CASB tales from the darkside…

This post was originally published here by Nat Kausik. Recently, met with the CASB team at a global management consulting company.  Their struggles over the last two years are worth chronicling. This company had purchased a first-gen CASB that installs agents on every device, making the solution almost impossible to deploy to a global workforce on a range of devices. After two years, they were still only partially deployed.    Worse yet, the vendor updated end-point agents at their whim.  After one such update, almost all of...

Read More

Indian police & Microsoft busts tech support scam centers

By Uzair Amir You may have watched YouTube videos about tech support scam tricking unsuspecting users into believing that their devices have been compromised with some nasty malware and the only way to get rid of it is to pay the technician for their “services” over the phone or Skype call. This type of tech support scam has […] This is a post from HackRead.com Read the original post: Indian police & Microsoft busts tech support scam centers December 01, 2018 at 03:18...

Read More

Marriott hotel data breach: Sensitive data of 500 million guests stolen

By Waqas Marriott has announced that it has suffered a massive data breach after attackers hacked its guest reservation system at Starwood hotels, a group of hotels the company took over in 2016 – These hotels include Sheraton, St. Regis, Westin and W Hotels. The breach was discovered last week after Marriott’s internal security tool alerted the company regarding an attempt to access the […] This is a post from HackRead.com Read the original post: Marriott hotel data breach: Sensitive data of 500 million guests...

Read More

Things I Hearted this Week – 30th Nov 2018

Last week I was off attending IRISSCON in Dublin and so there was no update, and this week I’ve been at the SAN EU security awareness summit – so while I have been hearting things for the last two weeks, I’ve not had a chance to put them down. I don’t want to miss two weeks in a row – so I’ll give you a quick download and hopefully normal service will resume next week! Chat...

Read More

Data of 500 million Starwood Marriott Hotel customers compromised in Cyber Attack

Marriott International has disclosed that the data of more than 500 million guests was compromised in September this year which happens to be the biggest in the last 5 years. The compromised details include Passport info, credit card details, and names & phone numbers of guests who checked into the Starwood properties on or before Sept 10 this year. Sources reporting to Cybersecurity Insiders say that the intrusion into the network of Starwood Hotels & Resorts was taking place since 2014, but was detected recently through a data audit conducted...

Read More

Hackers shut down Moscow’s Cable Car via Cyber Attack

Moscow’s Cable Car services which were opened to the public for the first time was reportedly shut down by hackers via cyber attack. Sources reporting to Cybersecurity Insiders say that the passengers were forced to disembark the vehicles only 2 hours after it opened on Wednesday as the digital systems which were operating the cars were disrupted. Many Twitter users who were about to take the ride were seen sharing a video of a police officer requesting them to get down the vehicle as it could not operate due to technical reasons. When they tried...

Read More

SSCP CREATES POINT OF ENTRY TO CYBER CAREER

This post was originally published here by(ISC)² Management . If you’re looking to break into the field of cybersecurity – and workforce research shows, we need you to join us – (ISC)²’s SSCP certification may be the way to go. Certification Magazine recently wrote about the SSCP certification as a solid point of entry for aspiring security professionals. The certification is ideal for those in “boots on the ground” positions within security operations. The SSCP exam is highly technical and focused on...

Read More

CYBERSECURITY SCHOLARSHIPS FROM (ISC)² AND THE CENTER FOR CYBER SAFETY AND EDUCATION

This post was originally published here by (ISC)² Management. Each year, (ISC)² and the Center for Cyber Safety and Education partner together to offer scholarships to students around the world. There are three categories of scholarships in this program: Graduate, Undergraduate and Women’s. All are open to students pursuing cybersecurity degrees in any country in the world, whether they are full-time or part-time students, online or attending a campus. The Graduate Scholarship period is open until January 15. Applicants must be pursuing,...

Read More

Tips for a Successful AWS re:Invent 2018

This post was originally published here by gregg rodriguez. AWS re:invent is less than a month away, but if you’re like most IT and security professionals you have your hands full. This year we’re sharing some tips for AWS re:Invent that will help you take advantage of great online resources so you can plan ahead and hit the ground running the minute you arrive–without having to flip through guides and agendas as you’re looking for the right venues. Top AWS Resources for re:Invent-ing like a Pro 2018 AWS re:Invent Agenda Worksheet: Before you...

Read More

Dunkin Donuts Perks loyalty data breach: Change your password

By Waqas Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen – The DD Perk is a reward program for the company’s regular customers. According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach was initially detected on October 31st forcing it to […] This is a post from HackRead.com Read the original post: Dunkin Donuts Perks loyalty data breach: Change your password November 30, 2018 at 05:04...

