24 Jun 2019

TripAdvisor Invalidates Member Passwords Found in Data Breaches

TripAdvisor is taking a proactive approach to prevent its users from falling victim to credential stuffing attacks by invalidating member passwords if the password and corresponding email address were found in publicly leaked data breach databases. Credential stuffing attacks, in which a threat actor uses leaked or stolen login credentials

Read More
24 Jun 2019

US Struck Iranian Military Computers This Week: AP Sources

While United States President Donald Trump abruptly canceled strikes on Iranian targets last Thursday, the US did launch attacks on Iran in cyberspace that day, US officials said this weekend, adding that Trump had approved the offensive measures. US Cyber Command took down Iranian systems used by Iran’s Islamic Revolutionary

Read More
24 Jun 2019

US Adds AMD Joint Venture to Entity List

In the latest episode in the technological cold war between the US-China, the US Department of Commerce has added five Chinese organizations to its list of foreign entities that are considered a security risk. The list was established last month when US President Donald Trump signed an executive order enabling

Read More
24 Jun 2019

Free proxy service found running on top of 2,600+ hacked WordPress sites

Netlab researchers are warning that the Free-Socks.in proxy service is a front for a criminal operation, as the service runs on top of a massive botnet consisting of 2,692 WordPress sites, nearly half of which are hosted in the US. The compromised websites have been infected with the Linux.Ngioweb backdoor

Read More
24 Jun 2019

WeTransfer Security Incident Sent Files to the Wrong People

A security incident at the highly popular WeTransfer file sharing service has violated the privacy of an unknown number of users whose files were sent to the wrong people. The incident occurred on June 16th and 17th. WeTransfer is informing impacted users, and claims that it does not yet know

Read More
24 Jun 2019

Pledges to Not Pay Ransomware Hit Reality

Last week, the City Council of Riviera Beach stated that its decision to pay $600,000 in ransom to threat actors that infected the city network with ransomware, was made based on the advice of external security consultants. This move was criticized by many in the cybersecurity industry, because paying up

Read More
24 Jun 2019

UK Police suspend work with major forensics firm after cyber-attack

A recent ransomware attack on forensics firm Eurofins has impacted operations of the UK police department, which is now dealing with an increasing backlog of pending forensic investigations. Eurofins provides various types of forensic services, including DNA analysis, toxicology, ballistics and computer forensics work. It is believed that the UK

Read More
24 Jun 2019

Cyber-Risks Hiding Inside Mobile App Stores

A new RiskIQ shows that the number of blacklisted mobile apps increased by 15% between Q4 of 2018 and Q1 of this year. However, Google is increasingly successful at barring malicious Android apps from its official app store, resulting in a 64% decrease of blacklisted apps hosted on Google Play

Read More
21 Jun 2019

Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount

In the midst of rising US-Iran tensions, security researchers with Crowdstrike and Dragos have uncovered a new Iranian cyber campaign targeting organizations in the United States. The state-backed Iranian hacking group APT33 (aka Magnallium, or Refined Kitten) is behind the phishing campaign that has targeted around half a dozen organizations

Read More
21 Jun 2019

Millions of Dell PCs Vulnerable to Attack: Patch Now

A new report by SafeBreach warns that millions of Dell computers are at risk of being remotely compromised by threat actors due to a critical vulnerability in SupportAssist, a hardware-diagnostics tool that comes preinstalled on all Dell machines. The flaw affects a SupportAssist component made by PC-Doctor. As many as 100

Read More