17 Sep 2019

Data of Virtually All Ecuadoreans Leaked Online

An unsecured cloud server has exposed highly sensitive personal data of practically all 17 million Ecuadoran citizens, including 6.7 million children. The leaked data affects around 20 million people (living or dead) and includes names, phone numbers, financial information, tax records and even government ID numbers called cédulas de identidad.

Read More
17 Sep 2019

Most Cyber Attacks Focus on Just Three TCP Ports

Almost two in three (65%) cyber campaigns targeting small to mid-sized businesses (SMBs) attack one of three popular TCP ports, namely port 22 (SSH, 35%), port 80 (HTTP, 15%) and port 443 (HTTPS, 15%), a new report by Alert Logic found. The fourth most targeted port is 3389, which is

Read More
17 Sep 2019

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks increased in the first half of this year, with many campaigns spoofing webmail and software-as-a-service (SaaS) providers, a recent APWG report[pdf] shows. The number of detected phishing campaigns surged from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019 and then grew further to 182,465 in

Read More
17 Sep 2019

Emotet, today’s most dangerous botnet, comes back to life

Four months after seemingly shutting down, the notorious Emotet botnet is once again being used to distribute spam, security researchers at SpamHaus warn. The new campaign involves emails with malicious links or attachments targeting Polish and German-speaking users. In May of this year, the command and control (C&C) servers of

Read More
17 Sep 2019

LastPass Patches Bug Leaking Last-Used Credentials

The Chrome and Opera browser extensions for the freemium password manager LastPass contained a vulnerability that could be exploited to make the application leak login credentials, a security researcher with Google recently discovered. In order to exploit the bug, threat actors needed to get victims to visit a malicious website

Read More
17 Sep 2019

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

New research by Independent Security Evaluators has uncovered a total of 125 security vulnerabilities in small office/home office (SOHO) routers and network-attached storage devices (NAS). The researchers tested 13 devices in total, from vendors including Asus, Lenovo and Netgear. The report warns that all of the devices under scrutiny “had

Read More
12 Sep 2019

China urges US to take steps to ensure North Korea talks resume

China wants the United Nations Security Council (UNSC) “in due course” to consider reversing some of the sanctions on North Korea to help the country “alleviate the difficulties brought to the economy and people’s livelihoods by the sanctions,” Chinese State Councillor Wang Yi said on Thursday. Wang expressed hope that

Read More
12 Sep 2019

Iranian Hackers Hit Over 60 Universities to Get Library Access

Between July and August of this year, Iranian state-backed hacking group Cobalt Dickens (aka Silent Librarian) targeted over 60 universities across four continents as part of a phishing campaign designed to obtain unauthorized access to university libraries. Secureworks tracked the campaign and recently revealed all known domains linked to the threat

Read More
12 Sep 2019

Simjacker vulnerability actively exploited to track, spy on mobile phone owners

Threat actors are actively exploiting a security weakness in SIM cards in order to covertly collect the location information of thousands of users, new research by AdaptiveMobile Security shows. The firm warns that the Simjacker attack, which involves sending malicious SMS messages to vulnerable devices, may put over 1 billion

Read More
12 Sep 2019

IT pros worry about humans but invest in data and cloud security

In a recent Canon survey, IT professionals indicated that the top security threats to businesses are malicious insiders (30%), human error (25%), and compromised devices (21%). Respondents said the best ways of protecting companies against these threats are data security, network security, and user authentication & ID management. The human factor

Read More