11 Oct 2019

Gaming, photo apps in Google Play infect Android handsets with malware

Last month, researchers with Dr. Web discovered that a number of apps on the Google Play Store were riddled with malware, including banking Trojans, adware, spyware, and info stealers. The malicious apps claimed to be games, tools, camera plugins or other seemingly legitimate software. Among the discovered malware samples was

Read More
11 Oct 2019

Imperva blames data breach on stolen AWS API key

Last month, cybersecurity firm Imperva announced that the data of a “subset of customers” of Imperva’s Cloud Web Application Firewall was exposed in a “security incident” in September 2017. This week, the company published an analysis of the breach, which shows that the incident was made possible by the company

Read More
11 Oct 2019

Escort forums in Italy and the Netherlands hacked, user data put up for sale

Two European web forums serving sex workers and their customers have been breached by a Bulgarian threat actor who is now selling 330,000 stolen user records on underground marketplaces. The hacker, who uses the moniker InstaKilla, exploited a recently disclosed critical vulnerability in vBulletin in order to steal 300,000 records

Read More
10 Oct 2019

Most Americans can’t recognize 2FA, HTTPS, or private browsing

Most US adults are not familiar with basic tech and cybersecurity concepts, a new survey by Pew Research Center reveals. Just 28% of respondents were capable of selecting an example of two-factor authentication from a set of images, and only 30% knew what HTTPS is. Furthermore, less than a quarter

Read More
10 Oct 2019

Impact and prevalence of cyberattacks that use stolen hashed administrator credentials

A recent One Identity survey[pdf] conducted among IT professionals sheds light on Pass the Hash (PtH) attacks, in which threat actors use stolen hashed administrator credentials in order to compromise systems. A staggering 95% of organizations have suffered PtH attacks that impacted business operations. PtH attacks often impacted operational costs

Read More
10 Oct 2019

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

In the past 12 months, 56% of utility companies around the world suffered at least one cyberattack resulting in the loss of private data or downtime affecting their operational technology (OT) systems, a recent survey by Siemens and Ponemon Institute found. More than half are anticipating a cyberattack targeting critical

Read More
10 Oct 2019

Researchers Discover Spy Platform with GSM Fingerprinting

An investigation by ESET has uncovered Attor, a previously unknown cyber-espionage platform that has been used by threat actors to carry out campaigns targeting government and diplomatic entities in Eastern Europe since at least 2013. Zuzana Hromcová of ESET said the attacks were “highly targeted at users of these Russian

Read More
10 Oct 2019

Financial industry spending millions to deal with breaches in 2019

82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over

Read More
10 Oct 2019

Moroccan Activist Says NSO’s Elite Spy Tools Hacked His iPhone

A new report by Amnesty International accuses Israeli spyware vendor NSO Group of providing the Moroccan government with cyber espionage tools that were used to target a freedom of expression activist and a human rights lawyer in the country. The targets both received text messages containing malicious links that would

Read More
10 Oct 2019

iTerm2 Patches Critical Vulnerability Active for 7 Years

For the last seven years, iTerm2, the most used terminal emulator for macOS, contained a critical flaw that could have enabled threat actors to run arbitrary code on vulnerable systems in various ways. This is especially worrisome considering the fact that the application’s user base consists in large part of

Read More