Research | SC Media

Research

Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018

Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR). Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and…

FBI fielded roughly $2.7 billion worth of Internet crime complaints in 2018

The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report. The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise),…

‘Dragonblood’ flaws in WPA3 protocol could help adversaries recover passwords

The WPA3 protocol and certification that was introduced last year to make Wi-Fi networks more secure was found to contain a series of vulnerabilities, including time- and cache-based side-channel flaws that could ultimately allow adversaries to recover passwords. Developed by the Wireless Security Alliance, WPA3 replaced the old standard’s Pre-Shared Key exchange with a Simultaneous Authentication…

hotel

Study: 67 percent of hotel websites grant third parties access to personal booking data, reservations

A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests’ booking details and personal information. Such access could even enable the third parties to cancel individuals’ reservations if they so desired, according to Symantec Principal…

Can event-based analytics spot IP developers stealing their own assets?

The most likely person to steal IP is not an external threat, but rather the person who developed it and uses it every day, according to Forcepoint Chief Scientist Dr. Richard Ford. And this insider threat actually may be more difficult to detect because typical event-based security analytics may not always be adequately equipped to…

Report: Bug bounty reward totals soared in 2018

The hacker community reported more than 93,000 resolved security vulnerabilities last year and earned roughly $19 million in bug bounties while using HackerOne’s vulnerability disclosure platform, according to the company The $19 million figure nearly equals the total bug bounty earnings collected over the previous six years of the platform’s existence, HackerOne explains in its…

Researchers develop proof-of-concept malware for attacking Building Automation Systems

Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…

Report reveals struggles of SMBs navigating cyber threat landscape

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

IT pros dubious of government officials’ cyber knowledge

A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies. Conducted during last August’s 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government…

Report: Cryptomining malware detections up more than 459 percent since 2017

Detections of cryptomining malware has increased by 459 percent since last year, according to a new report released today by the Cyber Threat Alliance (CTA), citing statistics collected from several of its member companies. Titled “The Illicit Cryptocurrency Cyber Threat,” the report warns that this dramatic year-over-year rise is no fluke, noting that illegal mining activity will likely…

Next post in Cryptocurrency