Hacking News

DBIR 2020

by Eoin Keary, CEO and founder of Edgescan: For the third year running Edgescan contributed to the Verizon DBiR. The DBiR is recognized as the defacto cyber report which casts a wide net across all types of cyber security and breaches, this includes vulnerability management in both infrastructure and applications. Edgescan vulnerability data is curated and validated, sanitised and reflects tens of thousands of assessments we deliver globally across the full stack to our clients. As stated by...

Read more
Phishing username and password

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals' tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication. Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign's main goal is to steal user information to be used as leverage to extort a Bitcoin ransom. Here's cybersecurity experts' advice and...

Read more
Angry employee

A brand-new Insider Threat Report authored by Shareth Ben, director of insider threat and cyber threat analytics at Securonix has found that employees deemed “flight risks” are linked to around 60% of the insider threat incidents detected. Ben explained in the report that flight risks are those employees about to terminate employment with the company for various reasons and can be determined by Securonix’s advanced user behaviour analytics. The Securonix Threat Research Team analysed hundreds...

Read more
EasyJet Wing

By now I’m sure that you have heard about the easyJet data breach. More than 9 million customers suffered breached personally identifiable information (PII), and some 2,000 customers had their card details “viewed”. Hugo van den Toorn, manager of offensive security at Outpost 24 warned that "often after such a breach, information will be sold on to underground marketplaces, this kind of data is then often used in various attacks: Credit card details for making...

Read more
wfh

In the span of a couple months, the world as we knew it was turned upside-down. As scientists across the globe conduct experiments in search of the COVID-19 vaccine, the labour market has found itself within its own experiment. That is, the experiment of remote working on a massive scale.   In an effort to slow down the spread of the virus, millions of employees around the world are being told to write their emails, compile their spreadsheets, and hold their meetings from the confines of their dining room...

Read more
Phone hack

Researchers have unearthed a COVID-19 related spyware campaign that is specifically targeting Syrians and “likely other Arabic speaking” individuals in the Middle East region. Threat researchers at mobile security specialists, Lookout, discovered that over the past month, hackers, who are supposedly linked with the Syrian regime of President Bashar Al-Assad, have used at last 71 new malicious apps on Android mobile devices through the means of luring users with the coronavirus pandemic. The spyware threat is...

Read more
EDP logo

We can report that this week, Portuguese multinational energy giant Energias de Portugal (EDP) is the latest enterprise to be battling against cyber attackers after suffering a ransomware attack. The group behind this attack used the RagnorLocker malware variant and it has been reported that the hackers are demanding $10.9m as ransom in return for the stolen and locked files. It is believed that there is up to 10TB worth of critical corporate information which...

Read more
COVID-19 MAP

As mentioned in previous articles, Securonix, has devoted an entire taskforce to outlining key threats that are appearing under the guise of COVID-19 themed domain names or emails. The threat research team has been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors such as:    Ransomware using weaponized COVID-19/coronavirus-related documents disrupting critical healthcare and other businesses’ operations;  Custom COVID-19 themed phishing attacks involving malicious documents to steal remote workforce credentials and infiltrate various organizations;  Malware using...

Read more
DomainTools Logo

The success of open source and collaborative projects depends on the community that supports them. The development model is driven solely by a common goal, and has consistently been an invaluable resource for the IT and IT security industries.  Guided by the common goal of making the internet a little more secure and to help users hunt unknown malicious infrastructure, DomainTools has announced that it will integrate its Iris tool with TheHive and Cortex platform....

Read more
Securonix Logo

If these uncertain times have proved anything it is that now, more than ever, maintaining cybersecurity is critical to ensuring business as usual; especially as the workforce is moving towards a remote working environment. This means that even the slightest disruption to daily operations can cause catastrophic damage to businesses, many of whom are already struggling with these precarious times. With this in mind, we are fortunate that there are enterprises that put public wellbeing...

Read more
Page 1 of 3 1 2 3