21 Jun 2019

Russia-Linked Hackers Hijack Infrastructure of Iranian Threat Group

A new Symantec report sheds light on the recent activity of Turla (aka Waterbug, KRYPTON, Venomous Bear), a Russia-linked cyber-espionage group. Since early 2018 the group has launched at least three distinct campaigns that all relied on different tools. The attacks have targeted 13 organizations, including government agencies, across 10

Read More
20 Jun 2019

76% of mobile apps have flaws allowing hackers to steal passwords, money, and texts

A new report by Positive Technologies underscores the prevalence of serious security flaws in mobile applications. The most common type of vulnerability is insecure data storage, which affects 76% of all mobile apps. Insecure data storage may under certain conditions be exploited by threat actors in order to obtain unauthorized

Read More
19 Jun 2019

Hacker Steals Customer Payment Info in EatStreet Data Breach

On May 3, a threat actor gained unauthorized access to the payment card information of an unknown number of customers of Eatstreet, a popular online food ordering service. The company discovered the incident on May 17 and swiftly locked the hacker out of their database. For customers who have used

Read More
18 Jun 2019

Security firm claims it can unlock any iPhone

Security firm Cellebrite claims it has found a way to unlock iPhones and other devices running iOS 7 to iOS 12.3. The company says that it can “bypass or determine locks and perform a full file system extraction” by using “sophisticated algorithms to minimize unlock attempts.” The Israeli company is

Read More
17 Jun 2019

Three US Universities Disclose Data Breaches Over Two-Day Span

A recent string of data breaches impacting three US universities serves as a reminder that universities are major targets for cybercrime. Graceland University discovered that an “unauthorized user gained access to the email accounts of current employees,” and was thereby able to obtain the personal information of anyone who had

Read More
14 Jun 2019

Ransomware rebounding in popularity as cryptojacking loses steam

Ransomware campaigns surged by 167% between Q4 of last year and the first three months of 2019, new research by Positive Technologies shows. Ransomware now accounts for 24% of all cyberattacks, up from 9% in Q4 of 2018. The resurgence of ransomware coincides with a drop in cryptojacking, i.e. the

Read More
14 Jun 2019

The Active Cyber Defense Bill is Back on the Table

On Thursday US Congressman Tom Graves, R-Ga. reintroduced the Active Cyber Defense Bill, which was first drafted in 2017 and has since then become known as the ‘hacking back’ bill as it would allow US cybersecurity officials to engage in certain types of offensive operations against threat actors. Experts are

Read More
13 Jun 2019

These are the Internet of Things devices that are most targeted by hackers

Of all the Internet-connected devices that make up the Internet of things (IoT), security cameras are most frequently targeted by hackers, a new report by SAM Seamless Network shows. Security cameras account for almost half (47%) of devices on home networks that are vulnerable to cyberattacks. In the US, the

Read More
13 Jun 2019

Two hacking groups responsible for huge spike in hacked Magento 2.x stores

New research by Sanguine Security shows that cyberattacks on websites relying on e-commerce content management system (CMS) Magento are surging due to increased activity by two hacking groups. The number of hacked websites using Magento 2.x has been doubling every month since March of this year. The campaigns are exploiting

Read More
12 Jun 2019

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

New research by bug bounty firm HackerOne shows that cross-site scripting (XSS) vulnerabilities are still the most common type of security flaw found in web applications. XSS flaws can enable attackers to inject malicious code into websites in order to steal sensitive information from users. Miju Han of HackerOne says

Read More