30 Jul 2019

Flaws Allow Hacker to Bypass Card Limits

New research by Positive Technologies has uncovered serious vulnerabilities that can enable threat actors to bypass payment limits during contactless payments. The flaws, which were tested for five UK banks but also for terminals in other countries, could allow hackers to steal unlimited amounts from contactless cards. Tim Yunuso of

Read More
26 Jul 2019

Russia targeted election systems in all 50 states, Senate concludes

A new, heavily redacted report by the US Senate Intelligence Committee confirms that in 2016, Russian state-backed hackers carried out attacks on election systems in all 50 United States. Hacking activity related to this campaign started in 2014 and went on until at least 2017, according to the report. The

Read More
26 Jul 2019

Russian Threat Group May Have Devised a ‘Man-on-the-Side’ Attack

Members of Iron Liberty, a cyber espionage group operating from Russia, have been using a novel attack technique dubbed “man-on-the-side” (MOTS) in order to install malware on targeted systems, research by Secureworks has found. MOTS resembles the well-known man-in the-middle (MITM) attack in which a threat actor covertly relays and

Read More
25 Jul 2019

Cybercrime Costs Global Economy $2.9m Per Minute

Global losses to cybercrime total $1.5 trillion per year, which amounts to $2.9 million per minute, a new report by RiskIQ shows. Some of the largest companies are losing $25 each minute due to security breaches. Phishing campaigns accounts for losses of $17,700 per minute and ransomware attacks are expected to

Read More
25 Jul 2019

FBI Director Names China the Nation’s Most ‘Severe Counterintelligence Threat’

In a Tuesday testimony before the Senate Judiciary Committee, FBI Director Christopher Wray stated that “there is no country that poses a more severe counterintelligence threat to this country right now than China.” Wray also warned that Russia is still “absolutely intent” on interfering in the 2020 US presidential election.

Read More
25 Jul 2019

APT-doxing group exposes APT17 as Jinan bureau of China’s Security Ministry

The identities of three members of China-linked hacking group APT17 (aka Deputy Dog or Axiom) have been exposed by a group of anonymous cybersecurity researchers known as Intrusion Truth. By doxing three individuals that seemed to be part of APT17, Intrusion Truth revealed that one of them is an officer of

Read More
25 Jul 2019

US company selling weaponized BlueKeep exploit

Earlier this week, US cybersecurity firm Immunity Inc. announced that it has added a functional BlueKeep exploit to its commercial pen-testing toolkit called CANVAS v7.23. BlueKeep, tracked as CVE-2019-0708, impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. It is a very dangerous flaw because it could be

Read More
24 Jul 2019

Survey: Only Half of Organizations Believe They Can Stop Cyber Attacks

A new global survey conducted by CyberArk indicates that half of organizations have little confidence in their cyber defenses and actually believe that threat actors can break into their networks whenever they want to. When it comes to threats to their critical assets, organizations are mostly worried about hackers (78%),

Read More
24 Jul 2019

Penetration Test Data Shows Risk to Domain Admin Credentials

Rapid7 has released a new report combining data from 180 real-world penetration tests carried out in enterprise environments. The research indicates that the data protection efforts of nearly all organizations (96%) are seriously undermined by at least one serious flaw in their systems. Moreover, pentesters managed to obtain at least

Read More
23 Jul 2019

Critical RCE Flaw in Palo Alto Gateways Hits Uber

Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN

Read More