Are you on the list?... [...] The forum is named MagBO and is a relative newcomer on the hacking scene, where other services HackForum, Exploit.in, xDedic, Nulled, or Mal4All have already made a name for themselves. But according to Flashpoint, this forum has its own niche, and that niche is in selling web shells to already-hacked websites. "Essentially, the breached websites host some sort of backdoor that would enable buyers to log in to them," Vitali Kremez, Directo
I always appreciate the robust language used in Australia. The problem with drafting legislation about technical issues using language to be interpreted by the courts is that a judge and I may have very different interpretations of what a 'systemic weakness' is...: [...] A little over a week since the window closed for public submissions on the government's draft Assistance and Access Bill, Minister for Home Affairs Peter Dutton on Thursday introduced the Bill into the House
Many CISOs I talk to still spend a lot of time fighting operational fires. This survey may be more about aspiration than reality...: Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals. The tasks topping the CISO's to-do list are slowly shifting, as their core priorities transition from primarily technical expertise to securing business applications and processes. It's the key takeaway from a new
This has become the 21st century version of stealing electricity...: Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim's systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there's no sign that the rate of infection is slowing. The joint paper, written with contributions from a number of CTA memb...
A reminder, only keep funds in a 'hot-wallet' that you need for immediate training. Everything else keep offline...: Japanese cryptocurrency exchange Zaif announced today that it lost $60 million worth of company and user funds during a security incident that took place last week. The company said it discovered the hack on Monday, September 17, and confirmed it a day later, when it reached out to authorities and reported the incident. The Zaif team suspended user depos
We hear a lot about 'Shadow IT' which is IT used by but not provided through an enterprise (think personal DropBox). In the insurance world they talk about 'silent cyber' which is a loss not insured under a specific cyber policy. Expect push-back from the insurers to avoid paying out...: That is according to a new report from Willis Towers Watson (WLTW), which reveals that 60% of insurers believe cyber events like the global WannaCry ransomware attack of 2017 will occur at l
Graham Cluley makes the valid point that, if phishing is the most common cause of breaches, then you should deal with phishing first...: [...] If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate. A recent study of 100 UK-based CISOs confirms that phishing is a major concern, with nearly half of respondents blaming the phenomenon for the biggest security incidents they had suffered in the last 12 m
If you have time to listen, be afraid...be very afraid...: Security technologist Bruce Schneier's latest book, "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World," argues that it won't be long before everything modern society relies on will be computerized and on the internet. This drastic expansion of the so-called 'internet of things,' Schneier contends, vastly increases the risk of cyberattack. To help figure out just how concerned you shou
Running applications natively on a/the cloud brings a different set of security risks. This article on Dark Reading examines some of them, but not the lack of expertise in building secure cloud-native applications...: Businesses are increasingly reliant on cloud-native applications despite the strong, broad perception that use of the cloud will drive security risks. So, where are the security gaps and which issues are top of mind? The data comes from "The State of Cloud N...