attack Archives - Page 5 of 5 - Cyber Security Minute

Why Enterprises Still Have to Worry about Eavesdropping

Issued by: Trend Micro Blog

When one thinks about eavesdropping, a mental image of a shadowy stranger, hiding behind a corner and listening in on others’ conversations may come to mind. With the rise of VoIP calling, however, enterprises became aware of digital eavesdropping that impacted their corporate business calls. Now, though, much of the concern surrounding eavesdropping has been…

Vulnerabilities

Oracle Patches Record 334 Vulnerabilities in July 2018

Issued by: Security Week

Oracle this week released its July 2018 set of patches to address a total of 334 security vulnerabilities, the largest number of flaws resolved with a Critical Patch Update (CPU) to date. Over 200 of the bugs may be remotely exploitable without authentication. This month, 23 products from the enterprise security giant were patched, including…

Malware & Threats

Timehop Releases New Details About July 4 Breach

Issued by: Dark Reading

Additional information includes PII affected and the authentication issue that led to the breach. Timehop, the company that specializes in “digital nostalgia,” is releasing more information on the July 4 breach that compromised millions of users’ personally identifiable information (PII). New details include the timeline of the attack, the information affected, and the steps the…

Vulnerabilities

Billions of Bluetooth-enabled devices vulnerable to new airborne attacks

Issued by: Help Net Security

Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute malicious code on, or perform a MitM attack against vulnerable devices. The vulnerabilities, collectively dubbed BlueBorne by the researchers who discovered them, can be exploited without users having to click on a…

Vulnerabilities

Equifax attackers got in through an Apache Struts flaw?

Issued by: Help Net Security

Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to compromise the company’s networks? Equifax has yet to share more details about how the attack was pulled off, but a report by financial services firm Robert W. Baird & Co….

Malware & Threats, Software Security

The 5 biggest ransomware attacks of the last 5 years

Issued by: CSO

While the last few years have seen a remarkable uptick in this particularly nasty genre of attack software, ransomware isn’t new. Malware that holds data for ransom has been around for years. In 1991, a biologist spread PC Cyborg, the first ever ransomware, by sending floppy disks via surface mail to other AIDS researchers, for…

Mobile Security

Five new threats to your mobile device security

Issued by: CSO

A decade ago, mobile malware was considered a new and unlikely threat. Many mobile device users even considered themselves immune from such threats. Fast forward to 2017, and more than 1.5 million new incidents of mobile malware have been detected by McAfee Labs in the first quarter of the year alone – for a total…

Malware & Threats

US Banks Targeted with Trickbot Trojan

Issued by: Dark Reading

Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered – signalling increasingly complex attacks on the industry. The Necurs botnet has begun delivering the Trickbot banking Trojan to financial institutions in the United States, a sign of increasingly larger and more complex attacks on the industry.

Network Security

New class of attacks affects all Android versions

Issued by: Help Net Security

Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off),” the researchers, from Georgia…

Vulnerabilities

Despite the DDoS attacks, don’t give up on Dyn or DNS service providers

Issued by: CSO

The DDoS attacks that flooded Dyn last month and knocked some high-profile Web sites offline don’t mean businesses should abandon it or other DNS service providers, Gartner says. In fact, the best way to go is to make sure critical Web sites are backed by more than one DNS provider, says Gartner analyst Bob Gill.