• Reddit Locks Down Accounts After Security Incident

    Reddit Locks Down Accounts After Security IncidentA large number of Reddit users have been locked out of their accounts as a precaution while the site’s admins investigate potential unauthorized access.Staffer “Sporkicide” would not disclose exactly how many users were affected by the move, but claimed in a post yesterday that “a large group of accounts were locked down due to a security concern.”“By ‘security concern,’ we mean unusual activity tha
  • Virtualized Calls a Top Threat for ATO Attacks

    Virtualized Calls a Top Threat for ATO AttacksAccording to the 2019 State of the Call Center Authentication report from TRUSTID, a Neustar company, one of the most exploited areas in a company’s security chain is the call center.Companies may be investing more in their cybersecurity defenses, but fraudsters are evolving in their tactics. As such, they’ve discovered that by targeting call centers, they can easily obtain personally identifying information (PII), which is likely one rea
  • New Variant of AZORult Trojan Written in C++

    New Variant of AZORult Trojan Written in C++After analyzing several previously unknown malicious files that were detected earlier this month, Kaspersky Lab determined the files were a new version of a data stealer known as the AZORult Trojan. Because the files are written in C++, and not Delphi, researchers have dubbed the variant AZORult++.According to researchers, this latest version is potentially more dangerous than earlier variants. In addition to amassing data – including creden
  • Zero-Day WordPress Plugin Exploited in the Wild

    Zero-Day WordPress Plugin Exploited in the WildA WordPress zero-day in the Easy WP SMTP plugin is actively being exploited in the wild, according to NinTechNet.The plug-in allows site owners using WordPress to both configure and send outgoing emails through an SMTP server, preventing messages from landing in the recipient’s junk folder. By exploiting what is categorized as a critical vulnerability, hackers reportedly gained administrative access and were able to alter content on
  • Advertisement

  • Kaigun Kare: Japanese Navy Curry

    Kaigun Kare, directly translated as “Navy Curry” in English, is the hearty, mildly sweet and spicy gravy dish served up in mess halls and ship galleys every Friday in the Japanese...
  • UK E-commerce Fraud Soars 27% in 2018

    UK E-commerce Fraud Soars 27% in 2018UK e-commerce fraud hit nearly £400m in 2018, accounting for the vast majority (78%) of all card not present (CNP) fraud and fueled by an ongoing epidemic in data breaches and social engineering, according to UK Finance.The banking industry group’s annual roundup, Fraud the Facts 2019, claimed that £393 million of e-commerce fraud amounted to 59% of total card fraud and represented a 27% increase on 2017 figures.“Data compromise, inclu
  • Researchers Raise Privacy Alarm Over Medicine Apps

    Researchers Raise Privacy Alarm Over Medicine Apps Researchers have raised serious privacy concerns over the use of medical apps in the Google Play store after noting that the majority share user data with third parties.Published in The BMJ this week, the study led by University of Toronto researchers identified 24 top-rated “medicines related” apps on the Android marketplace in the UK, US, Canada and Australia.They simulated real-world use of the apps in the lab via four dummy scrip
  • Man Pleads Guilty to $3m Tech Support Scam

    Man Pleads Guilty to $3m Tech Support Scam A North Carolina man has pleaded guilty to his part in a global tech support scam conspiracy which netted over $3 million in profits from unsuspected computer users.Bishap Mittal, 24, from Charlotte, worked with an unnamed individual who owns Capstone Technologies, a firm which appears to have been set up with the scam in mind.They purchased and distributed adware to users’ machines, according to the Department of Justice. These caused fake pop-up
  • Advertisement

  • UK Police Federation Hit by Ransomware

    UK Police Federation Hit by RansomwareThe UK’s Police Federation of England and Whales (PFEW) was the victim of a malware attack, according to two different tweets posted by the National Cyber Security Center (NCSC) UK and the PFEW.According to the Police Federation, the attack on the PFEW, which represents 119,000 police officers across the 43 forces in England and Wales, was first noticed on March 9. Upon learning of the ransomware attack through a system alert, PFEW responded quickly an
  • Cyber Expert Hosts 'Savvy Cyber Kids' Talk in MA

    Cyber Expert Hosts 'Savvy Cyber Kids' Talk in MAMiddle schoolers in Massachusetts welcomed the opportunity to learn about cybersecurity with a visit from Ben Halpert, founder of the Atlanta, Georgia–based nonprofit Savvy Cyber Kids Inc.According to the Center for Digital Education, Halpert visited with more than 200 seventh graders at different schools, including the Consentino School in Haverhill, Massachusetts, earlier this week. During his presentation students learned what really
  • Facebook Left Millions of Passwords Unhashed

