The Internet Engineering Task Force (IETF) has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP). Accurately synchronized time between different computers over packet-switched, variable-latency data networks is essential. This becomes even more critical in the age of the fourth industrial revolution. where the accurate timing and sequence of different processes is vital. READ MORE...
The Netwalker ransomware operators have published the stolen data for K-Electric, Pakistan's largest private power company, after a ransom was not paid. On September 7th, 2020, K-Electric suffered a Netwalker ransomware attack that disrupted online billing services, but not the supply of power. Soon after, BleepingComputer obtained access to the Tor ransom payment page for K-Electric's attack, where ransomware operators demanded a $3,850,000 payment. The attackers also stated that they would release files stolen during the attack if a ransom was not paid. READ MORE...
Starting from a little-known malware sample, security researchers tracked down a new Android spyware distributed through fake messaging apps like Threema, Telegram, and WeMessage. The malware is from APT-C-23, a group of advanced hackers running espionage campaigns against military and educational institutions since before July 2015. An updated version discovered earlier this year shows an impressive set of new features that let the spyware dismiss notifications from security solutions running on Samsung. READ MORE...
While passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization, according to a LastPass survey. Passwordless authentication reduces password related risks by enabling users to login to devices and applications without the need to type in a password. Technologies such as biometric authentication, single-sign-on (SSO) and federated identity streamline the user experience for employees within an organization. READ MORE...
Beware malicious Word document designed to infect PCs with Emotet. Security researchers at Proofpoint have warned of the latest disguise being used to distribute the notorious Emotet malware. Thousands of emails have been spammed out to organisations across the United States, using the subject line "Team Blue Take Action". The message body of the email is harmless enough, in fact it's lifted directly from a page on the Democratic National Committe's own website: Take Action. The way we win is by organizing. READ MORE...
Pastebin recently announced two new security features, but some industry professionals have warned that they will likely be abused for malicious purposes. The new features are Burn After Read, which allows users to create pastes that are deleted after they are read once, and Password Protected Pastes, which allow users to create pastes that can only be accessed by users who have the associated password. Some users welcomed the new features and said they will be very useful. READ MORE...
A new service has been launched that allows you to check if an email domain or address was in an Emotet spam campaign. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. When opened and macros are enabled, it will install the Emotet trojan on a victim's computer. When infected, Emotet will steal a victim's email and transmit it back to servers under the attacker's control. These emails will then be used as part of future spamming campaigns. READ MORE...
In the past few days we received two phishing campaigns - one sent in by a thoughtful reader and the other spammed directly to us - that we thought would tell a useful visual story. As far as we can tell, these scams originated from two different criminal gangs, operating independently, but they used a similar trick that's worth knowing about. The phishing scammer's three-step. Most straight-up email phishing scams - and you've probably received hundreds or even thousands of them yourself in recent times. READ MORE...
Recent threat research shows that during the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Understanding this trend is critical for security teams tasked with identifying threats and properly securing networks. One of the biggest challenges is the double-edged sword of NOC and SOC teams having to invert their network to switch the majority of end-users. READ MORE...
It could be the wackiest product yet from Amazon -- a tiny indoor drone which buzzes around people's homes as a security sentry. The introduction of the Ring Always Home Cam planned for 2021 has opened up fresh debate on the potential for intrusive surveillance and privacy infringement. Amazon says the tiny drone is "built with privacy in mind" and operates at the direction of its customers. Nestled in a charging dock, the drone can be deployed remotely and send up to five minutes of video to the user. READ MORE...