Amazon CEO Jeff Bezos phone hacked by Saudi Government

Amazon CEO Jeff Bezos’s phone is reported to have been hacked by the Saudi government as a part of a malicious effort to defame and harm the world’s richest man. This was revealed by Gavin De Becker, the security chief of the Amazon Chief in an interview to the sensational news resource The Daily Beast. The law enforcement of the United States has been informed about the mobile phone hack of Jeff Bezos who chose to remain silent on the issue until further developments are revealed. Highly placed sources say that the hackers backed/funded by the...

Read More

Hackers using hacked WordPress & Joomla sites to drop malware

By Waqas Apparently, the malware attack is carried out by Russian speaking hackers. The IT security researchers at Zscaler have discovered a sophisticated malware campaign targeting websites based on WordPress and Joomla content management system (CMS). The campaign works in such a way that hackers take advantage of a hidden directory on HTTPS and exploit vulnerabilities in extensions, plugins, and themes […] This is a post from HackRead.com Read the original post: Hackers using hacked WordPress & Joomla sites to drop malware March...

Read More

8 ways to achieve agile security

This post was originally published here by gregg rodriguez. Between 2017 and 2021, worldwide spending on cybersecurity will top $1 trillion, according to predictions from Cybersecurity Ventures. The barrage of cyberattacks on enterprises and new threat vectors within networks due to the move to Infrastructure as a Service (IaaS), or public cloud, makes the need for agile security more important than ever for CIOs and CISOs managing cybersecurity. Thanks to AWS and Azure, anyone can build their own applications or procure...

Read More

Securing Azure Application Gateway

This post was originally published here by gregg rodriguez. Web applications are becoming frequent targets of malicious attacks that exploit common vulnerabilities, such as SQL injection attacks or cross site scripting attacks, which makes securing your Azure Application Gateway more critical than ever. Preventing such attacks in application code can be a sizeable challenge, as it requires rigorous maintenance, patching and monitoring at multiple layers. Using a centralized web application firewall (WAF) can help you simplify security management. WAF is...

Read More

Family locator app leaked real-time location data of 238,000 individuals

By Waqas We normally consider family locator app as a blessing because we are able to track our family members conveniently through them. But, what if your private data collected or shared on such an app gets misused by cybercriminals because the app fails to secure it properly? It would instantly become a nuisance…no? The same has […] This is a post from HackRead.com Read the original post: Family locator app leaked real-time location data of 238,000 individuals March 30, 2019 at 12:14...

Read More

New Gustuff Android malware targets cryptocurrency & messaging apps

By Waqas Gustuff Android malware from Russia with love. Group-IB, a cybersecurity firm, has discovered a new breed of Trojan horse malware called Gustuff, which specifically targets Android phones to steal banking credentials and digital assets of users. The malware targets customers of cryptocurrency exchanges and mainstream international banks. As per the analysis of Group-IB, the malware […] This is a post from HackRead.com Read the original post: New Gustuff Android malware targets cryptocurrency & messaging apps March 29, 2019 at 09:...

Read More

Things I hearted this week, 29th March 2019

I search long and hard each week to find the best and most interesting security stories. These aren’t just news stories, but also interesting blogs and experiences people share. One thing I’ve felt (I say feel because I don’t have scientific proof to back this up) is that fewer people are blogging regularly. Of those that do regularly blog, many have left their blogs and moved...

Read More

MWC Barcelona 2019 – what we learned

Another year, another MWC Barcelona. As the vibrant city winds down after the whirlwind of over 100,000 visitors, we’ve been reflecting on what we learned at the show. Here’s a flavor of our key takeaways: The movement towards our foldable future has begun The foldable smartphone gave gadget lovers plenty to talk about over the opening weekend. It’s hard to overstate the...

Read More

Apple Card and the future of payments

On March 25th 2019, Apple unveiled plans to release a new branded payment offer called “Apple Card” as part of its plans to boost its services business. Apple is increasing its portfolio of services with multiple new announcements in addition to the Apple Card, such as Apple News+, Apple Arcade and Apple TV+. Apple Card, which is set to launch in the US this summer, comes...

Read More

WordPress and Joomla websites serving ransomware

Research conducted by Cloud-based Information security company Zscaler says that websites which are built on WordPress and Joomla backgrounds are now reportedly acting as platforms to distribute ransomware and phishing links to hackers. Zscaler security experts say that cyber crooks are exploiting the vulnerabilities exhibited by the said platforms to serve Shade ransomware and other malevolent content. Technically speaking, a report from the San Jose based company says that attackers are using hidden directory skills like HTTPS to quench their...

