• The Challenge of Real-Time Cyber Protection
    On average, organizations are unable to sufficiently investigate 25% of their alerts, with no significant variation by country or company size.” In the introduction to his report “A Day in the Life of a Cyber Security Pro” EMA researcher, David Monahan, says: “Because of the time needed to manually investigate each alert to determine whether it is really critical or a false positive, teams are falling behind on alerts – creating a huge backlog of unworked tickets. SIEM (Security Event and Event Management) tools can help, combining information from multiple sources and correlating it with the alerts raised by security tools to give a holistic picture of events. AI-based security tools too are following a similar approach, typically ingesting data from multiple sources to help give security analysts greater context around the security events that are detected, and even enabling automated response to many threats – which frees security teams up to focus on more serious threats and to proactively hunt for evidence of intrusions.Read More
  • Blind Eagle, a new APT group, poses as Colombia's Cyber Police to steal business secrets
    A new hacking group researchers have dubbed Blind Eagle is carrying out targeted attacks against Colombian government agencies, financial companies and corporations with a presence in Colombia. Blind Eagle has been active since April 2018, posing as Colombian institutions like the National Cyber Police and the Office of the Attorney General to steal intellectual property, according to research published this week by the 360 Enterprise Security Group, which is affiliated with the Chinese security giant Qihoo 360. But they suggested the attacks originated in South America, based on the timing the attacks were sent and the use of the Spanish language in the malware, among other factors. “[This] APT attack could probably be carried out by neighboring countries,” researchers said. “The background of the victims and duration of the attack indicate the attacker keeps concerned with strategic-level intelligence for a long time.” Attackers targeted Colombia’s National Institute for the Blind, the Bank of Colombia and a number of energy companies in the country. The most recent attack outlined in the research occurred on Feb. 14.Read More
  • How this small bank combats fraud without alienating customers
    Kennebunkport is a Maine vacation town known for its famous residents (the Bush family), old-world hotels, sandy beaches and tourist-trap town center.In this idyllic setting, Kennebunk Bank is battling an ever-growing onslaught of fraud.“Fraud just keeps increasing, increasing, increasing, and we're having to put more and more resources to it,” said Brad Paige, the $1.2 billion-asset bank's president and CEO.It's hardly alone. At Kennebunk Bank, some of the fraud stems from customers falling for phishing attacks or romance scams and giving out their online banking credentials. “If you call into a bank that doesn't have something like voice identification, you're going to get asked 10 different questions to verify your identity. Whenever we've added or improved security in the past, it's been a burden to the customer and a poor customer experience.”The bank recently implemented voice biometrics from Nuance that actually improves the customer experience, Paige said.Read More
  • Shifting in the Wind: WINDSHIFT Attacks Target Middle Eastern Governments
    Pivoting on specific file attributes and infrastructure indicators, Unit 42 was able to identify and correlate additional attacker activity and can now provide specific details on a targeted WINDSHIFT attack as it unfolded at a Middle Eastern government agency. The first attack occurred in early January of 2018 with an inbound WINDTAIL sample (the backdoor family used by WINDSHIFT) originating from the remote IP address 109.235.51[. Upon further analysis, Unit 42 determined the sample’s corresponding C2 server IP address was 109.235.51[.]153. After the initial infection attempt, several additional WINDTAIL samples from the same external IP address, 109.235.51[. Based on Unit 42’s observations of multiple inbound WINDTAIL samples directed at the same internal IP address, Unit 42 assesses with moderate confidence that the attackers were not able to establish persistence within the targeted environment. Domain IP Address flux2key[.Read More
  • Report: Concerted Global Cyber Attack Could Disrupt Global Economy
    According to a hypothetical cyber risk scenario prepared by the Cyber Risk Management (CyRiM) project for risk management purposes, a ransomware strain that can disrupt more than 600,000 businesses worldwide within 24 hours would potentially lead to damages in the amount of billions of dollars. The report ‘Bashe Attack: Global infection by contagious malware’ uses a theoretical catastrophic ransomware attack to model the broader impact of such an incident and “explores how a ransomware attack might take place and what the impacts would be on governments, businesses, and the insurance sector.” The “hypothetical scenario [is] developed as a stress test for risk management purposes.” While fictional, the ‘Bashe’ ransomware campaign uses data and tactics from past global cyber attacks, including WannaCry and NotPetya, as a basis for how hackers could spread malware around the world. The main finding of the report is that a worldwide cyber attack could cost global economic losses of almost $200 billion as organizations across sectors are still unprepared to face the consequences of a malicious global cyber campaign.Read More
