• Botnet Abusing Android Debug Bridge, SSH is Back

    Botnet Abusing Android Debug Bridge, SSH is BackA new cryptocurrency-mining botnet malware is abusing Android Debug Bridge (ADB) and SSH, according to Trend Micro.  “This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant. This bot’s design allows it to spread from the infected host to any system that has had a previous SSH connection with the host," the researchers wrote."The use of ADB makes Android
  • Incomplete Fix Leads to New Kubernetes Bug

    Incomplete Fix Leads to New Kubernetes BugA new high-severity Kubernetes vulnerability has been discovered, according to security announcement on Securelists.org.As part of the ongoing Kubernetes security audit sponsored by the Cloud NativeComputing Foundation, the Kubernetes product security team announced a new high-severity vulnerability (CVE-2019-11246) that impacts kubectl, the command line interface used to run commands against Kubernetes clusters.“Another security issue was discover
  • Ethics and Compliance Programs Growing More Mature

    Ethics and Compliance Programs Growing More MatureEthics and compliance programs are trending up, driven in large part by strong support from top executives, according to the 2019 Definitive Corporate Compliance Benchmark Report, published by NAVEX Global.The research revealed that when leadership buys in to the strategic value of ethics and compliance programs, there is not only a greater likelihood of success but also an increased perception of organizational ethics. Strong executive backing a
  • US Adds AMD Joint Venture to Entity List

    US Adds AMD Joint Venture to Entity ListThe US Department of Commerce has added five more Chinese organizations onto the same Entity List as Huawei over national security fears, including an AMD joint venture.The department’s Bureau of Industry and Security (BIS) said the changes to the list, which will prevent US firms from doing business or selling components to them, will take effect from today.That will be a headache especially for AMD, which set up a JV with Tianjin Haiguang Advanced
  • Advertisement

  • Phishing Attack Exposes PII on 645,000 Oregonians

    Phishing Attack Exposes PII on 645,000 Oregonians Over 600,000 Oregon residents have been told their personal information may have been compromised after a successful phishing campaign against employees of the state’s Department of Human Services (DHS).The agency is sending 645,000 clients breach notices following a January 2019 incident, it said in a statement last week.Nine DHS employees clicked through in a phishing email sent early on in the month, giving hackers access to their accoun
  • US Warns of Destructive Iranian Cyber-Attacks

    US Warns of Destructive Iranian Cyber-AttacksA US government security agency has ratcheted up tension with Iran by warning that escalating state-sponsored attacks could turn destructive.The Cybersecurity and Infrastructure Security Agency (CISA) director, Christopher Krebs, said in a statement dated Saturday that Iranian “regime actors and proxies” had ramped up malicious cyber-activity against US government agencies and industries of late.“We will continue to work with our int
  • 66% of Homes in North America Have Multiple IoT Devices

    66% of Homes in North America Have Multiple IoT DevicesNorth American homes have the highest density of internet of things (IoT) devices of any region in the world, according to researchers at Stanford University and Avast.Together, Stanford University and Avast have published findings of their research in a paper entitled All Things Considered, which analyzes the global state of IoT. The survey was based on “data collected from user-initiated network scans of 83M devices in 16M house
  • Dell Advises PC Users to Update SupportAssist

    Dell Advises PC Users to Update SupportAssistDell has released a security alert letting customers know that they should update SupportAssist for both business and home PCs.The vulnerability was discovered by SafeBreach security researcher Peleg Hadar, who wrote that the OEM software vulnerability puts multiple laptops at risk.PC-Doctor, which makes and maintains the software-repair tool wrote that it had recently learned of the vulnerability, adding, “In our opinion, it would be very
  • Advertisement

  • Desjardins Insider Accessed Data of 2.9m Members

    Desjardins Insider Accessed Data of 2.9m MembersCanada's largest credit union and one of the world’s largest banks, Desjardins, published a security advisory after a former employee gained unauthorized access to the data of 2.9 million members.The former employee was fired as a result of the security breach. In a statement posted on its website, the bank said, “The investigation quickly traced the leak to a single source: an ill-intentioned employee who acted illegally and betrayed t
  • Novichok victim: ‘We’re being kept in the dark’

