The new normal in cybersecurity

By Dominic Chorafakis, CISSP

Not so long ago, computer viruses were mostly created by pranksters and computer geeks trying to see what they could get away with. There was still some risk for data loss and downtime, but for the most part viruses were just an annoyance and installing a decent anti-virus was enough to keep your systems safe.

Today things are much different. Online banking and bitcoin have made it possible and safe for hackers to turn what used to be a misguided hobby into an organized criminal enterprise, with cybercrime proceeds surpassing $ 1 Billion last year.

The lone computer geek has been replaced with sophisticated teams of highly skilled professional hackers creating military grade malware that is able to bypass anti-virus and selling access to it on the “dark web”, a kind of Internet parallel universe that is only accessible through special software which allows its users to remain anonymous and untraceable.

This new reality means that a business-as-usual approach to cybersecurity is no longer enough. Unfortunately, many small and medium business owners believe that cyber criminals won’t target them because they are too small or have nothing that hackers would want and don’t take the necessary steps until it’s too late.

Fortunately, there are some simple and cost-effective steps that businesses can take to reduce risks and avoid potentially significant repair costs and losses due to unplanned downtime.

Apply software updates and patches

Users should check for and apply software updates provided by vendors and this activity should be prioritized:

  1. Firewalls and Routers exposed to the internet
  2. Externally accessible servers
  3. Internal servers and personal computers
  4. Other infrastructure such as security cameras or other internet-enabled devices

Reduce network footprint

Businesses often create firewall rules to allow employees, vendors or other third parties to access IT systems remotely. Firewall misconfigurations, or intentional creation of rules that are too broad in scope and allow access from anywhere on the internet is a common cause of security breaches.

Firewall rules should be reviewed and the number of systems that are exposed to the internet should be kept to a strict minimum. When network ports are forwarded to allow external access to IT systems, the rules should be restrictive and limit access only from a specific set or range of external IP addresses.

When possible, vulnerability scans should be performed to confirm that firewall rules are correctly restricting access to IT systems.

Perform secure backups

Up-to-date backups are critical in order to quickly recover from an attack with minimal impact to business systems. Backup policies should take into consideration that infected systems with access to mounted backup drives may also encrypt backup files. This risk should be mitigated by having a backup strategy that keeps historical versions of backed up files and includes snapshots that are not accessible to systems that may become infected.

Deploy professional anti-virus

While zero-day attacks are an unfortunate reality, the fact is that the vast majority of breaches are caused by known vulnerabilities that professional anti-virus solutions know about and are able to block. Commercial anti-virus software should be installed and licensed on all systems and configured to automatically update virus definitions from the vendor. Additional security features provided by many commercial solutions like secure browsing extensions, identity theft protection and enhanced computer firewall features should be enabled on all computers.

Cyber Security Awareness

Studies show that the chance of a breach is reduced by up to 40% in businesses that engage in cyber security awareness training.

The method most commonly used by hackers to bypass security measures is phishing, where users are tricked into clicking on a link or opening an attachment in an email that looks like it came from a legitimate source like a customer, vendor, bank or other well-known company or website.

Computer users should take time to educate themselves on spam and phishing techniques as well as tips on how to detect them and ways to avoid falling victim. There are many free resources online such as staysafeonline.org that provide information and tips for businesses and individuals.

Managed Security Services

Cyber-security is constantly evolving as the cat-and-mouse game between cyber criminals and security vendors rages. Installing a firewall and anti-virus and then simply forgetting about cyber-security can be a huge and costly mistake. Businesses should consider managed cyber-security services to make sure IT systems and staff are protected against the most current threats and vulnerabilities.

 

Previous Articles

Hackers targeting Torrent sites

There has been a surge of hacks targeting torrent users by posting fake ads on popular peer-to-peer file sharing sites that direct victims to websites infected with exploit kits able to install information-stealing malware and ransomware on their computers.

