breach

Network Security

Issued by: Security Week

The sanctions, foreshadowed for weeks by the administration, would represent the first retaliatory action announced against the Kremlin for last year’s hack, familiarly known as the SolarWinds breach. In that intrusion, Russian hackers are believed to have infected widely used software with malicious code, enabling them to access the networks of at least nine agencies…

Malware & Threats

Issued by: Dark Reading

New Google+ Breach Will Lead to Early Service Shutdown

As vulnerabilities go, it was the best sort: found by internal testing before it led to a security breach. Nevertheless, the latest Google+ software vulnerability was enough to push forward shutting down the service: Google now says it will be shuttered by April 2019 rather than the originally planned August 2019. According to Google, the…

Cloud Security

Issued by: Dark Reading

Hackers Leverage AWS To Breach, Persist In Corporate Networks

A new body of evidence indicates threat actors are using increasingly advanced techniques to target cloud providers and leveraging cloud-specific traits to hide their activity as they breach and persist in target networks. Data comes from the Threat Stack security team, which spotted the pattern over multiple years of observing behavior on client networks. It…

Malware & Threats

Issued by: Help Net Security

Could an Equifax-sized data breach happen again?

Many global financial services organizations are targeted by sophisticated cyberattackers in an attempt to steal critical data and personally-identifiable information (PII), according to Vectra. Vectra disclosed that cyberattackers build hidden tunnels to break into networks and steal information. These tunnels are used to remotely control an attack, known as command-and-control, and steal data, known as…

Vulnerabilities

Issued by: Security Week

Operator of World’s Top Internet Hub Sues German Spy Agency

Berlin – The operator of the world’s largest internet hub challenged the legality of sweeping telecoms surveillance by Germany’s spy agency, a German court heard Wednesday. The BND foreign intelligence service has long tapped international data flows through the De-Cix exchange based in the German city of Frankfurt. But the operator argues the agency is…

Network Security

Issued by: Blog Malwarebytes

5 cybersecurity questions retailers must ask to protect their businesses

The Target breach in 2013 may not be the biggest retail breach in history, but for many retailers, it was their watershed moment. Point-of-sale (PoS) terminals were compromised for more than two weeks. 40 million card details and 70 million records of personal information swiped—part of which was “backlist,” historical transaction information dating back to more or less a…

Software Security

Issued by: Dark Reading

Big Apple Flaw Allows Root Access to Macs without Password

Mac users and administrators need to be on the lookout for compromised machines after a security researcher disclosed late yesterday a big flaw in Apple’s macOS High Sierra platform that allows for password-less logins to root accounts. Publicly disclosed by software engineer Lemi Orhan Ergin via Twitter, the flaw allows someone with physical access to…

Malware & Threats

Issued by: Security Week

Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques

Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium’s login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials — both bundled and distributed as a zip file. Successfully phished…