268 Simulated Cyberattacks By Rapid7 Shows 84% Of Engagements Exploited

Rapid7 conducted hundreds of simulated cyberattacks, and recently published the results in a study that showed at least one vulnerability was exploited in 84% of engagements. The study, titled “Under the Hoodie,” reflects 268 tests conducted across a number of industries. Justin Jett, Director of Audit and Compliance at Plixer: “With the latest results from Rapid7’s Under […]

HNS Bot Adds Exploits To Hit Home Automation Systems & Devices

New Fortinet findings show that the P2P Hide ‘N Seek (HNS) botnet now also includes exploits to target home automation systems and devices, noting: “Hide ‘N Seek authors recently included an exploit for a HomeMatic Zentrale CCU2 remote code execution vulnerability, the malicious code allows the botnet to target devices in smart homes controller by the HomeMatic […]

Microsoft Office Vulnerabilities Used To Distribute FELIXROOT Backdoor Malware

A new hacking campaign aims to use old vulnerabilities in Microsoft Office software to create a backdoor into Windows systems to spy and steal files. Dubbed Felixroot, the malware is delivered to individuals in Ukraine using a weaponised phishing email claiming to contain seminar information on environmental protection, indicating that the selected victims are likely to […]

Developers Pose A Significant Phishing Risk, Says Node Summit

At the Node Summit in San Francisco, attendees were delivered a stark reminder that despite being among the most technical members of organisations, developers still pose a significant phishing risk. Tim Helming, Director of Product Management at DomainTools: “This is a timely reminder that no one, no matter how technically sophisticated or security-savvy they are, is ‘unphishable.’ Moreover, […]

LifeLock Exposes Millions Of Customer Email Addresses

Security blogger, Brian Krebs, posted yesterday  that identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers. Security firm Symantec, which acquired LifeLock in November 2016, tookLifeLock.com offline shortly after being contacted by KrebsOnSecurity. […]

Facebook’s Departing Security Chief’s Memo Calls For Privacy Reforms

social network to take on Facebook

Facebook’s departing head of security, Alex Stamos, wrote a memo amidst the Cambridge Analytica scandal, calling for Facebook to collect less user data, and re-evaluate the site’s approach to privacy. This memo was published yesterday by BuzzFeed News. Christopher Littlejohns, EMEA Manager at Synopsys: “We are living in a world where social platforms such as Facebook, Twitter, Reddit, […]