• Stuxnet: A powerful malware that has affected several firms in the utility sector
    The malware is believed to have been created by US and Israeli intelligence agencies. Stuxnet is designed to alter Programmable Logic Controllers (PLCs) used in the types of industrial control systems (ICS).Read More
  • Cybersquatting and Typosquatting: What's the difference between them?
    Cybersquatting involves buying website URLs of already established businesses that do not have a related website. Typosquatting involves buying a look-alike website URL that appears similar to the genuine URL of an established organization but actually contains a typo.Read More
  • Top four file attachments that are widely used by threat actors to deliver their malicious payloads
    To provoke the recipients, usually, these emails include some enticing content or offer or gift. Once the victims are convinced, they are asked to click on an attachment (s) that come with the email.Read More
  • Quasar RAT: A sneak peek into the Remote Access Trojan’s capabilities
    Quasar Remote Access Trojan uses two methods to achieve persistence such as scheduled tasks and registry keys. Its capabilities include capturing screenshots, recording webcam, reversing proxy, editing registry, spying on the user’s actions, keylogging and stealing passwords.Read More
  • Gaming Peripheral Maker Fanatec Suffers Data Breach Compromising Customers’ Personal Information
    Attackers compromised Fanatec’s online store and gained unauthorized access to its customer database. The compromised customer database contained the personal information and account information of customers.Read More
  • Federal cybersecurity incidents dropped down by 12% in 2018, says FISMA report
    The security assessments revealed the top 5 common security vulnerabilities, which include lack of data protection, lack of network segmentation, inconsistent patch management, lack of strong authentication, and lack of continuous monitoring. The report highlights that improper usage and phishing remain the top attack vector.Read More
  • New Asruex backdoor variant leverages old vulnerabilities to target Adobe software and Microsoft Office
    The variant - detected as Virus.Win32.ASRUEX.A.orig - is disguised as PDF files and Word documents to drop and execute its activities. Users who have been using older versions of Adobe Reader (prior to 9.4) and Acrobat (prior to 8.2.5) on Windows and Mac OS X are affected by the variant.Read More
  • FBI solves BEC scam by freezing $2.9 million lost by Portland Public schools
    The scammer had impersonated one of the district’s construction contractors to trick PPS into sending the amount. The fund was approved by two employees who work for the district schools.Read More
  • Canada’s Recommendations for Digital Security in the Financial Sector
    In fact, the Canadian Parliament’s Standing Committee on Public Safety and National Security (the Committee) decided to investigate digital security in the financial sector as a national economic security issue. Recommendation 1: The Committee recommends that, in the next Parliament, the House of Commons Standing Committee on Public Safety and National Security establish a sub-committee dedicated to studying the public safety and national security aspects of cybersecurity, with potential areas of inquiry including international approaches to critical infrastructure protection, impact of emerging technologies, and cyber supply chain security.Read More
  • Microsoft Chromium Edge Bug Bounty Program Offers Up To $30,000
    Microsoft has launched a bug bounty program for Chromium Edge, with security starting to become an even more important aspect as the web browser moves closer to its first official release. Microsoft worked Edge through a major overhaul, dropping EdgeHTML in favor of the open-source Chromium engine that also serves as the foundation for Google’s Chrome web browser. To allow the Chromium Edge to keep up with competition, the browsers needs to be proven safe and secure. The Microsoft Edge Insider Bounty Program is inviting cybersecurity experts across the world to identify vulnerabilities in the Chromium Edge browser, with rewards ranging from $1,000 to $30,000 depending on the severity and impact of the bug. The bug bounty program is seeking vulnerabilities that are only found on Chromium Edge and not in any other browser based on the same engine. In our hands-on review of the Chromium Edge beta, the browser proved to be a big improvement compared to the original Edge, as it is faster, more efficient, cleaner, and supports a wide variety of extensions.Read More
  • Banks told to tighten security after payments data breach
    In that event, scammers compromised 98,000 PayIDs with 600,000 PayID lookups over six weeks.Dr Haskell-Dowland said that, although bad actors were not able to directly access bank accounts with the details obtained, it provided the seed of a broader scam incident."You've got the potential for what we call a phishing attack," he said. "They've now got means of contacting customers, their BSB and account numbers, and be able to quote individual information."With this information, scammers could contact customers with enough authenticity to convince others that they are actually from the bank and trick them into handing over more sensitive information.Dr Haskell-Dowland said even simple measures – like a limit on the number of lookups an individual can make or an artificial intelligence algorithm that identifies searching patterns – should have been in place."Those protections should have been in place since the beginning or at least after the June breach," he said."That prior incident should have caused a complete review of the system ...Read More
  • Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510
    On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. BadPackets analyzed the number of Pulse Secure VPN endpoints vulnerable to the CVE-2019-11510. Using the online scanning service BinaryEdge the researchers found 41,850 Pulse Secure VPN endpoints exposed online, 14,528 of them vulnerable to CVE-2019-11510. “Pulse Secure VPN administrators need to immediately ensure they’re not using versions of the “Pulse Connect Secure” server software vulnerable to CVE-2019-11510.Read More
