Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Antus67

Pages: [1] 2 3 ... 223
Author: Help Net SecurityMarch 15, 2019

Against the backdrop of a complex and growing cyber threat landscape, organizations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans.

According to Apricorn’s latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data. A staggering fifty two percent of respondents believe that people with malicious intent present the biggest danger, whilst thirteen percent believe that unintentional human error is also a risk. In stark comparison, just thirty five percent of those polled see technology as a threat to personal data.

Full Article Here:

By Lawrence Abrams

A new malspam campaign is underway that is trying to utilize the tragic Boeing 737 Max crashes as a way to spread malware on a recipient's computer. These spam emails pretend to be leaked documents about imminent crashes that the sender states should be reviewed and shared with loved ones to warn them.

This new campaign was discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, who posted about them on Twitter.

Full Article Here:

By Ionut Ilascu

Following the Friday mass shooting in Christchurch, New Zealand, multiple internet service providers (ISP) in the country have blocked access to websites that distribute gruesome content from the incident.

The attacker live-streamed on his Facebook account his actions that got 49 people killed. A link to the video and a lengthy "manifesto" appeared on 8chan forum, allegedly shared by the shooter. Copies of the 17-minute footage spread to other websites, including YouTube, Instagram, Twitter, and Reddit.

As mainstream platforms struggled to take down the video and segments of it, some websites continue to make the materials available.

Full Article Here:

Author: Brian Krebs

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.

Full Article Here:

By Ionut Arghire on March 15, 2019

Over the past several months, threat actors have been increasingly targeting Office 365 and G Suite cloud accounts that are using the legacy IMAP protocol, in an attempt to bypass multi-factor authentication (MFA), Proofpoint reports.

Targeted brute-force attacks have increased in sophistication over the past months, attempting to compromise accounts using variations of the usernames and passwords exposed in large credential dumps, and phishing campaigns continued to provide additional avenues into corporate accounts.

An analysis of over one hundred thousand unauthorized logins across millions of monitored cloud accounts revealed that more than 2% of the user accounts were targeted, and that 15 in 10,000 were successfully breached.

Full Article Here:

Author: Jai Vijayan

New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.

Criminals using just one line of malicious code have successfully compromised at least seven e-commerce sites and potentially stolen payment card data belonging to thousands of customers of the online stores.

Six of the e-commerce sites are US-based and one, belonging to footwear maker Fila, is based in the United Kingdom. Security vendor Group-IB, which uncovered the attacks, identified the malicious code as a new JavaScript sniffer (JS sniffer) that it has named GMO.

Full Article Here:

By Sergiu Gatlan

Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts protected with multi-factor authentication (MFA) according to an analysis by Proofpoint.

This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected.

As noted by Proofpoint's Information Protection Research Team in a recent report, during a "recent six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale."

Full Article Here:

By Lawrence Abrams

Like a modern day WarGames, students in Michigan have hacked into a school district's computer system and changed grades and attendance records.

According to a statement made on Facebook and the district's web site, Jim Nielsen, the superintendent of Orchard View Schools, stated that they became aware of a data breach in their PowerSchool student information system last week.

Full Article Here


By Eduard Kovacs on March 14, 2019

Antivirus testing firm AV-Comparatives has analyzed 250 security applications for Android offered on Google Play and found that many of them either fail to detect threats or they are simply fake.

The applications reviewed by AV-Comparatives were tested against 2,000 malicious and 100 clean APKs, totaling over 500,000 test runs. Unsurprisingly, the tests showed that the products of reputable security firms such as Avast, Bitdefender, ESET, F-Secure, G-Data, Kaspersky, McAfee, Sophos, Symantec, Tencent, Trend Micro and Trustwave can detect all malware.

Overall, 70 products blocked over 80% of the malware samples and 80 products blocked over 30% with no false positives -- AV-Comparatives considers antiviruses that block less than 30% as being ineffective or unsafe.

Full Article Here:

Author:Dark Reading Staff

Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.

SimBad, a newly discovered form of adware, was discovered on 210 Android apps on the Google Play store. About 150 million people had download the apps, Check Point reports.

This particular malware exists in the RXDrioder software development kit, researchers report. They believe developers were tricked into using the SDK, unaware it was malicious. They also point out the campaign did not target a specific country or apps created by the same developer.

Full Article Here:

Author: By Sergiu Gatlan

North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council.

According to the report provided by the panel which comes as a confirmation of what security researchers have previously reported, "cyberspace is used by the DPRK as an asymmetric means to carry out illicit and undercover operations in the field of cybercrime and sanctions evasion. These operations aim to acquire funds through a variety of measures in order to circumvent the  sanctions."

Full Article Here:

Security & Technology News / New Variant of Ursnif Targeting Japan
« on: March 13, 2019, 01:01:59 pm »
By Kevin Townsend on March 13, 2019

A new variant of the Ursnif trojan has been discovered targeting Japan since the beginning of 2019. Japan is a common target for Ursnif, but the latest version, delivered by Bebloh, goes to increased lengths to ensure that the victim is indeed Japanese.

New variants of Ursnif are not uncommon since the source code was leaked in 2015, but this version also includes enhanced data theft modules for stealing data from mail clients and email credentials stored in browsers. Other new developments, according to Cybereason research, include a new stealthy persistence module, a cryptocurrency and disk encryption module, and an anti-PhishWall (a Japanese security product) module.

Full Article Here:

Author: Dark Reading Staff

User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.

Sharing public links via custom URLs to private files in Box enterprise storage can lead to more than productive collaboration: it can expose sensitive data to anyone with a search engine and a well-formed query.

Security firm Adversis discovered hundreds of Box customers who had hundreds of thousands of documents and terabytes of data exposed. In the blog post announcing the find, Adversis said it originally intended to notify all the companies whose data they found, but the scale of the discovery quickly made that impossible.

Full Article Here:


Author: Lindsey O'Donnell
March 11, 2019 10:51 am

Facebook is suing two Ukrainian men who were able to scrape data from 63,000 users’ profiles by enticing users to download a malicious browser extension.

Facebook has sued two Ukrainian men that it says used quiz apps and malicious browser extensions to scoop up private data from 63,000 platform users, and then use that data for advertising purposes.

A lawsuit filed Friday by Facebook alleged that the two men, Gleb Sluchevsky and Andrey Gorbachov, deceived users into installing malicious browser extensions after downloading their malicious apps, which used the “login with Facebook” feature.

Full Article Here:


By Ionut Arghire on March 11, 2019

The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate’s Permanent Subcommittee on Investigations reveals.

The U.S. credit reporting agency announced in September 2017 that it fell victim to a data breach that was later confirmed to have been the result of successful exploitation of a publicly disclosed Apache Struts vulnerability that the company had been warned about but failed to properly patch.

The attack on Equifax started in May, but was only detected in July, despite thousands of queries sent by threat actors to the company’s databases during that time.

Full Article Here:

Pages: [1] 2 3 ... 223