Cyber Security

Cyber Security

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results
Cyber Security

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results

More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.Besides fake ad blockers, AdGuard said it also found extensions posing as weather forecast widgets and screenshot capture utilities.However, the vast majority of the malicious exten...
Hacker leaks passwords for 900+ enterprise VPN servers
Cyber Security

Hacker leaks passwords for 900+ enterprise VPN servers

Forum post sharing link to the list of Pulse Secure VPN server usernames and passwords Image: Bank Security (supplied) A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.According to a review, the list includes:IP addresses of Pulse Secure VPN serversPulse Secure VPN server firmware versionSSH keys for each serverA list...
How Ransomware Threats Are Evolving & How to Spot Them
Cyber Security

How Ransomware Threats Are Evolving & How to Spot Them

A series of new reports explains how ransomware attackers are changing techniques and how organizations can spot stealthy criminals.Modern ransomware operators are adopting techniques similar to those of advanced nation-state actors, researchers report. Their attacks are quieter and more long-term as they sit on target networks and search for the exact information they need to bring down their victims. Sophos researchers today published a series of reports detailing the evolution of ransomware and how attackers are finding new ways to extort more money from large enterprise victims. While the range of ransomware still spans low-level to high-level attacks, their analysis mainly focuses on advanced threats like WastedLocker and Maze ransomware. "In the old days, everybody was hitting deskto...
UberEats data leaked on the dark web
Cyber Security

UberEats data leaked on the dark web

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.  The researchers were able to analyze some files leaked by the threat actors containing UberEATS delivery drivers, delivery partners, and customers. “During our research process, the Cyble Research Team got hold of some informative details related to this leak.” ...
6 Dangerous Defaults Attackers Love (and You Should Know)
Cyber Security

6 Dangerous Defaults Attackers Love (and You Should Know)

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network. ') } else document.write('') Plug and play is an alluring promise and a dangerous reality when it comes to devices attached to an enterprise network. It's great when the device is able to handle all the network protocols and handshaking without human intervention. But when those humans get swept up in the exhilaration of the plug-and-play moment and forget to change some widely known defaults, the convenience can quickly become a vulnerability. When most people think of dangerous defaults, they think about admin account names and passwords. There's no question that these widely available credentials that ship as defaults on devices can be significan...
New Spin on a Longtime DNS Intel Tool
Cyber Security

New Spin on a Longtime DNS Intel Tool

Domain Name Service database service Farsight Security, the brainchild of DNS expert Paul Vixie, celebrates 10 years with new modern features.DNS pioneer Paul Vixie's DNS security firm has modernized its Domain Name Service intelligence platform to simplify searches for malicious domains with a new application programming interface for the 10-year-old platform. Vixie, co-founder and CEO of Farsight Security, describes the new DNSDB 2.0 service as a fresh foundation for "cool new stuff" for the platform. "In a sense, we lifted the house up and put a different foundation under it so we could add on a third story. That third story, in my opinion, is the real meat," he says. Organizations use the tool to unearth previously unknown DNS threats, such as lookalike or disparaging domains that leve...
GandCrab ransomware hacker arrested in Belgium
Cyber Security

GandCrab ransomware hacker arrested in Belgium

Law enforcement in Belarus has announced the arrest of a 31-year-old man who is alleged to have extorted more than 1000 victims with the infamous GandCrab ransomware in 2017 and 2018. He apparently demanded payments ranging from $400 to $1500 in Bitcoin. Unlike more targeted attacks where crooks break into networks first and directly infect them with ransomware later, the unnamed suspect is said to have gone after victims by the more traditional route of spamming out booby-trapped emails across the globe. The Belarus Ministry of Interal Affairs claims that computers that the suspect managed to infect were in more than 100 different countries, notably India, US, Ukraine, UK, Germany, France, Italy and Russia. The authorities have painted a picture of the suspect as what you might call...
Securing IoT as a Remote Workforce Strategy
Cyber Security

Securing IoT as a Remote Workforce Strategy

Digital transformation with Internet of Things devices offers organizations a way forward in the era of COVID-19. Optimizing this approach for the future will need to start with security.Regardless of how long workers remain locked down in quasi-quarantine, remote work is the new wave of the future. Although many companies have remote work policies, few existed as primarily distributed workforces prior to March 2020. However, as with everything else, companies seeking to secure their remote workers need to move away from traditional security methodologies and look for technologies that enable digital transformation while mitigating the risks from cloud-first or cloud-only IT ecosystems. The Internet of Things (IoT) presents organizations with a dual-edged sword. While it enables companies...
Google & Amazon Replace Apple as Phishers’ Favorite Brands
Cyber Security

Google & Amazon Replace Apple as Phishers’ Favorite Brands

Google and Amazon were the most imitated brands in the second quarter, knocking out Apple.Google and Amazon tied for the two most commonly imitated brands in phishing attacks during the second quarter of 2020, while former leading brand Apple fell to seventh place. Check Point today published its "Brand Phishing Report," which found little change in the number of brand phishing attempts but variations in the companies that attackers imitate to manipulate their victims. In brand phishing attacks, fraudsters spoof an official website of a known brand by using a similar domain and URL, and usually a webpage similar to that of the original website. Google (13%) and Amazon (13%) combined made up more than a quarter of brand phishing attempts, researchers found. Next up were WhatsApp (9%) and Fa...
Retooling the SOC for a Post-COVID World
Cyber Security

Retooling the SOC for a Post-COVID World

Residual work-from-home policies will require changes to security policies, procedures, and technologies. Things have changed a lot since the start of 2020. Our workforces have shifted to a largely off-site model, as have schools, entertainment, and pretty much all other activities that can be maintained without face-to-face interaction. Those organizations that have been able to keep functioning with pandemic work-from-home mandates in place did so by relying on VPNs and software-as-a-service (SaaS) applications. In the process, many of these businesses have found that their workforce is just as effective being remote and costs actually went down. Now, some are planning to maintain this "new normal" or remote workforce, and they're trying to figure out how to change their operations to m...