Monday 4/29
Researchers develop new technique to identify malware in embedded systems
At issue are so-called micro-architectural attacks. This form of malware makes use of a system’s architectural design, effectively hijacking the hardware in a way that gives outside users control of the system and access to its data.Spectre and Meltdown are high-profile examples of micro-architectural malware.
http://bit.ly/2GQg3Nr
Chrome on Android: Phishing attackers can now trick you with fake address bar
Normally, when the user scrolls up, Chrome will redisplay the true URL bar. But we can trick Chrome so that it never redisplays the true URL bar. Once Chrome hides the URL bar, we move the entire page content into a 'scroll jail' – that is, a new element with overflow:scroll. Then the user thinks they're scrolling up in the page, but in fact they're only scrolling up in the scroll jail.
https://zd.net/2ZIbGvp
Hackers Breached a Programming Tool Used By Big Tech and Stole Private Keys and Tokens
Docker, a company that makes software tools for programmers and developers, said on Friday that hackers had accessed one of its Docker Hub databases and could have stolen sensitive data from around 190,000 accounts.
http://bit.ly/2XVMxMe
Tuesday 4/30
Malware Infests Popular Pirate Streaming Hardware
“By plugging the device into a home network, [users] are enabling hackers to bypass the security (such as a router’s firewall) designed to protect their system. If apps on the box or that are later downloaded have malware, the user has helped the hacker past network security,” wrote Digital Citizens Alliance (DCA) in a recently released report.
http://bit.ly/2GVdj1A
Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn
Threats can be countered by implementing some relatively simple cybersecurity techniques that make movement between systems almost impossible. Network segregation can help you stop a malware attack from happening. You should be separating network components logically, but also based on criticality and by following industry best practice and industry standards.
https://zd.net/2DEAbA5
Cisco launches Wi-Fi 6 routers to keep up with enterprise data growth
Wi-Fi 6 will provide a huge boost in total network capacity and reliability and should improve speed, performance, and capacity for wireless networking in both homes and enterprises. Cisco noted that the internet of things (IoT) means we’ll have billions more devices connected to the internet, and the networking infrastructure is going to have to keep pace with that.
http://bit.ly/2V3HA72
Wednesday 5/1
What is Exobot, the frightening new banking app Trojan?
Exobot’s main functionality is to steal sensitive information from banking apps and financial services. Once Exobot infects a device, it uses “overlay attacks” to steal banking information. In an overlay attack, the attacker places an invisible window on top of the user interface of the targeted app and intercepts whatever the user types or taps.
http://bit.ly/2IScfgW
Oracle, Airbus, Toshiba, and Volkswagen financial data leaked following cyberattack
The cybercriminals stole data from Germany-based CITYCOMP, which provides servers, storage and other computer equipment to other enterprise-level organizations and subsequently blackmailed the firm and threatened to publish the stolen information if the demands weren’t met.
http://bit.ly/2XWSXdL
STEALTHbits Launches Free Permissions Auditing Capabilities for Cloud and On-Premises Resources
STEALTHbits Technologies, Inc announced the release of the STEALTHbits Access Library, a new portal for users to download free connectors designed to audit data access rights across a variety of popular cloud and on-premises data repositories.
https://yhoo.it/2WjbSir
Thursday 5/2
Six Tips That You Should Use Before Creating Your Next Password: Gary Davis, McAfee
Years ago, consumers did not store nearly as much personal data on the internet. However, today, our most sensitive details live behind online password protection – from our financials, to our official documentation, personal photos and more. This means consumer behavior around passwords must evolve, in order to prevent cybercriminals from accessing vital information.
http://bit.ly/2vxBv3t
Why credit card data stealing point-of-sale malware is still such a big problem
Old hardware, vulnerabilities in unsupported operating systems and malware files that are so small they're virtually undetectable mean that point-of-sale (POS) malware is thriving as a key method for cyber criminals looking to steal credit card data and other personal information.
https://zd.net/2WiJtcn
Friday 5/3
FireEye Joins Team to Provide Defensive and Cyber Threat Intelligence Operations Support to U.S. Army Cyber Command
Under the Cyberspace Operations Support task order, FireEye will provide professional services to assist with cyber threat intelligence operations, defensive cyber operations (DCO), cyberspace incident response, and cyberspace exercise support and training.
http://bit.ly/2GZPXYk
This password-stealing malware just evolved a new tactic to remain hidden
Now Qakbot has been updated with a new persistence mechanism which makes it harder for victims to detect and remove the malware. The new obfuscation technique has been detailed by cybersecurity researchers at Cisco Talos.
https://zd.net/2PMw8GT
Updated hybrid cloud backup available from Pure Storage
The Evergreen Storage Service (ES2) for backup data has a flash-to-flash-to-cloud architecture that provides storage as a service for block, file, object and backup data. With the unified subscription model, customers can move all or any portion of their pay-per-use block storage capacity between environments without adjusting their contract.
http://bit.ly/2ZWAArs