Category Archives: TOP 10 STORIES

Money Saving Expert Martin Lewis sues Facebook over ‘scam’ adverts

The personal finance expert Martin Lewis is suing Facebook for allowing scammers to use his name and image in fake adverts on the social network. Mr Lewis will lodge an action for defamation against the company today, arguing that as a publisher it is responsible for the false ads. The case is thought to be the first of its kind. The broadcaster said that he had been deeply upset over cases in which people had lost up to £100,000. “It’s so distressing, when all my life I have campaigned against this kind of thing,” Mr Lewis said.

View Full Story

ORIGINAL SOURCE: The Times

The post Money Saving Expert Martin Lewis sues Facebook over ‘scam’ adverts appeared first on IT SECURITY GURU.

Russian hackers can breach UK security systems warns GCHQ

Britain’s security services cannot offer “absolute protection” against Russian hackers, a top spy has warned. GCHQ cyber defence chief Ciaran Martin warned that it is a matter of “when not if” the UK suffers a “serious cyber attack”. He claimed spooks are now battling to stop attacks that “most impact on our way of life” instead of trying to prevent every breach. Mr Martin – who heads the National Cyber Security Centre – told the Daily Telegraph that “services can be disrupted” by Putin’s crack hacking squads. He wrote: “Turning off the lights and the power supply by cyber attack is harder than Hollywood films sometimes make out,” he writes.

View Full Story

ORIGINAL SOURCE: The Sun

The post Russian hackers can breach UK security systems warns GCHQ appeared first on IT SECURITY GURU.

SunTrust Bank employee steals data of 1.5 million customers

US-based SunTrust Bank said it is working with law enforcement after it discovered that a former employee had stolen private information belonging to nearly 1.5 million customers. “In conjunction with law enforcement, we discovered that a former employee while employed at SunTrust may have attempted to print information on approximately 1.5 million clients and share this information with a criminal third party,” SunTrust CEO William Rogers said in a press conference on Friday.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post SunTrust Bank employee steals data of 1.5 million customers appeared first on IT SECURITY GURU.

Router security not understood by most

A recent survey of 2,205 regular users has proven once again that most people don’t update router firmware, don’t change default credentials, and don’t generally know how to secure their devices. For the past two-three years, there has been a deluge of news articles and research papers detailing large botnets built by exploiting router vulnerabilities and by hijacking devices still running default login credentials. These are the two main methods exploited by attackers.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Router security not understood by most appeared first on IT SECURITY GURU.

Adobe Flash on its way out

Less than 5% of worldwide websites use Flash, new information has revealed, with most websites favouring Javascript for running features. Flash is used most commonly on Google websites, although there are some others, such as 6rrb.net, Monabrat.org and Intourist, also using it. Recently, Slate.com and Wappalyzer.com have started using the tech, according to technology usage survey site W3Techs, which seems a rather counterintuitive move as pretty much every other website has stopped using it.

View Full Story

ORIGINAL SOURCE: IT Pro

The post Adobe Flash on its way out appeared first on IT SECURITY GURU.

AWS server found unprotected exposing data on 48 million people

LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post AWS server found unprotected exposing data on 48 million people appeared first on IT SECURITY GURU.

Watch out users of Ad Blockers, there could be malware!

As if trying to navigate your online privacy wasn’t complicated enough, it turns out the adblocker you installed on your browser may actually be malware. Andrey Meshkov, the cofounder of ad-blocker AdGuard, recently got curious about the number of knock-off ad blocking extensions available for Google’s popular browser Chrome.

View Full Story

ORIGINAL SOURCE: Motherboard

The post Watch out users of Ad Blockers, there could be malware! appeared first on IT SECURITY GURU.

TalkTalk customers concerned over privacy

A number of TalkTalk’s broadband ISP customers in the UK have raised concerns after the provider sent them an alarmist warning email, which without providing any useful details claimed that they “may have downloaded a virus on one or more of your devices” (phishing emails adopt a similar approach).

View Full Story

ORIGINAL SOURCE: IS Preview

The post TalkTalk customers concerned over privacy appeared first on IT SECURITY GURU.

Russia to increase cyber activity against UK

A network of Russian trolls is behind a new disinformation campaign about who was responsible for chemical weapons attacks in Syria and Salisbury, a government source has said.
Social media bots are said to be responsible for a 4,000 percent increase in the spread of ‘lies and disinformation’ according to Whitehall research made public for the first time.

View Full Story

ORIGINAL SOURCE: ITV

The post Russia to increase cyber activity against UK appeared first on IT SECURITY GURU.

