• Companies' Stock Value Dropped 7.5% after Data Breaches

    Companies' Stock Value Dropped 7.5% after Data BreachesAfter analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.The report, Kings of the Monster Breaches, identified the extensive damage done by improper security by looking specifically at the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016. These to
  • LinkedIn Admits a Delay in Renewing TLS Cert

    LinkedIn Admits a Delay in Renewing TLS Cert LinkedIn users noticed on Tuesday that attempts to access the site from their desktop or laptop computer were met with an alert warning that the connection was not secure – the result of LinkedIn’s failure to renew the TLS certificate for its lnkd.in URL shortener, according to Computer Business Review (CBR).It turned out that the company had what it is calling a brief delay in renewing the TLS certificate. The company quick
  • Mobile Banking Malware Rose 58% in Q1

    Mobile Banking Malware Rose 58% in Q1The first quarter of 2019 saw a significant spike in mobile banking malware that steals both credentials and funds from users’ bank accounts, according to researchers at Kaspersky Lab.“In Q1 2019, Kaspersky Lab detected a 58% increase in modifications of banking Trojan families, used in attacks on 312,235 unique users. Banking Trojans grew not only in the number of different samples detected, but their share of the threat landscape increased as we
  • Fake Trezor App in Google Play Scams Users

    Fake Trezor App in Google Play Scams Users Malicious actors have been using a new set of fake cryptocurrency apps on Google Play that are reportedly able to phish and scam users out of cryptocurrency, according to ESET researchers.Researchers observed one app impersonating Trezor, a hardware cryptocurrency wallet. The app, called Coin Wallet – Bitcoin, Ripple, Ethereum, Tether, actually connects to a fake wallet, reportedly created on May 1, that scams unsuspecting users out
  • Advertisement

  • UK Political Parties Fail on Email Security Ahead of Elections

    UK Political Parties Fail on Email Security Ahead of ElectionsThe UK’s political parties are largely failing to protect their members from phishing attacks ahead of the European elections, a security vendor has claimed after revealing poor take-up of the DMARC protocol.Domain-based Message Authentication, Reporting and Conformance, to give it its full title, is widely regarded as a best practice solution to help mitigate the threat of email impersonation.Although not a silver bullet for em
  • TalkTalk Overlooked Nearly 5000 Customers in Breach Notification

    TalkTalk Overlooked Nearly 5000 Customers in Breach NotificationA mishandled 2015 data breach continues to hound TalkTalk after it emerged that the UK telco failed to notify nearly 5000 customers that had been affected.After being contacted by viewers who suspected their details had been stolen via the telco, consumer rights program Watchdog Live investigated.It subsequently found their full names, addresses, email addresses, dates of birth, TalkTalk customer numbers, mobile numbers and ban
  • UK Invests £22m in Army Cyber Centers as Russian Threat Looms

    UK Invests £22m in Army Cyber Centers as Russian Threat LoomsThe UK government has been sharing cyber-intelligence with 16 NATO allies and others outside the alliance on coordinated Russian attempts to probe critical infrastructure and government networks for vulnerabilities, according to Jeremy Hunt.The foreign secretary will say today at the NATO Cyber Defence Pledge Conference in London that the Kremlin is engaged in a global campaign designed to find IT flaws that could be exploit
  • Inside the neo-Nazi plot to kill a Labour MP – podcast

    A plot to kill a Labour MP and a police officer was only disrupted after an informant within the neo-Nazi group National Action blew the whistle. Robbie Mullen passed the details on to Hope Not Hate’s Matthew Collins. Here, they tell their extraordinary story. Also today: the columnist Aditya Chakrabortty on his unlikely collaboration with the techno group UnderworldIn the summer of 2017, Jack Renshaw, then aged 22, of the neo-Nazi group National Action, sat in a pub in Warrington and told
  • Advertisement

  • Fraud Attacks from Mobile Spiked 300% in Q1

    Fraud Attacks from Mobile Spiked 300% in Q1Fraud attacks from mobile apps spiked by 300% in the first quarter of 2019, according to new researcher from RSA.Published today, the Fraud Attack Trends: Q1 2019 report found that the total fraud attacks from rogue mobile applications on January 1 was 10,390 but had jumped to 41,313 by March 31.Rogue mobile apps are those designed to duplicate legitimate apps of trusted brands, which are a fast-growing phenomenon among cyber-criminals and a huge d
  • Firmware Vulnerability in Mitsubishi Electric

