“Switcher” Android Trojan Hacks Routers, Hijacks Traffic
Researchers at Kaspersky Lab have come across a new Android Trojan that hacks routers and changes their DNS settings in an effort to redirect traffic to malicious websites. Dubbed “Switcher,” the malware has been disguised as an Android client for the Chinese search engine Baidu, and a Chinese app for sharing Wi-Fi network details. Once…
Avoiding the Technology Upgrade? Don’t Dodge Security
Consumers love new technology. New iterations of iPhones or brand-specific Androids are embraced by devotees looking to analyze the latest features, dissect any potential flaws and conduct entirely biased comparisons to determine which device is best. Beyond the high-profile advertising that accompanies emerging tech, however, is the underlying software update that typically addresses issues such…
How to make sure your data doesn’t crash and burn
The dangers of public Wi-Fi are already well known, but the security issues of in-flight Internet connection are still somewhat obscure. Typically there’s no password protection on the Wi-Fi connection, so persons with malicious intent can intercept data that’s being transmitted on the wireless network quite easily. Airplanes are unique hacking grounds more dangerous than…
Attacks Targeting Industrial Control Systems (ICS) Up 110 Percent
Since IBM X-Force published its report, “Security Attacks on Industrial Control Systems,” last year, we have observed a startling increase in the number of attacks against these systems. According to IBM Managed Security Services (MSS) data, attacks targeting industrial control systems (ICS) increased over 110 percent in 2016 over last year’s numbers, as of Nov….
Critical RCE Flaw Patched in PHPMailer
The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday. With millions of installations, PHPMailer is considered the world’s most popular email creation and transfer class for PHP. It has been used by several major open-source projects, including WordPress,…
IDG Contributor Network: Increasing the cybersecurity workforce won’t solve everything
On Dec. 1, 2016, the Commission on Enhancing National Cybersecurity delivered its report to the President of the United States, providing six Imperatives and a number of associated recommendations and action items to improve the overall security posture of the nation’s public and private infrastructures. These recommendations cover the gamut of both technical and non-technical…
Health Care Security in 2016: End-of-Year Checkup on Security Trends
As IBM X-Force Security Research predicted six months ago, a shift in cybercriminals’ focus from the retail industry led to increased risk in the health care sector in the second half of 2016. Unfortunately, empirical data confirmed just how dramatic these trends have been on a year-over-year basis. Let’s review the state of health care…
Four Cybersecurity Resolutions for 2017
2016 was a big year for cyber-security news, most of it not terribly encouraging. Still, the year did present the cyber-security industry with several teachable moments that I believe all security professionals should heed as we move into a new year. Accordingly, I’ve made four New Year’s resolutions for the cyber-security industry in 2017. If…
US collects social media handles from select visitors
Visitors to the U.S. under a visa waiver program are being asked by the Department of Homeland Security for information on their social media accounts, a plan that had drawn criticism from civil rights groups for its potential encroachment on privacy. The U.S. Customs and Border Protection unit of the DHS asked for written comments…
Attackers Targeting Retail Are Shopping for Low-Hanging Fruit
The end of the year is often a time of reflection. What went wrong? What went right? If you’re a retailer that experienced a security breach in 2016, you’re likely reflecting on what went wrong and seeking to identify the gaps in your security landscape. Why? Because breaches are costly. In fact, the Ponemon Institute’s…