DHS Funds Tech to Root Out Malware in Government Mobile Apps

Federal agencies have built hundreds of mobile apps during the past decade, ranging from useful to educational to um, this. Many of those apps weren’t built with security in mind, however, and even apps that were built securely half a decade ago may now be riddled with unpatched vulnerabilities if no one’s been actively maintaining them. That means there’s a real danger that an app the government built to serve the public could now be serving up malware that will compromise users’ personal information.

View full story

ORIGINAL SOURCE: Next Gov

The post DHS Funds Tech to Root Out Malware in Government Mobile Apps appeared first on IT SECURITY GURU.

Google And Apple Absent From Cybersecurity Tech Accord That Facebook And Microsoft Signed

The Cybersecurity Tech Accord is a “watershed agreement” signed by 34 tech companies: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

View full story

ORIGINAL SOURCE: pymnts.com

The post Google And Apple Absent From Cybersecurity Tech Accord That Facebook And Microsoft Signed appeared first on IT SECURITY GURU.

Why G Suite admins should enable Gmail’s advanced anti-phishing and malware settings

In March 2018, Google added optional G Suite Gmail safety settings that affect how the system handles potentially problematic attachments, links, and external images, as well as how it processes unauthenticated or spoofed messages. Google always guards against malware in messages, however these settings offer additional protection.

View full story

ORIGINAL SOURCE: Tech Republic

The post Why G Suite admins should enable Gmail’s advanced anti-phishing and malware settings appeared first on IT SECURITY GURU.

Tens of thousands of Facebook accounts compromised in days by malware

Criminals have compromised tens of thousands of Facebook accounts in the past few days using malware that masquerades as a paint program for relieving stress.  “Relieve Stress Paint” is available through a domain that uses Unicode representation to show up as aol.net on search engines and in emails, researchers from security firm Radware said in a post published Wednesday morning. (This query showed the trojan was also available on a domain that was designed to appear as picc.com.) The researchers suspect the malware is being promoted in spam emails.

View full story

ORIGINAL SOURCE: Ars Technica

The post Tens of thousands of Facebook accounts compromised in days by malware appeared first on IT SECURITY GURU.

TaskRabbit is Back Online After Suspected Data Breach With Plans to Bolster Security

TaskRabbit, the handyman-for-hire app, is back online after being intentionally taken down on Monday following an apparent data breach. “While our investigation is ongoing, preliminary evidence shows that an unauthorized user gained access to our systems,” the company said. “As a result, certain personally identifiable information may have been compromised.”

View full story

ORIGINAL SOURCE:

The post TaskRabbit is Back Online After Suspected Data Breach With Plans to Bolster Security appeared first on IT SECURITY GURU.

Major tech corporations sign Cybersecurity agreement

Dozens of major technology companies including Microsoft, Facebook, Cisco, and SAP have signed onto a pledge to protect their users around the globe against cybersecurity threats and to abstain from helping any government launch a cyber attack.

View Full Story

ORIGINAL SOURCE: ZDNet

The post Major tech corporations sign Cybersecurity agreement appeared first on IT SECURITY GURU.

Commonwealth to be more cyber secured

The UK Prime Minister will today announce up to £15 million to help Commonwealth countries strengthen their cyber security capabilities and help to tackle criminal groups and hostile state actors who pose a global threat to security, including in the UK.
View Full Story

ORIGINAL SOURCE: Gov.uk

The post Commonwealth to be more cyber secured appeared first on IT SECURITY GURU.

Routers being hijacked to redirect users to malware

Malware authors have hijacked DNS settings on vulnerable routers to redirect users to sites hosting Android malware.
According to Kaspersky Labs telemetry data, these were small-scale attacks, as crooks only hijacked traffic from just 150 unique IP addresses, redirecting users to malicious sites around 6,000 times between February 9 and April 9, 2018.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Routers being hijacked to redirect users to malware appeared first on IT SECURITY GURU.

TaskRabbit has been hacked

TaskRabbit, the mobile marketplace that matches freelance labor with local demand, has apparently been hacked. Both the company’s website and app were down at time of writing and notifications had been sent out to users warning of a security issue.
View Full Story

ORIGINAL SOURCE: Gizmodo

The post TaskRabbit has been hacked appeared first on IT SECURITY GURU.

Russia to blame for global cyber attack

The United States and Britain on Monday accused Russia of launching cyber attacks on computer routers, firewalls and other networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

View Full Story

ORIGINAL SOURCE: Reuters

The post Russia to blame for global cyber attack appeared first on IT SECURITY GURU.