Torrents are a common source of malware and viruses since the very nature of peer to peer file sharing means that the files you are downloading can come from anyone and anywhere. As a general rule you should not install torrent clients, and only download files from known, reputable sources.

If you insist on using torrents, you should assume that the computer you are using will be hacked and don’t use it for activities like banking or accessing your email. If possible keep it on a separate network by setting up a guest WiFi network that doesn’t have access to the rest of your network.

 

What you should do

Take the following measures to protect your systems from this attack:

  1. Inform your staff that hackers are targeting Torrent users and that accessing file sharing sites is prohibited
  2. Prohibit the use of peer-to-peer file sharing clients like uTorrent on computers connected to your network
  3. Ensure that all computers have the latest operating system and browser patches installed
  4. Consider using a reputable ad-blocker

To receive important cybersecurity updates on the latest threats with tips on how to stay safe click on this button to follow us on LinkedIn or join our critical updates mailing list at My Security Console.

The implications of PIPEDA for small business

By Dom Chorafakis, CISSP

November 27, 2018

DISCLAIMER

Information contained in this post is intended as general information only. It is not, nor should be construed as legal advice and should not be relied upon as such. If you need legal advice, please contact an attorney directly.

Personal Information Protection and Electronic Documents Act (PIPEDA)

It has been almost a month since the new PIPEDA rules regarding mandatory breach reporting in Canada came into effect and many clients still have questions around what it means for their business. In this post we’ll explore some of the key highlights of the legislation and provide links back to the relevant sections of the Office of the Privacy Commissioner of Canada (OPC) website you can use to get more information.

Perhaps the most common question that comes up is whether the rules apply to a small business that only has one or two employees. The short answer is yes, they do. The rules do not provide for any exemptions based on number of employees or revenue. There are however certain types of organizations to which the rules may not apply as per the PIPEDA brief available at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda_brief/ [1]:

Unless they are engaging in commercial activities that are not central to their mandate and involve personal information, PIPEDA does not generally apply to:

  • not-for-profit and charity groups
  • political parties and associations” [1]

So if you own a business that is not a charity, political party or association, then the rules definitely apply to you. Note however that even those organizations may need to comply with the rules if “they are engaging in commercial activities that are not central to their mandate” [1]. For example, if an association sells its member list data for marketing purposes, PIPEDA would apply.

As mentioned in the brief, “PIPEDA applies to the collection, use or disclosure of personal information in the course of a commercial activity. A commercial activity is defined as any particular transaction, act, or conduct, or any regular course of conduct that is of a commercial character, including the selling, bartering or leasing of donor, membership or other fund-raising lists.” [1]

The personal information that is protected under PIPEDA includes anything that is recorded about an identifiable individual. According the brief, “This includes information in any form, such as:

  • age, name, ID numbers, income, ethnic origin, or blood type;
  • opinions, evaluations, comments, social status, or disciplinary actions; and
  • employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).” [1]

The Act defines 10 fair information principles that businesses must follow with regards to personal information:

  1. Accountability
  2. Identifying Purposes
  3. Consent
  4. Limiting Collection
  5. Limiting Use, Disclosure, and Retention
  6. Accuracy
  7. Safeguards
  8. Openness
  9. Individual Access
  10. Challenging Compliance

There are a number of clauses in the Act (which is available online at http://laws-lois.justice.gc.ca/eng/acts/P-8.6/FullText.html [2]) that are relevant from a cybersecurity perspective. For example, the Act states that “Organizations shall implement policies and practices to give effect to the principles, including

(a) implementing procedures to protect personal information;

(b) establishing procedures to receive and respond to complaints and inquiries;

(c) training staff and communicating to staff information about the organization’s policies and practices; and

(d) developing information to explain the organization’s policies and procedures.” [2]

Furthermore, the Act states that “The methods of protection should include

(a) physical measures, for example, locked filing cabinets and restricted access to offices;

(b) organizational measures, for example, security clearances and limiting access on a “need-to-know” basis; and

(c) technological measures, for example, the use of passwords and encryption.

