An Oxford University scholar says he was able to trick dozens of European companies into sending him sensitive data about his fiancée, simply by impersonating her while invoking GDPR’s “Right of Access” policy. Doctor of philosophy student James Pavur, who presented his research findings Thursday at the Black Hat conference in Las Vegas, exploited the policy…
IBM Security’s X-Force Incident Response and Intelligence Services (IRIS) team reported this week that it witnessed a 200 percent increase in destructive malware attacks over the first half of 2019, compared to the second half of 2018. These malware attacks typically incorporated a disk wiper component to them. Wipers are historically associated with nation-state-sponsored attacks…
Not all researchers are comfortable with the ethics of selling the zero-day vulnerabilities they’ve discovered to governments and offensive security companies. But those who do seek profit beyond that of a traditional bug bounty reward will require a fair share of business savvy to seal the deal, according to former vulnerability broker Maor Shwartz, in…
To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…
North Korea’s rampant and repeated cyberattacks on financial institutions and cryptocurrency exchanges over the years has generated $2 billion in stolen funds, which the nation allocated toward developing weapons of mass destruction programs, according to a confidential UN document, Reuters reported yesterday. “Democratic People’s Republic of Korea cyber actors, many operating under the direction of…
The U.K.-based digital bank Monzo Sunday disclosed that it has fixed an error that caused certain customers’ PIN codes to be stored in a less secure area of its internal systems. In an Aug. 4 company blog post, the mobile-only banking services provider acknowledged that it mistakenly had recorded some customers’ PINs in encrypted log…
Republican members of the House of Representatives’ Committee on Oversight and Reform this week sent open letters to both Capital One and Amazon, requesting that both companies arrange a briefing with Congressional staff members regarding Capital One’s recently announced data breach. Last Monday, McLean, Va.-based Capital One Financial Corporation publicly acknowledged that an unauthorized individual…
Researchers this year discovered a pair of malicious campaigns that attempted to distribute the recently discovered Amavaldo banking trojan to Brazilians and Mexicans, respectively. Amavaldo is one of 10 malware families that researchers at ESET’s lab in Prague are claiming to have discovered since 2017, when they first launched an in-depth investigation into Latin American…
The Department of Justice has indicted two Americans and a Nigerian on multiple charges for their alleged roles in a phishing scheme that targeted college employees, banks and other businesses from May 2013 through June 2014. Filed on Tuesday in U.S. District Court in New Mexico, the indictment identifies the defendants as Nigerian citizen Otuokere…
U.S. Senators Mike Crapo, R-Idaho, and Mark Warner, D-Va., have introduced federal legislation designed to protect critical technologies from supply chain attacks by China and other foreign threat actors. The bill, known as S. 2316 or the The Manufacturing, Investment, and Controls Review for Computer Hardware, Intellectual Property and Supply (MICROCHIPS) Act, would require U.S.…