New malware strikes panic among B’luru bank customers

The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts forcing the southern city policemen to probe a number of complaints they received from the affected account holders. The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders. These include the One Time Passwords and PIN required for banking transactions through net and Mobile phones apart from images, call details and messages. The hackers are believed to have been targetting those whose banking details are in their possession since they were trapped by the notorious malware which sent them SMS link to be downloaded without sensing any consequences thereof. As a result, the hackers had an easy access to the account holders’ details in their devices, be it Mobile phone, personal computer or laptop.

View full story

ORIGINAL SOURCE: eHacking News

The post New malware strikes panic among B’luru bank customers appeared first on IT SECURITY GURU.

NHS Digital execs showed ‘little regard’ for patient ethics by signing data deal

MPs have voiced “serious concerns” about NHS Digital’s leadership, claiming execs paid “little regard” to the ethics of sharing patient details for immigration enforcement and are too close to government. Members of the House of Commons Health Committee slammed the body – which provides IT and data services for the NHS – for signing a data-sharing agreement with the Home Office. The government, meanwhile, was blasted for taking a stance on health data confidentiality that is at odds with the NHS’s own code – and warned it would open the door to other departments seeking patient addresses.

View full story

ORIGINAL SOURCE: The Register

The post NHS Digital execs showed ‘little regard’ for patient ethics by signing data deal appeared first on IT SECURITY GURU.

Thousands of Android Apps are Tracking Kids Without Parental Consent

The Google Play Store might be full of apps and games that are tracking children without the express permission from the parent, and Google doesn’t seem to be doing much about it. Following Facebook’s data leaking scandal with Cambridge Analitica, a lot of people have turned their attention to other social networks that might be doing the same thing. It turns out that we ought to be looking towards mobile apps as well, at least on Android, as a newly released study revealed. It’s one thing to track adults on Facebook or through other means, but tracking children it feels even more despicable. And they companies doing this actively have a very good reason for it, and it’s usually all about making money.

View full story

ORIGINAL SOURCE: Softpedia

The post Thousands of Android Apps are Tracking Kids Without Parental Consent appeared first on IT SECURITY GURU.

Lords: UK Could be World Leader in “Ethical” AI

The UK could be a world-leader in artificial intelligence (AI) if it puts ethics first, according to a new House of Lords report — with experts claiming the technology could also help combat cybersecurity challenges. The Lords select committee’s reportAI in the UK: ready, willing and able?, argued that by taking a proactive role in the development of the new technology, the UK could boost its economy and help to mitigate any associated risks and “misuse.” The committee recommended AI tech be developed on five principles. It said it should be designed “for the common good and benefit of humanity” and that “the autonomous power to hurt, destroy or deceive human beings should never be vested in artificial intelligence.”

View full story

ORIGINAL SOURCE: Infosecurity Magazine

The post Lords: UK Could be World Leader in “Ethical” AI appeared first on IT SECURITY GURU.

Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw

Hackers are leveraging an IIS 6.0 vulnerability to take over Windows servers and install a malware strain that mines the Electroneum cryptocurrency. Attacks aren’t widespread, as they target a quite old IIS version, but they are happening at scale. Hackers are using CVE–2017–7269 to take over servers. This is a vulnerability discovered by two Chinese researchers in March 2017 that affects IIS’ WebDAV service. At the time it was discovered last year, the flaw was a zero-day, being under heavy exploitation for almost nine months, since June 2016.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw appeared first on IT SECURITY GURU.

Home secretary urges UK businesses to up their game against cyber crime

Cyber crime is a shared responsibility between businesses, industry experts and individuals, the UK home secretary, Amber Rudd, has declared. Speaking at the National Cyber Security Centre’s CyberUK 2018 conference in Manchester on Thursday, Rudd said the UK government is committed to promoting EU cyber cooperation post-Brexit in a new cyber incident classification.

View Full Story

ORIGINAL SOURCE: V3

The post Home secretary urges UK businesses to up their game against cyber crime appeared first on IT SECURITY GURU.

Black Report Bites at ‘Candy Bar’ Security

Hackers can break into the vast majority of targets in less than 15 hours, using freely available open source tools and exploit packs. Nearly half can then exfiltrate high value data in less than an hour, according to 2018’s “Black Report” from Australian security software specialists Nuix – whether they’re using third party access or the aircon as an attack vector.

View full story

ORIGINAL SOURCE: CBR

The post Black Report Bites at ‘Candy Bar’ Security appeared first on IT SECURITY GURU.

Data exfiltrators send info over PCs’ power supply cables

If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be “propagated through the power lines” to the outside world.

View full story

ORIGINAL SOURCE: The Register

The post Data exfiltrators send info over PCs’ power supply cables appeared first on IT SECURITY GURU.

