7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
When enterprises build their security models based on implied trust at the hardware and firmware level, they’re building them on a foundation of sand. Security researchers are going to repeatedly hammer that lesson home at Black Hat this week as they demonstrate a range of vulnerabilities, attack techniques and tools designed to get as close…
Forecasting the Future of Ransomware
There’s no question that ransomware is one of the most formidable threats to a business. With so much riding on digitized data, important applications and other systems, any interruption to access of these crucial assets can quickly spell disaster for an organization. Despite efforts on the part of enterprises to educate staff and enhance their…
Briton Pleads Guilty to Mirai Attacks in German Court
A British man pleaded guilty last week in a German court to launching a cyberattack that resulted in more than one million customers of telecommunications provider Deutsche Telekom experiencing Internet disruptions. German media has identified the 29-year-old man as “Peter Parker” and “Spiderman,” online monikers linked to domains used to coordinate some attacks powered by…
As GDPR approaches, retail data breaches remain unacceptably high
Two in five retailers across the globe have experienced a data breach in the past year, according to Thales and 451 Research. The report reveals that 43 percent of retailers had experienced a data breach in the last year, with a third claiming more than one. With 60% claiming that they had been breached in…
Week in review: macOS security, Segway vulns, and the SOC of the future
Here’s an overview of some of last week’s most interesting news and articles: The future of macOS security: Baked-in protection and third-party tools Anyone in the information security industry who’s interested in Mac security probably knows who Patrick Wardle is. Apart from being Chief Security Researcher at Synack, he’s also the creator of a number…
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco’s midyear report released today. Despite all the recent attention paid to ransomware, cybercriminals walked away with $5.3 billion from business email compromise (BEC) attacks compared with $1 billion for ransomware over a three-year stretch, according to Cisco’s 2017…
US Banks Targeted with Trickbot Trojan
Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered – signalling increasingly complex attacks on the industry. The Necurs botnet has begun delivering the Trickbot banking Trojan to financial institutions in the United States, a sign of increasingly larger and more complex attacks on the industry.
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
Lloyd’s of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage. WannaCry spread like wildfire in a matter of days reaching 150 countries and creating an anticipated $4 billion in losses, but if attackers were to launch a global, system-wide attack that hit a multitude of cloud-based companies,…
‘AVPass’ Sneaks Malware Past Android Antivirus Apps
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps. A team of researchers from Georgia Tech built an Android hacking tool that snuck past nearly all of 58 Android AV antivirus programs in tests conducted via VirusTotal. Their AVPass toolkit includes a query function that vets…
UK Spy Agency Warns of State-sponsored Hackers Targeting Critical Infrastructure
The U.K. Government Communications Headquarters (GCHQ), Britain’s secret eavesdropping agency, warns that ‘a number of [UK] Industrial Control System engineering and services organisations are likely to have been compromised’ following the discovery of ‘connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.’ The warning comes from a National Cyber Security Centre…