Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

By

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

Chipotle

Chipotle customers stewing over payment card hack

By

Chipotle is receiving some negative customer reviews, but not over its food. Instead, some customers are saying on Twitter and Reddit that their payment card information has been hacked and is being used to make fraudulent purchases at the Mexican food chain. Chipotle denies a breach has taken place, although company officials did admit to…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign

By

Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

APT34 hacked back by Lab Dookhtegan

By

A hacking group going by the name Lab Dookhtegan has posted the tools used by the infamous Iranian APT34 cyberespionage group. APT34, also known as HelixKitten and OilRig has purportedly been behind many attacks, but this time was victimized when a data dump of tools was posted on a Telegram channel, reported Bleeping Computer. The…

Malware attack rains on Weather Channel’s parade, disrupts live broadcast

By

The Weather Channel is blaming a “malicious software” attack for knocking its live morning broadcast off the air for approximately one hour and 39 minutes today. “We experienced issued with this morning’s live broadcast following a malicious software attack on the network,” reads a tweet issued by the network earlier today. “We were able to…

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

By

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

Key pillars of the modern SOC

Security Operation Centers (SOCs) are struggling to meet the demands of the evolving threat landscape. Today, most analysts only have access to a portion of their companies’ data due to the high cost of analysis and storage. Workflows are still rules-based or manual, leading to a reactive approach to threat intelligence instead of a proactive,…

NamPoHyu Virus ransomware targets Samba servers in a unique way

By

Researchers have spotted a new family of ransomware dubbed NamPoHyu virus or MegaLocker virus targeting remote Samba servers. While ransomware infections are typically installed on the computer that will be encrypted other malware, malicious email attachments, or by the attackers hacking a computer or network. This new variant searches for accessible Samba servers, brute forcing…

EA Origin client bug allows threat actors to run remote code

By

A vulnerability in the Electronic Arts (EA)  online gaming platform Origin could allow an attacker to trick unsuspecting gamers into remotely running malicious code on their computer. Security researchers Daley Bee and Dominik Penner of Underdog Security discovered the bug affecting tens of millions of Windows users with the Origin app installed, according to TechCrunch.…

Kaspersky Labs

European Commission: No evidence Kaspersky software is malicious

By

The European Commission yesterday acknowledged in a public document that it possesses no evidence to support the notion that software from Russia-based Kaspersky Lab software is malicious. The admission comes about 10 months after the European Parliament passed a resolution calling for the European Union to ban dangerous software, naming Kaspersky products as specific example.…

Next post in Security News