The simple rule is "If it looks to good to be true, it's almost always a scam"...: A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam. Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercrim...
Events like this make us more secure...: Three major mobile phone models – the Samsung Galaxy S9, iPhone X and the Xiaomi Mi6 – failed to survive the hacker onslaught at this year’s Pwn2Own Tokyo 2018. In all, 18 exploits, with some attacks chaining together as many as five exploits, were used to own the three phones and earn hacker teams a collective $325,000 in prize money. On day one of the two-day hacking contest, team Fluoroacetate (Amat Cama and Richard Zhu) used
Criminality is now embedded in digital life. Being aware of the range of crime is a vital first step in protecting your business...: [...] At the high end, sophisticated financially motivated cybercrime gangs have recently begun using tactics that were once associated only with nation-state backed actors to plunder organizations around the world. Though relatively small in number, these organized crime gangs are responsible for a bulk of the cybercrime-related damage that bu
Patch now...: Microsoft today released patches for 63 vulnerabilities as part of its November Patch Tuesday update. Twelve of the bugs were deemed Critical, two were publicly known at the time of release, and one is reportedly under active attack. The bug being exploited is CVE-2018-8589, a Windows Win32k elevation of privilege vulnerability. It was reported by researchers as Kaspersky Labs, a sign attackers are using it in malware, notes Dustin Childs of Trend Micro's Ze...
Watch out for this one...: [...] The spam is well-crafted, and contains malicious links or Microsoft Word and PDF attachments disguised as invoices, bank account alerts or payroll reports. The messages purport to be from major banks, and use legitimate logos and other visuals to be more convincing. The messages appear to be targeting English and German-speaking users in this latest Emotet campaign and appears to be most active in the Americas, the U.K., Turkey and South A
We are still not good at knowing when we are under attack...: [...] Despite mounting regulatory pressures, this year saw little improvement in the interval between when organizations first discover a breach and when they publicly disclose the event. In 2017, organizations took an average 47 days to publicly disclose an event; this year the number stood at 47.5 days. For all the investments that organizations are making in breach detection and response, most discover a bre
Two things I take from this report: 1. There are a lot of compromised endpoints in Russia being used to launch attacks - but that doesn't say who's actually behind the attack; 2. Honeypots, long derided, can be useful sources of intel. [Note: 'lakh' means 100k]...: Russia accounted for most cyber attacks on India (255,589), followed by the US (103,458), China (42,544), the Netherlands (19,169) and 15,330 attacks from Germany. India has been the target of over 4.3 lakh c
If, like me, you did business studies back in the last millennium then you'd be familiar with Porter's Five Forces. I'm seeing the move by Big Tech to embrace regulation not as any expression of altruism but as a way of locking in competitive advantage. If regulation becomes a significant barrier to entry, then the big boys win...: LISBON — An unlikely cheerleader has joined the fight to regulate Big Tech: Silicon Valley. Amid growing public anger at big beasts like Googl