New authentication standards aim to make the web more secure

A pair of authentication standards published this week have received endorsement from Mozilla, Microsoft and Google: the WebAuthn API, and the FIDO Alliance’s Client-to-Authenticator Protocol. The aim of WebAuthn and CTAP is to offer an authentication primitive that doesn’t rely on server-stored passwords, since a user’s fingerprint or even their unlock pattern is safer for both user and Web site owner.

View Full Story

ORIGINAL SOURCE: The Register

The post New authentication standards aim to make the web more secure appeared first on IT SECURITY GURU.

Cloud adoption placed on hold

Enterprises are adopting the cloud much faster than their security teams can keep up – and misunderstanding about cloud environments is pervasive. The 2018 Enterprise Cloud Trends Report from iboss surveyed IT decision makers and office workers in US enterprises and found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities.

View Full Story

ORIGINAL SOURCE: Infosecurity Magazine

The post Cloud adoption placed on hold appeared first on IT SECURITY GURU.

UK Govt clamping down on Dark Web crime

The National Cyber Security Centre’s CYBERUK conference in Manchester will be the backdrop for the launch of a £9m fund to increase cyber capabilities and tackle organised crime online, focusing on those who use anonymous and hidden online services for illegal activities such as hacking, people trafficking, selling weapons and drug dealing.

View Full Story

ORIGINAL SOURCE: Sky News

The post UK Govt clamping down on Dark Web crime appeared first on IT SECURITY GURU.

Facebook warned of Russian hacking back in 2016

Facebook detected Russian government hackers targeting the Facebook accounts of campaign officials before the 2016 presidential election, Mark Zuckerberg revealed during a congressional hearing on Tuesday.

View Full Story

ORIGINAL SOURCE: Motherboard

The post Facebook warned of Russian hacking back in 2016 appeared first on IT SECURITY GURU.

YouTube videos hacked

A number of high-profile music videos disappeared from YouTube and had their titles and hold images defaced, after the video streaming website was targeted by hackers. This includes the most viewed video of all time ‘Despacito’ by Luis Fonsi and Daddy Yankee.

View Full Story

ORIGINAL SOURCE: Guardian

The post YouTube videos hacked appeared first on IT SECURITY GURU.

Indian Government websites being hacked

On April 06, India’s official ministry of defence (MoD) website—mod.gov.in—was reportedly hacked. Instead of the homepage, visitors to the site saw the following message: “The website encountered an unexpected error. Please try again later.” Alongside the error warning, a Mandarin character—meaning either “Zen” or “home”—appeared at the top of the page, media reports said, fueling conjecture that Chinese hackers were responsible for the attack.
View Full Story

ORIGINAL SOURCE: QZ

The post Indian Government websites being hacked appeared first on IT SECURITY GURU.

Dark Net being used by terrorists to plot and hide

Terrorist organisations and individuals are evading security services and intelligence agencies by “hiding in the shadows” of the darknet, using encrypted messaging services, to communicate and anonymous cryptocurrencies such as bitcoin to generate funds.

View Full Story

ORIGINAL SOURCE: The Guardian

The post Dark Net being used by terrorists to plot and hide appeared first on IT SECURITY GURU.

Hacker group exploit Cisco Flaw and target Iran and Russia

The message “Don’t mess with our elections” followed by a U.S. flag appeared on Iranian and Russian screens after a hacker group exploited Cisco Smart Install Client on vulnerable machines. The hackers claim to have targeted only the computer infrastructure in Iran and Russia during the attack on Friday night.

View Full Story

ORIGINAL SOURCE: CSO Online

The post Hacker group exploit Cisco Flaw and target Iran and Russia appeared first on IT SECURITY GURU.

Russia not to blame for cyber attack on Arizona elections in 2016

A hack on an Arizona election database during the 2016 U.S. presidential campaign was carried out by suspected criminal actors and not the Russian government, a senior Trump administration official told Reuters on Sunday.

View Full Story

ORIGINAL SOURCE: Reuters

The post Russia not to blame for cyber attack on Arizona elections in 2016 appeared first on IT SECURITY GURU.

Bot-ched security: Chat system hacked to slurp hundreds of thousands of Delta Air Lines, Sears customers’ bank cards

Hackers are feared to have swiped sensitive personal information held by two of the best known companies in the US – after malware infected a customer support software maker.
Both Sears and Delta Air Lines said Wednesday that hundreds of thousands of customers’ payment card numbers, expiration dates, and CVV security codes, were potentially extracted by the malware and siphoned to its masterminds.

View full story

ORIGINAL SOURCE: The Register

The post Bot-ched security: Chat system hacked to slurp hundreds of thousands of Delta Air Lines, Sears customers’ bank cards appeared first on IT SECURITY GURU.

