The success of open source and collaborative projects depends on the community that supports them. The development model is driven solely by a common goal, and has consistently been an invaluable resource for the IT and IT security industries. Guided by the common goal of making the internet a little more secure and to help users hunt unknown malicious infrastructure, DomainTools has announced that it will integrate its Iris tool with TheHive and Cortex platform....
Read more
If these uncertain times have proved anything it is that now, more than ever, maintaining cybersecurity is critical to ensuring business as usual; especially as the workforce is moving towards a remote working environment. This means that even the slightest disruption to daily operations can cause catastrophic damage to businesses, many of whom are already struggling with these precarious times. With this in mind, we are fortunate that there are enterprises that put public wellbeing...
Read more
What is it? A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if it’s from a trusted source. This vulnerability is post-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could conduct man-in-the-middle attacks and decrypt encrypted traffic such as traffic sent over the...
Read more
Black Friday is here, and deals are popping up all over the internet. Consumers are browsing for the most generous discounts, their inboxes flooded with promotional emails alerting them of cheap flights to exotic locations available for a fraction of the cost. But while the prospect of acquiring a new smartphone at a slashed price may appealing, the cybersecurity community is all but confident that things will run smoothly for customers, who will be targeted...
Read more
Onapsis, the leading provider of business application protection have revealed new threat research into a recently discovered vulnerability on Oracle E-Business Suite – Oracle PAYDAY. The attack scenarios exploit two vulnerabilities with CVSS scores of 9.9 out of 10 in Oracle EBS, Oracle’s ERP software installed at up to 21,000 companies. Onapsis discovered and reported the vulnerabilities to Oracle, which issued patches earlier this year. Onapsis estimates that 50% of Oracle EBS customers have not...
Read more
Food delivery company, DoorDash, has confirmed it was hit by a data breach which exposed the data of close to 5 million customers, delivery people and partners. The breach took place in May of this year, and it's unclear why it has taken DoorDash so long to reveal the details. According to a spokesperson for DoorDash, the breach took place via a third party provider - who was not named - and affected users who...
Read more
Cybercriminals are taking advantage of summer exam pressures by offering black market grade-hacking services and fake qualifications online, and ensuring these opportunities are easy to find with a quick internet search, Kaspersky researchers have found. Reports of young people breaking into school systems to change grades, improve attendance records or disrupt test processes are not new, and nor is the availability of fake certificates and diplomas. Over the years, a thriving underground industry has grown...
Read more
The banking industry is increasingly becoming a favourite among cybercriminals. After intercepting multiple variations of an email scam spoofing NAB earlier today, MailGuard has now detected another phishing email scam purporting to be from Westpac. Using a display name "Westpac Bank", the emails are actually sent by what appears to be a compromised account. The message body is in plain-text, advising recipients that some unusual activity was noticed on their account. Their account has been...
Read more
Despite more resources and investment being ploughed into data security, cybercriminals are still successfully stealing businesses' data. One group of hackers known as Magecart were found to be the cause of at least 319,000 data breach instances in 2018, according to RiskIQ’s Black Friday e-commerce Blacklist report. These JavaScript-sniffers (JS-sniffers) deploy a type of malware, whereby websites are injected with malicious JavaScript, designed to steal customer PII and have been found lurking on thousands of...
Read more
Cofense™, the global leader in intelligent phishing defense solutions, announced a partnership with NINJIO, a leading creator of cyber security awareness training. NINJIO’S cyber security content will be accessible by customers using the Cofense PhishMe™ platform, an award-winning phishing simulation and training solution. Cofense PhishMe administrators can leverage NINJIO videos, or “episodes” as NINJIO refers to them, as part of their on-going security awareness training and phishing defense programs. NINJIO’S current security awareness library consists...
Read more