    Firmware Vulnerability in Mitsubishi Electric A vulnerability in Mitsubishi Electric’s MELSEC-Q Series Ethernet Module could allow a remote attacker to gain escalated privileges, according to an ICS-CERT advisory.Reported by Nozomi Networks, the vulnerability “could allow an attacker to render the PLCs statue in fault mode, requiring a cold restart for recovering the system and/or doing privilege escalation or executive arbitrary code in the context of the affected system of the
  • US May Ban Chinese Surveillance Camera Companies

    US May Ban Chinese Surveillance Camera CompaniesCiting human rights as the primary concern, the US announced that it is considering a ban on surveillance technologies produced by five Chinese companies, including Hangzhou Hikvision Digital Technology Co. and Zhejiang Dahua Technology Co., to a blacklist that bars them from US components or software, according to The New York Times and Bloomberg.Hikvision’s cameras are used the world over, which has raised human rights c
  • Google Stored Plaintext Passwords Since 2005

    Google Stored Plaintext Passwords Since 2005Google has admitted that some of its enterprise customers’ passwords have been erroneously stored in plaintext, in a security issue dating back 14 years.The tech giant’s VP of engineering, Suzanne Frey, explained that the problem occurred when it introduced a new way for G Suite domain administrators to upload and manually set new passwords for their employees, to help with onboarding and account recovery.“We made an error when implem
  • Advertisement

  • FCA: £27m Lost to Crypto Scams Last Year

    FCA: £27m Lost to Crypto Scams Last YearThe UK’s financial regulator has warned that £27m was lost in the last financial year to scams promising big returns on cryptocurrency and foreign exchange (forex) investments.The Financial Conduct Authority (FCA) claimed that investors lost on average £14,600 to fraud during the 12-month period, with reports of scams more than tripling to 1800.This kind of fraud typically starts on social media, where investors are lured by “
  • Lib Dems Come First in UK for Cybersecurity

    Lib Dems Come First in UK for CybersecuritySweden’s political parties have the best cybersecurity posture globally, with the UK languishing in the bottom half of the table, according to a new analysis by SecurityScorecard ahead of the European Parliament elections.Noting the impact of a major data breach at the Democratic National Committee (DNC) which helped to swing the 2016 Presidential election in favor of Donald Trump, the security vendor decided to appraise the security of political
  • DHS Issues Alert on Chinese-Made Drones

    DHS Issues Alert on Chinese-Made DronesChinese-made drones may be sending sensitive flight data to their manufacturers in China, according an alert issued by the US Department of Homeland Security (DHS), CNN reported on May 20.In a copy of the alert obtained by CNN, DHS said, "The United States government has strong concerns about any technology product that takes American data into the territory of an authoritarian state that permits its intelligence services to have unfettered access to t
  • Ransomware Not Gone but More Targeted, Report Says

    Ransomware Not Gone but More Targeted, Report SaysCyber-criminals continue to grow more sophisticated, developing advanced attack methods, including tailored ransomware, according to the Q1 Global Threat Landscape Report, published today by Fortinet. In addition to targeted attacks, criminals are also using custom coding, living-off-the-land (LotL) and sharing infrastructure to maximize their opportunities, the report said.Despite a decline in previous high rates of ransomware, ransomware itself
  • Encryption is Often Poorly Deployed, if Deployed at All

    Encryption is Often Poorly Deployed, if Deployed at All Encryption continues to be a challenge for companies, as only a quarter of organizations admit to using it for at-rest data, and for emails and data centers.According to research by Thales and IDC, encryption for email is only adopted by around 27% of European of the respondents they recently surveyed, while the numbers decline for data at rest, data centers, Big Data environments and full disk encryption. The only instance of European
  • DDoS Attacks on the Rise After Long Period of Decline

    DDoS Attacks on the Rise After Long Period of DeclineThe number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab.The global cybersecurity company’s findings, detailed in its DDoS Attacks in Q1 2019 report, come in the wake of dramatically falling numbers of DDoS attacks recorded throughout 2018, suggesting that cyber-criminals are once again turning to DDoS as an attack method after a sustained period of shiftin
  • Washington Issues Temporary License to Huawei

    Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August.Despite reports emerging over the weekend of various chipmakers halting supplies to the Chinese firm after it was placed on an Entity List last week, the Commerce Department appears to have softened its stance.Issued on Monday, the temporary general license for Huawei and 68 non-US affiliates
  • Phishing Kit 16Shop Targets Apple Users, Hackers

    Phishing Kit 16Shop Targets Apple Users, HackersResearchers have discovered a hidden backdoor in a commercial phishing kit, 16Shop, used to attack Apple customers, according to Akamai.“When it comes to targeting Apple users and their personal and financial data, 16Shop has emerged as a go to kit for those who can afford it. While 16Shop is sold to criminals looking to collect sensitive information from a targeted subset of the Internet community, at least one pirated version circulating on
  • Aussie Government IT Worker Arrested for Cryptomining

