UK Government Blames Russia For Destructive Cyberattack

Following the news that the UK government has blamed Russia for last year’s destructive NotPetya cyberattack, Andy Norton, director of threat intelligence at malware detection firm Lastline explains why attribution of these types of attacks is generally a fruitless and pointless task and why it’s much more important to understand the behavioural capability of the threat. Andy Norton, Director of Threat Intelligence at […]

New Facebook Privacy Issues

Experts from security and privacy advice and comparison website Comparitech commented on two new developments affecting Facebook users this week: German court rules Facebook use of personal data illegal Lee Munson, Security Researcher at Comparitech: “A German court ruling – that Facebook does not go far enough in obtaining consent from users before using their personal data […]

Major Bug Forces Microsoft To Rebuild Skype

Back Door Malware that Targets Skype

It is being reported that Skype has fallen victim of a security flaw that can allow attackers to gain system-level privileges to vulnerable computers, Microsoft has confirmed. However, the company won’t immediately fix the issue because doing so would require a complete code overhaul. Jim DelGrosso, Senior Principal Consultant at Synopsys commented below. Jim DelGrosso, Senior Principal Consultant at Synopsys:  “Although the details […]

Why You Must Update Snapchat Even If You Hate The New Design!

SnapChat

Snapchat’s latest update has left users angry over its confusing design, leading many to avoid updating the app. This, however, should not be avoided as it will leave you potentially exposed to being hacked, as security advocate Javvad Malik at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: “Keeping software patched and up to date is […]

Thursday’s NY DFS Cybersecurity Deadline

30-Day Cybersecurity Sprint

It’s almost been a year since The New York Department of Financial Services (NY DFS) put forward cybersecurity regulation Part 500 for financial institutions who are either under the direct jurisdiction of the DFS or doing business in the state. And on Thursday, February 15th, this regulation will come into full effect, mandating that organizations submit a […]

Government’s Effort To Beef Up Cybersecurity In The Energy Sector

Under the president’s proposed budget for fiscal 2019, A new office of Cyber5security, Energy Security and Emergency Response (CESER) would be established to help monitor and improve energy sector cybersecurity among other responsibilities. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “With cyber threats like Triton, Industroyer and WannaCry […]

Gartner Provides Seven Steps Security Leaders Can Take To Deal With Spectre And Meltdown

Security and Risk Management Leaders Need to Take a Balanced Approach to Tackling a New Class of Vulnerabilities Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner, Inc. “Spectre” and “Meltdown” are the code names given to different […]

FedEx Customer Documents Exposed In Mass Data Breach

Rapid Automation and Industrialization of Cyber Attacks

It has been reported that an unsecured FedEx server was breached, exposing thousands of customers’ personal information, a prominent security research firm discovered earlier this month. Package forwarding service Bongo International was acquired by FedEx in 2014 and now serves as a e-commerce service called FedEx Cross Border. But an unsecured Amazon S3 server, according to the white hat research group Kromtech, […]

81 Percent Of Cybersecurity Pros Agree: Cyber Threat Intelligence Improves Prevention, Detection, And Response Capabilities

SANS Report Sponsored by DomainTools Reveals Cyber Threat Intelligence (CTI) Gaining Momentum as Organizations Battle to Keep Up with Hackers As cyberattacks and attackers become more blatant and pervasive each year, a new SANS Institute report, in conjunction with DomainTools, shows organizations around the globe are turning towards Cyber Threat Intelligence (CTI) to detect, respond, […]

JavaScript Cryptomining Scripts Discovered In 19 Google Play Apps

It was reported yesterday that 19 Android applications in Google Play were found to be cryptojacking by secretly loading an instance of the Coinhive script without user knowledge. An analysis of the malicious apps revealed that app authors —believed to be the same person or group— hid the Coinhive JavaScript mining code inside HTML files in the apps’ /assets folder. […]