Three Chinese Hackers Who Stole 407GB Of Data From Siemens Arrested

Three Chinese nationals were charged with cybercrime offences today, accused of hacking three companies – Moody’s Analytics, Trimble and Siemens – to steal gigabytes of sensitive data and trade secrets. The Department of Justice said the men were part of an organization, Guangzhou Bo Yu Information Technology Company Limited (Boyusec), which has been linked by […]

IoT Security Needs OEM, User Partnerhips

Read Carl Herberger why says that manufacturers and network administrators need to come together and weave a security defense for the Internet of Things on EE Times : For years, the security community warned of the possibility of attacks aimed at the Internet of Things. At the end of 2016, we finally got one, and it […]

Free Saturn “Ransomware-as-a-Service” Allows Anyone To Become A Hacker

Last week, MalwareHunterTeam spotted a new ransomware named Saturn. As per a detailed report from Bleeping Computer, Saturn ransomware is being actively distributed at the moment, but the methods used for its distribution are unknown. Also, this ransomware is not decryptable at the moment. After infecting the machine, Saturn ransomware executes commands to disable Windows […]

Laser Tools Could Be Next: Insecurity In The Internet Of Things

The U.S. government is trying desperately to pass legislation that will reduce vulnerabilities in the Internet of Things. Nonprofit groups and nongovernmental organizations are working to institute security standards that IoT developers must adhere to. Yet, try as everyone might, there remain large, glaring holes in IoT security. Smart devices are convenient and cool. For […]

Google discloses Microsoft Edge security flaw before it could be fixed

Google seems to be gunning for Microsoft again by going public with a vulnerability in Microsoft Edge before Microsoft could develop a patch. The flaw affects Microsoft’s Arbitrary Code Guard (ACG), which Microsoft described a year ago in a post about major security improvements released in the Creators Update of Windows 10. To mitigate arbitrary native code […]

Tesla cloud account hacked to mine cryptocurrency

With the prices of cryptocurrencies like Bitcoin, Etherum etc. skyrocketing, using miners to mine them on victim’s computers has become favorite vector among cybercriminals. Earlier hackers have been found to be using browser extensions to run such malicious scripts but now even the top tech company clouds are being used. The victim this time is Tesla […]

The advent of GDPR could fuel extortion attempts by criminals

The number of exploit kit attacks is, slowly but surely, going down, and malware peddlers are turning towards more reliable tactics such as spam, phishing, and targeting specific, individual vulnerabilities. That’s the good news. The bad news is that everything else is on the rise: BEC scams, ransomware, stealthy crypto-mining, the number of enterprise records compromised […]

Meet Coldroot, a nasty Mac trojan that went undetected for years

A Mac malware that can silently, remotely control a vulnerable computer and steal passwords from a user’s keychain has gone largely unnoticed by antivirus makers for two years — even though the code is readily available to download. Patrick Wardle, chief research officer at Digita Security, revealed in a blog post Tuesday details of Coldroot, a remote […]

Even with cloud providers implementing defenses, glaring weaknesses remain

A new report from RedLock offers a look at the threats and vulnerabilities that continue to mount in public cloud computing environments. First of all, poor user and API access hygiene, combined with ineffective visibility and user activity monitoring, are causing organizations to be more vulnerable to breaches. For example, 73% of organizations allow the root user […]

Proactive Threat Hunting: Taking the Fight to the Enemy

If you haven’t implemented a cyber threat hunting capability yet, 2018 is the time to start, because attackers have become dangerously good at breaking into and hiding on enterprise networks for long periods of time. Often organizations do not realize they have been breached for months, and in some cases years, after an initial intrusion […]