    Aussie Government IT Worker Arrested for CryptominingAn Australian government IT contractor has been arrested on suspicion of making thousands from an illegal cryptocurrency mining operation at work.The 33-year-old New South Wales man appeared in court today after allegedly earning AU$9000 ($6188) by “modifying his agency’s computer systems,” according to the Australian Federal Police (AFP).At Sydney Local Court, he was charged with unauthorized modification of data to cause im
  • Fifth of Docker Containers Have No Root Passwords

    Fifth of Docker Containers Have No Root PasswordsA fifth of the world’s most popular Docker containers contain a security issue which could make them vulnerable to attack in some circumstances, a researcher has discovered.Kenna Security principal security engineer, Jerry Gamblin, explained that after recent Cisco Talos research revealed Alpine Linux docker images were shipping with no (nulled) root passwords, he decided to dig a little deeper.Running a script on the 1000 most popular conta
  • KnowBe4 Announces Acquisition of CLTRe

    KnowBe4 Announces Acquisition of CLTReKnowBe4 has announced the acquisition of CLTRe, adding the capability to measure security culture into its portfolio.Led by Kai Roer, CLTRe is a Norwegian company focused on helping organizations assess, build, maintain and measure a strong security posture. It will continue to operate as an independent subsidiary of KnowBe4.The acquisition will mean that CLTRe’s toolkit and Security Culture Framework will be available to all KnowBe4 customers later th
  • Ecuador Shares Assange's Legal Docs with US

    Ecuador Shares Assange's Legal Docs with USComplying with a request by US authorities, Ecuadorian officials are preparing to hand over documents that are reportedly the entire legal defense against Julian Assange, compiled during the time he has been living in the Ecuadorian embassy in London, according to WikiLeaks."On Monday Ecuador will perform a puppet show at the embassy of Ecuador in London for their masters in Washington, just in time to expand their extradition case before the UK deadlin
  • New South Wales Announces New Cybersecurity Position

    New South Wales Announces New Cybersecurity PositionIn an attempt to centralize all of the cyber efforts and strategies of the state, New South Whales (NSW) has announced a new cybersecurity NSW office to be led by led by Tony Chapman, chief cybersecurity officer, according to a May 20 press release.Chapman assumed the position today, which falls under the department of customer service, and wrote via LinkedIn, “The changes reflect the leadership and coordination role required to uplift cy
  • Online Account Hijacker Forum OGUsers Hacked

    Online Account Hijacker Forum OGUsers HackedAn online forum used by those involved in online account hijacking has been breached, according to KrebsonSecurity.An attack on OGUsers.com leaked the personal information of nearly 113,000 people. Krebs reportedly received a copy of the database, which included usernames, email addresses, hashed passwords, private messages and IP address.The RaidForums Omnipotent administrator announced to forum members that he had made the OGUsers forum database
  • Sajid Javid announces overhaul of espionage and treason laws

    New bill needed to tackle hostile activity by Russia and others, says home secretaryHostile state actors – spies, assassins or hackers directed by the government of another country – are to be targeted by refreshed espionage and treason laws, the home secretary has announced.In a speech to security officials in central London, Sajid Javid revealed plans to publish a new espionage bill to tackle increased hostile state activity from countries including but not limited to Russia. Conti
  • The global supply implications of the Google-Huawei blacklisting

    If Google is forced to block Android and related Google Services from shipping in future Chinese handsets, the ramifications for global production could be enormous
  • LeakedSource Company Pleads Guilty

    LeakedSource Company Pleads Guilty The operators of an infamous breached credentials site have pleaded guilty to trading in stolen information, according to Canadian police.Defiant Tech, which owns the LeakedSource website, entered the plea on Friday at a court in Ottowa, a brief notice from the Royal Canadian Mounted Police (RCMP) stated.The charges of “trafficking in identity information and possession of property obtained by crime” came after an investigation was launched by the p
  • Ex-CIA Man Gets 20 Years for Handing China Secrets

    Ex-CIA Man Gets 20 Years for Handing China SecretsA former CIA intelligence officer has been sentenced to two decades behind bars after being found guilty last year of passing defense secrets to China.Kevin Patrick Mallory, 62, of Leesburg, was found guilty by a federal jury in June 2018 of conspiracy to deliver, attempted delivery, delivery of national defense information to aid a foreign government, and making material false statements.He is said to have been paid $25,000 for handing classifie

Follow @Security_UKnws on Twitter!