Microsoft Adds Anti-Ransomware Features in Office 365

Three months after news first leaked, Microsoft officially announced today the launch of new anti-ransomware features for Office 365, the company’s commercial subscription-based office tools suite. The new feature is called File Restore and is a OneDrive feature that will allow users to go back in time and restore files to a previous state from the past 30 days.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Microsoft Adds Anti-Ransomware Features in Office 365 appeared first on IT SECURITY GURU.

Don’t want to alarm you, but defence bods think North Korea could nuke UK ‘within a few years’

North Korea maintains a hacking base in China, the UK Parliament’s Defence Select Committee has been told, while government snooping body GCHQ struggles to retain “cyber-staff”. Then there’s the slightly greater concern that the communist nation could nuke Britain “within a few years”. The House of Commons’ Defence Committee published its latest report, Rash or rational? North Korea and the threat it poses today. As well as setting out the Norks’ nuclear, cyber and chemical weapons capability, the committee called for greater funding for British cyber-defences – while staunchly insisting that cutting funds from conventional armed forces is not the way to do this.

View full story

ORIGINAL SOURCE: The Register

The post Don’t want to alarm you, but defence bods think North Korea could nuke UK ‘within a few years’ appeared first on IT SECURITY GURU.

Intel Remote Keyboard app nixed after discovery of critical remote control vulnerability

Intel has issued a security advisory about its remote keyboard app after discovering a bug that made it possible for a remote user to mimic keyboard and mouse input with elevated privileges.
Intel Remote Keyboard was available for both iOS and Android, but the critical vulnerability — and two other bugs with a High rating — means that it has now been pulled from Google Play and the App Store. Intel is also recommending that anyone using the app uninstalls it as soon as possible.

View full story

ORIGINAL SOURCE: Beta News

The post Intel Remote Keyboard app nixed after discovery of critical remote control vulnerability appeared first on IT SECURITY GURU.

State AG’s Equifax case may portend big problems for data breach defendants

We may be on the verge of a breakthrough in data breach litigation. A state judge in Massachusetts ruled Wednesday that the Massachusetts Attorney General can move forward with a potentially gigantic data breach case against the credit reporting firm Equifax. The AG, Maura Healey, is asking for statutory damages under Massachusetts consumer and data security law on behalf of every state resident whose private information was exposed when hackers broke into Equifax’s systems – regardless of whether the breach actually injured any consumers.

View full story

ORIGINAL SOURCE: Reuters

The post State AG’s Equifax case may portend big problems for data breach defendants appeared first on IT SECURITY GURU.

Best Buy hit by [24]7.ai data breach, too

Earlier today, we learned that hundreds of thousands of Delta Airlines, Sears and Kmart online shoppers could have had their names, addresses, and credit card information stolen by hackers.
You can now add Best Buy to that list. The big-box electronics retailer says it was also affected by the same breach, due to its use of online customer service software from [24]7.Ai during a 15-day period when its online chat tool was infected with malware.

View full story

ORIGINAL SOURCE: CNET

The post Best Buy hit by [24]7.ai data breach, too appeared first on IT SECURITY GURU.

OneDrive gets Files Restore rollback, Office 365 malware protection

Once upon a time, viruses were the bane of the computing industry. They haven’t totally disappeared, they just evolved and took on different forms. Malware is now even spread through malicious links and some can even hold your files for ransom. Microsoft’s software and services still have the notoriety of being the target of such attempts and Redmond is taking a few steps to ensure the safety of its OneDrive and Office 365 users.

View full story

ORIGINAL SOURCE: Slashgear

The post OneDrive gets Files Restore rollback, Office 365 malware protection appeared first on IT SECURITY GURU.

Microsoft patches critical Malware Protection Engine flaw

Microsoft has patched a remote code execution vulnerability impacting the Microsoft Malware Protection Engine – mpengine.dll – which provides the scanning, detection and cleaning capabilities for Microsoft’s various anti-virus and anti-spyware software including Windows Defender. The vulnerability is deemed critical in nature.

View full story

ORIGINAL SOURCE: Techspot

The post Microsoft patches critical Malware Protection Engine flaw appeared first on IT SECURITY GURU.

Delta says online chat cyber security breach put some customer payment info at risk

Delta Air Lines said Tuesday that a cyber security breach involving an online chat service it uses put some customer payment information at risk. Atlanta-based Delta said it was notified of the “cyber incident” March 28 by online chat service provider [24]7.ai. From Sept. 26 to Oct. 12, 2017, “certain customer payment information” for clients of the online chat service including Delta may have been accessed.

View full story

ORIGINAL SOURCE: AJC

The post Delta says online chat cyber security breach put some customer payment info at risk appeared first on IT SECURITY GURU.

