19 Jul 2019

APT Targets Diplomats in Europe, Latin America

New research by ESET provides insights into the activity of the Ke3chang advanced persistent threat (APT) group that is believed to be operating out of China. Since 2015, Ke3chang has been targeting diplomatic entities in various countries across the globe, with a particular focus on Europe and Latin America. Ke3chang

Read More
19 Jul 2019

Report Finds California Government IT Security Flaws

A recent report by California’s state auditor uncovered “high risk deficiencies” at 21 of 33 government entities that are not forced to follow security standards developed by the California Department of Technology. Certain entities had not implemented basic security measures including changing default passwords and patching vulnerable systems. The report

Read More
19 Jul 2019

Researchers Easily Trick Cylance’s AI-Based Antivirus Into Thinking Malware Is ‘Goodware’

Security researchers with Skylight Cyber have found a surprisingly easy way to let malware bypass Cylance’s AI-based anti-malware solution. The research shows that while artificial intelligence holds great potential for cybersecurity, AI-driven security offerings can be far from bulletproof.  In order to deceive Cylance’s algorithm, all the researchers had to

Read More
19 Jul 2019

Cyber Threat Analysis Report Vol 1, Edition 8

Is FaceApp a privacy breach or a blah?  This story and more in the analysis by Mike Tanji in this week’s Cyber Threat Analysis Report.

Read More
19 Jul 2019

Why 72% of people still recycle passwords

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

Read More
19 Jul 2019

Slack Resets Account Passwords Compromised During 2015 Hack

Slack has reset the passwords of 1% of its user accounts because these may have been compromised in a 2015 security breach. The company stated that this incident involved a third party obtaining unauthorized access to a Slack database containing “user profile information including usernames and irreversibly encrypted, or ‘hashed,’

Read More
19 Jul 2019

Bulgaria’s hacked database is now available on hacking forums

A database containing 11 GB worth of data on Bulgarian citizens that was recently leaked to local media outlets by an unidentified actor, is now available for download on hacking forums. The database allegedly contains only half of the information that was recently stolen from Bulgaria’s National Revenue Agency (NRA),

Read More
19 Jul 2019

Kazakhstan begins intercepting citizens’ web traffic to ‘protect them from cyber threats’

The government of Kazakhstan has advanced its surveillance efforts by beginning to intercept all HTTPS traffic within its borders by means of a special certificate that citizens must install on all their devices and browsers. The government has ordered local internet service providers (ISPs) to enforce the installation of the

Read More
19 Jul 2019

No love lost between security specialists and developers

Even though 7 in 10 software developers are expected to write secure code, they rarely receive instructions or assistance to help them avoid security flaws, a new GitLab survey shows. Moreover, 44% of developers indicated that security vulnerabilities are not addressed when their work is being evaluated. Meanwhile, more than

Read More
18 Jul 2019

800K Systems Still Vulnerable to BlueKeep

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable

Read More