a knowledge of blockchain, finance, Java, bitcoin ...

  • Why website maintenance is essential for small businesses’ cyber-security

    October 29, 2018

    Investing time in ongoing website maintenance is a key way to ensure that your small business website is as protected as it can be against cyber-security threats. October 2018 is Cyber Security Awareness Month, an annual campaign which aims to raise awareness of cyber-security threats. Research from the Cyber Security Breaches Survey 2018 shows that four ...

  • Protect yourself from a cyber attack — before it happens

    October 29, 2018

    The biggest threat to your firm’s security may be lurking in your inbox. Email is a primary means for RIA communication with clients, vendors, other third parties and within a firm. As a result, most data and security breaches happen through email, usually due to some combination of user error and gaps in cybersecurity protection. The ...