Cybersecurity News, Articles and Updates

qkG Filecoder ransomware exploits macros and self-replicates

Early variants of a self-replicating ransomware implemented entirely in VBA macros were discovered last week.

Symantec patches certificate spoofing flaw in Install Norton product

Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac

Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation

As misconfigured Amazon servers continue to leak sensitive data, Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.

Colorado implements Risk-Limiting Audit process to verify election results

Colorado is implementing a Risk-Limiting Audit Process to verify election results in hopes of building more confidence in the outcome of its elections.

Amazon takes steps to reduce S3 misconfiguration leaks

Amazon is taking action to combat the recent wave of its Amazon S3 server being left misconfigured subsequently exposing potentially sensitive data

RDP brute force attacks used to spread LockCrypt ransomware

Hackers have been breaking into corporate servers via RDP brute-force attacks and manually infecting them with a new variant of ransomware called LockCrypt.

Hacking back bill gains sponsors in the House

The Active Cyber Defense Certainty Act (H.R. 4036) is gathering additional bipartisan support with seven House members signing on as co-sponsors.

Apple's machine learning can spot bra pics

A Twitter user is warning girls that Apple's machine learning is capable of categorizing images of women in their intimate apparel that are saved to a device.

McAfee won't allow government code reviews as Kaspersky offers more transparency

McAfee announced it will no longer permit foreign governments to scrutinize its product source code for hidden backdoors.

Researchers advise against Amazon Key, call for more transparency

Malwarebytes researchers are warning users not to buy into the hype, or the actual products, offered with Amazon's Key service.

DUHK, DUHK, DUHK stolen encryption key attack

After the KRACK epidemic and the ROCA scare the latest DUHK cryptography attack may more of a threat than its quacked up to be for old Fortinet FortiGare devices.

Company offers cybersecurity scholarships for returning vets

Engility Holdings and the Center for Cyber Safety and Education are offering a scholarship program to help returning veterans gain cybersecurity certifications to reenter the workforce.

LokiBot Android Banking Trojan turns into ransomware in last ditch effort

An Android banking trojan dubbed LokiBot turns into a ransomware when users try to remove its admin privileges in a last ditch effort to extort the user.

FBI Director Wray: encryption kept agency from accessing 7,000 mobile devices

Encryption has kept the FBI from accessing 7,000 mobile devices, says FBI Director Christopher Wray.

Criminals mimic popular cryptocurrency exchange in Google Play

Cybercriminals took advantage of popular cryptocurrency exchange Poloniex's lack of an official app to dupe unsuspecting users into downloading credential stealing malware.

Study finds 25 percent of financial service employee mobile devices unpatched

A recent Symantec report found 25 percent of financial service employee mobile devices have unpatched vulnerabilities.

#WatchOut for your kids! Smartwatches plagued with flaws

The Norwegian Consumer Council and Mnemonic researchers are warning consumers about the dangers of poorly secured smartwatches marketed to children.

Researchers surveil mobile users using just $1,000 worth of targeted ads

University of Washington researchers were able to surveil individual users using less than $1,000 worth of targeted advertising.

Leviathan group targets maritime industry with custom malware

The cyberespionage group Leviathan is targeting high-value targets in the maritime industries, naval defense contractors, and associated research institutions.

Estonia releases update on Digital ID card vulnerability

The Estonia government issued an update on a vulnerability potentially affecting digital use of ID cards issued since October 2014.

Banks lose £30m plus to new hybrid threat hitting former Soviet states

Banks face a new hybrid threat from hackers that has already netted criminals a cool £30 million, according to a new report.

Industrial tech security association set up, NCSC calls for cooperation

Last Thursday saw the official launch of the International Operation Technology Security Association (Iotsa) where John Noble, director of network management at the UK's NCSC called for industry cooperation and incident reporting.

Unique Infostealer uses phony Pennsylvania Department of Welfare

An infostealer malware in search of credentials, private keys, SSH keys, Bitcoin wallets and more, that is being distributed via a compromised website.

Following Equifax breach, FBI issues flash alert for Apache Struts flaws

The FBI issued a flash alert warning people to patch the Apache Struts vulnerabilities warning that it enabled an unnamed corporate breach.

750m internet users risked ejection in ICANN security update - ISPs fault

A proposed security change to the underlying infrastructure of the internet has been significantly delayed due to fears that it could knock an estimated one-in-four global Internet users, or 750 million people, offline at a stroke.

NCSC 1st year: 1,000 attacks - 'shocking' level, or 'is that all?'

NCSC annual review: 1,131 attacks reported - thus two significant attacks per day, with 590 classed as significant and more than 30 requiring a cross-government response - industry reaction varies.