CyberSecure Specialist

21 Mar

Google Pixel phones had a serious data leakage bug – here’s what to do!

Information

by Paul Ducklin Even if you’ve never used one, you probably know what a VCR is (or was). Short for video cassette recorder, it was how we recorded and watched back videos at home in the days when digital video stored on hard disks was the absurdly expensive privilege of huge companies, typically TV stations. The cassettes were small plastic containers that held two reels and a long strip of magnetic recording tape – kind…

Read More
21 Mar

Verosint Launches Account Fraud Detection and Prevention Platform

Information, News

Security startup 443ID, which previously focused on bringing open source intelligence (OSINT) to access management, is now refocusing its solution to tackle account fraud detection and prevention, and has changed its name to Verosint to better describe its new focus. It is launching what is technically version 2 of 443ID’s IAM platform, but is effectively version 1 of Verosint’s account fraud solution. “The previous product was focused on measuring the likelihood of risk to enable…

Read More
21 Mar

Ferrari Data Breach

Attacks, Malware

All affected customers are recommended to change their login credentials on the Ferrari site to a unique and complex password. With the possibility of financial information leak, it is also recommended that customers monitor their banking information for unusual activity. It would also be prudent to enable credit monitoring services to further protect themselves from fraud. https://www.bleepingcomputer.com/news/security/ferrari-discloses-data-breach-after-receiving-ransom-demand/

Read More
21 Mar

Go-based HinataBot Discovered by Akamai

Attacks, Malware

When Akamai benchmarked the botnet in 10-second HTTP and UDP attacks, the malware produced 20,430 requests with a combined size of 3.4 MB during the HTTP attack. There were 6,733 packets totaling 421 MB of data produced by the UDP deluge. The researchers calculated that the UDP flood might yield approximately 336 Gbps with 1,000 nodes and 3.3 Tbps with 10,000 nodes. While defending against a targeted DDoS attack can be difficult, if organizations mutually…

Read More
21 Mar

Developed countries lag emerging markets in cybersecurity readiness

Data Breaches, Malware, Social Engineering

Organizations in developed countries are not as prepared for cybersecurity incidents compared to those in developing countries, according to Cisco’s Cybersecurity Readiness Index, released today. Countries that were found to be most mature in their overall cybersecurity readiness included Asia-Pacific countries such as Indonesia, with 39% of organizations in what Cisco considers a “mature stage” of security preparedness; Philippines and Thailand, both with 27% of organizations in the mature stage; and India, with 24% of…

Read More
21 Mar

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

Attacks, Insights, Malware

As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM). IAM—a framework of business processes, policies, and technologies that facilitate the management of digital identities—ensures that users only gain…

Read More
21 Mar

CISA Releases Updated Cybersecurity Performance Goals

Attacks, Insights, Malware

Today, we published stakeholder-based updates to the Cybersecurity Performance Goals (CPGs). Originally released last October, the CPGs are voluntary practices that businesses and critical infrastructure owners can take to protect themselves against cyber threats. The CPGs have been reorganized, reordered and renumbered to align closely with NIST CSF functions (Identify, Protect, Detect, Respond, and Recover) to help organizations more easily use the CPGs to prioritize investments as part of a broader cybersecurity program built around…

Read More
21 Mar

9 attack surface discovery and management tools

Data Breaches, Malware, Social Engineering

Cyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the business as possible while still maintaining critical business services. If you’ve ever watched a heist film, step one in executing the score of the century is casing the place: observing security…

Read More
20 Mar

Bitcoin ATM customers hacked by video upload that was actually an app

Information

by Paul Ducklin There are plenty of military puns in operating system history. Unix famously has a whole raft of personnel known as Major Number, who organise the batallions of devices such as disk drives, keyboards and webcams in your system. Microsoft once struggled with the apparently incompetent General Failure, who was regularly spotted trying to read your DOS disks and failing. Linux has intermittently has trouble with Colonel Panic, whose appearance is typically followed…

Read More
20 Mar

ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises

Data Breaches, Malware, Social Engineering

ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help eliminate the need for user passwords in large organizations. ForgeRock has partnered with Israel-based Secret Double Octopus to offer the new feature set, designed to allow companies to integrate passwordless technology into enterprise IT infrastructure and provide end users with a unified login approach to all their applications. “While ForgeRock already offers passwordless authentication for…

Read More