Orbitz says hacker stole two years’ worth of customer data

Travel booking website Orbitz has been hacked, the company said. The site, now owned by Expedia, confirmed in a statement that it “identified and remediated a data security incident affecting a legacy travel booking platform.” According to the statement, the company found evidence in March that an attacker had access to the company’s legacy systems between […]

Email fraud warning: Now hackers want your data as well as your money

Fraudsters are launching phishing campaigns that come in the shape of emails pretending to be from someone within the same organisation as the victim — and the crooks are increasingly targeting data rather than money. Email fraud, particularly business email compromise, hit the headlines when the FBI said this particular form of cybercriminal activity cost victims […]

Russian APT Compromised Cisco Router in Energy Sector Attacks

Yet another nation-state hacking team has been spotted compromising a network router to get to its ultimate targets: this time, it’s the infamous Russian APT known as DragonFly 2.0 that was called out by the US federal government last week for hacking into US energy networks. Researchers from Cylance this month revealed that they recently […]

8 hot cyber security trends (and 4 going cold)

The whole tech industry is dynamic and constantly changing. And if you’re in IT security, you’re in a unique position that the changes can be forced upon you by techniques developed by malicious hackers. That means that there’s always something new going on in the industry, and there are also some techniques and tools whose […]

Four wireless standards hackers will target after Wi-Fi

When any new communication medium for sharing information emerges, it’s often quickly followed by those committed to hacking it. This natural progression is unfortunately very predictable: groups of skilled experts form to explore vulnerabilities; they share ideas, code, tools and more. After a while, that small group balloons into a full-blown community that’s equipped with […]

‘Slingshot’ Cyber Espionage Campaign Hacks Network Routers

A newly discovered nation-state cyber espionage campaign targeting Africa and the Middle East infects network routers in order to snare administrative credentials from its targets and then move freely throughout the network. Kaspersky Lab researchers unearthed the stealthy and highly sophisticated operation – named “Slingshot” after a word found in the attack code – that […]

CIGslip Lets Attackers Bypass Microsoft Code Integrity Guard

A new attack method lets attackers bypass Microsoft’s Code Integrity Guard (CIG) and inject malicious code into protected processes, including Microsoft Edge. Researchers at Morphisec this week disclosed the details of the technique and proof-of-concept code. CIG is a mitigation that was first introduced in Windows 10 in 2015, and later became part of Device Guard. It […]

Exim vulnerability opens 400,000 servers to remote code execution

If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it as all previous versions contain a vulnerability that can be exploited to achieve remote code execution. The buffer overflow vulnerability in the base64 decode function of Exim […]

Most healthcare breaches still come from hacking

In 2017 the number of individuals affected by breaches within the healthcare sector reached a four-year low. However, 71 percentof breaches in 2017 were due to hacking and IT incidents, and a growing proportion growth trend that has continued since 2014, according to the Bitglass 2018 Healthcare Breach Report. The fourth annual Healthcare Breach Report aggregates data […]

Chafer: Hacking group expands espionage operation with new attacks

A hacking operation has expanded its operations taking advantage of new tools to attack organisations across the Middle East for the purposes of surveillance and intelligence gathering. Targets are mostly working in telecoms and transport and their surrounding supply chains – with IT software, payroll, aircraft services and engineering firms all targets during the last […]