Why phishers love HTTPS
As more and more sites switch to HTTPS, the number of phishing sites hosted on HTTPS domains is also increasing. “In the third quarter of 2017, we observed nearly a quarter of all phishing sites hosted on HTTPS domains, nearly double the percentage we saw in the second quarter. A year ago, less than three…
Hackers Target U.K. Shipping Giant Clarkson
Clarkson, one of the world’s largest providers of shipping services, informed the public on Tuesday that it has suffered a security breach and the hackers may release some data taken from its systems. Clarkson provided only few details citing the ongoing law enforcement investigation, but the information it made public suggests that it was targeted…
US charged 3 Chinese security firm hackers with corporate cyber-espionage
The Department of Justice charged three Chinese nationals working for an internet security firm in China with hacking three companies and stealing hundreds of gigabytes of data and trade secrets from Siemens AG, Moody’s Analytics and GPS maker Trimble between early 2011 and May 2017. Both the malware and the organization to which defendants Wu…
3 Pillars of Cyberthreat Intelligence
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals. As an enterprise, you used to worry about your competitors and your goal was to outpace them, to outservice them, and to outsmart them. Today, you can be the smartest and the fastest and have…
Predictions for 2018: Cyberthreats in the financial sector
Kaspersky Lab always keeps a very close eye on the changing cyberthreat landscape. Knowledge of past and present makes the future more predictable and allows us to make annual forecasts for various verticals. Today we want to talk about the financial sector. Businesses and individuals alike make use of financial services. And wherever there’s money,…
White House Cyber Chief Provides Transparency Into Zero-Day Disclosure Process
The U.S. government Wednesday introduced greater transparency into its Vulnerabilities Equities Policy (VEP) program. This is the process by which government agencies decide whether to disclose or stockpile the cyber vulnerabilities they discover. In a lengthy statement, White House Cybersecurity Coordinator Rob Joyce explained why not all discoveries are disclosed. That will not change; but in introducing greater transparency into…
Steganography: A Safe Haven for Malware
Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network…
Windows Defender Immune to AVGater Quarantine Flaw: Microsoft
A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.
Hackers Helped Pentagon Patch Thousands of Flaws
Bug bounty programs and a vulnerability disclosure policy have helped the U.S. Department of Defense patch thousands of security holes in its systems. Nearly one year after it announced its vulnerability disclosure policy, the Pentagon received 2,837 valid bug reports from roughly 650 white hat hackers located in 50 countries around the world, according to…
How To Beat Cybercrime’s Prey-and-Pay Villains
Cybercrime pays, so much so that successful cybercriminals now run their operations like a business, complete with technical support centers, in-house training, and HR. To protect your digital assets, you need to approach your cybersecurity like a business, and not as a one-time point solution that is bolted onto existing infrastructures, programs, and procedures.