Cyber Security Minute

Announcement Center

Data Poisoning: The Next Big Threat

August 26, 2021 9:52 pm

Advertisement Data poisoning against security software that uses artificial intelligence (AI) and machine learning (ML) is likely the next big cybersecurity risk. According to the RSA 2021 keynote presentation by Johannes Ullrich, dean of research of SANS Technology Institute, it’s a threat we should all keep an eye on. “One of the most basic threats...

How to Avoid Smishing Attacks Targeting Subscription Service Users

August 17, 2021 8:26 pm

Advertisement If you’re anything like me, you used delivery more during the pandemic than before. Both getting food brought to my door and meal kit boxes mean people don’t have to mask up and go out to the grocery store. But threat actors know that, too. Recent scams take advantage of people signing up for...

Hackers Return Portion of Record Crypto Heist Haul

August 11, 2021 7:57 pm

Advertisement Poly Network fired off a tweet Wednesday saying hackers had returned $260 million worth of the digital assets taken in a heist a day earlier valued at $613 million. Polygon had urged the thieves to return the stolen fortune and provided online addresses for transfers. “Seven minutes prior to sending the first transaction returning...

Snap’s Stock Drops as iPhone Privacy Controls Pinch Ad Sales

Issued by: Security Week

The revelation in Snap Inc.’s third-quarter earnings report sparked a sell-off in after-hours trading that could foreshadow one of the biggest one-day drops in the company’s stock since it went public in 2017. Snap’s shares plunged by nearly 22% in Thursday’s extended trading. If that...

Facebook Introduces New Tool for Finding SSRF Vulnerabilities

Issued by: Security Week

According to the definition provided by OWASP, a SSRF attack enables an attacker to abuse a server’s functionality to read or update internal resources. “The attacker can supply or modify a URL which the code running on the server will read or submit data to,...

Organizations Can Now Try Out End-to-End Encrypted Microsoft Teams Calls

Issued by: Security Week

First announced at the tech giant’s Ignite event in March, end-to-end encryption (E2EE) for one-to-one Teams calls is now rolling out to public preview. Organizations can take advantage of the new capability, but IT admins and users will have to manually enable it. When E2EE...

Former Execs of Cybersecurity Firm GigaTrust Charged With Financial Fraud

Issued by: Security Week

The charges, announced on Wednesday by the U.S. Justice Department, target Robert Bernardi, the Virginia-based company’s founder and CEO, Nihat Cardak, the firm’s chief financial officer, and Sunil Chandra, former VP of business development. Founded in 2001, GigaTrust provided endpoint email security and document in-use...

Two Bulletproof Hosting Administrators Sentenced to Prison in U.S.

Issued by: Security Week

Between 2009 and 2015, the two individuals – Aleksandr Skorodumov, 33, of Lithuania, and Pavel Stassi, 30, of Estonia – served as administrators for an organization that offered bulletproof hosting to malware families such as Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The organization,...

US to Curb Hacking Tool Exports to Russia, China

Issued by: Security Week

The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department. "The United States opposes the misuse of technology to abuse...

Cyber Security Minute

Zerodium Buying Zero-Day Exploits Targeting VPN Software

Russia-Linked TA505 Back at Targeting Financial Institutions

InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Google Patches Four Severe Vulnerabilities in Chrome

Announcement Center