The Company that Controls Rover Pipeline was a Cyber-Attack Target

The Rover Pipeline’s corporate parent came under cyber-attack this week, according to Bloomberg News, as did three other natural gas transmission companies. No pipeline operations or safety systems were affected.

View full story

ORIGINAL SOURCE: WKSU

The post The Company that Controls Rover Pipeline was a Cyber-Attack Target appeared first on IT SECURITY GURU.

Only 1% of media companies are ‘very confident’ in their cybersecurity

As more consumers cut the cable cord, media companies are increasingly transitioning to over-the-top (OTT) content, offering online-based shows and information. However, increasing cyber threats may halt media organizations’ online services and ability to innovate in the space, according to a Wednesday report from security firm Akamai.

View full story

ORIGINAL SOURCE: Tech Republic

The post Only 1% of media companies are ‘very confident’ in their cybersecurity appeared first on IT SECURITY GURU.

List of data breaches and cyber attacks in March 2018

Healthcare breaches are common in our monthly lists – but the number of incidents this month is insane. Take a look at the list, and you’ll quickly notice that the majority of them are healthcare related. There’s a mixture of incidents in there, from a rogue employee to someone accidentally sending information to the wrong fax number.

View full story

ORIGINAL SOURCE: IT Governance

The post List of data breaches and cyber attacks in March 2018 appeared first on IT SECURITY GURU.

Pyongyang Hackers Could be Major Future Threat: Parliament

The North Korean cyber-threat to the UK remains below that of Russia and China but could increase in the future, a new parliamentary Defence Committee report has claimed. It reiterated the view that the WannaCry ransomware attack which decimated large parts of the NHS was carried out by the Kim Jong-un regime, but that the UK was not its intended target.

View full story

ORIGINAL SOURCE: Infosecurity Magazine

 

The post Pyongyang Hackers Could be Major Future Threat: Parliament appeared first on IT SECURITY GURU.

SEC Charges $32 Million DJ Khaled-Backed Centra ICO With Fraud

It’s a harsh awakening for celebrities who have entered the wild west of initial coin offerings amid the Bitcoin craze. Late Tuesday, the Securities and Exchange Commission charged the founders of an ICO, Centra, with fraud, saying the creators raised $32 million from investors with an intricate marketing campaign, including the use of paid endorsements from prominent celebrities such as boxer Floyd Mayweather and singer DJ Khaled.

View full story

ORIGINAL SOURCE: Fortune

The post SEC Charges $32 Million DJ Khaled-Backed Centra ICO With Fraud appeared first on IT SECURITY GURU.

Bank card fraud fears: Cloning can be carried out by STANDING CLOSE

A WARNING has been issued over contactless bank cards with details being “skimmed” while the card is still in your pocket. And criminals can gain access to the equipment by purchasing it legally for just £20 online. One of the biggest threats to consumers using contactless cards is that there details can be very easily “skimmed”, this is when a criminal does not steal any cash from your card but instead your card details.

View full story

ORIGINAL SOURCE: The Express

The post Bank card fraud fears: Cloning can be carried out by STANDING CLOSE appeared first on IT SECURITY GURU.

86% of software vulnerabilities patched on day 1

Software vulnerabilities more than doubled between 2012 and 2017, but vendors are doing a better job of patching the holes in a timely manner, with 86% of vulnerabilities having patches available on the day of disclosure. These are among the key findings from Flexera’s latest Vulnerability Review. The annual report found that 19,954 vulnerabilities were documented in 2017, up 14% from 2016 and more than double the 9895 vulnerabilities recorded in 2012.

View full story

ORIGINAL SOURCE: Technology Decisions

The post 86% of software vulnerabilities patched on day 1 appeared first on IT SECURITY GURU.

What’s up with these ‘Congratulations Amazon User’ pop-up ads?

Pop-up ads have long been the scourge of the internet. But the rise of ad blockers, plus anti-pop-up moves by Google and Firefox had given us hope that those days would soon be behind us. So why are even the most tech-savvy among us starting to see ads appear congratulating us for being “selected as a winner” of a $1,000 Amazon gift card?

View full story

ORIGINAL SOURCE: Mashable

The post What’s up with these ‘Congratulations Amazon User’ pop-up ads? appeared first on IT SECURITY GURU.

Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts

Security researchers say they’ve identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware. “The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials,” Flashpoint researchers say.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts appeared first on IT SECURITY GURU.

Intel Says It Won’t Fix Meltdown and Spectre in Some Vulnerable Chips

Intel originally promised to fix the Meltdown and Spectre hardware flaws in all of its processors, but in a recent microcode revision guidance, the company says that won’t be possible and some chips would no longer receive updates. The company has assigned the “Stopped” production status to a total of 10 product families covering more than 200 processor models. “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons,” the company said.

