National Risk Management Center to guard US Energy Companies against Cyber Attacks

It’s official that a new National Risk Management Center is said to guard the US energy companies against cyber attacks launched by state-funded actors. This news was shared to the world yesterday at a New York Security conference by Homeland Security Secretary Kirstein Nielson who added in his statement that the top priority of the security center will be to guard the critical infrastructure against other country digital invasions. Readers of Cybersecurity Insiders have to notify a fact over here that the statement comes just after 5 months when...

Read More

Cisco sends fake phishing emails to its employees

Networking Giant Cisco has sent its employee’s fake phishing emails in order to train them against cyber attacks. The objective was to educate them on how phishing emails hit targets and how a corporate network can be defended against such attacks. Steve Martino, the Chief Information Security Officer at Cisco is said to have developed this clever technique through years of his experience fighting the bad guys. It’s said that Martino introduced such fake phishing email attacks into the corporate environment operations since September last year...

Read More

Cyber Attack news for this week

UK’s largest electronics retailer Dixons Carphone has made an official announcement on Tuesday that around 10 million records containing personal data of its customers could have been obtained in a cyber attack in 2017- which is much higher than the earlier estimates. However, the UK based company which holds a retail network clarified that the leaked records do not contain payment card or bank account details. Now, to those who are new to this news, here’s a briefing. In June this year, an investigation revealed that one of the processing systems...

Read More

Malware Analysis using Osquery Part 1

Tools like Sysmon and Osquery are useful in detecting anomalous behavior on endpoints. These tools give us good visibility of what’s happening on endpoints by logging multiple types of events, which we can forward to a SIEM or other correlation system for analysis. In this blog series, we’ll analyze different malware families, looking at the types of events generated on the...

Read More

Hackers target UnityPoint Health with email phishing scam

UnityPoint Health, an Iowa based healthcare provider has announced that it has become a victim of a recent email phishing scam which could have compromised the health and personal information of more than 1 million patients including social security numbers and critical financial information. The healthcare services provider which has a network of hospitals, clinics, and home care services in Iowa, Illinois and Wisconsin says that data related to more than 1.45 million patients could have been accessed by hackers during the cyber attack that was...

Read More

Oversharing of information on social media is resulting in money loss

Young people, especially those who are in their mid-20s to 30s are said to be falling prey to fraudsters dye to over sharing of their information on social media. Thus, it is leading to account hacks and sometimes money loss from their respective bank accounts. A survey conducted by Nationwide Building Society in the UK has divulged in its report that 83% of the British people overshare on social media often leading to bank accounts drain. The survey discovered that more than 4 in ten admitted that one of their friends or they themselves have lost...

Read More

McAfee says fileless cyber attacks are on the rise

American Computer security software McAfee has released a security report for 2Q 2018 which says that ‘fileless’ cyber attacks are on the rise in 2018 and they are leveraging the trusted Windows executable to invade systems and breach corporate networks. Note- A fileless cyber attack also called as zero footprint attack, macro attack or non-malware attack works by taking advantage of applications that are already installed on the infected PC. The malware is virtual and is seen taking advantage of the in-memory until the system gets rebooted in...

Read More

Hope for the Best, Plan for the Worst

In an attempt to wake up companies that may not be taking security as seriously as they should, they are often told, “It’s not a matter of if, but when.” Historically, I’ve not been the biggest fan of this term, in that it has a certain undertone of doom and gloom. A bit like one of those life insurance commercials that morbidly remind you that you will die some day and you...

Read More

The Bitglass Blog

If the volume and level of conversations we enjoyed at the RSA Conference in Singapore last week are anything to go by, Bitglass and the partners in our Altitude Partner Program have every reason to feel optimistic about the Asia Pacific region. For three days on the show floor, the Bitglass stand was consistently busy with visitors asking about our Next-Gen CASB and how we can help them solve data security problems relating to the use of cloud and mobile devices. Unlike some previous events, we spent little time having to answer “What’s a CASB?”...

Read More

How to Make Remote Work Easy

The commute is killing you. You sit in endless boring meetings. Phones are ringing and your colleague is moving his table for the fifth time today. Someone is looking over your shoulder. The suit that you’re wearing is uncomfortable. Isn’t the nine-to-five day great? Thankfully, today we have a contender: working remotely. When working remotely you get all the benefits that you’ve heard and imagined before — work in your sweatshirt, no more commuting, save money on lunch by eating cheap and healthy food, attend only meetings that you absolutely...

Read More

Telegram Passport number addition surges data privacy concerns

Britain’s messaging app Telegram has added a new feature onto its platform which allows users to store their identity documents such as Passport Numbers or social security numbers on telegram’s encrypted cloud storage. The objective of this feature is to allow users to showcase their identity documents to Initial Coin Offerings (ICOs) and cryptocurrency exchange sites to verify their identity. But security experts suggest that identity documents storage on cloud storage platforms can invite more trouble to those who are strictly concerned about...

