Pentagon Creates ‘Do Not Buy’ List Of Chinese And Russian Software Providers

In response to the news that the Department of Defense (DOD) has confirmed it has been silently working on a “Do Not Buy” list of companies known to use Chinese and Russian software in their products, security experts commented below. Johnathan Azaria, Security Researcher Specialist at Imperva: “This is not surprising when considering that some […]

New Cryptomining Malware That Is Targeting Corporate Networks

Researchers have uncovered a cryptojacking campaign that looks to spread across infected networks, targeting business PCs and servers. Bob Noel, Director of Marketing and Strategic Partnerships at Plixer: “When PowerGhost makes its way onto a corporate network, the business is being robbed of key resources. This negatively impacts productivity, profitability and customer satisfaction. There are […]

Analyzing A Sophisticated, Large-Scale Malvertising Campaign

Researchers at leading cyber-security vendor Check Point have shown how criminals are using a new and complex method to abuse the digital infrastructure of the online advertising industry to spread malware to millions of online surfers worldwide. This is widely known as ‘malvertising’ and, in this case, started with the compromising of thousands of WordPress […]

Major Online Fashion Brands Suffer Data Breach Affecting 1.4 Million

Around 1.4 million customers of a number of UK clothing and accessories websites have had their personal information exposed following a security breach at an IT services provider that they were sharing. Brands such as Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags, DLSB (Dirty Little Style Bitch), and Traffic People were affected. Lee Munson, […]

Dixons Carphone

It has been reported today that Dixons Carphone has announced that the huge data breach that took place last year involved 10 million customers, which is significantly up from its original estimate of 1.2 million. The company said personal information, names, addresses and email addresses may have been accessed, however no bank details were taken and it had found no […]

SysAdmins In The Limelight

In every theatre performance, we cheer and clap for the leads on stage, but how often do we give credit to those working behind the scenes? Without them though, the show couldn’t go on, and the same is true for any organisation when it comes to SysAdmins. SysAdmin Day provides us with an opportunity to […]

Samsung Smart Hub Flaws Leaves Home Devices Open To Attack

Researchers have found 20 flaws in Samsung’s SmartThings Hub controller – opening up supported third-party smart home devices to attack. Commenting on the news are the following security professionals: Craig Young, Principal Security Researcher at Tripwire:  “For an attacker, smart home hubs are an ideal point of attack. A compromised hub can not only give […]

New “Netspectre” Can Attack & Exfiltrate Over Network, Without Code On Victim Machine Or Malicious Javascript Clicks

Graz University has just published findings on a new type of Spectre attack –  NetSpectre: Read Arbitrary Memory over Network. –  which attacks through network connections, without code on a target victim’s machine. This new type of Spectre threat does not require malware on a victim’s machine or a click on malicious JavaScript. Two security experts with Juniper networks offer perspective in […]

268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited

Rapid7 conducted hundreds of simulated cyberattacks, and recently published the results in a study that showed at least one vulnerability was exploited in 84% of engagements. The study, titled “Under the Hoodie,” reflects 268 tests conducted across a number of industries. Justin Jett, Director of Audit and Compliance at Plixer: “With the latest results from Rapid7’s Under […]