Monday 5/6
Hackers steal card data from 201 online campus stores from Canada and the US
A group of hackers has planted malicious JavaScript code that steals payment card details inside the e-commerce system used by colleges and universities in Canada and the US. The malicious code was found on 201 online stores that were catering to 176 colleges and universities in the US and 21 in Canada.
https://zd.net/2GZBMl8
Shellbot malware evolves to spread and shuts down other cryptominers
The malware has new capabilities, allowing it to spread through a network and shut down other cryptominers on infected computers, allowing the malware to free up more processing power for its own cryptomining operation.
https://tcrn.ch/2GXFcoo
McAfee: Breaches Escalating Despite Better Education, Technology
Despite improvements in combating cybercrime and threats, IT security professionals still struggle to fully secure their organizations and protect against breaches, with 61% claiming to have experienced a data breach at their current employer. Adding to this challenge, data breaches are becoming more serious as cybercriminals continue to target intellectual property, putting the reputation of the company brand at risk and increasing financial liability.
http://bit.ly/2DSoI0d
Tuesday 5/7
Flying Under The Radar: The Biggest Malware Threats Hiding In Plain Sight
Fileless malware attacks are proving to be particularly useful against businesses because the majority of outdated enterprise security solutions are designed to detect file-based malware that resided on the disk, not in memory. Small to midsize businesses (SMBs) have become particularly vulnerable since some lack adequate security and IT staff to understand and protect against these threats.
http://bit.ly/2ZYqlTr
A hacker is wiping Git repositories and asking for a ransom
Some users who fell victim to this hacker have admitted to using weak passwords for their GitHub, GitLab, and Bitbucket accounts, and forgetting to remove access tokens for old apps they haven't used for months --both of which are very common ways in which online accounts usually get compromised.
https://zd.net/2PWAMCo
Wednesday 5/8
HyTrust Offers Free Container Security in Expanded Security Solution for Hybrid Clouds
HyTrust today announced HyTrust CloudControl™ 6.0, expanding the industry-leading security offering for vSphere and NSX to include AWS and Kubernetes. The solution addresses challenges organizations face in trying to secure and ensure compliance of their hybrid, multi-cloud environments efficiently. To promote container security adoption, HyTrust is offering no-cost HyTrust CloudControl licenses for Kubernetes-orchestrated container environments.
http://bit.ly/2H8gUJv
Surge of MegaCortex ransomware attacks detected
The ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions --in a tactic that is known as "big-game hunting." MegaCortex now joins an ever-growing list of ransomware strains that cyber-criminal groups are using only in targeted attacks, rather than with spam or other mass deployment techniques.
https://zd.net/2V9QTgD
Citrix extends the power of cloud-based orchestration to enterprises
As a centralized management and analytics tool, Citrix SD-WAN Orchestrator is architected for all deployment sizes, including large-scale SD-WAN rollouts, giving you the agility you need to quickly deliver new services to your users. In addition, integrated security means that you don’t have to worry about additional complexity.
http://bit.ly/2LrDvox
Thursday 5/9
‘Big Deal’: Nutanix Enters Secondary Storage Market with Nutanix Mine
Nutanix Mine is a turnkey solution that integrates secondary storage operations with the Nutanix Enterprise Cloud Platform. The new solution allows customers to manage their hyper-converged infrastructure (HCI) environment and backup operations from a single management console while helping to cut down the cost and complexity of standalone systems dedicated to backup and recovering data.
http://bit.ly/2YlcSDv
Hackers Knock Wolter Kluwer Offline With Malware Attack
The Netherlands-based accounting software giant Wolter Kluwer was hit by a massive malware attack on May 6. The cyberattack took its systems offline and shut down internal access to several databases.
http://bit.ly/2vOpgzO
Friday 5/10
This ransomware sneakily infects victims by disguising itself with anti-virus software
Like many ransomware campaigns, Dharma attacks start off with phishing emails. The messages claim to be from Microsoft and that the victim's Windows PC is 'at risk' and 'corrupted' following 'unusual behaviour', urging the user to 'update and verify' their anti-virus by accessing a download link. If the user follows through, the ransomware retrieves two downloads: the Dharma ransomware payload and an old version of anti-virus software from cyber security company ESET.
https://zd.net/2VqJbDP
Google Cloud Doubles Down on NVIDIA GPUs for Inference
Google recently announced that it has expanded its offering of NVIDIA’s latest GPU, the Turing-based T4, for global availability on the Google Cloud. This is due to the wide range of applications that can use the T4 (all AI frameworks, all deep learning models, Machine Learning algorithms, training, inference, 3D graphics, and more). The T4 is a real workhorse product at an attractive price point—as low as $0.29 per hour per GPU on GCP.
http://bit.ly/2PTPVEi
‘Unhackable’ eyeDisk flashdrive exposes passwords in clear text
EyeDisk's contents are unlocked when the authenticator element of the device passes a password along to the controlling software. The researcher chose to use Wireshark, an open-source packet analyzer, to see if he could sniff out the contents. (The latest versions of Wireshark support USBPcap for sniffing USB packets in real-time.) It wasn't long before it became apparent that the so-called "unhackable" device unlocks by sending these passwords in clear text.
https://zd.net/2WzxhUL