Compliance November 2, 2018 BleedingBit Vulnerabilities Affect Millions of Wireless Access Points Armis Labs has identified two vulnerabilities in Texas Instruments’ Bluetooth Low Energy (BLE) chips that are used in wireless access points manufactured by Cisco, Meraki, ... Read more
Cyber Threats October 30, 2018 U.S. Treasury Investigating $700,000 Loss to Phishing Scam In July 2018, the Washington D.C. government fell for an email scam that resulted in wire transfers totaling nearly $700,000 being sent to a scammer’s ... Read more
Compliance October 26, 2018 75% of Employees Lack Security Awareness MediaPro has published its 2018 State of Privacy and Security Awareness Report which assesses the level of security awareness of employees across different industry sectors. ... Read more
Cyber Threats October 25, 2018 Cloud-Based Threat Analytics Firm ZoneFox Acquired by Fortinet Fortinet has announced it has acquired the cloud-based threat analytics firm ZoneFox and will be using the company’s machine learning threat detection technology to enhance ... Read more
Tools & Practices October 25, 2018 Brands Most Commonly Spoofed by Phishers Revealed Vade Secure has released a new report detailing the brands most commonly targeted by phishers in North America. The Phishers’ Favorites Top 25 list reveals ... Read more
Trends & Reports October 25, 2018 Stealthy sLoad Downloader Performs Extensive Reconnaissance to Improve Quality of Infected Hosts A new PowerShell downloader has been discovered – the sLoad downloader – which is being used in stealthy, highly targeted attacks in the United Kingdom ... Read more
Cyber Threats October 24, 2018 Zero-Day Windows Data Sharing Service Vulnerability Discovered A Windows zero-day vulnerability has been discovered that allows hackers to delete application dlls and cause a system to crash and potentially hijack systems. The ... Read more
Cyber Threats October 22, 2018 Exploits Published for LibSSH Vulnerability: Immediate Patching Required A recently discovered LibSSH vulnerability, that has been described as ‘comically bad’ by the security researcher who discovered it, has been patched. The flaw is ... Read more
Trends & Reports October 19, 2018 Anti-Phishing Working Group Publishes Q2, 2018 Phishing Trends Report The Anti-Phishing Working Group has released its Phishing Activity Trends Report for Q2, 2018. The report contains a summary and analysis of phishing attacks that ... Read more
Cyber Threats October 11, 2018 Sophisticated Phishing Attack Inserts Malware into Existing Email Conversation Threads A new sophisticated phishing tactic has been identified that involves a malicious actor gaining access to an email account, monitoring a conversation thread, and then ... Read more
Cyber Threats October 10, 2018 Microsoft Addresses 49 Flaws Including One Actively Exploited Vulnerability Almost 50 vulnerabilities have been patched by Microsoft on October Patch Tuesday including one zero-day vulnerability that is being actively exploited in the wild by ... Read more
Cyber Threats October 8, 2018 Phishers Using Azure Blog Storage to Host Phishing Forms with Valid Microsoft SSL Certificate Cybercriminals are using Microsoft Azure Blog storage to host phishing forms. The site hosting the malicious files has a genuine Microsoft SSL certificate which adds ... Read more
Compliance October 4, 2018 Persistent New LoJax Rootkit Survives Hard Disk Replacement Security researchers at ESET have identified a new rootkit that takes persistence to a whole new level. Once infected, the LoJax rootkit will remain active ... Read more
Security Breaches October 3, 2018 Increased Remote Desktop Protocol Attacks Prompts IC3 to Issue Warning The FBI’s Internet Crime Complaint Center (IC3) has issued a warning to businesses about the abuse of remote administration tools such as Remote Desktop Protocol. ... Read more
Cyber Threats October 3, 2018 Danabot Banking Trojan Used in U.S. Campaign The DanaBot banking Trojan was first detected by security researchers at Proofpoint in May 2018. It was being used in a single campaign targeting customers ... Read more
