Week in review: iOS phishing, and three reasons to secure your data now
Here’s an overview of some of last week’s most interesting news and articles:
Inventive cyber gang steals millions from East European banks
Trustwave researchers have uncovered a series of ingenious bank heists that cost several Eastern European and Russian banks up to $10 millions each, and they believe financial institutions in European, North American, Asian and Australian regions could be targeted with the same within the next year.
Hackers use organizations’ resources for stealthy cryptocurrency mining
Hackers lusting after cryptocurrency but not wanting to spend money to buy it or mine it are targeting users wallets, computers, popular Web sites and public cloud computing environments.
Why wait to be breached? Three reasons to secure your data now
Here are three reasons not to delay your security and compliance efforts and protect both you and your customers’ data now.
Apple’s intermittent password prompts prime iOS users for phishing
By asking iOS users to enter their AppleID password intermittently and with no regard of environment, Apple has laid the groundwork for phishers to go after the sought-after login credentials.
Bugs in Windows DNS client open millions of users to attack
In this month’s Patch Tuesday, Microsoft has included fixes for multiple critical memory corruption vulnerabilities in the Windows DNS client, which could be exploited by attackers to gain access to the target’s system.
Compromised analytics provider made Equifax’s site point to malware
The revelation that Equifax’s credit report assistance Web page was spotted redirecting visitors to malware resulted in the company temporarily disabling the page and starting an investigation.
Accenture inadvertently exposes highly sensitive corporate, client data online
Corporate consulting giant Accenture left bucketloads of sensitive corporate and client data exposed online for anyone to access. Luckily for them, it seems that UpGuard director of cyber risk research Chris Vickery was the only one who stumbled upon it.
Dark web ransomware economy: Sellers pulling in six-figure salaries
There are currently more than 6,300 estimated dark web marketplaces selling ransomware, with more than 45,000 current product listings, according to new research by Carbon Black.
Enterprises increasingly leveraging endpoint data for security investigations
Endpoints, such as laptops and desktops, are increasingly becoming a more important data source to the enterprise: 43 percent of organizations store between 50-100 percent of their data on endpoints.
Four ways colleges can strengthen their cybersecurity programs
If breaches can’t be entirely blocked, what can IT professionals in higher education do to prevent these kinds of disaster scenarios? The GovEd team at Logicalis US says there are four important steps that will bolster college and university cybersecurity plans.
DDoS attacks: Brands have plenty to lose, even if attacked only once
DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage on brands.
Defense contractors, manufacturers targeted with malware-as-a-service infostealer
Information stealing FormBook malware is being lobbed at defense contractors, manufacturers and firms in the aerospace sector in the US and South Korea.
Investigation reveals large botnet hiding behind Fast Flux technique
Fast Flux, a DNS technique first introduced in 2006 and widely associated with the Storm Worm malware variants, can be used by botnets to hide various types of malicious activities – including phishing, web proxying, malware delivery, and malware communication.
Inside the Middle Eastern and North African cybercriminal underground
The Middle Eastern and North African underground is where culture, ideology, and cybercrime meet.
Alleged cyberstalker unmasked by VPN logs
A Massachusetts man was arrested on cyberstalking charges after the online activities he tried to hide through VPN use were revealed by logs provided by PureVPN.
Patching discrepancy between supported Windows versions puts users at risk
Security improvements should be a welcome addition to all software, but if they are not also simultaneously backported into its older and still supported versions, they can put many users at risk.
Disqus, Forrester Research suffer data breach
Popular blog comment hosting service Disqus and market research company Forrester Research announced that they’ve suffered a breach.
New infosec products of the week: October 13, 2017
A rundown of infosec products released last week.