• Facebook Takes Down More Beijing-Backed Fake AccountsFacebook has been forced to remove over 150 fake accounts tied to Beijing’s efforts to influence public opinion in south-east Asia.The social media giant describes influence operations like this as “coordinated inauthentic behavior” (CIB), as those behind them use fake profiles to “mislead people about who they are and what they are doing.”In total, Facebook removed 155 accounts, 11 Pages, nine Groups and six

  • #COVID19 Pushes More Fraud Online Fraudsters are increasingly moving online to cash-in on the COVID-19 pandemic, although overall unauthorized fraud losses dropped in the first half of 2020, according to UK Finance.The banking industry body’s 2020 Half Year Fraud Update revealed some promising headline findings.Unauthorized fraud losses were down 8% year-on-year to £374.3m, while authorized push payment (APP) losses remained static at around £208m, although the number of APP ca

  • Zerologon Windows Server Flaw Used in Active AttacksMicrosoft has warned that a critical vulnerability it patched in August is now being actively exploited in the wild, enabling attackers to remotely control a target organization’s Windows domain.Also known as “Zerologon,” CVE-2020-1472 is a critical elevation of privilege bug affecting Windows 2008 and more recent versions. It exists when an attacker uses the Netlogon Remote Protocol to establish a vulnerable secure channel co

  • Report Outlines Importance of Providing Engaging User Awareness Training The way cybersecurity awareness training is conducted in organizations has a huge bearing on employees’ subsequent security outlook and behaviors, according to a new report from Osterman Research.The researchers discovered that users who found security training “very interesting” were over 13-times more likely to make “fundamental changes” to how they think about security compared to those

  • Attacks Against Oil and Gas Industry on the RiseNew research published today by Kaspersky examines a rise in the number of cyber-attacks on industrial control system (ICS) computers used by the oil and gas industry.Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same time period last year. The same trend was discovered at play in the building automation industry.Researchers noted: “The percentage

  • US Customs and Border Protection Failed to Safeguard Data A review of a facial recognition technology pilot scheme conducted by US Customs and Border Protection (CBP) has found that sensitive biometric data was not adequately protected. The Vehicle Face System was trialed last year by CBP. A major cybersecurity incident occurred when subcontractor Perceptics, hired to work on the pilot, transferred copies of CBP’s biometric data to its own company network.The subcontractor obtained access t

  • America Moves to Protect Free Speech Online

    America Moves to Protect Free Speech OnlineThe United States Justice Department is calling for legal reform that would make online platforms accountable when they unlawfully censor speech or knowingly facilitate online criminal activity. The DOJ, on behalf of the Trump administration, sent draft legislation to Congress yesterday to reform Section 230 of the Communications Decency Act. The draft legislative text implements reforms deemed necessary by the Department in its June Reco

  • Evasive Malware Threats on the Rise Despite Decline in Overall Attacks

    Evasive Malware Threats on the Rise Despite Decline in Overall AttacksOver two-thirds (70%) of all malware attacks involved evasive zero-day malware in Q2 of 2020, which is a 12% rise on the previous quarter, according to WatchGuard Technologies latest Internet Security Report.Interestingly, the increase in this form of malware, which circumvents anti-virus signatures, has come as overall malware detections fell by 8% compared to Q1. WatchGuard attributes this reduction to the rise in remote wor

  • Bug Fixes Take Twice as Long for Manufacturing Firms Manufacturing firms take twice as long to fix vulnerabilities as their peers in other verticals, although healthcare organizations have over three-times as many flaws per asset, according to new research from Kenna Security.The security vendor teamed up with the Cyentia Institute to lift the lid on vulnerability management in 14 key sectors, with a particular focus on four: tech, manufacturing, healthcare and finance.Although remediation capac

  • Millions Exposed in #COVID19 Surveillance Platform SnafuOver eight million patients in India had their personal and medical details exposed after security researchers discovered multiple vulnerabilities in a government-run COVID-19 surveillance system.The “Surveillance Platform Uttar Pradesh Covid-19” software was first discovered by vpnMentor researchers via a web scan on August 1 2020. After contacting CERT-In and the cybercrime department of the Uttar Pradesh government,

