This Week in Technology

This Week in Technology

By Eric Corcoran
Posted in Technology Week in Review
On May 03, 2019

Monday 4/29

Researchers develop new technique to identify malware in embedded systems

At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data.Spectre and Meltdown are high-profile examples of micro-architectural malware.

Chrome on Android: Phishing attackers can now trick you with fake address bar

Normally, when the user scrolls up, Chrome will redisplay the true URL bar. But we can trick Chrome so that it never redisplays the true URL bar. Once Chrome hides the URL bar, we move the entire page content into a 'scroll jail' – that is, a new element with overflow:scroll. Then the user thinks they're scrolling up in the page, but in fact they're only scrolling up in the scroll jail.

Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens

Docker, a company that makes software tools for programmers and developers, said on Friday that hackers had accessed one of its Docker Hub databases and could have stolen sensitive data from around 190,000 accounts.

Tuesday 4/30

Malware Infests Popular Pirate Streaming Hardware

“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.

Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn

Threats can be countered by implementing some relatively simple cybersecurity techniques that make movement between systems almost impossible. Network segregation can help you stop a malware attack from happening. You should be separating network components logically, but also based on criticality and by following industry best practice and industry standards.

Cisco launches Wi-Fi 6 routers to keep up with enterprise data growth

Wi-Fi 6 will provide a huge boost in total network capacity and reliability and should improve speed, performance, and capacity for wireless networking in both homes and enterprises. Cisco noted that the internet of things (IoT) means we’ll have billions more devices connected to the internet, and the networking infrastructure is going to have to keep pace with that.

Wednesday 5/1

What is Exobot, the frightening new banking app Trojan?

Exobot’s main functionality is to steal sensitive information from banking apps and financial services. Once Exobot infects a device, it uses “overlay attacks” to steal banking information. In an overlay attack, the attacker places an invisible window on top of the user interface of the targeted app and intercepts whatever the user types or taps.

Oracle, Airbus, Toshiba, and Volkswagen financial data leaked following cyberattack

The cybercriminals stole data from Germany-based CITYCOMP, which provides servers, storage and other computer equipment to other enterprise-level organizations and subsequently blackmailed the firm and threatened to publish the stolen information if the demands weren’t met.

STEALTHbits Launches Free Permissions Auditing Capabilities for Cloud and On-Premises Resources

STEALTHbits Technologies, Inc announced the release of the STEALTHbits Access Library, a new portal for users to download free connectors designed to audit data access rights across a variety of popular cloud and on-premises data repositories.

Thursday 5/2

Six Tips That You Should Use Before Creating Your Next Password: Gary Davis, McAfee

Years ago, consumers did not store nearly as much personal data on the internet. However, today, our most sensitive details live behind online password protection – from our financials, to our official documentation, personal photos and more. This means consumer behavior around passwords must evolve, in order to prevent cybercriminals from accessing vital information.

Why credit card data stealing point-of-sale malware is still such a big problem

Old hardware, vulnerabilities in unsupported operating systems and malware files that are so small they're virtually undetectable mean that point-of-sale (POS) malware is thriving as a key method for cyber criminals looking to steal credit card data and other personal information.

Friday 5/3

FireEye Joins Team to Provide Defensive and Cyber Threat Intelligence Operations Support to U.S. Army Cyber Command

Under the Cyberspace Operations Support task order, FireEye will provide professional services to assist with cyber threat intelligence operations, defensive cyber operations (DCO), cyberspace incident response, and cyberspace exercise support and training.

This password-stealing malware just evolved a new tactic to remain hidden

Now Qakbot has been updated with a new persistence mechanism which makes it harder for victims to detect and remove the malware. The new obfuscation technique has been detailed by cybersecurity researchers at Cisco Talos.

Updated hybrid cloud backup available from Pure Storage

The Evergreen Storage Service (ES2) for backup data has a flash-to-flash-to-cloud architecture that provides storage as a service for block, file, object and backup data. With the unified subscription model, customers can move all or any portion of their pay-per-use block storage capacity between environments without adjusting their contract.