    Charlie Rowley speaks of anger and frustration as mystery still surrounds death of his partner
    The partner of the woman who died in the Wiltshire nerve agent poisonings a year ago has told of his anger and frustration that mystery still surrounds the case.Charlie Rowley said he felt the British authorities were not being transparent about what happened to Dawn Sturgess and revealed he was keen to visit Russia to question officials there about the novichok poisonings. Related: Novichok victim Daw
  • NCSC Stresses 5G's Challenges Outweigh China Threat

    NCSC Stresses 5G's Challenges Outweigh China ThreatWhile the debate on the 5G rollout has focused on Huawei, the work has been much wider and had to consider attacks and technical precision, according to the NCSC.Presenting at Chatham House in London, NCSC CEO Ciaran Martin said that “there is a structural and sustained problem” in the way that telecommunications markets have worked in the past, which has not incentivized sufficiently good cybersecurity.The most significant attack on
  • Warning Made on Cross-Platform Cryptominer

    Warning Made on Cross-Platform CryptominerESET has warned of cross-platform software which is used to mine cryptocurrency.Named LoudMiner, the malware uses virtualization software – QEMU on macOS and VirtualBox on Windows – to mine cryptocurrency on a Tiny Core Linux virtual machine. LoudMiner is distributed in pirated copies of audio software called VST (Virtual Studio Technology) and once an endpoint is infected, LoudMiner uses the compromised machines to mine cryptocurrency and us
  • Advertisement

  • High-Risk Vulnerabilities in iOS, Android Apps

    High-Risk Vulnerabilities in iOS, Android AppsThe vast majority of mobile apps store data insecurely, according to Positive Technologies researchers who discovered high-risk security vulnerabilities in 38% of iOS apps and 43% of Android apps.“But this difference is not significant, and the overall security level of mobile application clients for Android and iOS is roughly the same. About a third of all vulnerabilities on the client side for both platforms are high-risk ones,” accordi
  • California Suffered Highest Number of Breaches

    California Suffered Highest Number of BreachesOver the past decade, California has had the highest number of data breaches and the greatest number of records exposed, according to new research from Comparitech.In the new report, Protected: Which States Have the Most Data Breaches?, researchers analyzed data on the last 10 years’ worth of data breaches and found that California suffered the most data breaches, with New York and Texas following somewhat far behind.Since 2008, there have been
  • US CERT Warns of DHS Phishing Scam

    US CERT Warns of DHS Phishing Scam An email phishing scam tries to dupe its victims by appearing to be from the Department of Homeland Security (DHS). According to a June 18 US CERT alert, the email lures users into downloading malware through a malicious attachment.“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notificati
  • Six pull out of Bradford festival over counter-extremism funding

    Writers and activists quit literature festival over funding by Home Office programmeSix writers and activists have pulled out of the Bradford literature festival (BLF) in protest after it emerged it received funding from a government counter-extremism programme.The group withdrew from planned appearances after learning that the 10-day event, which was founded in 2014, has accepted money provided as part of the Home Office’s counter-extremism strategy for the first time. Continue reading...
  • Government delays 'porn ban' by six months following unforeseen kink

    A bureaucratic mistake has forced the government to delay the incoming age-verification legislation to be imposed on adult sites in the UK, which was due to come into force on 15 July
  • DCMS Pushes Porn Age Verification Deadline Back “Indefinitely”

    DCMS Pushes Porn Age Verification Deadline Back “Indefinitely”The planned age verification scheme, which would have prevented access to pornographic material to anyone who was unable to prove their age, is to be delayed indefinitely.According to Sky News, Department for Digital, Culture, Media and Sport (DCMS) Secretary Jeremy Wright is expected to announce the delay later today. The verification system was due to come into force on July 15, with website visitors expected to prove th
  • Florida City Pays $600K to Ransomware Authors

    Florida City Pays $600K to Ransomware AuthorsA Florida city has agreed to pay cyber-criminals $600,000 to regain access to computer systems encrypted with ransomware, highlighting the continued threat to organizations from extortion-based attacks.The Riviera Beach City Council voted unanimously to pay off the hackers, after security consultants hired to help recommended the extreme course of action, which runs at odds to advice from law enforcement.The council had already voted to spend $900,000
  • UK Identity Fraud Jumps 8% to New All-Time High