Not only does the act require businesses to use appropriate administrative and technological safeguards to protect personal information, it also stipulates that any breaches of these safeguards that expose this personal information must be reported to the OPC. Organizations who fail to report such a breach may be liable for a fine of up to $100,000. According to the Act, “An organization shall report to the Commissioner any breach of security safeguards involving personal information under its control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.

[…] significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.” [2].

The OPC provides a privacy toolkit for business at https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/pipeda-compliance-help/guide_org/ to help comply with the Act and its principles.

Cybersecurity Essentials

By Dom Chorafakis, CISSP

June 21, 2017

The cyber threat landscape is constantly changing as criminal hackers look for new and creative ways to profit from online crime. While there is no silver bullet that can guarantee protection against breaches or other forms of attack, keeping up to date with the latest threats and vulnerabilities is an important part of any security strategy.

Cryptojacking

With the rise in popularity of digital currencies like Bitccoin and Etherium, cybercriminals have found new opportunities in cryptomining as a revenue stream. The unauthorised use of computer resources to mine cryptocurrency known as cryptojacking has now exceeded ransomware as the largest online threat. There are two aspects to this that are important to take into account from a security perspective: website compromises and malvertising.

Hackers attempt to install cryptomining software on victims’ computers by installing malicious code on websites they are able to compromise. Web servers have always been vulnerable to hackers because of their very nature, but the potential for profit from illicit cryptomining makes them more interesting targets than ever before. System administrators need to ensure that servers are adequately protected by making sure the operating system and software is up to date, accounts are secure and use strong passwords, endpoint security mechanisms like anti-virus is installed, servers are protected using Intrusion Prevention technology, and that measures are in place to detect and prevent unauthorised content changes.

Malvertising

In addition to compromising legitimate websites, hackers are creating fraudulent sites that look legitimate, directing users to these sites using fake online ads displayed on popular websites, a practice known as malvertising. This practice is not new, but a significant spike in cryptojacking related malvertising was recently observed by a network of Intrusion Prevention systems as reported here.

People surfing the internet should assume that at some point they will come across either a legitimate site that has been compromised, or a fraudulent site set up specifically to infect vulnerable systems. To protect themselves, users should keep their Operating System and all software they use up to date, make sure good anti-virus is installed and up to date, use safe-browsing plugins from their anti-virus vendor and use an ad-blocker to block online ads.

Email compromise

While there has been a significant increase in these new threats thanks to the potential for quick profit, email continues to be by far the predominant attack vector.  From account compromise and phishing attacks to malicious attachments,  email based attacks are still the most common method used by hackers to infect vulnerable systems with ransomware, cryptojacking software, or trojans used to carry out financial fraud and other attacks. While technologies like anti-spam and anti-virus can help, user education is one of the most effective tools to help minimise risk in this area. Users need to be aware of the types of threats and attacks, how to identify them, and what steps they must take in the event of a suspected compromise.

The long game

Staying up to date with the latest threats and cyberattacks is important, but is only one element of a good cyber security strategy. Defending against hackers and cyber criminals is not a onetime activity, it needs to be an ongoing process that is actively managed and updated to reflect the changes to your information, its ecosystem and evolving threats. A good strategy includes the following five elements.

1. Identify your assets

It’s impossible to build a solid defence if you don’t know exactly what you are defending. During this stage you need to identify all of the data, applications and hardware that need to be protected.

2. Identify threats and risks

Once you have a list of everything that needs to be protected, it’s time to analyse the risks and threats to each asset. The threats to your company website are different than the threats to your customer list or payroll information, so different countermeasures are needed to protect the confidentiality, integrity and availability of the systems and the information they process.

3. Apply security controls
Once you have identified and prioritized assets and threats, it is time to select and deploy the safeguards needed to protect your organization. This may seem daunting but remember that you don’t need to solve everything at once, you can start by taking steps to address the biggest risks to your most valuable or sensitive assets and work down the list as time and budget permits.

