by CIRT Team
Poor security habits are the ideal recipe for a breach [source: helpnetsecurity]
A Preempt survey of more than 200 employees (management level or above) from enterprise companies of 1000 or more people, found that businesses are left exposed by employees who have more access to sensitive resources than they should and who follow poor security habits. Have you ever “bent the rules” or found a security workaround in order to get something done at work? Results from...
Read More
by CIRT Team
Experts observed a new wave of malware attacks targeting WordPress sites [source: securityaffairs]
Experts from the firm Sucuri observed a new wave of wp-vcd malware attacks that is targeting WordPress sites leveraging flaws in outdated plugins and themes A new malware campaign is threatening WordPress installs, the malicious code tracked as wp-vcd hides in legitimate WordPress files and is used by attackers to add a secret admin user and gain full control over infected websites. The malware was first spotted in...
Read More
by CIRT Team
Risk Assessment in Information Security [source: infosecurity-magazine]
Risk assessment is a systematic method of analyzing risk. It started in the nuclear and aeronautical industries, and has now spread to many other industries including the finance, transportation, power system, public health, shipping and fishing industries. Risk assessment tries to answer three questions: What can go wrong? How likely is it? How serious are the consequences? Risk assessment has different roles in different industries....
Read More
by CIRT Team
Android Bug Lets Attackers Record Audio & Screen Activity [source: bleepingcomputer]
Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user’s screen and record system audio Based on the market share of these distributions, around 77.5% of all Android devices are affected by this vulnerability. Vulnerability resides in Android MediaProjection service To blame is MediaProjection, an Android service that is capable of capturing screen contents...
Read More
by CIRT Team
Google: There are 1.9 billion usernames and passwords on the black market [source: v3.co.uk]
Research by Google and the University of California has found that there are more than 1.9 billion usernames and passwords available on the black market, many of which can be used to access Google accounts. According to the study, cybercriminals are gaining access to people’s passwords and flogging them on the dark web at a profit. The researchers used Google’s proprietary data to see whether or not...
Read More
by CIRT Team
Homeland Security team remotely hacked a Boeing 757 [source: csoonline]
During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757. This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now...
Read More
by CIRT Team
Latest Intelligence for October 2017 [source: symantec]
Some of the key takeaways from October’s Latest Intelligence, and the threat landscape in general, include research on the most likely infection vectors, malicious security tools, and a scam targeting tax professionals. Malware The email malware rate declined last month for the first time since March. However, at one in 355 emails, the rate is higher now than it was the last time it declined, due...
Read More
by CIRT Team
When you shouldn’t trust a trusted root certificate [source: malwarebytes]
Root certificates are the cornerstone of authentication and security in software and on the Internet. They’re issued by a certified authority (CA) and, essentially, verify that the software/website owner is who they say they are. We have talked about certificates in general before, but a recent event triggered our desire for further explanation about the ties between malware and certificates. In a recent article by RSA FirstWatch, we learned...
Read More
by CIRT Team
New, revamped Terdot Trojan [source: theregister]
Terdot, a banking Trojan that has been around since mid-2016, has been re-engineered with updated information and credential thievery as well as social media account monitoring functionality. Built on the Zeus framework, whose code was leaked in 2011, Terdot adds a number of novel techniques to the market, such as leveraging open-source tools for spoofing SSL certificates, antivirus firm BitDefender has reported. The malicious code also...
Read More
by CIRT Team
New Android Malware Found in 144 Google Play apps [source: gbhackers]
New Android Malware called “Grabos” Found in 144 Google Play apps and its considering as one of the mass distribution play store Malware by huge number playstore apps. There is no surprise now to see a malicious app in Google play store, hackers continued to deceive the Google safety checks and also they earn high ratings. They named it as Grabos and the activity first...
Read More
