Not unlike any other threat analyst, Marc Laliberte's email inbox fills up minute by minute. Some of which has made its way past the spam filter. The WatchGuard employee decided to finally act upon a certain phishing attempt in hopes of teaching the bad guys a lesson. Spear phishing is a type of phishing attack in which the perpetrator customizes their attack to a particular individual or group of individuals. The attacker gathers information on the victim and then tailors the attack to be more likely to fool the target. The would-be attack arrived as an email appearing to come from the finance employee’s manager, requesting an urgent wire transfer.To read this article in full or to leave a comment, please click here
Georgia's secretary of state says the state was hit with an attempted hack of its voter registration database from an IP address linked to the federal Department of Homeland Security.
The allegation by Georgia Secretary of State Brian Kemp is one of the more bizarre charges to come up in the recent spate of alarms about voting-system hacks. He said in a Facebook post on Thursday that he had been made aware of the failed attempt to breach the firewall protecting Georgia's voter registration database. The attack was traced to an Internet Protocol address associated with DHS, he said.To read this article in full or to leave a comment, please click here
Cisco’s Talos security group this week warned that a variant of trojan monster Zeus has begun to garner a following in the cyber-underworld as a hard-to-detect attack mechanism.“[Floki bot] is based on the same codebase that was used by the infamous Zeus trojan, the source code of which was leaked in 2011. Rather than simply copying the features that were present within the Zeus trojan ‘as-is’, Floki Bot claims to feature several new capabilities making it an attractive tool for criminals,” Talos wrote.+More on Network World: 20 years ago: Hot sci/tech images from 1996+To read this article in full or to leave a comment, please click here
A group of suspected Russian cyberspies blamed for interfering in the U.S. election is also attempting to influence the upcoming vote in Germany, according to the country's domestic intelligence agency.The Russian hacking group known as Fancy Bear or APT 28 has been targeting political parties in the country, Germany's Federal Office for the Protection of the Constitution (BfV) intelligence agency said in a statement Thursday posted online by Politico.The hacking activities have led to a surge in spear-phishing email attacks directed at German politicians, the agency said. To read this article in full or to leave a comment, please click here
Thumbs upImage by Umberto NURSSocial media has become the new cyber battleground. Not only is this landscape growing rapidly, but it also represents one of the most dynamic, unstructured and unregulated datasets anywhere in the digital world. In the wake of the social media revolution, cybercriminals exploit businesses and their customers at a massive scale.To read this article in full or to leave a comment, please click here
Germany-based industrial conglomerate ThyssenKrupp was hit by a cyberespionage attack earlier this year that resulted in data being stolen from its industrial solutions and steel producing units.An investigation revealed that the attack was carried out by a professional group of hackers from Southeast Asia and targeted technological know-how and research, according to the group,While hackers managed to steal some information, its exact nature is not clear, with the exception of certain project data from an engineering company, ThyssenKrupp said in an emailed statement Thursday. As a result, at this time there's no reliable estimation of the damage to the company's intellectual property.To read this article in full or to leave a comment, please click here
On November 13, the breach notification site LeakedSource disclosed that FriendFinder Networks, Inc., which operates such websites as Adultfriendfinder.com and Penthouse.com, had been hacked and over 400 million customer accounts were compromised.In addition to being the largest leak of 2016 (the 360 million records from leaked from MySpace in May comes in second), this data breach also marked the second time in 2 years that FriendFinder users had their account information compromised.To read this article in full or to leave a comment, please click here(Insider Story)
Ransomware is evil, and it continues to prey upon thousands of businesses every year. Most infections are fairly quiet affairs: A small business gets infected, almost always by some employee opening an email attachment he or she mistakes as legitimate but that really contains the payload of a virus. Then several undetected hours later, all of the business' files -- at least those the employee had access to, which in a lot of businesses without good security and permissions policies is all of the files -- are encrypted, and demands for payment of a ransom in Bitcoin are made in exchange for the decryption key.Of course, secure email use and employee behavior is a problem in businesses of all sizes, and there have been some high-profile ransomware infections. Most recently in the news was the attack on the San Francisco Municipal Transportation Agency (SFMTA), or Muni as it is known by Bay Area residents. Muni had to give free trips to all comers over the Thanksgiving weekend while it worked to restore access to its machines. The hacker who infected the utility also claims to have access to 30GB of stolen Muni data; the utility disputes this claim, Continue reading
Donald Trump’s effect on cybersecurity after he’s sworn in as president next month will likely be toward military uses of cyber weapons and stronger tools for law enforcement to crack encryption, but the impact is hard to predict due to the vagueness of his proposals so far.The most detailed Trump cyber plan is just 175 words long and includes some initiatives that sound like what’s already in place.On the campaign trail and during debates he occasionally hit the topic, but again with little detail and perhaps little understanding of how the internet works. For example, he called for Microsoft founder Bill Gates to find a way to shut off parts of the internet to ISIS as a way to halt its recruitment efforts.To read this article in full or to leave a comment, please click here
The next major version of OpenVPN, one of the most widely used virtual private networking technologies, will be audited by a well-known cryptography expert.The audit will be fully funded by Private Internet Access (PIA), a popular VPN service provider that uses OpenVPN for its business. The company has contracted cryptography engineering expert Matthew Green, a professor at Johns Hopkins University in Baltimore, to carry out the evaluation with the goal of identifying any vulnerabilities in the code.Green has experience in auditing encryption software, being one of the founders of the Open Crypto Audit Project, which organized a detailed analysis of TrueCrypt, a popular open-source full-disk encryption application. TrueCrypt has been abandoned by its original developers in 2014, but its code has since been forked and improved as part of other projects.To read this article in full or to leave a comment, please click here
U.S. and U.K. spy agencies have been monitoring in-flight mobile phone users for years, according to new revelations from the trove of documents leaked by former NSA contractor Edward Snowden.As early as 2012 the U.K. Government Communications Headquarters (GCHQ) was intercepting voice and data communications from commercial aircraft using the OnAir service to carry 2G mobile services over the Inmarsat satellite communications network. At the time, GCHQ did not have access to a rival in-flight mobile service provider, Aeromobile, French newspaper Le Monde reported Wednesday.To read this article in full or to leave a comment, please click here
A hacker in Turkey has been trying to encourage distributed denial-of-attacks by making it into a game, featuring points and prizes for attempting to shut down political websites.