4. Detect and Respond
Despite best efforts breaches and other security incidents can and will occur. The ability to detect and respond to them is as important as the effort to prevent them in the first place. There are a number of steps that can be taken in this area ranging from technical solutions such as managed security services and Intrusion Prevention, to policies and procedures such as having a formal Incident Response Plan.

5. Review and adjust
Lastly, it is important to keep in mind that a cyber security strategy is not static, it needs to be reviewed and adjusted to make sure it is always up to date and your important assets are protected. How often it needs to be reviewed depends on many factors including the threat level, sensitivity of information, as well as legal and regulatory requirements. At a minimum the strategy should be reviewed at least once a year, every time there is a significant IT change and every time there is a security incident.

Where to go from here

There are many free resources that can help individuals and businesses with cyber security. In Canada the government has launched a Get Cyber Safe initiative with the mission “to educate Canadians about Internet security and the simple steps they can take to protect themselves online”. For more information you can visit the Get Cyber Safe website and get started on your own cyber safety strategy.

 

 

 

RSS Cisco Talos Blog

  • Vulnerability Spotlight: Multiple Vulnerabilities in CUJO Smart Firewall, Das U-Boot, OCTEON SDK, Webroot BrightCloud March 19, 2019
    Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Executive summaryCUJO AI produces the CUJO Smart Firewall, a device that provides protection to home networks against a myriad of threats such as malware, phishing websites and hacking attempts. Cisco Talos recently discovered 11 vulnerabilities in the CUJO Smart Firewall. These vulnerabilities could allow an attacker to bypass […]
  • IPv6 unmasking via UPnP March 18, 2019
    Martin Zeiser and Aleksandar Nikolich authored this post.Executive summaryWith tools such as ZMap and Masscan and general higher bandwidth availability, exhaustive internet-wide scans of full IPv4 address space have become the norm after it was once impractical. Projects like Shodan and Scans.io aggregate and publish frequently updated datasets of scan results for public analysis, giving […]
  • Threat Roundup for March 8 to March 15 March 15, 2019
    Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 08 and March 15. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
  • Cyber Security Week in Review (March 15) March 15, 2019
    Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.Top headlines this weekThe U.S. warned Germany that using Huawei’s 5G […]
  • GlitchPOS: New PoS malware for sale March 13, 2019
    Warren Mercer and Paul Rascagneres authored this post with contributions from Ben Baker.Executive summaryPoint-of-sale malware is popular among attackers, as it usually leads to them obtaining credit card numbers and immediately use that information for financial gain. This type of malware is generally deployed on retailers' websites and retail point-of-sale locations with the goal of […]
  • Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage March 12, 2019
    Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This release also includes two critical advisories — one covering security updates to […]
  • Vulnerability Spotlight: Privilege escalation bug in CleanMyMac X's helper service March 12, 2019
    Tyler Bohan of Cisco Talos discovered this vulnerability.Executive summaryCleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. CleanMyMac X is an all-in-one cleaning tool for Macs from MacPaw. The […]
  • The sights and sounds of Cisco Talos at RSA 2019 March 8, 2019
    An estimated 45,000 people attended this year’s RSA Conference in San Francisco to hear talks from some of the greatest minds in security.As always, Cisco and Talos had a massive presence at the conference, topping off the week with a keynote address featuring Matt Watchinski, the vice president of Cisco Talos, and Liz Centoni, a […]
  • Threat Roundup for Mar. 1 to Mar. 8 March 8, 2019
    Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 1 8. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected […]
  • Cyber Security Week in Review (March 8) March 8, 2019
    Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.Top headlines this weekChinese tech company Huawei is suing the U.S. […]