    UK Identity Fraud Jumps 8% to New All-Time HighIdentity fraud rose by 8% in the UK last year to hit an all-time high, with both the very young and old experiencing the biggest increases, according to Cifas.The anti-fraud non-profit’s latest Fraudscape report for 2018 was compiled as always from the 350 organizations that submit data to its National Fraud Database.These members recorded nearly 324,000 cases of fraud overall last year, a return to the highs of 2015 and 2016 after a dip in 20
  • CISOs Struggling With 50+ Separate Security Tools

    CISOs Struggling With 50+ Separate Security ToolsOrganizations are struggling to gain real-time visibility into their security technologies and suffering from an excessive number of tools running across the enterprise, according to new research from Panaseer.The security monitoring firm polled 200 enterprise CISOs to better understand their key strategic challenges, as part of its first Security Leader’s Peer Report.It revealed that 87% are struggling to gain any meaningful insight in
  • Millions Fall Victim to System Cleaner Hoaxes

    Millions Fall Victim to System Cleaner HoaxesThe first half of 2019 has seen a spike in the number of PC users attacked with fake system cleaners, according to research from Kaspersky.Research shows that the number of users jumped to 1,456,219 in the first half of 2019, compared to just 747,322 for the same period in 2018.“We’ve been watching how the phenomenon of hoax cleaners has been growing for the last couple of years, and it is a curious threat. On the one hand, many samples th
  • Security Should Be Business Focused, Says ISF

    Security Should Be Business Focused, Says ISFA security assurance program that focuses on business needs can help organizations meet the needs of business stakeholders, according to a new report released by Information Security Forum (ISF).The report, Establishing a Business-Focused Security Assurance Program, offers organizations ways to establish a security assurance program that takes a business-focused approach by “identifying how to move from current to future approaches, introdu
  • SACK Panic Vulnerability in Linux

    SACK Panic Vulnerability in LinuxResearchers at Netflix have discovered new denial-of-service (DoS) vulnerabilities in Linux and FreeBSD kernels, including a severe vulnerability called SACK Panic that could allow malicious actors to remotely crash servers and disrupt communications, according to an advisory published at its Github repository.“The vulnerabilities specifically relate to the Maximum Segment Size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, d
  • New Pentagon chief an ex-soldier who moved to the defense industry

    Washington: Secretary of the Army Mark Esper, who was chosen by President Donald Trump to be the new acting Pentagon chief, is a former military man who moved to the defense industry. “I know...
  • Germany Commissions First F125 Frigate

    On 17 June 2019, the F125 “Baden-Württemberg” was officially commissioned in a ceremony in the presence of German Defense Minister Ursula von der Leyen. The German Navy now has in service...
  • Turkey Unveils New Fifth-Generation Jet TF-X, Indigenous Alternative to F-35

    Just as Turkey lost access to Lockheed Martin’s F-35 Joint Strike Fighter, Turkish Aerospace Industries unveiled a model of its indigenously designed fifth-generation fighter jet, dubbed the TF-X, at...
  • Saudi-led coalition intercepts new Yemeni rebel drone

    A Saudi-led coalition fighting in Yemen intercepted a Huthi rebel drone targeting the kingdom, a spokesman said Wednesday, calling it another violation of an already fragile ceasefire in a key Red...
  • Hackers Gobble Up Data From EatStreet Diners and Partners

    Hackers Gobble Up Data From EatStreet Diners and PartnersOnline food ordering service EatStreet has revealed a major data breach affecting customers and restaurant partners.Although the number of companies and individuals affected isn’t known, the firm claims to partner with over 15,000 restaurants in hundreds of US cities, so the figure could theoretically surge into the millions.The two-week incident happened in May, when an “unauthorized third party was able to acquire information
  • AMCA Files for Bankruptcy Protection After Breach

    AMCA Files for Bankruptcy Protection After BreachThe parent company of healthcare debt collection firm American Medical Collection Agency (AMCA) has filed for bankruptcy protection following a major breach which is thought to have affected as many as 20 million patients.Its Chapter 11 filing in the Southern District of New York reveals the action was taken due to a “cascade of events” and “enormous expenses that were beyond the ability of the debtor to bear.”These were pr
  • Only Quarter of IaaS Users Can Audit Config Settings