  • Most UK Firms Admit #COVID19 Cloud Security ThreatMost UK firms are set to increase digital adoption after admitting that the cloud saved their business from collapse during the early months of the COVID-19 crisis, but security remains a persistent challenge, according to new research.Identity management vendor Centrify surveyed 200 business decision makers in large and medium-sized UK firms in September, in order to assess the impact of the pandemic on IT organizations.It found that 51% claimed

  • Gaming Industry Subjected to Surge in Attacks Over Last Two YearsVideo game companies and players have been subjected to a high volume of attacks in the period from July 2018 to June 2020, a new report published by Akamai has found. This included 152 million web application attacks and 10 billion credential attacks targeting the gaming industry recorded during this period.To execute credential stuffing attacks, malicious actors attempt to gain access to gamers online accounts by using lists of u

  • UK set to introduce bill allowing MI5 agents to break the law

    Government says bill is not a ‘licence to kill’ but critics call for limits on agents’ activitiesA bill allowing confidential informants working for MI5 and the police to break the law will be introduced on Thursday amid a row about whether committing crimes such as murder and torture should be explicitly banned.The government says that the covert human intelligence sources bill does not amount to a “licence to kill” because it will be compliant with the European co

  • Thieves Fail to Auction Bruce Springsteen’s Legal DocumentsCyber-criminals hoping to profit from the theft of Bruce Springsteen’s legal documents were left disappointed when an online auction of the data attracted no buyers.The singer’s documents were among a 756GB cache of data swiped from New York City law firm Grubman Shire Meiselas & Sacks in a cyber-attack carried out in May this year. Other high-profile entertainers believed to have been impacted by the in

  • ConnectWise Launches Bug Bounty Program

    ConnectWise Launches Bug Bounty Program Bug bounty hunters have been given fresh digital grounds to prowl with the launch of a new vulnerability detection rewards program by ConnectWise.The software specialist provider announced today that it has launched a bug bounty program to supplement its own internal vulnerability management strategy. The crowdsourcing program was created with the aim of boosting efforts to quickly identify and remediate bugs and security vulnerabilities in the compan

  • eBay Execs to Plead Guilty to Cyber-Stalking Four former eBay executives accused of cyber-stalking and intimidating a Massachusetts couple are to admit their guilt before a court next month.The married couple, an editor and a publisher residing in Natick, were targeted with a series of terrifying deliveries after they criticized eBay in an online newsletter. Horrific parcels sent to the couple included a bloody pig mask, live spiders and cockroaches, a book on surviving the death of a spous

  • UK’s MOD to Expand Digital Capacity Through Introduction of Oracle Cloud infrastructureThe UK’s Ministry of Defence (MOD) department, Defence Digital has added the Oracle Cloud Infrastructure within its MODCLOUD Multi-Hybrid suite of secure services, it has been announced today. The move is designed to help the department meet growing demand for real-time information advantage, as well as manage vast quantities of data in an efficient and compliant way.The Defence Digital d

  • Shopify Insiders Attempted to Steal Customer Transactional RecordsCanadian e-commerce merchant Shopify has reported that it detected an ongoing insider threat case.In a statement, Shopify said it had become aware of an incident involving the data of fewer than 200 merchants, and its investigation “determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants.”Upon discovery, Shopify immediately terminated

  • Cisco: How Real is a Passwordless Future?