RSS Dark Reading

  • Stealing Corporate Funds Still Top Goal of Messaging Attacks March 19, 2019
    Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
    Robert Lemos
  • Crowdsourced vs. Traditional Pen Testing March 19, 2019
    A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
    Alex Haynes Chief Information Security Officer, CDL
  • New Europol Protocol Addresses Cross-Border Cyberattacks March 18, 2019
    The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
    Dark Reading Staff
  • Are You Prepared for a Zombie (Domain) Apocalypse? March 18, 2019
    When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
    Kaan Onarlioglu Senior Security Researcher, Akamai
  • On Norman Castles and the Internet March 15, 2019
    When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
    Dr. Mike Lloyd CTO of RedSeal
  • Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites March 15, 2019
    New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
    Jai Vijayan Freelance writer
  • Anomaly Detection Techniques: Defining Normal March 14, 2019
    The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
    Rosaria Silipo Ph.D., Principal Data Scientist, KNIME
  • 4 Reasons to Take an 'Inside Out' View of Security March 14, 2019
    When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
    Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin
  • New Malware Shows Marketing Polish March 13, 2019
    A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
    Curtis Franklin Jr. Senior Editor at Dark Reading
  • GPS Spoof Hits Geneva Motor Show March 13, 2019
    Incident leaves GPS units showing a location in England and a date 17 years in the future.
    Dark Reading Staff

RSS CISO Online

  • Cyber risk management challenges are impacting the business March 19, 2019
    There was quite a bit of banter about boardroom cybersecurity actions at this year’s RSA Security Conference. No surprise here; business executives understand what’s at stake and are asking CISOs to provide more cyber risk data and metrics, so they can work with them on intelligent risk mitigation strategies.This is a positive development for the […]
  • 12 tips for effectively presenting cybersecurity to the board March 19, 2019
    Cybersecurity is a top concern for boards of directors.To read this article in full, please click here(Insider Story)
  • IDG Contributor Network: Huawei and Apple smartphones are both made in China – why is only one banned in Australia? March 18, 2019
    It feels like there is no more controversial brand in the tech industry right now than Huawei.The Chinese telco giant was recently banned by Australia from participating in their 5G network rollout amidst national security concerns, and its CFO—Meng Wanzhou—was recently arrested in Canada for violating U.S. sanctions on Iran.The growing concern regarding the company […]
  • Ransomware attack drives city to seek greater network visibility March 18, 2019
    Local governments have been under siege from ransomware attacks in recent years. Colorado announced a state of emergency and called in the National Guard’s cyber team to help after its Department of Transportation was hit with SamSam ransomware in February 2018. March 2018 saw the City of Atlanta crippled by SamSam in an attack that […]
  • 3 ways to monitor encrypted network traffic for malicious activity March 18, 2019
    Security experts have been screaming at you for years to encrypt all network traffic. They have a point: Making a secure configuration the default configuration is an obviously good idea. Both the standards and products that implement encryption are very mature. There’s no reason not to!To read this article in full, please click here(Insider Story)
  • IDG Contributor Network: Cybersecurity education in the age of acceleration March 15, 2019
    This is a story of how a career setback turned out to be a setup for something bigger.It was the year 2000, and I had just gone through a layoff. I was a network engineer and felt I needed some way to stand out in the crowd. Days later I was at a bookstore looking […]
  • Self-sovereign identity: 3 key questions March 15, 2019
    If you work in the area of identity you will have noticed a lot of talk about self-sovereign identity (SSI).  As a concept, it applies the goal of placing the user at the center of digital identity management and control. User-centric digital identity is not a new idea. I first came across it back in […]
  • Security executives on the move and in the news March 14, 2019
    The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.CSO’s Movers & Shakers is where […]
  • My two favorite companies from RSA Conference 2019 March 14, 2019
    I’ve got a confession to make. I’ve never attended an RSA Conference before last week. For RSAC 2019, however, I had the honor of giving one of my favorite presentations, 12 Ways to Hack 2FA. The crowd filled the presentation room and a spill-over room to hear it. I was a little under the weather, […]
  • Congress steers clear of industrial control systems cybersecurity March 14, 2019
    Rule number one about legislation affecting the cybersecurity of industrial control systems (ICS) is that no one talks about legislation affecting the cybersecurity of ICS. At least it seems that way based on a number of attempts to get industry stakeholders to talk on the record about the prospects in the 116th Congress for any […]

