• Two New Carding Bots Threaten E-Commerce Sites

    Two New Carding Bots Threaten E-Commerce Sites Two new carding bots that pose a threat to e-commerce platforms have been detected at the start of the busiest shopping period of the year. The discovery was made by an eagle-eyed PerimeterX research team, which launched an investigation after the number of cyber-attacks against their own checkout pages surged.One of the new carding bots, named the canary bot, specifically exploits top e-commerce platforms. The other bot, dubbed the s
  • FBI Warns of Cloud-Based BEC Attacks

    FBI Warns of Cloud-Based BEC AttacksThe Federal Bureau of Investigation (FBI) has issued a warning over cloud-based business email compromise (BEC) scams that have cost US companies more than $2bn.A BEC is a sophisticated scam targeting businesses that perform electronic payments, such as wire transfers or automated clearing house transfers. Typically, the scam involves a threat actor breaching a legitimate business email account through social engineering or computer intrusion techniq
  • Fake 3D Printed Fingerprints Fool Biometric Scanners

    Fake 3D Printed Fingerprints Fool Biometric ScannersIt wasn't quick or simple, but researchers at Cisco Talos have managed to break into devices secured with biometric authentication.New research published today by Paul Rascagneres and Vitor Ventura revealed that manufactured fingerprints, created using 3D printing technology and textile glue, can defeat fingerprint authentication on a variety of phones, laptops, and padlocks. In a series of experiments, using different materials
  • Accenture Acquires Revolutionary Security

    Accenture Acquires Revolutionary Security Accenture has acquired a privately held Philadelphia company specializing in enterprise cybersecurity for information technology and operational technology environments.Global professional services company Accenture announced its acquisition of Revolutionary Security on April 7. The financial terms of the deal were not disclosed.Revolutionary Security was founded in 2016 and is headquartered in Whitpain Township, Pennsylvania. The company emplo
  • Advertisement

  • Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable Employees

    Microsoft: Cyber-Criminals Are Targeting Businesses Through Vulnerable EmployeesMicrosoft has warned that cyber-criminals are preying on people’s vulnerable psychological states during the COVID-19 pandemic to attack businesses. During a virtual press briefing, the multinational technology company provided data showing how home working and employee stress during this period has precipitated a huge amount of COVID-19-related attacks, particularly phishing scams.Working from home at this tim
  • Quarter of DevOps Suffer Open Source Component Breaches

    Quarter of DevOps Suffer Open Source Component BreachesA quarter of organizations have suffered a breach related to their application development process over the past year, with most of these coming via open source components, according to Sonatype.The DevOps automation firm’s 2020 DevSecOps Community Survey is based on responses from 5045 software professionals around the world.It revealed that 21% of the 24% of responding organizations that reported a breach over the past 12 months
  • Over 350,000 Exchange Servers Exposed to Serious RCE Bug

    Over 350,000 Exchange Servers Exposed to Serious RCE BugOver 350,000 Exchange servers around the world are still exposed to a critical vulnerability patched by Microsoft in February and actively being exploited in the wild, according to Rapid7.The security vendor deployed its Project Sonar scanning apparatus to find that over 82% of the 433,464 Exchange servers it detected were still vulnerable as of March 24.Discovered by Trend Micro’s Zero Day Initiative, the vulnerability in question, C
  • EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking App

    EU Privacy Tsar Calls for Europe-Wide #COVID19 Tracking AppEurope’s data protection tsar has called for a pan-EU COVID-19 health tracking app to avoid fragmented member state approaches which may not follow privacy-by-design principles.European data protection supervisor (EDPS), Wojciech Wiewiórowski, said his team is already cooperating with other EU institutions to create a joined-up approach in line with GDPR.He argued that even the strict EU data protection regulation makes some
  • Advertisement

  • Akamai CSO: Online and Remote Work is the Future of Business

    Akamai CSO: Online and Remote Work is the Future of BusinessThe internet is proving to be the most valuable resource at the moment, and opportunities will await those who adapt and are more prepared.Speaking as part of the Akamai Edge conference, delivered as a virtual summit, Andy Ellis, CSO and senior vice-president at Akamai, said that where once the internet was disruptive, it is now enabling us to teach our children and talk to family members during the COVID-19 crisis.&
  • Scammers Target US Stimulus Checks

