Top 10 Stories

Throughout November and December last year, Ruben Santamarta was sat in front of his computer peeking inside the technical bowels of hundreds of aircraft flying thousands of meters above him. That included commercial aircraft operated by some of the biggest airlines in the world. He believes it may've been the first time anyone had hacked planes from the ground by taking advantage of weaknesses in satellite equipment. View Full Story  ORIGINAL SOURCE: Forbes

The phishing emails masquerade as invoices in order to appear legitimate. Researchers have warned enterprise players of a new digital threat: Danabot, malware at the heart of a new phishing campaign specifically targeting SMBs. Enterprise players, from the largest and most well-known companies to SMBs, are under constant threat of cyberattack. The valuable corporate and customer data they act as wardens for, intellectual property and more can all be attractive lures to cybercriminals. View Full Story...

If corporate America, government entities, and hospitals weren't enough, now ransomware developers are attacking Golf! According to a report from GolfWeek, computers at the PGA have been infected with ransomware. The victims learned they were infected on Tuesday when ransom notes started appearing on their screen. "Your network has been penetrated," the ransom note read according to Golfweek's article. "All files on each host in the network have been encrypted with a strong algorythm ." View Full Story...

AI can be used to automatically detect and combat malware -- but this does not mean hackers can also use it to their advantage. Cybersecurity, in a world full of networked systems, data collection, Internet of Things (IoT) devices and mobility, has become a race between white hats and threat actors. Traditional cybersecurity solutions, such as bolt-on antivirus software, are no longer enough. Cyberattackers are exploiting every possible avenue to steal data, infiltrate networks, disrupt critical...

A threat actor that is relatively new to the scene relies on open-source tools for spear-phishing attacks designed to steal credentials from government and educational institutions in the Middle East. The group is being tracked as DarkHydrus by researchers at Palo Alto Networks Unit 42, who observed it using Phishery in a recent credential harvesting attack. Previous campaigns utilized Meterpreter, Cobalt Strike, Invoke-Obfuscation, Mimikatz, PowerShellEmpire, and Veil. The typical method employed is to weaponize Office documents that retrieves malicious code from a remote site...

Security researchers have discovered that the Emotet Trojan is still active and becoming more sophisticated and successful in how it spreads through corporate systems. Security researchers from Check Point reported on July 24 that the Emotet Trojan, which was first discovered in 2014, is still active. Unlike other bots and malware that make headlines for a short time before they disappear, Emotet has proven surprisingly durable. It initially acted as a banking Trojan focused on...

Researchers at Malwarebytes discovered a malware that targets a vulnerability in Flash Player. The attackers resort to malvertising in adult sites to lure victims, whom they suspect are from Asian countries based on the advertisements used, to the exploit kit landing page. Behind the supposedly online dating service is a malicious iframe that spreads the malware. The researchers call the attack as a “drive-by download.” They noticed something unusual from the existing exploitation framework they are monitoring”...

When asked which items would concern them most if stolen, 55 percent of Americans responding to a new survey named personal data, compared to 23 percent their wallet, 10 percent their car, and just six percent each their phone or house keys. The study by cyber security and application delivery company Radware  surveyed over 3,000 US adults finds that social security numbers are the data people value most with 54 percent saying they would be most...

Github has revamped its security systems to issue warnings to users when their passwords have been exposed online through other services. The code repository has recently partnered with Have I Been Pwned, a search engine operated by security expert Troy Hunt to give the general public a way to quickly discover whether or not their online accounts and passwords have been exposed. The online service brings together records from public datasets and record dumps which have been released...

UnityPoint Health in West Des Moines, Iowa, could face a class-action lawsuit over a recent data breach that affected 1.4 million patients, according to the Wisconsin State Journal. This would mark the second class-action lawsuit against the system since May. The first complaint involved an email phishing attack, which compromised 16,429 patients' protected health information in February. It alleged UnityPoint Health failed to notify patients in a timely matter and falsely told affected patients no Social Security numbers were compromised....