March 2017 - Page 7 of 8 - Cyber Security Minute

HackerOne Offers Free Service for Open Source Projects

Issued by: Dark Reading

Service aims to provide efficient security programs but projects must meet certain rules to qualify for it. HackerOne has announced free professional service for open-source projects aimed at providing support to project developers for running efficient and productive security programs. Called HackerOne Community Edition, this service will help open-source projects with “vulnerability submission, coordination, dupe…

Malware & Threats

Attackers Employ Sneaky New Method to Control Trojans

Issued by: Dark Reading

A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says, Security researchers at Cisco’s Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan…

Application Security

Slack bug paved the way for a hack that can steal user access

Issued by: CIO Security

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts. Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates…

Software Security

New Financial Regulation Forces Cyber Security into the Board Room

Issued by: Security Week

The New York State Department of Financial Services (DFS) ‘first-in-the-nation’ cybersecurity regulation for the financial services industry is, as of 1 March 2017, operational . One of the most highly regulated industries is now even more regulated in New York. “New York is the financial capital of the world, and it is critical that we…

Network Security, Software Security

Google Expands Safe Browsing Protection on macOS

Issued by: Security Week

Google announced this week that it will expand Safe Browsing on macOS in an effort to protect Chrome users against unwanted ad injections and unauthorized settings changes. “Safe Browsing is broadening its protection of macOS devices, enabling safer browsing experiences by improving defenses against unwanted software and malware targeting macOS,” Google’s Kylie McRoberts and Ryan…

Vulnerabilities

Survey Finds Disconnect Between Security Strategy and Execution

Issued by: Dark Reading

Report from Intel Security and CSIS discovers 93% of businesses have cybersecurity strategies, but only 49% fully implement them.

Network Security

Fighting sophisticated phishing threats during the digital revolution

Issued by: Help Net Security

Today attacks come across multiple channels such as mobile, web, social network, and email as well. And those cybercriminals are using a combination of social engineering techniques such as email spoofing, phishing, malware, attachment, URLs, and all the tricks to have the end user employees giving out personal or sensitive information. Once a cybercriminal gets…

Network Security

Attackers thrive in a fluid market, while bureaucracy constrains defenders

Issued by: Help Net Security

A new global report from Intel Security and the Center for Strategic and International Studies (CSIS) reveals three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles. Based on interviews and a global survey of 800 cybersecurity professionals from five…

Network Security

Ransomware spiked 752% in new families

Issued by: Help Net Security

2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises. A 752 percent increase in new ransomware families ultimately resulted in $1 billion in losses for enterprises worldwide, according to Trend Micro.

Vulnerabilities

Multiple security flaws found in mainstream robotic technologies

Issued by: Help Net Security

IOActive exposed numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to attack. Attackers could employ the issues found to maliciously spy via the robot’s microphone and…