• Canada’s Recommendations for Digital Security in the Financial Sector
    In fact, the Canadian Parliament’s Standing Committee on Public Safety and National Security (the Committee) decided to investigate digital security in the financial sector as a national economic security issue. Recommendation 1: The Committee recommends that, in the next Parliament, the House of Commons Standing Committee on Public Safety and National Security establish a sub-committee dedicated to studying the public safety and national security aspects of cybersecurity, with potential areas of inquiry including international approaches to critical infrastructure protection, impact of emerging technologies, and cyber supply chain security.Read More
  • Microsoft Chromium Edge Bug Bounty Program Offers Up To $30,000
    Microsoft has launched a bug bounty program for Chromium Edge, with security starting to become an even more important aspect as the web browser moves closer to its first official release. Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google’s Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure. The Microsoft Edge Insider Bounty Program is inviting cybersecurity experts across the world to identify vulnerabilities in the Chromium Edge browser, with rewards ranging from $1,000 to $30,000 depending on the severity and impact of the bug. The bug bounty program is seeking vulnerabilities that are only found on Chromium Edge and not in any other browser based on the same engine. In our hands-on review of the Chromium Edge beta, the browser proved to be a big improvement compared to the original Edge, as it is faster, more efficient, cleaner, and supports a wide variety of extensions.Read More
  • Banks told to tighten security after payments data breach
    In that event, scammers compromised 98,000 PayIDs with 600,000 PayID lookups over six weeks.Dr Haskell-Dowland said that, although bad actors were not able to directly access bank accounts with the details obtained, it provided the seed of a broader scam incident."You've got the potential for what we call a phishing attack," he said. "They've now got means of contacting customers, their BSB and account numbers, and be able to quote individual information."With this information, scammers could contact customers with enough authenticity to convince others that they are actually from the bank and trick them into handing over more sensitive information.Dr Haskell-Dowland said even simple measures – like a limit on the number of lookups an individual can make or an artificial intelligence algorithm that identifies searching patterns – should have been in place."Those protections should have been in place since the beginning or at least after the June breach," he said."That prior incident should have caused a complete review of the system ...Read More
  • Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510
    On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510. “Pulse Secure VPN administrators need to immediately ensure they’re not using versions of the “Pulse Connect Secure” server software vulnerable to CVE-2019-11510.Read More
  • Stuxnet: A powerful malware that has affected several firms in the utility sector
    The malware is believed to have been created by US and Israeli intelligence agencies. Stuxnet is designed to alter Programmable Logic Controllers (PLCs) used in the types of industrial control systems (ICS).Read More
  • Cybersquatting and Typosquatting: What's the difference between them?
    Cybersquatting involves buying website URLs of already established businesses that do not have a related website. Typosquatting involves buying a look-alike website URL that appears similar to the genuine URL of an established organization but actually contains a typo.Read More
  • Top four file attachments that are widely used by threat actors to deliver their malicious payloads
    To provoke the recipients, usually, these emails include some enticing content or offer or gift. Once the victims are convinced, they are asked to click on an attachment (s) that come with the email.Read More
  • Quasar RAT: A sneak peek into the Remote Access Trojan’s capabilities
    Quasar Remote Access Trojan uses two methods to achieve persistence such as scheduled tasks and registry keys. Its capabilities include capturing screenshots, recording webcam, reversing proxy, editing registry, spying on the user’s actions, keylogging and stealing passwords.Read More
  • Rhode Island physician network alerts 3,000 patients of data breach
    Mackenzie Garrity - Friday, August 23rd, 2019 Print  | Email An unauthorized user gained access June 19 to a server that stored patient information at Providence-based Rhode Island Ear, Nose and Throat Physicians, according to the HIPAA Journal. The physician network is alerting 2,943 patients about the data breach. RIENT was able to secure the network the same day the hackers gained access.  Upon further investigations, RIENT discovered the server contained medical records of patients who received care between May 1 and June 12. There is no indication that patient information has been viewed, copied or misused.  Patient data stored in the server included names, dates of birth and clinical information.Read More
  • IRS Warns Taxpayers of New Scam Campaign Distributing Malware
    The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder" subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses. "The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account," says IRS' warning. "The emails contain a 'temporary password' or 'one-time password' to 'access' the files to submit the refund. "The IRS does not send emails about your tax refund or sensitive financial information," stated IRS Commissioner Chuck Rettig.Read More