The Cisco Talos recently revealed an attack called “Sea Turtles”. It is reported that from January 2017 to the first quarter of this year, the operation continued to target more than 40 organizations in 13 countries in the Middle East and North Africa to launch DNS attacks. Hence, people believe that this attack is carried out by the state-supported hackers. Read the rest of this post »
Published by Emerson L. Sullivan on April 22, 2019 4:53 am
On April 16th, the European commission revealed that it has it possesses no evidence to support that Kaspersky software spies on users on behalf of the Russian government. Read the rest of this post »
Published by Emerson L. Sullivan on April 18, 2019 9:31 am and last modified on April 19, 2019 1:41 am.
Yahoo has once again attempted to settle the massive data breach that compromised personal information, including email addresses and passwords of millions users. This time, it offered to pay $117.5 to settle the class-action lawsuit. Read the rest of this post »
Published by Emerson L. Sullivan on April 15, 2019 6:47 am
The GandCrab ransomware has been famous for adding Syria and other war-torn areas to the white list of affected areas. It is called “Grand Theft Virus.” Read the rest of this post »
Published by Emerson L. Sullivan on April 13, 2019 9:11 am and last modified on April 12, 2019 9:11 am.
Security researcher Troy Mursch revealed that hackers have been breaking into home routers to change DNS server settings and hijack traffic to redirect it to malicious sites. Read the rest of this post »
Published by Emerson L. Sullivan on April 9, 2019 2:48 am and last modified on April 12, 2019 9:15 am.
The zero-day vulnerability impacting TP-Link SR20 smart home router was discovered by Google security engineers. The bug was revealed after the company allegedly failed to fix the issue within 90 days. 90 days is a timeframe that is considered as a reasonable period of time offered to providers to fix reported security issues. Read the rest of this post »
Published by Emerson L. Sullivan on April 6, 2019 8:42 am and last modified on April 4, 2019 9:02 am.
Google released a security bulletin on April 1 and fixed 12 high-risk and major vulnerabilities. Among them, there are three critical remote code execution bugs that could let a remote hacker attack a vulnerable system simply by sending a malicious file. Read the rest of this post »
Published by Emerson L. Sullivan on April 4, 2019 6:53 am
A powerful Android bank Trojan Gustuff aimed at more than 100 bank apps and 32 cryptocurrency apps on the market. In addition to stealing victims’ financial accounts, it can automatically execute transactions without permission.
Hackers mainly spread Gustuff by sending SMS that contains malicious APK file links to Android users. Once Android users download and install Gustuff, the Trojan can receive commands from remote servers and send malicious messages to victims’ contacts, expanding the scope of Trojan infection. Read the rest of this post »
Published by Emerson L. Sullivan on April 1, 2019 2:51 am
The Beazley Group, a British insurance Group, recently released a report based on an analysis of 3,300 data breaches. It pointed out that intrusion or malicious program is still the main cause of data leakage. 71% of the companies that subjected to extortion software attack are SMEs.
According to the report, last year 47% of data breaches happened due to hacking actions or malicious programs, 20% of them were accidental leaks, 9% of them were caused by internal employees, 8% of them were leaked from social engineering practices, and 6% of them came out with portable devices, and 5% of them occurred because of physical records loss.
The most common malicious programs are ransomware and financial Trojans. Beazley found that many amateur hackers used ransomware-as-a-service (RaaS) to launch attack. Although hackers attacked all sizes of targets, 71% of the targeted companies notified to Beazley are SMEs. Read the rest of this post »
Published by Emerson L. Sullivan on March 29, 2019 2:54 am
According to Barracuda, the spear phishing attacks are on the rises.
In those days, spear phishing attacks including business email compromise and brand impersonation are increasing in popularity among cybercriminals. Enterprises and businessmen should take measures to prevent this kind of attacks, or they face a risk of sensitive information leak.
It is reported that spear phishing attacks is particularly dangerous. It is because they have the ability to bypass the traditional email security measures like spam filter to launch attacks. Commonly, those attacks do not include malicious link or attachment. Instead, they use spoofing techniques and zero-day attack links as well as combine social engineering tricks to attack victims, making it pretty difficult to be stopped. Read the rest of this post »
Published by Emerson L. Sullivan on March 25, 2019 9:14 am