Read More

Microsoft seizes 99 websites used by Iranian hackers for phishing attacks

By Uzair Amir Microsoft has announced that it has seized some key websites that Iranian hackers used for stealing sensitive information from unsuspecting users in the US as well as launching cyber attacks. Reportedly, 99 websites have been seized by Microsoft of an Iranian hacker group that is known by many names including Phosphorus, Charming Kitten and APT […] This is a post from HackRead.com Read the original post: Microsoft seizes 99 websites used by Iranian hackers for phishing attacks March 29, 2019 at 04:11...

Read More

UK Security board offers limited assurance that National Risks from Huawei can be mitigated

Huawei Cyber Security Evaluation Center (HCSEC) which offers an official evaluation for the security of the Chinese company’s products used in United Kingdom’s telecom networks has offered a limited assurance that the national risks gained from Huawei can be smartly mitigated. The oversight board monitoring the Huawei equipment usage in the UK says that some engineering flaws in the units can bring in new cyber risks to the government. Experts who are supervising the operations of HCSEC have come to a conclusion that the Chinese vendor did not...

Read More

Microsoft Azure offers Cloud support for IoT Security

Microsoft Azure has announced that it is going to offer cloud support for IoT security. Thus, with the official declaration, the said cloud services provider happens to be the world’s first cloud platform to deliver end-to-end and unified approach towards the security of the Internet of Things. “Azure Security Center for IoT has been specifically designed for manufacturing units which like to keep a tab on the security condition of their IoT used in industrial applications connected to Azure Cloud”, said Caglayan Arkan, Global Head of Manufacturing...

Read More

Privacy in 2019: 6 Basic Steps to Keep Yourself Protected

By John Mason 2019 has barely started, and indications show that this year could very well be one of the worst for Internet users as far as privacy and data security is concerned. As HackRead has reported, below are some of the biggest privacy breaches already exposed this year: Security researchers revealed that 773 million unique email IDs […] This is a post from HackRead.com Read the original post: Privacy in 2019: 6 Basic Steps to Keep Yourself Protected March 28, 2019 at 03:35...

Read More

Do You Know Your Numbers? No, Your Cyber Health Numbers!

Last year, as in years prior, was a year full of cyber-attacks.  But what was interesting was the trend of small and medium businesses being targeted more often.  Generally, those types of businesses have either rested in the false impression that they’re not a big enough target or didn’t have plentiful valuable information hackers are seeking.  The reality...

Read More

Fact sheet of LockerGoga ransomware which hit Norsk Hydro

Last week, Norway based Aluminum manufacturer Norsk Hydro was hit by a new variant of ransomware called LockerGoga. And as per the initial financial estimate, the ransomware is said to have caused a loss ranging between $30m to $40m for the Norwegian company which is now struggling to conduct automated operations in branches laid across Europe and North America. While security researchers are still busy finding the notable features and capabilities of LockerGoga, a group of security analysts from noted Cybersecurity companies has come up with some...

Read More

Bitglass at RSA 2019: CASBs and Cocktails

This post was originally published here by Radhika Khatod. Bitglass attended RSA just a couple of weeks ago, and what a fun, action-packed week it was! Our booth was filled attendees who were eager to ask about our CASB and get their hands on one of our highly popular, tongue-in-cheek “I’m not a decision maker” shirts.         With CASBs continuing to be a trending topic in the security space, we had a busy time meeting potential customers that were eager to learn more about Bitglass and how we can help them protect their data...

Read More

Bitglass Security Spotlight: Dow Jones, TurboTax, and Indane Data Breaches

This post was originally published here by  Will Houcheime. Here are the top cybersecurity stories of recent weeks:  Dow Jones’ watchlist of high-risk individuals breached $7.7 million in EOS cryptocurrency stolen by hacker TurboTax credential stuffing attacks exposes tax returns US security agency targets Russia’s ‘troll factory’ Millions of Aadhaar numbers leaked by gas company, Indane Dow Jones’ watchlist of high-risk individuals breached Dow Jones’ watchlist was recently exposed via a server with unencrypted data....

Read More

NEW CYBERSECURITY REPORTS POINT TO INCREASED NEED FOR RETRAINING AND VULNERABILITY MANAGEMENT

This post was originally published here by (ISC)² Management . By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry. Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation. In its Cybersecurity...