View full story

ORIGINAL SOURCE: Softpedia

The post Intel Says It Won’t Fix Meltdown and Spectre in Some Vulnerable Chips appeared first on IT SECURITY GURU.

Software Bug discovered in largest Telecom Outage in US History

A software bug in a telecom provider’s phone number blacklisting system caused the largest telephony outage in US history, according to a report released by the US Federal Communications Commission (FCC) at the start of the month.
The telco is Level 3, now part of CenturyLink, and the outage took place on October 4, 2016.
View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Software Bug discovered in largest Telecom Outage in US History appeared first on IT SECURITY GURU.

Automation and gamification crucial to cyber security

The use of automation and gamification are critical to winning the fight against cyber criminals in the face of the skills’ shortage, a study investigating challenges facing IT security teams reveals.

View Full Story

ORIGINAL SOURCE: Computer Weekly

The post Automation and gamification crucial to cyber security appeared first on IT SECURITY GURU.

Panera bread website leaks millions of customer records

It has been discovered that Panera Bread left the information of up to 37 million customers who signed up for delivery and other services including “names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number” in plain text format accessible via its web site.

View Full Story

ORIGINAL SOURCE: Infosecurity Magazine

The post Panera bread website leaks millions of customer records appeared first on IT SECURITY GURU.

New malware named ‘Fauxpersky’ identified

A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it’s efficient at stealing passwords. Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware “Fauxpersky,” as it impersonates the Russian antivirus software Kaspersky.

View Full Story 

ORIGINAL SOURCE: ZDNet

The post New malware named ‘Fauxpersky’ identified appeared first on IT SECURITY GURU.

City of Atlanta running out of time to pay ransom for data

Time is running out for the city of Atlanta, which was given until Wednesday to pay off the cyberattackers who laid siege to city government data and are threatening to wipe the computers clean.

View Full Story 

ORIGINAL SOURCE: NPR

The post City of Atlanta running out of time to pay ransom for data appeared first on IT SECURITY GURU.

Majority of airports lack proper cyber security

The heightened focus on airport security started well over 40 years ago after Israeli forces had freed hostages from a hijacked aircraft in a major attack, according to Eliezer Marum, chairman of the Israel Airports Authority. Today, the airport is equipped with sophisticated physical security systems and intelligent security units to fend off growing threats that have also become increasingly cyber in nature.
View Full Story 

ORIGINAL SOURCE: Computer Weekly

The post Majority of airports lack proper cyber security appeared first on IT SECURITY GURU.

Suburban town in Atlanta reports data breach

As a massive cyberattack continues to cause issues for the city of Atlanta, one suburban town is reporting its own possible data breach. The city of Loganville, which is in Gwinnett and Walton counties, announced in a Monday afternoon Facebook post that it had been victimized — and said that the suspected breach “may involve [customers’] personal information.

View Full Story

ORIGINAL SOURCE: WSBTV

The post Suburban town in Atlanta reports data breach appeared first on IT SECURITY GURU.

Baltimore emergency service hacked for 17 hours

The city of Baltimore says part of its 911 dispatch system was hacked over the weekend by an unknown actor. The breach lasted 17 hours. Mayor Catherine Pugh’s office says the system supports 911 and 311 emergency systems. The mayor’s office emphasized that the incident was a “limited breach” and that critical services were not impacted or disrupted.

View Full Story 

ORIGINAL SOURCE: CBS News

The post Baltimore emergency service hacked for 17 hours appeared first on IT SECURITY GURU.

Countries that trust Facebook are more likely to be breached

The latest shoe has dropped on Facebook: Private data on 50 million users found its way to a shadowy research outfit, Global Science Research, and then on to Cambridge Analytica, a political consulting firm launched by former White House adviser Steve Bannon.

View Full Story

ORIGINAL SOURCE: Business Standard

The post Countries that trust Facebook are more likely to be breached appeared first on IT SECURITY GURU.

Quarter of DDoS victims are targeted accidentally

According to the latest report by Kaspersky Lab, a quarter of businesses that suffered a distributed denial of service attack believe they were an accidental victim, and that the DDoS attack wasn’t intended for them in the first place.

View Full Source 

ORIGINAL SOURCE: IT Pro Portal

The post Quarter of DDoS victims are targeted accidentally appeared first on IT SECURITY GURU.

Doping – UK agency says no data lost in weekend cyber attack

Cyber attackers targeted British sport’s anti-doping agency over the weekend without gaining access to any data, it said in a statement on Monday. London-based UK Anti-Doping (UKAD) holds the test details and medical records of thousands of athletes, ranging from soccer players to high-profile Olympic medallists.

