18 Jun 2019

US Govt Achieves BlueKeep Remote Code Execution, Issues Alert

The Cybersecurity and Infrastructure Security Agency (CISA) is urging users to patch the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. The agency, which operates under Department of Homeland Security oversight, issued the alert after achieving remote code execution on

Read More
18 Jun 2019

How Fraudulent Domains ‘Hide in Plain Sight’

New research by Proofpoint shows that over 3 in 4 firms have found fraudulent domains impersonating their company and a whopping 96% have discovered domains using their exact brand name, but a different top-level domain (TLD), i.e. examplebusiness.net instead of examplebusiness.com. According to Kevin Epstein of Proofpoint, fraudulent domains represent

Read More
18 Jun 2019

Equifax breach impacted the online ID verification process at many US govt agencies

A recent report[pdf] by the US Government Accountability Office (GAO) highlights a relatively unknown dimension of the impact of the massive 2017 Equifax data breach. The standard method used by many government agencies for identifying US citizens that want to apply for benefits through digital portals, was rendered unsafe by

Read More
18 Jun 2019

Samsung TVs should be regularly virus-checked, the company says

On Monday, Samsung issued a Tweet informing customers who own one of its smart TVs that they should be scanning their device for malware every few weeks. The message, which also contained a short instructional video, was met with confusion by customers and cybersecurity experts alike. Many customers expressed frustration

Read More
18 Jun 2019

Release of GandCrab 5.2 Decryptor Ends a Bad Ransomware Story

Bitdefender has released an updated version of a tool that can decrypt files encrypted by GandCrab ransomware. The free decryptor is the result of a collaborative effort by Bitdefender, the FBI and law enforcement agencies from various European countries. GandCrab was first released in January of last year and quickly

Read More
18 Jun 2019

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Read More
17 Jun 2019

Triton Attackers Seen Scanning US Power Grid Networks

New research by Dragos indicates that the threat actors behind the 2017 Triton (aka Trisis) malware attack that shut down a petrochemical plant in Saudi Arabia, started to scan power grids in the US and Asia-Pacific regions at the end of last year. Because of this, analysts are worried that

Read More
17 Jun 2019

Human error still the cause of many data breaches

A new survey by Shred-it shows that data breaches are very often the result of human error. The majority of C-suite executives (53%) and more than a quarter of Small Business Owners (SBOs) (28%) point to human error or accidental loss by an external vendor/source as the cause of data

Read More
17 Jun 2019

US Planted Powerful Malware in Russia’s Power Grid: Report

US intelligence officials have been investigating the Russian power grid since at least 2012 and recently began targeting power grid control systems in offensive operations, according to a recent New York Times report based on information from current and former government officials. The offensive operations involved infecting Russian systems with

Read More
17 Jun 2019

Twitter wipes out thousands of fake accounts connected to Iran, Russia

Once again, Twitter has purged thousands of inauthentic user accounts connected to influence operations. A total of 4,779 accounts were removed, many of which were tied to the Iranian regime, while a few were linked to Russia. According to the social media platform, more than 1,600 of the fraudulent accounts

Read More