You are here
Home > Author: Peter Glock

Cryptojackers Grow Dramatically on Enterprise Networks

This has become the 21st century version of stealing electricity...: Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim's systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there's no sign that the rate of infection is slowing. The joint paper, written with contributions from a number of CTA memb...

Insurance industry predicts rise in cyber-related losses over next year

We hear a lot about 'Shadow IT' which is IT used by but not provided through an enterprise (think personal DropBox). In the insurance world they talk about 'silent cyber' which is a loss not insured under a specific cyber policy. Expect push-back from the insurers to avoid paying out...: That is according to a new report from Willis Towers Watson (WLTW), which reveals that 60% of insurers believe cyber events like the global WannaCry ransomware attack of 2017 will occur at l

Your business should be more afraid of phishing than malware

Graham Cluley makes the valid point that, if phishing is the most common cause of breaches, then you should deal with phishing first...: [...] If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate. A recent study of 100 UK-based CISOs confirms that phishing is a major concern, with nearly half of respondents blaming the phenomenon for the biggest security incidents they had suffered in the last 12 m

The Lawfare Podcast: Bruce Schneier on ‘Click Here to Kill Everybody’

If you have time to listen, be very afraid...: Security technologist Bruce Schneier's latest book, "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World," argues that it won't be long before everything modern society relies on will be computerized and on the internet. This drastic expansion of the so-called 'internet of things,' Schneier contends, vastly increases the risk of cyberattack. To help figure out just how concerned you shou

US Dept of State says attack on email system exposed employees’ personal data

Epic fail...: The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees. News of the breach was first reported by Politico, who pointed out that the department has often been a target for state-sponsored hacks. (Perhaps the most notable incident occurred in 2014 when attacked by Russian hackers, where an NSA Deputy Director described the battle for control over the State Departmen

ENISA launches Cybersecurity Strategies Evaluation Tool

Useful to know of this tool for several reasons. First, some of the burden of implementing a security strategy will be pushed onto enterprises; second, it's a useful checklist to see if your government is doing the right things. I'm sure you can find other uses...:   [...] For each strategic objective, the tool offers recommendations and ideas on how to improve. ENISA developed the tool with the aim to provide results in a quick, easy and user-friendly manner....

New Spanish Regulation on Cybersecurity

The Spanish regulator has a history of levying the maximum fine possible as it sees itself as a recoverable cost centre. If you're responsible for critical infrastructure that operates in Span, be warned...: Last September 8, 2018 the Royal Decree-law 12/2018, on security of networks and information systems, which transposes Directive (EU) 2016/1148 of 6 July 2016 concerning the measures for a high common level of security of network and information systems across the Union

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

It's got to the point where I assume all cameras are either already compromised or easily taken over. Even my children put blu-tac on their webcams out of habit...: Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated critical and tied

RDP Ports Prove Hot Commodities on the Dark Web

Psst! Wanna buy some 3389?... Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves. Security trends come and go, but the sale of Remote Desktop Protocol (RDP) ports continues to thrive on the Dark Web as malicious hackers seek easier means of gaining access to corporate networks. RDP is a Microsoft protocol and client interface used on several platforms including Windows, where i...

New Xbash Malware a Cocktail of Malicious Functions

Even if you pay up, you're not getting your data back. Note the comment about using decoys/honeypots with a DNS entry...: Adding to the rapidly growing list of multi-functional malware, a particularly nasty – and unique — data-destroying malware tool has been discovered that combines botnet, coin mining, ransomware, and self-propagation capabilities. The malware, which researchers at Palo Alto Network's Unit 42 group has named Xbash, is targeting Linux and Windows servers...