    Facebook Left Millions of Passwords UnhashedDuring a routine security review in January 2019, Facebook discovered that some user passwords had been stored in plain text on its internal data storage systems, an issue that raised concerns given that the company’s login system is supposed to mask passwords, according to the Facebook newsroom.The security flaw has reportedly been fixed, and Facebook said it will be notifying everyone whose passwords were unencrypted, which it said could be hun
  • The Sun acts responsibly in reporting terror | Letter

    Our news organisation recognises its responsibilities with regards to reporting terror, says the Sun’s Andy SilvesterYour article (Mainstream media helping radicalisation, says Met’s anti-terror boss, 21 March) suggested that the Sun “rushed” to upload clips of the footage filmed by the gunman in the horrific attack in Christchurch last week.Quite apart from the implication that we were acting irresponsibly in doing so, the failure to explain to your readers that we did n
  • Advertisement

  • Russian State Hackers Phish Euro Governments Ahead of Elections

    Russian State Hackers Phish Euro Governments Ahead of ElectionsState-sponsored Russian hackers are targeting NATO members and European governments ahead of the upcoming European Parliament elections, according to new FireEye intelligence.The security vendor claimed to have detected spear-phishing activity from the prolific Kremlin-linked APT28 and Sandworm Team groups.The idea is to harvest passwords by sending the victim to a fake log-in page. To increase their chances of success, the groups ar
  • Windows smashed at five mosques in Birmingham

    Counter-terrorism officers investigating after series of attacks overnight Counter-terrorism police are investigating after windows were smashed at five mosques in Birmingham.West Midlands police were first called at 2.32am to a mosque on Birchfield Road, Perry Barr, where a man was reported to be breaking windows with a sledgehammer. Officers arrived to find that the incident had happened some time earlier. Continue reading...
  • Tech Duo Stung for $122m by BEC Attacker

    Tech Duo Stung for $122m by BEC AttackerA Lithuanian man has pleaded guilty to an audacious Business Email Compromise (BEC) scam which tricked Google and Facebook employees into wiring him $122m.Evaldas Rimasauskas, 50, of Vilnius, pleaded guilty to one count of wire fraud, which carries a maximum sentence of 30 years in prison, it was announced yesterday.His whaling scheme involved the registration of a company in Latvia with the same name as a data centre hardware manufacturer both Google and
  • NCSC Backs New Group to Help Boards’ Cyber Risk Efforts

    NCSC Backs New Group to Help Boards’ Cyber Risk EffortsA group of academics, government experts, charities and others has come together to help UK boards better assess cyber risk.The Cyber Readiness for Boards initiative is being funded by the National Cyber Security Centre (NCSC) and charity the Lloyd’s Register Foundation, but will also benefit from input from University College London (UCL), the University of Reading, Coventry University, th
  • Lockerbie investigators ‘question former Stasi agents’

    Five former East German officers reportedly suspected of role in 1988 bombing
    Investigators into the Lockerbie bombing, which killed 270 people, are reported to be questioning at least five former agents of the East German secret police about their possible role in Britain’s deadliest ever terror attack.The retired Stasi agents are suspected of having been involved in the atrocity, in which transatlantic flight Pan Am 103 was blown up over Scotland in 1988, killing everyone on board and 11
  • Nation-States Have Right to Hack Back, Survey Says

    Nation-States Have Right to Hack Back, Survey SaysSecurity professionals who attended RSA 2019 believe that the world is in the midst of cyber-war, according to a survey conducted by Venafi.While 87% of the 517 IT security professionals surveyed believe that cyber-war is a current reality rather than a future threat, 72% of respondents said that nation-states should be able to "hack back" when their infrastructure are targeted by cyber-criminals.The Venafi survey sought feedback from IT pro
  • Newspapers help to radicalise far right, says UK anti-terror chief

    Neil Basu criticises hypocrisy of mainstream news providers in wake of Christchurch attackBritain’s counter-terrorism chief has said far-right terrorists are being radicalised by mainstream newspaper coverage, while also criticising the hypocrisy of outlets such as Mail Online, which uploaded the “manifesto” of the gunman in the Christchurch terror attack.Neil Basu, one of Britain’s top police officers, said it was ironic that while newspapers have repeatedly criticised t
  • FIN7 Still Active Despite Arrests

    FIN7 Still Active Despite ArrestsResearchers have discovered the advanced persistent threat group (APT) FIN7 is using a new attack panel in campaigns that Flashpoint analysts have called Astra.Despite alleged members of the group being charged with 26 felony counts in August 2018, analysts have found previously unseen malware samples, which are reportedly written in PHP and function as a script-management system. In addition, the new administrative panel, believed to be linked to the g
  • Attacks Target AmEx, NetFlix Users with Phishing