    Only Quarter of IaaS Users Can Audit Config SettingsMost global organizations benefit from better security in the cloud than on-premise, with some key exceptions, including data loss prevention and configuration settings, according to McAfee.The security giant polled 1000 enterprises around the world and combined its findings with threat data gleaned from its products to compile the Cloud Adoption and Risk Report.The vast majority (87%) said they “experience business acceleration” th
  • Campaign calls for entertainment venues to plan for terror attack

    So-called Martyn’s law would compel premises to take steps to bolster their securityA group representing terrorism survivors will call on the Home Office to require all venues and public spaces – from arenas to pubs – to prepare a dedicated security plan in case of an attack.Called Martyn’s law, the proposal is named after Martyn Hett, who was killed in the Manchester arena attack two years ago, and is supported by his mother, other terror survivors and former counter-ter
  • Facebook Announces Digital Wallet and Coin, Libra

    Facebook Announces Digital Wallet and Coin, LibraBecause it possibly stands to faces billions of dollars in fines from the US Federal Trade Commission (FTC), Facebook, today announced its plans for Calibra, a Facebook subsidiary that will provide financial services and enable users to have access to and participate in the Libra network.“Calibra will let you send Libra to almost anyone with a smartphone, as easily and instantly as you might send a text message and at low to no cost. An
  • Accenture Acquires Deja vu Security

    Accenture Acquires Deja vu SecurityDeja vu Security has become a part of Accenture’s cyber-defense offerings through an acquisition announced on June 17.The Seattle-based Deja vu Security was founded in 2011 and has been providing a range of business application security solutions with a focus on integrating security into the product development lifecycle. Accenture continues to invest in next-generation cybersecurity solutions that will deliver end-to-end security for clients’
  • DNS Attacks Grow More Frequent and Costly

    DNS Attacks Grow More Frequent and CostlyDomain name server (DNS) attacks have grown in frequency and cost, according to multiple research reports published this week.The Domain Fraud Threats Report from Proofpoint found that Chengdu West Dimension Digital, NameSilo, Public Domain Registry and GoDaddy are the top fraudulent domains. Of the millions of fraudulent domains registered, 1 in 4 have security certificates and more than 90% remain active on a live server. In addition, more than 15% have
  • #OktaForum: Biometrics Are Authentication Preference, Privacy Concerns Remain

    #OktaForum: Biometrics Are Authentication Preference, Privacy Concerns RemainBiometrics are seen as a positive step forward in authentication, but employees maintain privacy concerns.According to a survey of 4013 workers across the UK, France and the Netherlands, the Okta Passwordless Future Report found that 78% of respondents use an insecure method to help them remember their password, including: using the same passwords for multiple accounts (34%), writing passwords down (26%),
  • #OktaForum: Trust is Key to Identity and Security

    #OktaForum: Trust is Key to Identity and SecurityTrust remains the most important factor in enabling security and identity management.Speaking at the Okta Forum in London, Okta CEO Todd McKinnon said that every company is a technology company now, and if you are not a technology company “your replacement will be a technology company.”McKinnon explained that technology comes with risks, such as the “war on talent” which is making finding the right people hard, while &ldquo
  • White Hats Update GandCrab Decryptor to Hasten its End

    White Hats Update GandCrab Decryptor to Hasten its EndInfamous ransomware GandCrab could finally be on the way out, after white hats released yet another updated decryptor tool designed to help victims to get their data back.In partnership with various law enforcement agencies including Europol, the Metropolitan Police, the FBI and NCA, Bitdefender has released the latest in a string of tools which it claimed has saved tens of thousands of organizations $50m in unpaid ransom money.This effective
  • Oregon State Uni Attack Exposes Data on Hundreds

    Oregon State Uni Attack Exposes Data on HundredsAnother US university has been hit by a successful cyber-attack, this time potentially compromising personal information (PII) on hundreds of students and family members.Oregon State University (OSU) issued a public notice on Friday after one of its employee’s email accounts was hacked last month and used to spam others with phishing emails.Forensic investigators found several documents in the breached inbox which contained the PII of 636 stu
  • Trans Charity Mermaids Apologizes Over Leaked Emails

    Trans Charity Mermaids Apologizes Over Leaked EmailsA transgender charity has apologised after journalists were able to find sensitive internal emails via a public internet search.Mermaids UK, which supports trans children and young people, said the emails came from 2016 and 2017, when it was a smaller organization without the internal processes and access to technical support which would now prevent such incidents.Although the original Sunday Times report which uncovered the leak said the email
  • NYT: US Targets Russian Power Grid