    Cisco: How Real is a Passwordless Future?The evolution towards being able to operate without passwords is being driven by two factors: BYOD and standards.Speaking on a Cisco webinar, advisory CISO J. Wolfgang Goerlich said while we have to wait for “robots and flying cars,” he could see a world with reduced reliance on passwords. He said the consumer typically drives the experience that they expect in the workplace, and consumerization has enabled users to become more famil

  • Children showing interest in extremism, says senior officer

    Neil Basu tells MPs of rise in young people interested in terrorism as extremism grows during Covid pandemicCoronavirus – latest updatesSee all our coronavirus coverageChildren as young as 13 are talking about committing acts of terror, against a backdrop of rising extremism during the Covid-19 pandemic, the UK’s most senior counter-terrorism officer has warned.Metropolitan police assistant commissioner Neil Basu told MPs on the home affairs select committee that counter-terrorism ne

  • Most Workers Not Interested in Switching to a Cybersecurity RoleMost UK and US workers now view cybersecurity professionals in a positive light, although worryingly few are considering a career in the industry, according to a new study from (ISC)2.The certifications company polled 2500 workers in the US and UK to compile its 2020 Cybersecurity Perception Study.It revealed that perceptions of those working in cybersecurity are now generally positive: 71% claimed they view security pros as “

  • US DOD Anticipates Significant Troop Reduction in Afghanistan

    DefenceTalkDefenceTalkBased on the current conditions in Afghanistan, the Defense Department expects there will be fewer than 5,000 U.S. military service members in that country by the end of…

  • Riptide UUV-12 Launches BAE Into Medium Unmanned Undersea Vehicle Market

    DefenceTalkDefenceTalkBAE Systems has unveiled the newest addition to its unmanned undersea vehicle (UUV) portfolio, the Riptide™ UUV-12. The 12” diameter vehicle is the company’s entry into the…

  • India tests new French fighter jets in skies near China border

    DefenceTalkDefenceTalkIndia’s new French Rafale jets have flown “familiarisation” flights above the border region contested with China where a deadly clash between soldiers from the…

  • FBI Issues Warning Over US Election Disinformation CampaignsThe US government has been forced to sound the alarm over anticipated attempts by hostile nations and cyber-criminals to spread disinformation around the results of the 2020 elections.In a new Public Service Announcement on Tuesday, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warned that “foreign actors and cyber-criminals” could use several channels to undermine confidence in the democratic

  • CISA: Detections of LokiBot Info-Stealer Are Soaring The US government has warned of a major increase in detections of info-stealing malware LokiBot over the past couple of months.The Cybersecurity and Infrastructure Security Agency (CISA) sounded the alarm on Tuesday, revealing that its Einstein intrusion detection system had spotted a “notable increase” in the use of the malware since July.“LokiBot uses a credential- and information-stealing malware, often sent as a malicious

  • 179 Arrested for Darknet Drug Trafficking A global sting operation targeting drug trafficking on the darknet has led to 179 arrests and the seizure of weapons, drugs, and millions of dollars in cash and virtual currencies.Operation DisrupTor was conducted across the United States and Europe and was a collaborative effort between the law enforcement and judicial authorities of Austria, Cyprus, Germany, the Netherlands, Sweden, Australia, Canada, the United Kingdom, and the United States. Acc

  • Data Breach at Long Island HospitalLong Island’s only tertiary care center and Regional Trauma Center has issued a warning to patients that their personal data may have been exposed as a result of a ransomware attack.Stony Brook University Hospital has contacted patients by letter to notify them of a possible data breach following an attack on the hospital’s third-party vendor Blackbaud in May 2020. Blackbaud is a communications and fundraising software provider for nonprofits, universities

  • Fatal Hospital Hack Linked to Russia

    Fatal Hospital Hack Linked to RussiaA cyber-attack that caused a German hospital to refuse treatment to a woman who subsequently died has been linked to a Russian ransomware gang. Attackers struck Düsseldorf University Clinic (DUC) on the night of Thursday, September 10, gaining access by exploiting a vulnerability in some commercially available Citrix software.The hospital’s IT systems crashed as a result, and patients seeking urgent care were diverted to another hospital 20

  • Cisco: Ensure Collaboration to Better Survive Remote WorkingCollaboration in an enterprise can better enable security going forward, after a challenging six months.Speaking on a Cisco webinar, Wendy Nather, head of advisory CISOs, said there is need for collaboration over control, as “control presents greater cost for the enterprise.” Asking what you can ask users to take care of on the security side, and what can you no longer enforce, Richard Archdeacon, advisory CISO for Cisco EME

  • Source link