  • Singapore arms up on cyberdefence experts, opens cyberdefence school
    Singapore plans to arm itself with 300 specialists trained in cybersecurity skills to better safeguard its systems and networks, and has opened a school to prepare future recruits with relevant skillsets in cyberdefence. These initiatives are led by the Defence Cyber Organisation and will support the country's Ministry of Defence (Mindef) and Singapore Armed Forces (SAF), said the defence ministry in a statement on Wednesday. The SAF Cyber Defence School also was established to serve as a training hub in cyber defence and education for Mindef and SAF personnel. Pointing to the nation's focus on boosting its long-term cyber defence capabilities, Singapore's Senior Minister of State for Defence Heng Chee How said: "Today, the SAF is using networks and a networked force to fight. Running 24 by 7, the Defence Cyber Organisation encompassed four key groups and comprised top-ranking military and armed officers, and was manned by 2,600 soldiers operating in cybersecurity operations, policy and planning, vulnerability assessment, and cyberdefence.Read More
  • New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth — Krebs on Security
    Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card data from multiple compromised pumps at a given filling station. Because this tiny round device was found hidden inside of an NFC card reader on the outside of a gas pump, investigators said they initially thought it might have been designed to somehow siphon or interfere with data being transmitted by contactless payment cards. Carl said his team is still trying to reverse engineer the device found inside the NFC reader at the pump, but that so far it appears its purpose is to act as a Bluetooth communications hub for other skimming devices found at the scene.Read More
  • Experts Find Serious Problems With Switzerland's Online Voting System
    The Australian and Swiss systems use a lot of the same underlying cryptographic libraries, but “the Australian system doesn’t have the security the Swiss system purports to have,” according to Vanessa Teague, who teaches cryptography at the University of Melbourne and was part of both studies. Nathalie Dérobert, a spokeswoman for Swiss Post, said the public intrusion test is not meant to be an audit of the code “or to prove the security of the Swiss Post online voting system.” Instead, it’s meant to help inform the developers about improvements they need to make. The way the Swiss system works is that voters authenticate themselves to the voting web site using their birthdate and an initialization code they receive from Swiss Post in the mail. Someone else who objected to the terms posted the source code and the three documents detailing the architecture and protocols online, where anyone can now examine the code for vulnerabilities without registering for the public pentest and also anonymously post information about vulnerabilities without being subject to Scytl’s confidentiality terms.Read More
  • Almost Half A Million Delhi Citizens' Personal Data Exposed Online
    In a report shared with The Hacker News, Bob Diachenko disclosed that two days ago he found a 4.1 GB-sized highly sensitive database online, named "GNCTD," containing information collected on 458,388 individuals located in Delhi, including their Aadhaar numbers and voter ID numbers. Though it's not clear if the exposed database is linked to the Government of National Capital Territory of Delhi (GNCTD), Diachenko found that the database contains references and email addresses with "transerve.com" domain for users registered with "senior supervisor," and "super admin" designations. "The most detailed information contained in 'Individuals' collection which was basically a pretty detailed portrait of a person, incl.Read More
  • 'Sextortion' scammers use LinkedIn to target high net-worth individuals
    5G wireless internet is expected to launch in 2019, with the potential to reach speeds of 50mb/s Uber has halted testing of driverless vehicles after a woman was killed by one of their cars in Tempe, Arizona. March 19 2018 Designed by Pierpaolo Lazzarini from Italian company Jet Capsule. The I.F.O. is fuelled by eight electric engines, which is able to push the flying object to an estimated top speed of about 120mph A humanoid robot gestures during a demo at a stall in the Indian Machine Tools Expo, IMTEX/Tooltech 2017 held in Bangalore A humanoid robot gestures during a demo at a stall in the Indian Machine Tools Expo, IMTEX/Tooltech 2017 held in Bangalore Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South KoreaRead More