    NYT: US Targets Russian Power GridAfter news broke that the US has ramped up its digital attacks on Russia, according to a New York Times article, President Trump tweeted that the story was a "virtual act of treason by a once great paper...ALSO, NOT TRUE.”Though there are no details of the malware that was reportedly placed inside Russia’s power grid system, the NYT reported that National Security Presidential Memoranda 13, a classified document, grants the Department of Defense (DoD
  • 'Bulk hacking' by UK spy agencies is illegal, high court told

    Rights group argues powers of MI5 and GCHQ to obtain and store data breach human rights“Bulk hacking” powers exploited by the intelligence services to access electronic devices represent an illegal intrusion into the private lives of millions of people, the high court has been told.In its latest challenge to the 2016 Investigatory Powers Act (IPA), the civil rights organisation Liberty has argued that government surveillance practices breach human rights law. Continue reading...
  • Seven Million Venmo Transactions Published on GitHub

    Seven Million Venmo Transactions Published on GitHubVenmo users are being advised to set their accounts to private after a computer science student scraped seven million Venmo transactions, proving that users’ public activity can be easily accessed, according to The Next Web (TNW).Over a six-month period, Minnesota State University computer science student Dan Salmon, collected a data set, which Salmon exported from MongoDB, of more than seven million Venmo transactions, which he published
  • Eliminate Outdated Identity Proofing, Says GAO

    Eliminate Outdated Identity Proofing, Says GAOThe remote identity proofing used by four large government agencies has been deemed outdated by a new report released by the U.S. Government Accountability Office (GAO).According to the report, the Postal Service, Department of Veteran Affairs, Social Security Administration and the Centers for Medicare and Medicaid Services use outdated tactics to verify citizens’ data over the phone.Of the six agencies GAO interviewed, only two have eliminate
  • Microsoft Urges Azure Customers to Patch Exim Worm

    Microsoft Urges Azure Customers to Patch Exim WormMicrosoft has urged Azure users to update their systems following the discovery of a major new attack campaign targeting popular email server software.The worm, which Infosecurity reported on last week, targets mail transfer agent product Exim running on Linux-based email servers. It’s claimed that Exim is running on over half (57%) of the world’s email servers, with as many as 3.5 million vulnerable to the new attack.In a securi
  • Twitter Shuts Down 5000 State-Sponsored Accounts

    Twitter Shuts Down 5000 State-Sponsored AccountsTwitter has taken down nearly 5000 fake accounts, most of them apparently backed by the Iranian state, in a bid to clean the platform of government-sponsored attempts to spread propaganda.The social network claimed in a post last week that it had closed 4779 accounts linked to Tehran, 1666 of which tweeted nearly two million times, with content “that benefited the diplomatic and geostrategic views of the Iranian state.”Another subset of
  • SIA launches #SaferNightsOut campaign to address violence in the night time economy

    We're running a national campaign in June and July that aims to make the night-time economy a safer place for both security staff and people on nights out.
  • Europol Gamifies Cryptocurrency Crime Prevention

    Europol Gamifies Cryptocurrency Crime PreventionEuropol trained its members on cryptocurrency-related crime at a conference last week, announcing the development of a new game.The cross-jurisdictional law enforcement organization claimed that over 300 experts in cryptocurrency, from both the police and private sector, attended its headquarters in The Hague for the region’s largest conference of its kind last week.The aim was to share best practice and look at new partnership-building oppor
  • Liberty mounts latest court challenge to 'snooper's charter'

    Rights group argues powers of MI5 and GCHQ to obtain and store data breach human rightsThe legality of the intelligence services’ bulk surveillance activities under which personal data is obtained from social media companies as well as through hacking and interception is being being challenged in court.Monday’s action by the civil rights organisation Liberty follows revelations last week that MI5 had lost control of its data storage operations and admitted there were “ungoverne
  • Turkey’s Erdogan says S-400s delivery for early July

    Turkey expects the delivery of the controversial Russian S-400 missile defence system to begin in July, President Recep Tayyip Erdogan was quoted as saying in Turkish media on Sunday. “I...

Follow @Security_UKnws on Twitter!