Stealthy RedCurl hackers steal corporate documents
For the past couple of years, a little known cyberespionage group has been conducting carefully planned attacks against victims in a wide geography to steal confidential corporate documents. In a short period, the crew launched at least 26 attacks targeting 14 organizations, all the while keeping a very low profile. Staying under the radar was possible by using custom tools and resorting to tactics similar to red team activity tests an organization's defenses against cyberattacks. READ MORE...
Emotet Return Brings New Tactics & Evasion Techniques
The Emotet botnet recently resurfaced following five months of quiet. Now, researchers tracking the prolific threat share details about what's new and different in its latest wave - in particular, evasion detection tactics that help attackers fly under the radar of security tools. Emotet is often used as the entry point for infecting a business, after which criminals stay in an environment for days or weeks. They often use the time to drop secondary payloads. READ MORE...
You weren't hacked because you lacked space-age network defenses. Nor because cyber-gurus picked on you. It's far simpler than that
The continued inability of organizations to patch security vulnerabilities in a timely manner, combined with guessable passwords and the spread of automated hacking tools, is making it pretty easy for miscreants, professionals, and thrill-seekers to break into corporate networks. This is according to the penetration-testing crew at Positive Technologies, which pored over the results of its 2019 client audits [PDF] and found that 71 per cent of the time - 20 out of 28 pentest contracts. READ MORE...
Security Jobs With a Future -- And Ones on the Way Out
When your kids are in high school or college, you tend to think about what the job market will have in store for them. That's certainly true for Mike O'Malley, VP of strategy at Radware. As both a hiring manager in security and father of kids this age, the 20-year-plus industry veteran is often asked plenty of questions by fellow parents about promising jobs in his field. His answers have changed over time. "The jobs aren't the same as two or three years ago. READ MORE...
FireEye Launches Public Bug Bounty Program on Bugcrowd
FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate. The program, which has been running privately on the crowd-sourced bug hunting platform for a while, welcomes all Bugcrowd researchers interested in identifying vulnerabilities in a broad range of FireEye websites, including those of subsidiaries and localized domains. READ MORE...
Stick With The Plan Until It Not Longer Makes Sense
In the movie Road House (1989), the character Dalton, played by Patrick Swayze, has a famous line: "I want you to be nice until it's time to not be nice." From this line, we can learn an important information security lesson. More specifically, we can learn when to follow a plan, and when it may be time to reconsider, revise, or discard the plan. In security, having a plan is important. Security programs that operate strategically are far more effective than those that do not. READ MORE...
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
A high-severity flaw has been disclosed in TinyMCE, an open-source text editor used in the content management systems (CMS) of websites. The recently patched flaw could have been potentially exploited remotely by attackers to gain administrative privileges to websites. TinyMCE, developed by Tiny Technologies, is typically included in content management systems used by third-party websites, and provides web-based text editing functionality including HTML text. READ MORE...
Amazon Alexa 'One-Click' Attack Can Divulge Personal Data
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices. Vulnerabilities in Amazon's Alexa virtual assistant platform could allow attackers to access users' banking data history or home addresses - simply by persuading them to click on a malicious link. Researchers with Check Point found several web application flaws on Amazon Alexa subdomains, including a cross-site scripting (XSS) flaw and cross-origin resource sharing (CORS) misconfiguration. READ MORE...
Hackers can eavesdrop on mobile calls with $7,000 worth of equipment
The emergence of mobile voice calls over the standard known as Long Term Evolution has been a boon for millions of cell phone users around the world. VoLTE, short for Voice over LTE, provides up to three times the capacity of the earlier 3G standard, resulting in high-definition sound quality that's a huge improvement over earlier generations. VoLTE also uses the same IP standard used to send data over the Internet, so it has the ability to work with a wider range of devices. READ MORE...
- ...in 1860, celebrated performing sharpshooter Annie Oakley is born in a log cabin in Darke County, OH.
- ...in 1907, the first taxicab took to the streets of New York City.
- ...in 1961, composer Koji Kondo, who wrote the music for the original 8-bit "Super Mario Bros." and "Legend of Zelda" video games, is born in Nagoya, Japan.
- ...in 1995, former New York Yankees star Mickey Mantle dies of liver cancer at the age of 63.
