News

A new cryptocurrency-mining botnet malware is abusing Android Debug Bridge (ADB) and SSH, according to Trend Micro. “This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant. This bot’s design allows it to spread from the infected host to any system that has had a previous SSH connection with the host," the researchers wrote. Source: Infosecurity Magazine

Dominion National first spotted something awry in April 2019. Dental and vision insurance provider and administrator Dominion National has begun notifying patients of a data breach of its systems that apparently dates back to August 2010. The insurer said an incident investigation that began on April 24, 2019, led to the discovery that its servers had been compromised in an attack that began nearly nine years ago. See business health insurance for more information. Source:...

A new study on a worker’s susceptibility to being successfully phished found those working in the construction industry the most likely to fall for an attack, however, with the proper training this weakness can be almost entirely weeded out. Source: SC Magazine

Vulnerable open source software components are posing a security threat to UK firms, according to a report that also shows how best practice, including automation, can reduce the risk.  The average UK enterprise downloaded more than 21,000 open source software components with a known vulnerability in the past year alone, data from Sonatype shows. Source: Computer Weekly

Two UK universities have been added to the growing list of Academic Centres of Excellence in Cyber Security Research (ACEs-CSR), further enhancing the UK’s leading position in cyber security research. The two new centres at De Montfort University and Northumbria University have been recognised by the National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (EPSRC) as having first rate research capabilities. Source: Gov.uk

Survey of security professionals reveals that almost two thirds have considered leaving their jobs or the industry all together. So who will fill the gap? Cybersecurity professionals are overworked and stressed out to such an extent that it threatens to provide hackers and cybercriminals with a better chance of conducting cyberattacks against the enterprise. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across...

Hackers have broken into the systems of more than a dozen global telecoms companies and taken large amounts of personal and corporate data, researchers from a cyber security company said on Tuesday, identifying links to previous Chinese cyber-espionage campaigns. Investigators at U.S.-Israeli cyber security firm Cybereason said the attackers compromised companies in more than 30 countries and aimed to gather information on individuals in government, law-enforcement and politics. Source: Reuters

50 roles shifted off to India . DXC Technology is sending hundreds of security personnel from the America's division down the redundancy chute and offshoring some of those roles to low-cost centres, insiders are telling us. https://www.theregister.co.uk/2019/06/24/driving_xtreme_cuts_dxc_technology_turns_on_meat_grinder_for_security_division/

Enterprise Internet of Things (IoT) devices can make company operations more efficient and productive, especially if they help cut down on manual steps and human error. But when company leaders think about the benefits of IoT devices — which are undeniably numerous — they often forget to simultaneously assess the risks of data breaches associated with those devices. https://www.information-age.com/iot-and-data-breaches-123483531/

A resurgence of scam campaigns that pretend to be Bitcoin and Ethereum giveaways from Tesla, Elon Musk, and John McAfee are underway. These scams rise in popularity as cryptocurrency prices increase. BleepingComputer was told by security researcher Frost that there has been a resurgence of cryptocurrency giveaway scams being promoted on Twitter. These scams state that if a person sends between .05 to 5 Bitcoins or .5 to 50 Ethereum to the listed address, the...