Cybersecurity News


Google details its three-year fight against the Bread (Joker) malware operation

Google says it removed more than 1,700 Android apps infected with Bread (Joker) malware since 2017.
10 January 2020

Reporting an Incident

Bad guys are very persistent, eventually anyone can make a mistake. If a phone call from the "Help Desk" doesn't sound quite right, if an email seems suspicious or if a program you installed starts acting funny, ask for help! In addition, perhaps you lost a work laptop or a USB drive. The sooner you report an incident, the sooner we can help resolve the problem.
10 January 2020

Attackers Increase Focus on North American Electric Utilities: Report

Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
09 January 2020

Chinese Malware Found Preinstalled on US Government-Funded Phones

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
09 January 2020

Dixons Carphone fined £500,000 for massive data breach

Dixons Carphone fined £500,000 for massive data breach

‘Systemic failures’ found in the retailer’s management and protection of customer data

Dixons Carphone has been hit with the maximum possible fine after the tills in its shops were compromised by a cyber-attack that affected at least 14 million people.

The retailer discovered the massive data breach last summer and a subsequent investigation by the Information Commissioner’s Office (ICO) found the attacker had installed malicious software on 5,390 tills in branches of its Currys PC World and Dixons Travel chains.

Continue reading...
09 January 2020

50+ orgs ask Google to take a stance against Android bloatware

Privacy organizations ask Google to introduce new OEM rules for Android bloatware.
09 January 2020

Lawmakers Prod FCC to Act on SIM Swapping

Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via "SIM swapping," a particularly invasive form of fraud that involves tricking a target's mobile carrier into transferring someone's wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of Senate lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.
09 January 2020

Exploit Fully Breaks SHA-1, Lowers the Attack Bar

Exploit Fully Breaks SHA-1, Lowers the Attack Bar Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.
09 January 2020

TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal

PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
09 January 2020

Online Skimming and Payment Security


On the blog, we cover basic questions with Christopher D. Roberti, Senior Vice President for Cyber, Intelligence, and Security Policy at the U.S. Chamber of Commerce and PCI SSC SVP, Engagement Officer for Market Intelligence and Stakeholder Engagement Troy Leach, about this growing threat to businesses across the U.S. and how to better protect yourself from this dangerous threat.

09 January 2020

AWS Issues 'Urgent' Warning for Database Users to Update Certs

Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
09 January 2020

4 Ring Employees Fired For Spying on Customers

4 Ring Employees Fired For Spying on Customers Ring said that four employees were fired because they for inappropriate access to customers' connected video feeds.
09 January 2020

Unremovable malware found preinstalled on low-end smartphone sold in the US

Malwarebytes said it found malware pre-installed on Unimax U673c handsets, sold by Assurance Wireless (Virgin Mobile) in the US.
09 January 2020

California’s Tough New Privacy Law and Its Biggest Challenges

California’s Tough New Privacy Law and Its Biggest Challenges The California Consumer Privacy Act has been adopted, but the largest U.S. privacy regulation fails to address how companies can know where their data is.
09 January 2020

Operationalizing Threat Intelligence at Scale in the SOC

Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
09 January 2020

Hackers probe Citrix servers for weakness to remote code execution vulnerability

At least 80,000 organizations could be at risk.
09 January 2020

7 Free Tools for Better Visibility Into Your Network

7 Free Tools for Better Visibility Into Your Network It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
09 January 2020

Rockwell Automation to Buy ICS Security Services Firm

Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.
09 January 2020

Mozilla rushes out patch for Firefox zero‑day

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people's computers

The post Mozilla rushes out patch for Firefox zero‑day appeared first on WeLiveSecurity

09 January 2020

Mozilla rushes out patch for Firefox zero‑day

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people's computers

The post Mozilla rushes out patch for Firefox zero‑day appeared first on WeLiveSecurity

09 January 2020