Read More

Feds charge 2 Iranian hackers behind SamSam ransomware attacks

By Waqas The United States Department of Justice has charged two Iranian nationals with allegedly developing and using SamSam ransomware against their targets in the United States and Canada to carry out computer hacking and extortion scheme from Iran. Both Mohammad Mehdi Shah Mansouri, 27 and Faramarz Shahi Savandi, 34 have been charged with six counts together with one count of conspiracy […] This is a post from HackRead.com Read the original post: Feds charge 2 Iranian hackers behind SamSam ransomware attacks November...

Read More

Gang sentenced for installing card skimmers on gas pumps & stealing data

By Carolina On Wednesday, a group of ten individuals including the head of the group received a total of 30 years sentence. The group was involved in installation of card skimmers on gas pumps across five states in the US including main cities of Northeast Ohio. Through card skimmers, credit card detail of thousands of people was […] This is a post from HackRead.com Read the original post: Gang sentenced for installing card skimmers on gas pumps & stealing data November 29, 2018 at 08:40...

Read More

HCISPP Spotlight: George Chacko

Name: George Chacko Title: Senior Manager, Information Security Employer: New York Blood Center Location: New York, NY, U.S. Education: State University of New York at Buffalo Years in cybersecurity and/or privacy: 14 Cybersecurity certifications: CISSP, HCISPP   How did you decide upon a career in healthcare security and/or privacy? After starting my career in financial...

Read More

Dell fails to notify customers on Cyber Attack

Dell has announced late yesterday that it had reset all the passwords of its customers belonging to its electronics store Dell.com on November 14th this year as a precautionary measure to block unauthorized attempt of cyber crooks to extract customer information like email address, customer names and hashed passwords. The highlight of this issue is that the company detected unauthorized attempt to access its database on November 9th,2018, but chose not to make it public to avoid embarrassment among its competitors. Instead, the American Multinational...

Read More

Dell resets all customer passwords after security breach

By Waqas The computer technology giant Dell has announced on Wednesday that it has suffered a potential security breach in which hackers attempted to steal customer data from its website Dell.com. The incident took place on November 9th when Dell detected and disrupted an attack aimed at the personal data of its customers including names, email addresses, and […] This is a post from HackRead.com Read the original post: Dell resets all customer passwords after security breach November 29, 2018 at 07:08...

Read More

Google n FBI discover a major ad-fraud campaign infecting 2 million devices

Google in association with the US law enforcement agency FBI has busted a major AD fraud campaign which is reported to have hacked over 2 million devices so far. It’s said that the scam led the hackers to over $36 million earnings from advertising. Cybersecurity Insiders has learned that the search giant indicted charges against 8 people for running ‘3ve’ and ‘Methbot’ Operations in which the former is said to have infected over 2 million devices, and siphoned off an alleged $29 million. On the other hand, Methboth which was shut down in 2016 is...

Read More

New Zealand bans Huawei 5G equipment due to Espionage fears

After US and Australia, New Zealand happens to be the latest country to ban Huawei from entering its country and upgrading its mobile network to 5G. Reports are in that the Mobile Company Spark was intending to use Huawei equipment to offer 5G services in the country located in Southwestern Pacific Ocean. But the government dictated stringent orders early this week by banning Spark from using Huawei equipment for a 5G network upgrade. In August this year, United States President Donald Trump released an executive order banning all equipment supplied...

Read More

IAM and Common Abuses in AWS

This is the first of a 4 part blog series on security issues and monitoring in AWS. Identity and Access Management (IAM) in AWS is basically a roles and permissions management platform. You can create users and associate policies with those users. And once those users are established you get set of keys (access key and a secret key), which allow you to then interact with an...

Read More

FBI & Google shut down largest-ever Ad fraud scheme ‘3VE’

By Waqas 8 suspects behind 3VE have also been identified. Last year in August, the Federal Bureau of Investigation organized a secret meet-up between cybersecurity and digital advertising experts in its Manhattan federal building. This included Google and nearly 20 tech firms while there were nearly 30 attendees at the meeting. The agenda of the meeting was to […] This is a post from HackRead.com Read the original post: FBI & Google shut down largest-ever Ad fraud scheme ‘3VE’ November 28, 2018 at 09:57...

Read More

Cyber Attacks on Banks have doubled says UK Watchdog

Cyber Attacks on Banks have doubled in a year says the Financial Conduct Authority(FCA) the UK and that’s due to the sheer neglect of bankers. Yes, you’ve read it right! The FCA of UK says that some overconfident bankers are making silly errors in crucial computer updates leading to chaos and money loss. Furthermore, as firms are underprepared for hacking attacks, they are putting their customers at risk. Over the past few years, several money lenders in Britain have suffered a wave of online failures, all due to the blackout of TSB and a big internet...

