Hide ‘N Seek IoT Botnet Can Survive Device Reboots
The Internet of Things (IoT) botnet known as Hide ‘N Seek that first emerged in January can now achieve persistence on infected devices, Bitdefender reports. Discovered toward the end of April, the latest version of the malware also includes code that allows it to target more vulnerabilities and new types of devices, the security firm discovered,…
Uber Updates Bug Bounty Program
Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…
New Crossrider variant installs configuration profiles on Macs
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new…
New targeted surveillance spyware found on Google Play
A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that could spy on users. The Dardesh app was spotted and analyzed by Lookout researchers, who dubbed the malware family Desert Scorpion. How was…
BrandPost: How to build a good cyber defense routine
Although it may seem fast-paced and glamorous, the cyber threat landscape is actually more populated with simple, garden-variety attacks than sophisticated and exotic techniques. With free tools and kits, it’s become easier than ever to engage in phishing, cross-site scripting, and other malicious activities. When we imagine all cybercriminals as masterminds using bleeding-edge tools, we…
Leveraging the Power of AI to Stop Email Scammers
Staff members are on the frontline when it comes to cyberattacks against their employers. They’re increasingly seen by hackers as a weak link in the cybersecurity chain. That’s why most threats today come via email, aimed squarely at tricking the recipient into downloading malware, divulging log-ins or making wire transfers to the attacker. We predict cumulative losses…
No Rest for the Weary: Mobile Hackers are Getting More Aggressive
Another year, another increase in the number of mobile threats, vulnerabilities, and outdated mobile devices. So, what gives? If the headlines have you thinking that mobile security is getting worse, you’re not imagining things. We have just published the quarterly Mobile Threat Intelligence Report to dig into the 2017 numbers a bit. The report is based on…
March’s Top Cybersecurity News Stories: Responding to Attacks, Women in Security and a New Community for Security Pros
Despite Growing Threats, Many Organizations Still Unprepared The vast majority of organizations still lack a formal cybersecurity incident response plan (CSIRP) that’s applied consistently across the organization, according to a new report from the Ponemon Institute. Paradoxically, the institute’s third annual study on cyber resilience found that organizations feel much more positive about their readiness than they did last…
The best cybersecurity analysts should play the part of detective
With an ever-growing threat from cyber attacks, we now live in a world where security operation centers (SOC) are the norm. These typically feature a number of cybersecurity analysts watching screens for alerts, and then following a play book for any alerts that occur. When done well, these operations will usually identify and remediate common…
11 ways ransomware is evolving
Ransomware detection and recovery tools and techniques are getting better. Unfortunately, so are ransomware developers. They are making ransomware harder to find and encrypted files harder to recover. One advantage that security operations have had over ransomware is that it’s predictable. It works in a linear fashion, which gives security tools and teams an opportunity…