You are here
Home > News > Information Security

Access to over 3,000 backdoored sites sold on Russian hacking forum

Are you on the list?... [...] The forum is named MagBO and is a relative newcomer on the hacking scene, where other services HackForum, Exploit.in, xDedic, Nulled, or Mal4All have already made a name for themselves. But according to Flashpoint, this forum has its own niche, and that niche is in selling web shells to already-hacked websites. "Essentially, the breached websites host some sort of backdoor that would enable buyers to log in to them," Vitali Kremez, Directo

Cryptojackers Grow Dramatically on Enterprise Networks

This has become the 21st century version of stealing electricity...: Cryptojacking — threat actors placing illicit cryptocurrency miners on a victim's systems — is a growing threat to enterprise IT according to a just-released report from the Cyber Threat Alliance (CTA). CTA members have seen miner detections increase 459% from 2017 through 2018 and there's no sign that the rate of infection is slowing. The joint paper, written with contributions from a number of CTA memb...

Zaif cryptocurrency exchange loses $60 million in recent hack

A reminder, only keep funds in a 'hot-wallet' that you need for immediate training. Everything else keep offline...: Japanese cryptocurrency exchange Zaif announced today that it lost $60 million worth of company and user funds during a security incident that took place last week. The company said it discovered the hack on Monday, September 17, and confirmed it a day later, when it reached out to authorities and reported the incident. The Zaif team suspended user depos

Your business should be more afraid of phishing than malware

Graham Cluley makes the valid point that, if phishing is the most common cause of breaches, then you should deal with phishing first...: [...] If you were to make a list of the most common causes of security breaches, it is phishing attacks that would surely dominate. A recent study of 100 UK-based CISOs confirms that phishing is a major concern, with nearly half of respondents blaming the phenomenon for the biggest security incidents they had suffered in the last 12 m

The Lawfare Podcast: Bruce Schneier on ‘Click Here to Kill Everybody’

If you have time to listen, be afraid...be very afraid...: Security technologist Bruce Schneier's latest book, "Click Here to Kill Everybody: Security and Survival in a Hyper-connected World," argues that it won't be long before everything modern society relies on will be computerized and on the internet. This drastic expansion of the so-called 'internet of things,' Schneier contends, vastly increases the risk of cyberattack. To help figure out just how concerned you shou

The Security Costs of Cloud-Native Applications

Running applications natively on a/the cloud brings a different set of security risks. This article on Dark Reading examines some of them, but not the lack of expertise in building secure cloud-native applications...: Businesses are increasingly reliant on cloud-native applications despite the strong, broad perception that use of the cloud will drive security risks. So, where are the security gaps and which issues are top of mind? The data comes from "The State of Cloud N...

US Dept of State says attack on email system exposed employees’ personal data

Epic fail...: The US Department of State has confirmed that it has suffered a data breach which exposed the personally identifiable information of some employees. News of the breach was first reported by Politico, who pointed out that the department has often been a target for state-sponsored hacks. (Perhaps the most notable incident occurred in 2014 when attacked by Russian hackers, where an NSA Deputy Director described the battle for control over the State Departmen

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

It's got to the point where I assume all cameras are either already compromised or easily taken over. Even my children put blu-tac on their webcams out of habit...: Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated critical and tied

RDP Ports Prove Hot Commodities on the Dark Web

Psst! Wanna buy some 3389?... Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves. Security trends come and go, but the sale of Remote Desktop Protocol (RDP) ports continues to thrive on the Dark Web as malicious hackers seek easier means of gaining access to corporate networks. RDP is a Microsoft protocol and client interface used on several platforms including Windows, where i...

New Xbash Malware a Cocktail of Malicious Functions

Even if you pay up, you're not getting your data back. Note the comment about using decoys/honeypots with a DNS entry...: Adding to the rapidly growing list of multi-functional malware, a particularly nasty – and unique — data-destroying malware tool has been discovered that combines botnet, coin mining, ransomware, and self-propagation capabilities. The malware, which researchers at Palo Alto Network's Unit 42 group has named Xbash, is targeting Linux and Windows servers...

Top