Read More

Lenovo to pay $7.3m for installing adware in 750,000 laptops

By Waqas In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish. The adware played a vital role in compromising online security protections installed by the users on their laptops, accessed financial data and performed man-in-the-middle attack on private and secure connections […] This is a post from HackRead.com Read the original post: Lenovo to pay $7.3m for installing adware in 750,000 laptops November...

Read More

Google might cancel the build of ‘Censored’ search engine for China named Project Dragonfly

Google is said to cancel the build of a separate and censored Chinese search engine named ‘Project Dragonfly’ due to strong protests from its own employees. It’s said that more than 273 managers and engineers have penned a letter to Alphabet Inc the parent company of Google to stop the build of a separate search engine which will be crafted in compliance with the current surveillance laws of China. The employees have clearly mentioned in the letter that if the internet juggernaut moves ahead with Project Dragonfly, then there is a high chance that...

Read More

Trump might start his own Internet

US President Donald Trump has expressed his desire to start his own ‘World Wide Web’ network to counter misinformation (according to him) or fake news spread by CNN on International Level. Mr. Trump expressed his desire to do so via Twitter on Monday which goes on as follows- CNN has a powerful voice portraying the United States in an unfair and false way. So, something has to be done”. All those who have read his tweet are in an opinion that the 45th President of North America is in a vision to start his own internet which will help promote his...

Read More

Best Data Recovery Software of 2018: Top 10 Software for Windows, Mac and Android

A big part of the Cloudwards.net mission revolves around promoting cloud tools as a means of preventing data loss. Cloud backup solutions in particular are ideal to ensure you’ve always got a copy of your most valuable content. That said, we also understand the importance of taking such measures doesn’t really come to light until you’ve been bitten by the data loss bug. Our roundup with the best data recovery software shows you which vendors you can rely on.  The good news is that if you find yourself tearing out your hair because you...

Read More

Popular Android apps on Play Store caught defrauding users

By Waqas A well-known Chinese app developer Cheetah Mobile and one of its subsidiaries Kika Tech might have claimed credit for millions of dollars from advertisers through an Android fraud scheme, reveals app analytics firm Kochava. It is a common practice for mobile app developers to generate revenue by marketing for new apps inside their apps for […] This is a post from HackRead.com Read the original post: Popular Android apps on Play Store caught defrauding users November 27, 2018 at 08:40...

Read More

UBER to pay $491,000 Penalty for 2016 Cyber Attack

Uber Technologies, an American taxicab company has been ordered to pay $491,000 or £385,000 (pounds) by UK data watchdog over a 2016 cyber attack which compromised the data of millions of customers and tens of thousands of drivers. Information Commissioner’s Office (ICO) said that the penalty has been imposed on the California based peer to peer ride sharing company for leaking info of over 2.7 million UK customers which includes email addresses, phone numbers, and physical addresses. Readers of Cybersecurity Insiders have to notify a fact that...

Read More

Security Orchestration, Automation and Response (SOAR) – The Pinnacle For Cognitive Cybersecurity

The cognitive tools/technologies of machine learning (ML) and artificial intelligence (AI) are impacting the cybersecurity ecosystem in a variety of ways. Applied AI machine learning and natural language processing are being used in cybersecurity by both the private and public sectors to bolster situational awareness and enhance protection from cyber threats. The algorithmic...

Read More

4 ways Apple’s eSIM-ready iPhones will change the mobile industry

< 4-minute read. On September 12, 2018 Apple announced that its newest iPhones (iPhone XS, iPhone XS Max, iPhone XR) will ship with eSIM technology. The new iPhones became the first widely marketed eSIM-compatible smartphones ever launched. Thus, generating a wind of change onto the mobile and SIM industries. Bringing eSIM to the masses Apple is the world’s number...

Read More

Giving Tuesday

The holidays are a great time to give back to your local community. November 27 is known as Giving Tuesday, a global day of giving. This year, the Center for Cyber Safety and Education is adding some “cattitude” to Giving Tuesday. Sign up for the Center’s “Round-Up” program from November 1 to November 27 and you will be entered for the chance to win a Jim Davis autographed...

Read More

2019 Endpoint Security Report: Risk and Worry Increases Among Infosec Pros

Frustration and anxiety. Those are two words that come to mind after reading Cybersecurity Insiders’ 2019 Endpoint Security Report. A majority of organizations report an increase in the risk to their endpoints as the number of new threats, particularly fileless malware, advanced attacks and evasive threats, continues to rise. Many have responded by increasing their...

Read More