Month: January 2018

ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash Player installer

Read full post In order to establish persistence on the system, the installer tampers with the operating system’s registry. It also creates an administrative account that allows remote access. The post ESET research: Appearances are deceiving with Turla’s backdoor-laced Flash...

/ January 9, 2018

US tightens rules on border search

Read full post Your chances of being searched at a US border crossing are now at an all-time high. But the chances that border agents will be pulling data from your devices declined this past week – at least by...

/ January 9, 2018

Spyware user tracked boyfriend to have him killed by hitman

Read full post The plan was going well, until the ‘hitman’ turned out to be working for the FBI.

/ January 9, 2018

Facebook bug could have exposed your phone number to marketers

Read full post Self-service ad-targeting tools could have squeezed users’ phone numbers from their email addresses… verrrrry sloooowly.

/ January 9, 2018

Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities

Read full post There’s a lot at stake when it comes to patching the hardware flaws.

/ January 8, 2018

New Cryptocurrency Mining Malware Has Links to North Korea

Read full post A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.

/ January 8, 2018

With WPA3, Wi-Fi security is about to get a lot tougher

Read full post Finally, a security reprieve for open Wi-Fi hotspot users.

/ January 8, 2018

VTech to Pay $650,000 in FTC Settlement

Read full post VTech’s Kid Connect app and its Planet VTech platform collected personal information on 760,000 children without parental permission, the FTC alleges.

/ January 8, 2018

Emailed Cyberattack Targets 2018 Pyeongchang Olympics

Read full post More than 300 organizations associated with the 2018 Olympics have been hit with a targeted email campaign.

/ January 8, 2018

Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3

Read full post WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.

/ January 8, 2018

Cyxtera Technologies to Acquire Immunity

Read full post Deal will bring penetration testing products and services to Cyxtera’s threat analytics portfolio.

/ January 8, 2018

Facebook needs fixing, says Mark Zuckerberg

Read full post Mark Zuckerberg has set himself a doozy of a personal challenge for 2018

/ January 8, 2018

US Gov Outlines Steps to Fight Botnets, Automated Threats

Read full post The US Departments of Commerce and Homeland Security identify the challenges of, and potential actions against, automated cyberattacks.

/ January 8, 2018

Star Wars: The Last Jedi – the security review

Read full post We take an objective look at the security angles in Star Wars: The Last Jedi.

/ January 8, 2018

Ex-NSA hacker builds AI tool to hunt hate groups’ symbols online

Read full post She’s teaching NEMESIS to find white nationalists’ so-called dog whistles – the Black Sun and Pepe the frog memes – with object recognition.

/ January 8, 2018

Vulnerability Management: The Most Important Security Issue the CISO Doesn’t Own

Read full post Information security and IT need to team up to make patch management more efficient and effective. Here’s how and why.

/ January 8, 2018

How to hack public Wi-Fi to mine for cryptocurrency

Read full post A new attack called CoffeeMiner can exploit public Wi-Fi services to secretly mine cryptocurrencies.

/ January 8, 2018

MADIoT – The nightmare after XMAS (and Meltdown, and Spectre)

Read full post It is not feasible, in fact not even possible, to replace all CPUs in all devices. It would be too costly, besides the success rate for unsoldering and resoldering pin-throughs in multi-layer boards will never be 100%....

/ January 8, 2018

Monday review – the hot 15 stories of the week

Read full post From the Intel CPU flaw and the IP address errors leading to wrongful arrests to Microsoft’s plans to be “password free”, and more!

/ January 8, 2018

Breach of India’s Biometric Database Puts 1 Billion Users at Risk

Read full post The Tribune reports that hackers gained access to users’ names, addresses, phone numbers, and other PII.

/ January 5, 2018

Warrantless phone, laptop searches at the US border hit record levels

Read full post One leading Democratic senator says the newly-enacted directives explicitly allow border officials to try to bypass the password or encryption on a device without reasonable suspicion.

/ January 5, 2018

LockPoS Malware Sneaks onto Kernel via new Injection Technique

Read full post “Alarming evolution” of Flokibot bypasses antivirus software and was likely built by a group of advanced attackers, researchers say.

/ January 5, 2018

The Nightmare Before Christmas: Security Flaws Inside our Computers

Read full post How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.

/ January 5, 2018

Amazon turns over record amount of customer data to US law enforcement

Read full post The company’s fifth transparency report reveals more customer data was handed to US law enforcement in the first-half of last year than ever before.

/ January 5, 2018

Microsoft could soon be “password free”

Read full post Is it the beginning of the end for passwords?

/ January 5, 2018

Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite

Read full post Researchers have discovered severe vulnerabilities in the suite which can lead to full system takeover.

/ January 5, 2018

JPMorgan doesn’t trust YouTube to keep its ads out of sketchy channels

Read full post Following ads appearing next to hate-filled/extremist content, the bank says it’s not relying on Google to protect its brand.

/ January 5, 2018

New Adware Discovered in 22 Apps in Google Play

Read full post The ‘LightsOut’ adware is found is flashlight and utility apps, which have been downloaded between 1.5 million to 7.5 million times.

/ January 5, 2018

Children at ‘significant’ social media risk

Read full post Children aren’t getting enough guidance to cope with the emotional demands that social media puts on them, according to new report.

/ January 5, 2018

Meltdown and Spectre CPU Vulnerabilities: What You Need to Know

Read full post The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, and also affecting...

/ January 5, 2018

Cyber News Rundown: Edition 1/5/18

Read full post The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst with a passion for all things security. Any questions? Just ask. Researchers Find...

/ January 5, 2018

Top 3 Questions SMBs Should Ask Potential Service Providers

Read full post It can be daunting to step into the often unfamiliar world of security, where you can at times be inundated with technical jargon (and where you face real consequences for making the wrong decision). Employing an MSP...

/ January 4, 2018

Vendors Rush to Issue Security Updates for Meltdown, Spectre Flaws

Read full post Apple alone remains silent so far on potential impact to its products and its plans to address new side-channel attack vulnerabilities.

/ January 4, 2018

Google Apps Script Vulnerability Exposes SaaS to URL-based Threats

Read full post A new means of exploiting Google Apps Script lets attackers deliver malware using URLs.

/ January 4, 2018

Gemalto launches a new contactless credit card with a fingerprint reader

Read full post The new biometric-powered contactless cards use fingerprint recognition to authenticate the cardholder, in an effort to cut down on in-store fraud.

/ January 4, 2018

DHS Discovers Privacy Incident Involving Former Employee

Read full post Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.

/ January 4, 2018

Uber’s Biggest Mistake: It Wasn’t Paying Ransom

Read full post Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.

/ January 4, 2018

F**CKWIT – the video!

Read full post Here’s a video to help you decide what to do next about F**CKWIT, aka KAISER, aka KPTI, aka Meltdown, aka Spectre, aka The Intel Bug.

/ January 4, 2018

White House bans personal phones in the West Wing, citing security risks. (It only took a year.)

Read full post The White House chief information security officer, whose job it is to protect the president and senior staff from cyber threats, was fired in February and has not been replaced.

/ January 4, 2018

The Internet of (Secure) Things Checklist

Read full post Insecure devices put your company at jeopardy. Use this checklist to stay safer.

/ January 4, 2018