    Attacks Target AmEx, NetFlix Users with PhishingWindows Defender Security Intel has reported two major phishing attacks targeting American Express and NetFlix.The Office 365 research teams discovered the attacks, which reportedly emerged over the weekend, hitting unsuspecting customers with well-crafted phishing campaigns that attempt to steal credit card information. According to a tweet from Windows Defender Security, “Machine learning and detonation-based protections in Office 365
  • BEC Gift Card Scams Go Mobile

    BEC Gift Card Scams Go Mobile Cyber-criminals are evolving their tactics with Business Email Compromise (BEC) attacks by transferring victims from email over to mobile communications channels early on in a scam, according to Agari.Researcher James Linton described how such an attack typically takes place, with the initial spoofed CEO email containing a request for the recipient’s mobile phone number.“By moving them over to their cell phone, the scammer is equipping their victim with
  • Kaspersky Lab Files Antitrust Case Against Apple

    Kaspersky Lab Files Antitrust Case Against AppleKaspersky Lab has filed an antitrust complaint against Apple in Russia, arguing that the tech giant forced it to remove two key features from one of its apps just as Apple’s released similar functionality.The issue boils down to Kaspersky Lab’s use of configuration profiles in its Kaspersky Safe Kids app.Removing this according to Apple’s demands would have meant disabling two “essential” features, app control and Safa
  • Ad Trackers Found on 89% of EU Gov Sites

    Ad Trackers Found on 89% of EU Gov SitesAd tech companies are extensively tracking EU citizens on government websites, potentially exposing highly sensitive user data to third parties in breach of the GDPR, according to a new report.Privacy compliance firm Cookiebot scanned 184,683 pages on all EU main government websites to compile its report, Ad Tech Surveillance on the Public Sector Web.It found a shocking 25 out of 28 official government sites (89%) harbored ad tech trackers, despite these s
  • UK to start issuing far-right terrorism alerts

    White supremacist attacks pose increasing threat, believe counter-terrorism chiefs The UK is to start issuing official threat-level warnings for far-right terrorism amid rising concerns about white supremacist murder attempts, the Guardian has learned.The threat levels will be issued following assessments by the Joint Terrorism Analysis Centre (JTAC), an elite Whitehall unit that already produces similar warnings for Islamist and Ireland-related terror. Related: Far right may exploit Brexit tens
  • US Orgs Not Ready to Comply with CCPA

    US Orgs Not Ready to Comply with CCPAProtecting consumer privacy has become a top priority for legislators as candidates launch their 2020 campaigns and try to win over voters. According to research findings revealed in the new CCPA and GDPR Compliance Report, however, US companies haven't made privacy regulations a top priority.The online survey, conducted by TrustArc, reflects responses from 250 IT professionals who represent a wide spectrum of industries and company sizes. Of all the particip
  • Consumers Donate Data with Recycled Electronics

    Consumers Donate Data with Recycled ElectronicsWith the rapid turnover of technology, many consumers willingly trade in, sell or donate their old electronics, often times without ensuring that all of their data has been wiped clean, according to new findings from Rapid7.In a recent experiment conducted by Rapid7’s Josh Frantz, nearly every device he analyzed contained some form of personally identifiable information (PII) left over from its previous owner. Over the span of six months, Fran
  • Apple, Microsoft Top Orgs Used in Spear Phishing

    Apple, Microsoft Top Orgs Used in Spear PhishingAs spear-phishing tactics continue to evolve, attackers are using these threats with greater frequency and severity, making spear-phishing attacks the top threat vector for many organizations, according to a new report from Barracuda Networks.Despite increased awareness of the types of threats they face, companies continue to fall victim to spear-phishing campaigns because attacks are becoming more tailored, with malicious actors leveraging so
  • Half of Global Firms Concerned Over Security Skills Gaps

    Half of Global Firms Concerned Over Security Skills GapsNearly half (49%) of global organizations feel more exposed to security breaches because of skills shortages, according to a new Trend Micro study.The vendor polled 1125 IT decision makers around the world and found that nearly two-thirds (64%) have experienced an increase in attacks over the past year.The uptick in threats is coming at a bad time, as estimates put the global shortfall of cybersecurity professionals at nearly three mil
  • Aluminium Giant Norsk Hydro Suffers Major Cyber-Attack

    Aluminium Giant Norsk Hydro Suffers Major Cyber-AttackOne of the world’s biggest aluminium producers has been hit by a major cyber-attack affecting production systems, according to reports.Norwegian firm, Norsk Hydro, said it had called in national security authorities to help repel the attack, which appears to have started overnight local time.“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible,” it said in a reported

Follow @Security_UKnws on Twitter!