Security Breaches September 27, 2018 2018 Has Seen a Marked Increase in Email Impersonation Attacks The September Email Threat Report published by cybersecurity company FireEye has cast light on the latest tactics being used by cybercriminals to fool end users ... Read more
Cyber Threats September 26, 2018 Q2, 2018 Saw an 86% Rise in Cryptocurrency Mining Malware Detections 2018 has proven to be the year of cryptocurrency mining malware. Cybercriminals are increasingly abandoning other forms of malware and ransomware in favor of malware ... Read more
Cyber Threats September 19, 2018 Pegasus Spyware Campaigns Gather Pace: Infections Detected in 45 Countries Pegasus spyware is a legitimate surveillance tool that has been attributed to the Israeli cyber-intelligence firm NSO Group. The spyware works on both Android smartphones ... Read more
Cyber Threats September 18, 2018 New Python Ramsomware Threat Detected Security researchers at Trend Micro have identified a new Python ransomware threat that piggybacks on the success of Locky ransomware. The threat actors behind the ... Read more
Trends & Reports September 14, 2018 Study Reveals SMB Employees Are Taking Major Data Security Risks Cyberattacks on large enterprises often make the headlines as they tend to involve the theft of large quantities of data, but small to medium sized ... Read more
Cyber Threats September 10, 2018 New Brazilian Banking Trojan Hides in Plain Sight An innovative new Brazilian banking Trojan has been detected by security researchers at IBM X-Force. The Trojan has been named CamuBot due to its use ... Read more
Cyber Threats September 6, 2018 Zero-Day Windows Task Scheduler Vulnerability Exploited by Threat Group On August 27, a security researcher with the online moniker SandboxEscaper discovered a zero-day vulnerability in Windows Task Scheduler (Windows 7-10) and published a proof-of-concept ... Read more
Security Breaches September 5, 2018 Respiratory Care Provider Victim of Phishing Attack Norwood, MA-based Reliable Respiratory has discovered a hacker has gained access to the email account of one of its employees, and through that account, potentially ... Read more
Tools & Practices September 4, 2018 Massive URL Spoofing Campaign Discovered Targeting 76 Universities A massive URL spoofing campaign targeting 76 universities in 14 countries has been detected by security researchers at SecureWorks. The threat group known as Cobalt ... Read more
Cyber Threats September 3, 2018 Micropatch Blocks Zero-Day Vulnerability in Windows Task Scheduler On August 29, 2018, a proof-of-concept exploit for a zero-day vulnerability in Windows Task Scheduler was published on GitHub by a security researcher. The vulnerability ... Read more
Trends & Reports August 31, 2018 Wombat Security Technologies Releases 2018 State of the Phish Report Wombat Security Technologies has released its 2018 State of the Phish Report – an analysis of data from tens of millions of simulated phishing attacks ... Read more
Security Breaches August 30, 2018 Ransomware Attacks Slow as Cryptocurrency Mining Proves More Profitable Over the past two years, ransomware has been favored by cybercriminals as it offered an easy way to make money. Campaigns could easily be conducted ... Read more
Cyber Threats August 29, 2018 Exploit Published for Zero-Day Vulnerability Found in Windows Task Scheduler A zero-day vulnerability has been discovered in Windows Task Scheduler and an exploit for the flaw has been published on GitHub. The local privilege escalation ... Read more
Security Breaches August 28, 2018 AdvisorsBot Malware Used in Targeted Attacks on Hotels and Restaurants Security researchers at Proofpoint have detected a new malware threat that is being used in targeted attacks on hotels, restaurants, and telecoms firms. AdvisorsBot malware, ... Read more
Cyber Threats August 24, 2018 New Critical Apache Struts Vulnerability Discovered A new Apache Struts vulnerability has been discovered in the core functionality of Apache Struts. This is a critical flaw that allows remote code execution ... Read more