23 Aug 2019

CISA Chief Unveils Vision for Federal Cybersecurity

Federal civilian agencies shouldn’t have to fend for themselves when it comes to managing cyber risk, Chris Krebs said on Thursday. According to the Director of the US Cybersecurity and Infrastructure Security Agency (CISA), the current arrangement is “not a particularly defensible posture,” and may therefore see a complete overhaul

Read More
23 Aug 2019

Cyber attackers exploiting poor cloud security

A new report by Outpost24 indicates that even though 42% of organizations are worried about cloud security, many are not doing enough to protect their cloud environment. For example, 11% of firms never perform cloud security tests and 19% do so only once a year. This is worrisome, for cyberattacks

Read More
23 Aug 2019

Microsoft Tops Phishers’ Favorite Brands as Facebook Spikes

Microsoft remains the most impersonated brand in phishing attacks despite a 6.8% decline in unique Microsoft phishing URLs in the second quarter of this year, a new report by Vade Secure shows. PayPal clinched second place and Facebook completed the top three thanks to a 155% surge in campaigns spoofing

Read More
23 Aug 2019

Alaska Had the Most Cybercrime Victims Per Capita in 2018

New data by CenturyLinkQuote shows that residents of Alaska are more likely to fall for Internet scams than people in other parts of the country. With 22  cybercrime victims per 10,000 residents, The Last Frontier tops the ranking for the second year in a row. The numbers are based on

Read More
23 Aug 2019

IT Security Pros: Encryption Backdoors Are Election Hacking Risk

The vast majority (80%) of security professionals believe that government-mandated backdoors in tech products would put countries at risk of cyberattacks targeting election infrastructure, and 74% believe they render states vulnerable to nation-state attacks. These views contrast with United States Attorney General William Barr’s recent claims that increased encryption of

Read More
23 Aug 2019

LinkedIn stopped more than 21 million fake accounts this year, but legitimate users are the real challenge

In the first half of 2019, LinkedIn banned or blocked over 21.6 million fake accounts, 19.5 of which never made it past the registration stage, new figures released by the professional networking platform show. Of the accounts that did go live, around 2 million were detected by employees and the

Read More
23 Aug 2019

Open-source spyware bypasses Google Play defenses — twice

Threat actors managed to upload a spyware-serving radio app to the Google Play Store twice within two weeks, ESET discovered. The app was called Radio Balouch and while it actually worked as advertised, it also infected users with AhMyth, an open-source remote access spyware tool. After the app made it

Read More
23 Aug 2019

The patching paradox: vulnerability scoring leads to slower high-risk remediation

New research by Kenna Security confirms that vulnerabilities are patched faster in firms that have a mature vulnerability management program. While this is hardly surprising, the study also reveals that in the context of patch management, paying too much attention to the Common Vulnerability Scoring System (CVSS) may actually result

Read More
23 Aug 2019

Employees connect nuclear plant to the internet so they can mine cryptocurrency

Earlier this year, several employees at a nuclear power plant in southern Ukraine connected part of the internal network to the Internet in order to mine cryptocurrency, authorities said. The Ukrainian Secret Service (SBU) is investigating the incident to check if attackers may have used the Internet-facing mining rigs (computers

Read More
22 Aug 2019

China is Spying on Cancer Research

The three biggest cyber threats to healthcare organizations are cyber espionage, data theft and destructive cyber attacks, a new FireEye report indicates. According to the study, threat actors are selling numerous compromised healthcare databases on underground forums, most of which costs less than $2,000. These databases contain the personally identifiable

Read More