RSS Krebs On Security

  • Why Phone Numbers Stink As Identity Proof March 17, 2019
    Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they've become de facto identities. At the same time, when you lose control over a phone number -- maybe it's hijacked by fraudsters, you got separated or divorced, or you were way late on […]
    BrianKrebs
  • Ad Network Sizmek Probes Account Breach March 13, 2019
    Online advertising firm Sizmek Inc. [NASDAQ: SZMK] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. In a recent posting to a Russian-language cybercrime forum, an individual who's been known to sell access […]
    BrianKrebs
  • Patch Tuesday, March 2019 Edition March 13, 2019
    Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it's time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws […]
    BrianKrebs
  • Insert Skimmer + Camera Cover PIN Stealer March 11, 2019
    Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they're frequently disguised as ATM security features -- such as an extra PIN pad privacy cover, or an all-in-one skimmer […]
    BrianKrebs
  • MyEquifax.com Bypasses Credit Freeze PIN March 8, 2019
    Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don't already have an account at the credit bureau's new myEquifax portal, it may be simple for identity thieves […]
    BrianKrebs
  • Hackers Sell Access to Bait-and-Switch Empire March 4, 2019
    Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that […]
    BrianKrebs
  • Booter Boss Interviewed in 2014 Pleads Guilty February 28, 2019
    A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son's online activities.
    BrianKrebs
  • Crypto Mining Service Coinhive to Call it Quits February 27, 2019
    Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com, a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month.
    BrianKrebs
  • Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison February 27, 2019
    A Russian court has handed down lengthy prison terms for two men convicted on treason charges for allegedly sharing information about Russian cybercriminals with U.S. law enforcement officials. The men -- a former Russian cyber intelligence official and an executive at Russian security firm Kaspersky Lab -- were reportedly prosecuted for their part in an […]
    BrianKrebs
  • Payroll Provider Gives Extortionists a Payday February 24, 2019
    Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company's customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers.
    BrianKrebs

RSS The Hacker News

  • Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide March 19, 2019
    Photo by Terje Pedersen / NTB scanpix One of the world's largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an "extensive cyber attack" hit its operations, leaving companies' IT systems unusable. According to a press release shared by Aluminum giant Norsk Hydro today, […]
  • Libssh Releases Update to Patch 9 New Security Vulnerabilities March 19, 2019
    Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and […]
  • Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices March 19, 2019
    Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet, this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks. Although the original creators of Mirai botnet have already been arrested and jailed, variants […]
  • Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web March 18, 2019
    A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web. The Hacker News today received a new email from the Pakistani hacker, […]
  • Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates March 15, 2019
    Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn't have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical
  • Telegram Gained 3 Million New Users During WhatsApp, Facebook Outage March 14, 2019
    WhatsApp, Facebook, and Instagram faced a widespread outage yesterday with users from around the world reporting issues with sending messages on WhatsApp and Messenger, posting feeds on Facebook and accessing other features on the three Facebook-owned platforms. While the outage was quite troubling both for the social media giant and its millions of users, guess […]
  • New WordPress Flaw Lets Unauthenticated Remote Attackers Hack Sites March 14, 2019
    If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it's highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress, […]
  • Zero-Day Flaws in Counter-Strike 1.6 Let Malicious Servers Hack Gamers' PCs March 14, 2019
    If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers' computers. A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike […]
  • Windows 10 Now Automatically Uninstalls Updates That Cause Problems March 14, 2019
    Do you always think twice before installing Windows updates worrying that it could crash your system or leave it non-working the day after Patch Tuesdays? Don't worry. Microsoft has addressed this issue by adding a safety measure that would from now onwards automatically uninstall buggy software updates installed on your system if Windows 10 detects […]
  • AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF March 13, 2019
    With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web […]