15 May 2019

How Pro-Iran Hackers Spoofed FP and the News Media

A new report by Citizen Lab sheds light on a sophisticated disinformation campaign that aims to spread Iranian propaganda by promoting articles on spoofed news websites through phony Twitter accounts. The ongoing campaign, dubbed “Endless Mayfly,” started in 2016 and involved at least 11 fake Twitter personas that targeted journalists

Read More
15 May 2019

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

As part of this month’s patch Tuesday, Microsoft released a critical patch for CVE-2019-0708, a “wormable” vulnerability affecting Windows 7, Windows Server 2008 R2, and Windows Server 2008 and various older operating systems. Due to the extraordinary severity of the flaw, Microsoft also released versions of the patch for otherwise

Read More
15 May 2019

Employees are aware of USB drive security risks, but don’t follow best practices

A new report by Apricorn shows how poor USB drive security practices of employees are putting companies at risk. The survey found that employees are often the reason USB drives are used in the workplace (this is true for 68% of organizations). And even though the vast majority of employees

Read More
15 May 2019

Over 460,000 E-Retailer User Accounts Hacked

Between April 23 and May 10, threat actors compromised 461,091 user accounts for the e-commerce portals of Uniqlo and GU, the Japanese company that owns the two brands acknowledged in a statement on Monday. Fast Retailing Co., the biggest retail firm in Asia, said that hackers managed to obtain access

Read More
15 May 2019

Website Attack Attempts Rose by 69% in 2018

New research by Sitelock indicates that attempts to attack websites are on the rise. In 2018, the average website faced 62 attack threats on a daily basis. The most common attacks involved the use of backdoors, shells, and JavaScript files (cross-site scripting or XSS). XSS attacks target visitors, since they

Read More
14 May 2019

The NSA knows its weapons may one day be used by its targets

Several large scale cyber attacks have utilized cyberweapons and exploits first developed by the United States military and intelligence communities. While much has been done to develop vulnerability equities programs and responsible disclosure processes, such tools are an essential component of our cyber mission and will continue to be developed

Read More
14 May 2019

Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security

With recent disclosures surrounding medical embedded device security, hospitals are looking to in-room device manufacturers to provide additional disclosures and guaranties around medical devices and software in use at their locations. “Hospital-technology officials say gaining access to the software running inside devices—and knowledge of its vulnerabilities—would help them build firewalls

Read More
14 May 2019

Korean APT Groups Evolving And Gaining Operational Expertise: One adds rare bluetooth device harvester tool

In the dynamic world of cyber conflict organizations either evolve or die. Tracking how threat actors evolve can help better position our defenses. One dynamic of note is the evolution of the APT group known as Group 123, Reaper or ScarCruft. ScarCruft attracted some attention early last year for employing

Read More
14 May 2019

Patching Our Digital Future Is Unsustainable and Dangerous

In a new essay, Melissa Hathaway makes the case for more sustainable and deliberate collective approaches to building security and trust into new systems and more robust disclosure processes. “We must become much more strategic in how new digital technologies are created and deployed.  Over the last 30 years, we

Read More
14 May 2019

How a Chinese spy stole some of the Pentagon’s most sensitive secrets

In a story excerpted from Jim Sciutto’s book Shadow War, additional details regarding China’s business espionage activities is detailed. “As it turns out, Su and his partners would have unfettered access inside Boeing’s network for three years before the intrusion was first discovered. During that time, they would claim to

Read More