View full story

ORIGINAL SOURCE: Reuters

The post Doping – UK agency says no data lost in weekend cyber attack appeared first on IT SECURITY GURU.

25% decrease in DDoS attacks in Q4 2017: Verisign

There was a 25 per cent decrease in the Distribution Denial of Service (DDoS) attacks in the fourth quarter of 2017 as compared to the third quarter, a new report said on Tuesday. Verisign, a global leader in domain names and internet security, found that the largest volumetric and highest intensity DDoS attack observed by Verisign in the fourth quarter of 2017 was a multi-vector attack that peaked at approximately 53 Gbps and over 5 Mpps.

View full story

ORIGINAL SOURCE: Business Standard

The post 25% decrease in DDoS attacks in Q4 2017: Verisign appeared first on IT SECURITY GURU.

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

European cyber-cops have felt the collar of a bloke suspected of running a network of crims that used malware to pinch €1bn (£874.8m, $1.24bn) from cash machines and other banking systems. The crew developed the software nasty Anunak, later updated to Carbanak, as well as cyber-weapons based on Cobalt Strike’s penetration testing toolkit. The gang lobbed this malicious code at more than 100 financial institutions around the globe from 2013 until 2016, we’re told.

View full story

ORIGINAL SOURCE: The Register

The post Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod appeared first on IT SECURITY GURU.

Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers

The group of Iranian hackers the US charged last week with hacking over 300 universities across the globe were actually master phishers astute at their craft, so much so that they used the same phishing lure for years without needing to change it.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers appeared first on IT SECURITY GURU.

GoScanSSH Malware Avoids Government and Military Servers

Security experts have discovered a new strain of malware that targets vulnerable Linux-based systems and tries its best to avoid infecting devices on government and military networks. The name of this new strain is GoScanSSH, and its name is a tell-tale sign of its main features and capabilities — coded in Go, use of infected hosts to scan for new ones, and the SSH port as the point of entry.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post GoScanSSH Malware Avoids Government and Military Servers appeared first on IT SECURITY GURU.

UK launching Cyber Security Export Strategy today to support sales

The UK clearly sees its cyber-capabilities and its robust approach to security as an asset that it can offer to partners and allies and a driver of UK exports. Cyber-security expertise as a UK specialisation is being made more explicit later today  (Monday 26 March) when International Trade Secretary Dr Liam Fox launches the UK government’s new Cyber Security Export Strategy to promote UK expertise and strengthen defence capabilities in the UK and allied countries.

View full story

ORIGINAL SOURCE: SC Magazine

The post UK launching Cyber Security Export Strategy today to support sales appeared first on IT SECURITY GURU.

AGs urge Congress to change proposed data breach law

Mississippi Attorney General Jim Hood and 31 of his colleagues have written Congress to urge them to oppose parts of a pending bill that would allow businesses attacked by security breaches to take more time to notify the public.

View full story

ORIGINAL SOURCE: Clarion Ledger

The post AGs urge Congress to change proposed data breach law appeared first on IT SECURITY GURU.

Chrome Extension Detects URL Homograph (Unicode) Attacks

The team from Phish.ai has developed and released a Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn the users about the potential of a homograph attack. Miscreants often use such intentionally misspelled domains to lure users on phishing sites, where they collect user credentials or trick victims into downloading files laced with malware.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Chrome Extension Detects URL Homograph (Unicode) Attacks appeared first on IT SECURITY GURU.

Yes, Even Elite Hackers Make Dumb Mistakes

On Thursday, a report from the Daily Beast alleged that the Guccifer 2.0 hacking persona—famous for leaking data stolen from the Democratic National Committee in 2016—has been linked to a GRU Russian intelligence agent. What appears to have given Guccifer away: The hacker once failed activate a VPN before logging into a social media account. This slip eventually allowed US investigators to link the persona to a Moscow IP address. In fact, they traced it directly to GRU headquarters.

View full story

ORIGINAL SOURCE: Wired

The post Yes, Even Elite Hackers Make Dumb Mistakes appeared first on IT SECURITY GURU.

New ransomware Zenis will delete backup files even if victim pays

A self-proclaimed “mischievous boy” who calls himself “ZENIS” unleashed ransomware attacks that encrypt the files and then purposely deleted the backups. Discovered last week by MalwareHunterTeam, Zenis uses a customized encryption method that warns recipients to pay up or risk losing forever their infected files.

View full story

ORIGINAL SOURCE: SC Magazine

The post New ransomware Zenis will delete backup files even if victim pays appeared first on IT SECURITY GURU.