Read More

Indian Prime Minister challenged by French Security Expert for Aadhaar details

Indian Prime Minister Shri Narender Modi was challenged by a French security expert named Elliot Anderson for sharing his Aadhaar details i.e. only if he has one. The challenge comes just after the exposure of certain sensitive details like passport number, email ID, PAN number, alternative phone number, WhatsApp picture profile photo and mobile number of the Indian Telecom Chief RS Sharma. Now, to those who are just aren’t aware of what is happening, here’s a briefing on the whole issue. Last week, Indian Telecom Authority of India (TRAI) chairman...

Read More

The Pirate Bay alternatives (2018) in wake of Cryptomining scandal

By Waqas The process of cryptocurrency mining slows down your computer and increases the energy bill – That is why it is time to find The Pirate Bay alternatives. The Pirate Bay is undoubtedly one of the most visited torrenting and file sharing websites. But did you know ThePirateBay.org is using the computing power (CPU) of your computer to mine cryptocurrency? […] This is a post from HackRead.com Read the original post: The Pirate Bay alternatives (2018) in wake of Cryptomining scandal July 30, 2018 at 04:03...

Read More

Parasite HTTP RAT loaded with advanced detection evasion capability

By Waqas Proofpoint researchers have discovered a new remote access Trojan (RAT) as well as an updated version of an already identified banking Trojan and claim that both the RATs are involved in recently detected phishing campaigns targeting the retail, healthcare and IT industries. Emails containing MS Word attachments are being sent, which contain hidden malicious macros […] This is a post from HackRead.com Read the original post: Parasite HTTP RAT loaded with advanced detection evasion capability July 29, 2018 at 04:00...

Read More

Flaw in Swann smart security cameras allows access to user’s live stream

By Waqas Security cameras and other IoT devices have been frequently identified to be incompetent and plagued with a variety of built-in flaws that render them vulnerable to exploitation by hackers. The same has been proven yet again by a team of security researchers from Pen Test Partners. Researchers Andrew Tierney, Chris Wade, and Ken Munro participated […] This is a post from HackRead.com Read the original post: Flaw in Swann smart security cameras allows access to user’s live stream July 28, 2018 at 08:38...

Read More

RFA Secures Office 365 with the Next-Gen CASB

This post was originally published here by Jennifer Perisho. A few weeks ago, Bitglass’ CMO Rich Campagna sat down with the CIO and CTO of Richard Fleischman & Associates (RFA) for our latest customer testimonial video. As a technology advising and consultancy group, RFA has spent over thirty years providing its clients with IT security tools that can protect sensitive financial data. In addition to protecting its own data in apps like Office 365, part of RFA’s search for cloud security was to identify a technology that its customers could...

Read More

A GROWING NUISANCE: HOW TO FEND OFF BAD BOTS

This post was originally published here by (ISC)² Management. Bad bots make up more than one third of internet traffic, and although some of them try to influence elections and feed conflict on social media, most are targeting business websites, according to a newly published report. Set loose across the internet, armies of bad bots constantly carry out a multitude of misdeeds against businesses in just about every industry. Their activities include scraping prices by competitors looking to gain an upper hand in price SEO searches, stealing...

Read More

ICO hacked: Hackers steal $8 million from KICKICO Blockchain network

By Waqas Another day, another ICO hacked. This time, KICKICO, an Initial Coin Offering (ICO) project that lets users conduct ICOs, pre-ICOs, crowdfunding and crowdinvesting campaigns have suffered a security breach and as a result, hackers have stolen more than 70 million KickCoins which is around $7.7 million. The cyber attack took place on Thursday, July 26th when hackers breached […] This is a post from HackRead.com Read the original post: ICO hacked: Hackers steal $8 million from KICKICO Blockchain network July 28, 2018 at ...

Read More

Spectre attack variant can be remotely mounted to extract sensitive data

By ghostadmin What we know so far about Spectre attacks is that it relies upon execution of malicious code. The code is executed on computers having speculative-execution design flaws in processor chip; once a device is compromised, it becomes possible to obtain sensitive data such as passwords, PINs, and keys. Such data is usually stored in the […] This is a post from HackRead.com Read the original post: Spectre attack variant can be remotely mounted to extract sensitive data July 27, 2018 at 09:29...

Read More

Things I Hearted this Week, 27th July 2018

Welcome to your weekly security roundup, providing you all with the security news you deserve, but maybe might not need. As always, these news stories are human-curated by me – no fancy algorithms, no machine learning, and definitely no trending topics here. We are less than two weeks away from Blackhat in sunny Las Vegas. We’ll be there – pop along to booth 528 and say hello...

Read More

China, Russia, and Iran are top cyber threats to the United States

A report from the National Counterintelligence and Security Center released on Thursday states that China, Russia, and Iran are the top cyber adversaries to the US as these three nations have been caught red-handed conducting foreign economic and industrial espionage on American soil. The NCSC report says that the said three nations have been consistently stealing the trade secrets of United States for years on a digital note and are still ruining America’s prosperity by invading its security secrets from time to time – all to gain a competitive...