Read More

Apple releases iOS 12.2 with bug fixes for over 50 mobile security issues

Apple Inc has addressed almost 50 mobile security issues with the release of its latest iOS 12.2 updates. And the fix is said to support various issues maligning the company Airpods (eavesdropping), Animoji, AirPlay 2 and the newly launched Apple News+. Security analysts of Apple suggest that the iPhone maker has also covered the critical flaw that allows hackers to take control of the device’s microphone to listen and record an iPhone user’s conversation. To those who aren’t aware of updating their devices with the latest fix, here’s a guiding...

Read More

Securing Azure Application Gateway

Web applications are becoming frequent targets of malicious attacks that exploit common vulnerabilities, such as SQL injection attacks or cross site scripting attacks, which makes securing your Azure Application Gateway more critical than ever. Preventing such attacks in application code can be a sizeable challenge, as it requires rigorous maintenance, patching and monitoring...

Read More

Ransomware attack cost on Aluminum producer Norsk Hydro estimated to be $41m

Norway based Aluminum producer Norsk Hydro which was hit by a ransomware attack last week has released a press statement today saying 60% of its servers have recovered from the malware impact and running normally. The firm also disclosed that the ransomware attack could cost it over 460 million Norwegian Kroner or appx.41 million pounds. Hydro says that the production division of its firm which makes doors and windows has come to a standstill and might take a week or a fortnight to recover from the malware. LockerGoga is said to be the malware...

Read More

Facebook Cyber Attack impacts 110,000 Australians

Facebook internal documents suggest that more than 110,000 Australians were impacted by a cyber attack launched in September last year on FB servers. The attack is said to have leaked personal info of more than 60,589 users from Australia giving access to details such as their movements, phone number, most recent check-ins, DOB, Education, work history, gender, relationship status, religion, residence location, search history, email address to contact and their shopping activities. A source reporting from FB headquarters say that the attack has...

Read More

Cyber attacks to cost the world $6 trillion by 2020

Businesses operating around the world are likely to lose $6 trillion by 2020 due to cyber attacks said Professor Kerem Alkin, the head of Turkey’s Mobile Service Providers Association(MOBILSIAD). “Earlier in the year 2015, it was $3 trillion loss and it reached $4 trillion last year. Now, the estimate suggests that the figure could touch six trillion dollar mark by the end of 2020”, said Prof. Alkin. Furthermore, an increase would also be witnessed in the world’s cybersecurity expenses as it is said to reach $1 trillion from $100 billion. Coming...

Read More

ShadowHammer: ASUS software updates exploited to distribute malware

By Waqas The victims of ShadowHammer malware attack are Windows users. Kaspersky Lab researchers have made a startling new revelation that the world’s leading computer maker ASUS’s live software update system was compromised by cybercriminals to install a backdoor, which affected thousands of ASUS customers. The attack occurred in 2018 and according to Kaspersky Lab, the attackers compromised […] This is a post from HackRead.com Read the original post: ShadowHammer: ASUS software updates exploited to distribute malware March 27, 2019 at ...

Read More

Great find! The ThreatTraq Internet Weather Report

Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them, and penned a blog on a segment on the impact the banning of smartphones in some secure federal facilities  a few weeks ago. The Internet Weather Report is a look at what’s happening on...

Read More

Information Security alert as Google manipulates 2018 midterm election results

A research conducted by Psychology researcher Dr. Robert Epstein of the American Institute for Behavioral Research and Technology says that Google manipulated the 2018 US Midterm elections in such a way that its search engine algorithms helped in influencing the decision of over 78 million votes to go in favor of Democrats. Epstein argues that three seats from California which were in favor of Republicans were hand over to Dems as Google played a vital role in flipping those seats towards Democrats by influencing millions of undecided voters by...

Read More

Asus Computers are vulnerable to software supply chain Cyber Attacks

A security alert issued by Russian Cybersecurity firm Kaspersky Lab says that all those using Asus computers around the world are vulnerable to software supply chain cyber attack. The research firm said on Monday that an Asus software update which took place between June and November’18 could have potentially opened up an exploiting backdoor for hackers. Jennifer Duffourg, the spokeswoman for Symantec confirmed the news and added that ASUS users using the company’s computing devices could have fallen prey to trojanized updates called Shadowhammer...

Read More

Better put these 10 cloud security questions to your Cloud Services Provider CSP

As Trump administration is advising companies to move their data and apps to the cloud, most of the company heads are concerned about the security concerns which arrive in parallel to the benefits of cloud migration. Regardless of whether or not you are aware of all the technicalities involved in the cloud, security happens to be the most important factor to consider while doing a cloud migration. Especially, they are certain queries you should put forward to your cloud services provider to understand how they defend the apps and data when on their...

Read More