PinkKite POS Malware Is Small but Powerful
A newly discovered piece of malware targeting point-of-sale (POS) systems has a very small size but can do a lot on the infected systems, security researchers reveal. Called PinkKite, the POS malware was observed last year as part of a large campaign that ended in December, but was only detailed last week at Kaspersky Lab’s…
Hackers Can Abuse Text Editors for Privilege Escalation
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…
The Future of Tech is Female
This month, in honor of Women’s History Month, we spotlight Symantec Cyber Career Connection (Symantec C3) alumna Layla Gardner. Symantec C3 partner NPower recently launched their campaign “The Future of Tech Has a Name” to launch 15,000 digital careers by 2022. Today we are excited to feature the second part of our three-part series, “The Future of Cybersecurity Has a Name”,…
Cryptomining: the new lottery for cybercriminals
Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous,…
Spend Less, Test Faster: Choosing the Right Security Tools
People are creatures of habit. If we learn something one way, we’re prone to stick to it. Less in a “my way or the highway” sense and more so in a “if it ain’t broke, don’t fix it” one. Not every security tool is right for every environment, and just because one set of tools…
Malware ‘Cocktails’ Raise Attack Risk
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports. It was good while it lasted. The drop in malware attack attempts seen in 2016 – from 8.19 billion in 2015 to 7.87 billion – is but a fond memory, as 2017 saw more than…
IIC Publishes Best Practices for Securing Industrial Endpoints
The Industrial Internet Consortium (IIC) has published a new paper designed to provide a concise overview of the countermeasures necessary to secure industrial endpoints; that is, the industrial internet of things (IIoT). The paper (PDF) is not meant to provide a checklist for compliance or certification, but rather a starting point to understand what is…
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure. There are times when you see or read something for the first time and it makes sense. But later, after you have had some time to think about it, the idea or proposal might not be as straightforward…
Data privacy: What your employees don’t know but should
What do employees in your organization understand about security, data privacy, and compliance? According to a recent report from Bothell, Wash.-based MediaPro, perhaps not as much as they should. With data privacy fast becoming a hot-button issue, and the European Union’s General Data Protection Regulation (GDPR) right around the corner, what your employees don’t know…
Olympic Destroyer: who hacked the Olympics?
Long ago, during the Olympic Games, the participating countries halted their wars and put aside their political disputes. Today, the opposite is increasingly likely. The PyeongChang Winter Olympic Games started with a scandal: unknown hackers attacked the servers just before the opening ceremonies and many spectators were unable to attend the ceremonies as they were unable…