  • Rhode Island physician network alerts 3,000 patients of data breach
    Mackenzie Garrity - Friday, August 23rd, 2019 Print  | Email An unauthorized user gained access June 19 to a server that stored patient information at Providence-based Rhode Island Ear, Nose and Throat Physicians, according to the HIPAA Journal. The physician network is alerting 2,943 patients about the data breach. RIENT was able to secure the network the same day the hackers gained access.  Upon further investigations, RIENT discovered the server contained medical records of patients who received care between May 1 and June 12. There is no indication that patient information has been viewed, copied or misused.  Patient data stored in the server included names, dates of birth and clinical information.Read More
  • IRS Warns Taxpayers of New Scam Campaign Distributing Malware
    The Internal Revenue Service (IRS) issued today a warning to alert taxpayers and tax professionals of an active IRS impersonation scam campaign sending spam emails to deliver malicious payloads. This warning was issued after the IRS received several reports from taxpayers during this week regarding unsolicited messages with "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder" subjects, coming from scammers impersonating the U.S. revenue service with the help of spoofed email addresses. "The emails have links that show an IRS.gov-like website with details pretending to be about the taxpayer's refund, electronic return or tax account," says IRS' warning. "The emails contain a 'temporary password' or 'one-time password' to 'access' the files to submit the refund. "The IRS does not send emails about your tax refund or sensitive financial information," stated IRS Commissioner Chuck Rettig.Read More
  • Sonoma Valley Hospital Website, Email Addresses Hijacked
    Currently, hospital officials are encouraging patients to update their contact details for Sonoma Valley, as previous emails sent to SVH.org are not being received. AMCA Data Breach Adds Integrated Regional Laboratories Patients About 30,000 Integrated Regional Laboratories’ patients have been added to the massive American Medical Collection Agency data breach, which has already claimed nearly 25 million patient records from about 22 covered entities. AMCA notified IRL of the breach on June 3 and confirmed IRL patient data was breached on June 13. The compromised data included information from patients or those financially responsible for their care, such as names, contact details, amounts owed to IRL, dates of service, and patient account numbers. Email Hack on Mid-Valley Behavioral Care Network Nearly 11,000 Mid-Valley Behavioral Care Networks (BCN) are being notified of a potential breach of their data, after a phishing attack on two employee email accounts. An investigation determined the accounts contained the patient information from 10,710 Willamette Valley Community health plan members and the data of 2,092 OHP providers.Read More
  • WordPress Plugins Exploited in Active Attack Redirecting Traffic
    Researchers warn users of several plugins to update as vulnerabilities are being actively exploited to redirect website visitor traffic. Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”). “So attacks probing for all of them began pretty quickly, despite many of the plugins having fairly small install bases.” Veenstra told Threatpost that he found at least five plugins by NicDark with flaws being exploited as part of the campaign. “In effect, this replaces all of a site’s loaded JavaScript with a file under the attacker’s control.” The other impacted plugin, Simple 301 Redirects – Addon – Bulk Uploader, developed by Webcraftic, adds functionality to a plugin called the Simple 301 Redirects plugin, which enables the redirect of requests to another pages. The plugin has a recently-patched vulnerability that enables unauthenticated attackers to inject their own 301 redirect rules onto a victim’s website.Read More
  • Regis University’s technology systems targeted by “malicious threat” likely from outside the country
    A forensic investigation at Denver’s Regis University confirmed Friday that the private college’s technology systems were attacked by a “malicious threat” likely from outside the country. “Immediately upon discovering this issue, we quickly and intentionally took our information technology systems offline in an effort to protect the university and your information while we initiated an investigation and notified law enforcement,” Regis said in a statement Friday. It will be restored in stages in a systematic, careful manner.” The “external data security threat” prompted Regis to yank down its technology services — including its website, phone lines, email services and online programs that students use to submit work and professors grade it. On campus Friday — Day 2 of Regis’ information services being down — parents toted Clorox wipes and bookshelves as students moved into the dorms, many unaware of any technological problems.Read More
  • Instagram Phishing Emails Use Fake Login Warning Baits
    In this case, the phishing e-mails distributed by the attackers behind this campaign use fake Instagram login alerts stating that someone attempted to log in to the target's account, asking them to confirm their identity via a sign-in page linked within the message. Authentication codes used to add legitimacy These messages are designed to look as close as possible to what official messages coming from Instagram to avoid raising any suspicions before the target is redirected to the attackers' phishing landing page. Instagram phishing email sample Once on the phishers' landing page, the targets see a perfectly cloned Instagram login page secured with a valid HTTPS certificate and displaying a green padlock to alleviate any doubts that it's the real deal. Phishing page vs Instagram login page What to do after being phished or hacked This is not the first or the last phishing campaign targeting Instagram users and some users are bound to fall for the scam given that the crooks come back with new attacks.Read More