    Scammers Target US Stimulus ChecksIn the latest sorry COVID-19 scam, fraudsters are impersonating financial institutions to steal from Americans expecting stimulus checks from the US federal government. Following the outbreak of the novel coronavirus, many Americans have been furloughed, fired, or had their hours or workload reduced as businesses across the country closed and lockdown measures were implemented. To soften the economic blow dealt by the deadly virus, the US Senate approv
  • Linux Servers Under Attack for a Decade

    Linux Servers Under Attack for a DecadeNew research has found that the Linux platform has been under attack from Chinese threat groups for a decade. The "Decade of the RATs Research Report," published today by BlackBerry, reveals how five Chinese APT groups targeted Linux servers, Windows systems, and mobile devices running Android in a prolonged cross-platform attack. Researchers said that they are confident that the APT groups "are likely comprised of civilian contractors working in
  • Philippines Arrests 32 on Fake News Charges

    Philippines Arrests 32 on Fake News ChargesPolice in the Philippines have charged 32 people with disseminating false information regarding the COVID-19 health crisis.The Philippine National Police Anti-Cybercrime Group (PNP-ACG) said that 8 of those arrested allegedly spread fake rumors about the novel coronavirus orally around their local neighborhoods. The remaining 24 suspects are accused of using social media platforms to circulate falsehoods about the deadly virus.Among the suspects is publ
  • Internet Traffic Spiked to Double Normal Rate in March

    Internet Traffic Spiked to Double Normal Rate in MarchInternet traffic saw a major spike in March, but it will scale in the face of increased user demand.Speaking as part of the Akamai Edge conference, delivered as a virtual summit, Tom Leighton, CEO and co-founder of Akamai, said that COVID-19 is creating major changes in lifestyles, as the internet was intended to make our lives manageable.“We are operating at a larger scale,” Leighton said, acknowledging that questi
  • UK Businesses Could Make Huge Savings on Cybersecurity Services

    UK Businesses Could Make Huge Savings on Cybersecurity ServicesUK businesses could save up to £8.3bn by purchasing cybersecurity products and services from a more diverse range of suppliers, according to a study by Cynapse. It suggests that shopping around for cybersecurity services, thereby democratizing the market, would be hugely beneficial to UK companies.Currently, businesses tend to turn to big firms for their cybersecurity needs. It is estimated that 76% of the UK cybersecurity mark
  • Only a Quarter of Orgs ‘Focus’ on Cyber-Attack Prevention

    Only a Quarter of Orgs ‘Focus’ on Cyber-Attack PreventionA new report from the Ponemon Institute has revealed that just 24% of organizations focus on optimizing cyber-attack prevention capabilities, despite 70% of security professionals believing that the ability to effectively prevent attacks strengthens security posture.The research report, The Economic Value of Prevention in the Cybersecurity Lifecycle, sponsored by Deep Instinct, compiled survey responses from over 600 IT an
  • Shadow IT Represents Major #COVID19 Home Working Threat

    Shadow IT Represents Major #COVID19 Home Working ThreatRising threat levels and remote working challenges stemming from the COVID-19 pandemic are putting increased pressure on IT security professionals, according to new data from Check Point.The vendor polled over 400 respondents from global organizations with over 500 employees to better understand the current challenges facing security teams.It revealed that 71% of security professionals had reported an increase in security threats or att
  • INTERPOL: #COVID19-Fighting Hospitals Facing Ransomware Deluge

    INTERPOL: #COVID19-Fighting Hospitals Facing Ransomware DelugeINTERPOL has been forced to issue an alert to global police about the heightened risk of ransomware attacks on hospitals and other front-line organizations as they battle the COVID-19 pandemic.The law enforcement organization said it issued a Purple Notice to all 194 member countries, highlighting the scale of the threat. Its Cybercrime Threat Response team claimed to have detected a “significant increase” in attempte
  • ICO’s Mega BA and Marriott Fines Delayed Again

    ICO’s Mega BA and Marriott Fines Delayed AgainHuge GDPR fines set to be levied by the UK regulator against British Airways and Marriott International have been delayed again as it considers representations from the multi-nationals.BA owner the International Airlines Group (IAG) claimed in its Annual Report for last year that it has made “extensive representations” to the Information Commissioner’s Office (ICO) following its notice of intent to fine last July.“As par
  • Vulnerabilities Detected in Government-sanctioned COVID-19 App

    Vulnerabilities Detected in Government-sanctioned COVID-19 AppA COVID-19 app officially approved by the government of Colombia has been found to contain vulnerabilities.Research published today by ZeroFOX’s Alpha Team raises concerns over an official government-sanctioned mobile app and several other apps created in response to the global health crisis. On March 9, Colombia's president, Ivan Duque, announced the launch of the CoronApp-Colombia app as a way for Colo
  • Data Thieves Hit California Property Management Company

