25 Jan 2019

Massive mortgage and loan data leak gets worse as original documents also exposed

Earlier this week, a security researcher found an unprotected Elasticsearch server that exposed financial data relating to tens of thousands of current and former loan- and mortgage holders in the US. The database contained converted versions of text documents mentioning names, birth dates, address details, social security numbers and other

Read More
25 Jan 2019

Cloud Customers Faced 681M Cyberattacks in 2018

According to a new report by Armor, a total of 681 million cyberattacks targeted cloud customers in 2018. The most popular attack techniques employed by threat actors were exploiting software flaws; accessing accounts through by brute-forcing or through stolen login data; targeting poorly secured devices that are part of the

Read More
25 Jan 2019

This malware uses debt to prey on banking victims

Security researchers with Palo Alto Networks have been tracking a malware campaign involving the distrubution of the Redaman banking Trojan through widespread malspam campaigns with varying subject lines relating to debt collection and other financial obligations. The campaign mainly targets Russian speakers, although emails containing the Trojan as an attachment have been

Read More
24 Jan 2019

‘Nearly all’ American networks will be susceptible to cyberattacks

The Office of the Director of National Intelligence has released a new four-year strategy for the American intelligence community. The main topic of the road-map is cybersecurity, while the document also focuses on subjects such as counter-terrorism and counter-proliferation. “As the cyber capabilities of our adversaries grow, they will pose increasing threats

Read More
24 Jan 2019

Cyberattacks fueled by geopolitical tension are increasing

A new report by Carbon Black indicates that geopolitical tensions between democratic western countries and authoritarian states such as Russia, China, North Korea, and Iran, lie at the root of an increasing number of cyberattacks. For instance, almost 50% of incident response investigations undertaken for Carbon Black customers in 2018 were

Read More
24 Jan 2019

New Anatova Ransomware Supports Modules for Extra Functionality

Security researchers with McAfee have discovered a new ransomware strain dubbed Anatova. The ransomware was found disguised as a game in a peer-to-peer network. Anatova will encrypt files on infected computers and subsequently demand a ransom of around $700 in DASH cryptocurrency (10 coins). The campaign is targeting users around the globe,

Read More
24 Jan 2019

Microsoft remains the most impersonated brand, Netflix phishing spikes

According to Vade Secure’s latest phishing report, the most impersonated brand in the final quarter of last year was Microsoft (again). The other brands making up the top 10 were Netflix, Paypal, Bank of America, Chase, DHL, Facebook, Docusign, Linkedin and Dropbox. Phishing messages pretending to come from Netflix increased

Read More
24 Jan 2019

Global Talent Shortage is Top Emerging Risk Facing Organizations

Talent shortage has clinched the top spot in the latest version of Gartner’s Emerging Risks Survey, which is based on data from the fourth quarter of 2018. The other top entries in the list of emerging risks for businesses were accelerating privacy regulation, the rapid pace of change, lagging digitization, and misconceptions

Read More
24 Jan 2019

Apple Patches Dozens of Vulnerabilities in iOS, macOS

Apple has released security patches and other fixes for a host of flaws affecting iOS, macOS, tvOS, watchOS, Safari and iCloud. Many of the 31 iOS patches fixed arbitrary code execution vulnerabilities affecting various features including Bluetooh, FaceTime and Kernel. Other iOS security flaws that were addressed could have enabled

Read More
23 Jan 2019

DHS releases emergency order to prevent DNS hijacking

On Tuesday afternoon, the Department of Homeland Security ordered federal agencies to implement a variety of security measures aimed at preventing DNS hijacking attacks. As part of such attacks, threat actors target the domain name system (DNS) infrastructure that plays an essential role in directing Internet traffic, in order to redirect

Read More