17 Sep 2019

Most Cyber Attacks Focus on Just Three TCP Ports

Almost two in three (65%) cyber campaigns targeting small to mid-sized businesses (SMBs) attack one of three popular TCP ports, namely port 22 (SSH, 35%), port 80 (HTTP, 15%) and port 443 (HTTPS, 15%), a new report by Alert Logic found. The fourth most targeted port is 3389, which is

Read More
17 Sep 2019

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks increased in the first half of this year, with many campaigns spoofing webmail and software-as-a-service (SaaS) providers, a recent APWG report[pdf] shows. The number of detected phishing campaigns surged from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019 and then grew further to 182,465 in

Read More
17 Sep 2019

Emotet, today’s most dangerous botnet, comes back to life

Four months after seemingly shutting down, the notorious Emotet botnet is once again being used to distribute spam, security researchers at SpamHaus warn. The new campaign involves emails with malicious links or attachments targeting Polish and German-speaking users. In May of this year, the command and control (C&C) servers of

Read More
17 Sep 2019

LastPass Patches Bug Leaking Last-Used Credentials

The Chrome and Opera browser extensions for the freemium password manager LastPass contained a vulnerability that could be exploited to make the application leak login credentials, a security researcher with Google recently discovered. In order to exploit the bug, threat actors needed to get victims to visit a malicious website

Read More
17 Sep 2019

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

New research by Independent Security Evaluators has uncovered a total of 125 security vulnerabilities in small office/home office (SOHO) routers and network-attached storage devices (NAS). The researchers tested 13 devices in total, from vendors including Asus, Lenovo and Netgear. The report warns that all of the devices under scrutiny “had

Read More
16 Sep 2019

U.S. imposes sanctions on North Korean hackers accused in Sony attack, dozens of other incidents

The U.S. Department of Treasury imposed sanctions on three North Korean hacking groups controlled by the state’s primary intelligence agency, the Reconnaissance General Bureau. Officials claim the Lazarus Group, Bluenoroff, and Andariel used ransomware and attacks on banks, ATM networks, gambling sites, online casinos, and cryptocurrency exchanges to fund Pyongyang’s

Read More
16 Sep 2019

Cyberattacks On IOT Devices Surge 300% In 2019, ‘Measured In Billions’, Report Claims

A new report by F-Secure warns that cyberattacks on IoT devices are accelerating at an unprecedented rate. The company uses a network of honeypots to attract everyday attacks and discovered more than 2.9 billion attack events in the first half of 2019. Security researchers noted that the honeypots were dominated

Read More
16 Sep 2019

New Cyber Warning: ISIS Or Al-Qaeda Could Attack Using ‘Dirty Bomb’

Lt.-Gen Vincent Stewart, former deputy chief of U.S. Cyber Command and director of the Pentagon’s Defense Intelligence Agency, warns that the West continues to underestimate al-Qaeda or ISIS’ cyberattack capabilities. He says that while much of the cyber threat has rightly been focused on Russia, China, North Korea, and Iran,

Read More
16 Sep 2019

Cybercriminals shop for admin access to healthcare portals

A report by cybersecurity firm IntSight identifies hackers are increasingly targeting healthcare institutions with lax security measures. IntSight chief security officer Etay Maor said historically, the healthcare industry has not had as robust security as high profile targets like the financial sector. “Once cybercriminals started realizing that financial institutions are

Read More
16 Sep 2019

Could hackers gain a global ‘kill click’?

Congress claims the internet cables that connect the world are vulnerable to cyberattacks and it is unclear who is in charge of protecting them. The question of jurisdiction remains murky, largely due to the vast amounts of private-sector ownership of the internet architecture. However, the Department of Homeland Security (DHS)

Read More