The U.S. Department of Defense (DoD) and HackerOne, the leading hacker-powered security platform, today announced the results of the DoD’s sixth public bug bounty program. The Marine Corps is committed to fighting and winning in all domains, including cybersecurity, and Hack the Marine Corps is a key initiative of this campaign. The bug bounty challenge invited over 100 ethical hackers to test public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER)…
ISBuzz Team
A new report by Cybereason has detected multiple Betabot (aka Neurevt) infections in customer environments. Betabot is a sophisticated infostealer malware that’s evolved significantly since it first appeared in late 2012. The malware began as a banking Trojan and is now packed with features that allow its operators to practically take over a victim’s machine and steal sensitive information. Maor Hizkiev, CTO and Co-founder at BitDam: “Using a patched vulnerability has a very high return of investment, since it is easy to use and still useful in penetrating organisations. AVs as well as other email solutions just don’t cut it for the…
It has been reported that Burgerville says thousands of customers’ credit and debit card information may have been compromised during a cyberattack it learned of in late August. The Vancouver-based fast-food chain says anyone who used plastic at its restaurants between September 2017 through last week should carefully watch their card statements for unauthorised charges. Ryan Wilk, VP of Customer Success at NuData Security: “Cybercriminals are always hungry for credit card numbers and personal information. Unfortunately, from the moment a breach occurs until it is discovered, cybercriminals have ample time to broker the stolen data, leaving customers open to the impacts of identity theft. This…
Most small and medium sized businesses (SMBs) do not have enough defenses in place to protect, detect or react to attacks, making them an easy target for cyber attackers. In fact, the Ponemon Institute study found that only 14% of SMEs consider their own security as “very effective”. If you take a look around any modern SMB, you will see how IT solutions are critical to business success. The problem is that those very same businesses treat the security of these IT solutions as an onerous requirement. Because of that, SMBs have become a very lucrative target. According to the…
Q2 2018 statistics show 47 percent more incidents than in Q2 2017. Targeted attacks, at 54 percent, outnumbered mass campaigns. Positive Technologies’ report The Cyber Threatscape Q2 2018, found that data theft is the objective of an increasing number of online attacks. The most attractive targets were personal data (30%) and credentials (22%), especially for online banking. To steal this data, attackers compromised a wide range of websites, including web stores, ticket vendors, and hotel booking services. In May and June, a surge of attacks swept through cryptocurrency, affecting Verge, Monacoin, Bitcoin Gold, ZenCash, Litecoin Cash, and others. Attackers stole…
Following the news that over 50 million Facebook accounts were compromised in a major hack, it has now been discovered that hacked Facebook accounts are being sold on the dark web. Jack Moore, Cyber Security Specialist at ESET UK: ‘“This was inevitably going to be the headline that was feared by many. If this is in fact genuine stolen data and such information is to be exploited by criminals, it could potentially be used to spy on user’s most private information, commit identity theft or worse still, blackmail Facebook users with compromising information. Criminals are always looking for ways to…
California Gov. Jerry Brown has signed legislation which bans the use of undeclared bots during elections. The new rule also applies at all times to bots used for sales purposes unless they are very clear about their identity. The new bill will come into force on 1 July 2019: “This bill would, with certain exceptions, make it unlawful for any person to use a bot to communicate or interact with another person in California online with the intent to mislead the other person about its artificial identity for the purpose of knowingly deceiving the person about the content of the communication in…
Research from McAfee has discovered that Kim Kardashian is the most dangerous celebrity of 2018 to search for online. The firm measured how many malicious websites were associated with the names of celebrities. Tim Helming, Director of Product Management at DomainTools: “This is further evidence that consumers need to exercise extreme caution when online. Kim Kardashian is an incredibly popular pop culture figure with a range of products available, making cybersquatting on her name a hacker’s dream. We have identified 29 active domains via our PhishEye technology with a risk score of over 70 associated with her name, meaning it is highly likely…
Google is tightening up security for Chrome extensions in an effort to prevent malicious extensions from getting into its web store. Starting from January next year, Google will require all extensions in stable or download the beta products only from Chrome Web Store. Currently, users can install extension from anywhere which makes it quite easy for adversaries to publish malicious extensions. Mike Bittner, Digital Security & Operations Manager of The Media Trust commented below as part of our security experts comments series. Mike Bittner, Digital Security & Operations Manager at The Media Trust: “Google’s decision to tighten their security policies…
The authentication method has been ignored in high-risk use cases. It could pave the way to a safer, easier Internet. In his excellent Insider Feature about password alternatives and enhancements, Michael Nadeau wrote: “The big risk with social login is that all sites a user accesses via, say, Google will be compromised if that Google account is compromised. Attackers can take control of a social account in a number of ways: social engineering, creating a fake profile, or buying a user ID and password on the dark web. Users can mitigate this risk if they turn on optional authentication features like 2FA,…