The DDoS platform, translated as Surface Defense in English, has been prompting other hackers in Turkey to sign up and score points, according to security firm Forcepoint which uncovered it.
Users that participate will be given a tool known as Balyoz, the Turkish word for Sledgehammer, that can be used to launch DDoS attacks against a select number of websites.
For every ten minutes they attack a website, the users will be awarded a point, which can then be used to obtain rewards. These prizes include a more powerful DDoS attacking tool, access to bots designed to generate revenue from click fraud, and a prank program that can infect a computer and scare the victim with sounds and images.To read this article in full or to leave a comment, please click here
U.S. lawmakers are pushing for a government probe into whether Russia may have interfered with the presidential election by hacking high-profile political targets.
On Wednesday, two Democratic representatives unveiled legislation that proposes to form a 12-member bipartisan commission to investigate the electronic means Russia may have used to influence the U.S. election.
"Regardless of whether you voted for Donald Trump, Hillary Clinton, or anyone else, Russia’s attacks on our election are an attempt to degrade our democracy," said Representative Elijah Cummings of Maryland, one of the sponsors of the bill.To read this article in full or to leave a comment, please click here
Cisco this week this week announced the death of its Secure Access Control System – a package customers use to manage access to network resources.
Cisco said the last day customers can order the system is August 30, 2017. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract the company said. The last date that Cisco Engineering will release any final software maintenance releases or bug fixes is Aug. 30, 2018. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software, the company said.To read this article in full or to leave a comment, please click here
The Electronic Privacy Information Center (EPIC) is calling upon the Federal Trade Commission (FTC) to take action against “toys that spy” and violate federal privacy law. In particular, EPIC has issues with My Friend Cayla dolls and i-Que Robots which “subject young children to ongoing surveillance.”EPIC – along with Campaign for Commercial Free Childhood, the Center for Digital Democracy, and the Consumers Union – are working “to ban these toys from the marketplace.”To read this article in full or to leave a comment, please click here
I wouldn’t wish a ransomware attack on anyone. A particularly destructive form of malware, ransomware has made a name for itself this year as one of the internet’s top threats. A recent survey revealed that half of companies had responded to a ransomware attack, with 85 percent reporting three or more. If it locks down your personal computer, it’s a royal pain. But if it gets onto a network drive at your work, that pain is multiplied by the number of employees and more.Systematically locking down every computer on the network, ransomware puts your entire workforce out of work and sends your IT guys to the mats trying to find the money to pay the ransom or the backups to bring the network back online. Long story short: Ransomware is bad news!To read this article in full or to leave a comment, please click here
The monthly Android security update released this week fixes the serious Dirty COW privilege escalation attack that can allow malicious apps to take full control of devices.Dirty COW (copy-on-write) is a privilege escalation vulnerability that has existed in the Linux kernel for the past nine years and is already being exploited in the wild. It affects Android because the mobile OS is based on Linux, but it was initially believed that the SELinux security policies enforced by default in Android provided some mitigation against the attack.To read this article in full or to leave a comment, please click here
The Internet of Things (IoT) is heating up and will be a hot trend in 2017. And Aruba, a Hewlett Packard Enterprise Company, plans to be a part of it. The company has been active in the IoT industry by providing Wi-Fi connectivity to IoT endpoints and security through its ClearPass product. However, it has never put together a comprehensive IoT story that spans its portfolio.Last week at the HPE Discover Conference, though, Aruba announced several new products to position itself as a strong IoT enabler. The new solutions include security tools, wired switches and new partnerships.To read this article in full or to leave a comment, please click here
While the San Francisco 49ers are leading the NFL in defense, the New Orleans Saints currently hold the number one slot for total offense. In the overall league rankings, though, neither of those two teams rank in the top 10. What's the takeaway? Winning isn't strictly about strong offense or impenetrable defense. NFL league leaders advance to the top because they know how to balance the two; they know how to play the game.To address the growing number of attacks on the US government and private sector systems, President-elect Donald Trump's cybersecurity plan aims to, "Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately."To read this article in full or to leave a comment, please click here
Since October, millions of internet users have been exposed to malicious code served from the pixels in tainted banner ads meant to install Trojans and spyware, according to security firm ESET.The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said in a Tuesday blog post. It’s been preying on Internet Explorer users by scanning for vulnerabilities in Adobe Flash and then exploiting them.The attack is designed to infect victims with malware that can steal email password credentials through its keylogging and screenshot grabbing features, among others.To read this article in full or to leave a comment, please click here