    Data Thieves Hit California Property Management Company A California property management company has been targeted by data thieves operating out of the San Diego area.An online database belonging to Wolfe & Associates, Property Services, was compromised by cyber-criminals in a data breach that may have occurred as many as six months ago. The company was unaware that a breach had taken place until it was notified by the Santa Barbara Police Department on March 5. In a 
  • Australians Arrested Over $2.6m Email Scam

    Australians Arrested Over $2.6m Email ScamPolice in Australia have arrested two men in connection with a $2.6m BEC (business email compromise) scam involving phony invoices. The men are believed to be part of a syndicate responsible for emailing businesses with invoices doctored to divert transferred funds into the scammers' personal bank accounts. In two early-morning raids carried out on April 2, New South Wales Police arrested a 29-year-old in Zetland, whom they belie
  • United Technologies and Raytheon Complete Merger of Equals Transaction

    United Technologies and Raytheon Complete Merger of Equals Transaction
    DefenceTalkRaytheon Technologies Corporation announced the successful completion of the all-stock merger of equals transaction between Raytheon Company and United Technologies Corporation on April 3,...
  • Common Flaws Discovered in Penetration Tests Persist

    Common Flaws Discovered in Penetration Tests PersistBrute forcing accounts with weak and guessable passwords, and exploitation using the EternalBlue vulnerability remain among the top 10 findings in penetration tests.According to research by Lares, the most frequently encountered vulnerabilities and attack vectors during engagements in the past six months have remained exactly the same as in it's previous report, which came out in July last year.Its latest report analyzed the simi
  • Boeing Delivers First CH-47F Chinook to Royal Netherlands Air Force

    Boeing Delivers First CH-47F Chinook to Royal Netherlands Air Force
    DefenceTalkBoeing recently delivered the first CH-47F Chinook with an upgraded cockpit to the Royal Netherlands Air Force (RNLAF), continuing a track record of on-time deliveries to customers. The...
  • US navy captain fired for voicing virus concern tests positive

    US navy captain fired for voicing virus concern tests positive
    DefenceTalkThe US naval commander whose widely publicized plea for help for his coronavirus-affected crew led to his dismissal has reportedly himself tested positive for the disease. Captain Brett...
  • Israel sends army to ultra-Orthodox city over coronavirus

    Israel sends army to ultra-Orthodox city over coronavirus
    DefenceTalkPrime Minister Benjamin Netanyahu on Friday gave the green light for soldiers to be deployed in a mostly ultra-Orthodox Jewish city considered the centre of Israel’s novel...
  • US Space Force pens $1B in contracts for unjammable modems

    US Space Force pens $1B in contracts for unjammable modems
    DefenceTalkThe US Space Force (USSF) has awarded two $500 million contracts to develop and produce satellite communications modems secure from enemy jamming. On Monday, the USSF’s Space and...
  • DoJ: Zoombombing Could Land You Behind Bars

    DoJ: Zoombombing Could Land You Behind BarsThe Department of Justice (DoJ) has warned that Zoombombers could receive a prison sentence if found and convicted, as the COVID-19 pandemic forces meetings online.The number of daily meeting participants on Zoom has risen from 10 million in December last year to a staggering 200 million by March, the firm revealed last week. However, users who fail to pay attention to their privacy settings may find their meetings disrupted by uninvited guests.Reports
  • Docker Users Targeted with Crypto Malware Via Exposed APIs

    Docker Users Targeted with Crypto Malware Via Exposed APIsHackers are attempting to compromise Docker servers en masse via exposed APIs in order to spread cryptocurrency mining malware, according to researchers.Aqua Security claimed to have tracked the organized campaign for several months, revealing that thousands of attempts to hijack misconfigured Docker Daemon API ports are taking place almost every single day.“In this attack, the attackers exploit a misconfigured Docker API port to ru
  • Zoom Blow as Thousands of User Videos Are Found Online

    Zoom Blow as Thousands of User Videos Are Found OnlineResearchers have discovered thousands of private Zoom recordings exposed online, in another blow to the firm’s security credentials as it struggles to support a huge surge in users.Former NSA researcher Patrick Jackson told The Washington Post that he was able to find the videos via a simple cloud storage search.Many of them were apparently stored in Amazon Web Services (AWS) S3 buckets without passwords, and because the Zoom default na

Follow @Security_UKnws on Twitter!