Read More

5 WAYS TO GET THE MOST OUT OF SECURITY CONGRESS

This post was originally published here by  (ISC)² Management. Security Congress is less than three months away! This year’s biggest and best cybersecurity conference will be held in New Orleans, Louisiana from October 8-10. Attending this year’s event can earn you as many as 46 CPEs for the year. To make sure you get the most out of #ISC2Congress, here are five things to do before you get to NOLA: Register for workshops Reserved seating workshops are new to Security Congress this year. We will have five workshops available throughout...

Read More

Gaining security visibility of your public cloud assets

This post was originally published here by eddy smith. As the use of public cloud services increases, security teams struggle to maintain visibility of their cloud assets. In fact, in one recent survey, 43% of cloud security pros said that lack of visibility into infrastructure security is their biggest operational headache (cite: https://ift.tt/2NXdbQB). So why is visibility so important? The relevant phrase here is cliché, but worth repeating: you can’t protect what you can’t see (or to quote the original Drucker-ism, “you can’t manage what you...

Read More

364 inmates hacked prison tablets to steal almost $225,000

By Waqas Hundreds of inmates hacked the system and transferred almost $225,000 in their accounts. Inmates at Idaho Department of Correction are provided with computer tablets manufactured by a Florida based company JPay. These tablets are powered by communications and data services from CenturyLink, a telecommunications company, headquartered in Louisiana. The purpose of these tablets is to let inmates play games, buy music and […] This is a post from HackRead.com Read the original post: 364 inmates hacked prison...

Read More

How to Find Trustworthy Tools and Software for Your Business

By Carolina Running a business requires a great deal of time, knowledge and expertise. If you want to take it to new heights, it’s imperative that you look for ways to save time by streamlining your processes. If not, you may find that a significant amount of time is being used carrying out mundane tasks and focusing […] This is a post from HackRead.com Read the original post: How to Find Trustworthy Tools and Software for Your Business July 27, 2018 at 03:21...

Read More

Cyber Attack on Boys Town Hospital and Blue Springs Family Care

A cyber attack on the database of Boys Town National Research Hospital in Omaha, Nebraska is said to have potentially compromised more than 105,309 patient medical records in May this year. After investigating the crisis, a spokesperson from Boys Town Healthcare chose to update the cyber incident to the press on Thursday this week. As per the sources reporting to our Cybersecurity Insiders, it’s said that the hackers gained access to the database after sending a phishing email to one of the employees in the organization which eventually led to...

Read More

Here are the most common email phishing subject lines

In technical terms, email phishing is nothing but an attempt to obtain sensitive info such as usernames and passwords and credit card details by disguising an email link to be sent from a trustworthy entity in an electronic form. This includes links connecting to websites that distribute malware, that are nefarious, X-rated and which conduct espionage on victimized device data. A report compiled by KnowBe4 talks exactly about it and reveals the latest set of email subject lines that make you fall prey to phishing attacks. The list goes on as follows-...

Read More

5 Ways to Get the Most Out of Security Congress

Security Congress is less than three months away! This year’s biggest and best cybersecurity conference will be held in New Orleans, Louisiana from October 8-10. Attending this year’s event can earn you as many as 46 CPEs for the year. To make sure you get the most out of #ISC2Congress, here are five things to do before you get to NOLA: Register for workshops Reserved seating...

Read More

Identity theft protection firm LifeLock may have exposed user email addresses

By Waqas LifeLock, an Arizona-based identity theft protection firm may have exposed email addresses of millions of its customers – Simply put: A firm vowing to protect online identity of its customers may have exposed their identity to malicious hackers and cybercriminals. It happened due to a critical vulnerability which exposed LifeLock’s customers to phishing and identity […] This is a post from HackRead.com Read the original post: Identity theft protection firm LifeLock may have exposed user email addresses July 27, 2018 at 03:57...

Read More

FTP and Manual Processes Aren’t Enough to Keep Your File Transfers Safe

In its youth, FTP was revolutionary. Organizations used it during the early days of the internet to transfer files, like documents and images, over internal and external channels. And though it’s been over 40 years since its creation, many people still use FTP to send and receive file transfers. But should they? The answer is no. It’s time to move away from FTP In the 1970s, the internet didn’t experience the sort of malicious activity and cyber attacks that organizations face today. FTP was created before security became a much-needed consideration...

Read More

New! AlienVault USM Anywhere Challenge Coin: What is it and how do I get one?

AlienVault has minted a challenge coin to acknowledge the commitment and dedication it takes to become an AlienVault® Certified Security Engineer. Becoming certified in any technology is something to be proud of but becoming certified on AlienVault® USM Anywhere™ proves that you are skilled in deploying and managing a threat detection solution that’s trusted by thousands of...

Read More