The PowerShell scripting language that runs behind the scenes of every Windows based PC is also one of the tools most favored by hackers. In a new report, it’s been discovered that more than a third of security incidents reported use PowerShell in some way to facilitate the breach.
Apple already fixed a bug related to its previous ‘1970’ problem, which allowed people to render their devices useless if the clock and date were set to a specific point in time, but your phone remains vulnerable unless you have the most recent firmware.
Admittedly, this might feel a little like deja-vu as Apple already rolled out a previous fix to stop people from deliberately bricking the iPhones but this issue is a little different, according to Krebs on Security.
The number of attacks that exploited previously unknown software vulnerabilities more than doubled in 2015 as hackers raced against security defenders to find effective ways to infect end users with malware, according to a recently released report.
L33tdawg: The Talos team will be at #HITB2016AMS in May talking about Exploit Kits - Hunting the Hunters
A data breach in the U.K. has compromised personal information of over 15,000 new and expecting parents. According to reports, hackers targeted the National Childbirth Trust (NCT) last week, exposing email addresses, usernames, and encrypted versions of member passwords. Luckily, no sensitive data nor financial information was accessed by attackers, and the organization has already contacted all affected parties.
Security firm Trend Micro has discovered an attack on home routers that involves malicious JavaScript, a mobile website, and a mobile device such as a smartphone. This attack has been taking place since December 2015, and so far focuses on Taiwan, Japan, and China. However, the United States is fourth on the attack list, so be prepared.
At SafeBreach, one of our major research areas is exfiltration (sending sensitive data out of the corporate network). In one of our research projects in late 2015, we set out to find the perfect exfiltration technique. At that time, we didn’t quite know what it would encompass, but we were determined to find out.
Over the past two and a half years, cybercriminals have managed to steal over $2.3 billion from thousands of companies worldwide by using little more than carefully crafted scam emails.
Known as business email compromise (BEC), CEO fraud or whaling, this type of attack involves criminals impersonating an organization's chief executive officer, or some other high-ranking manager, and instructing employees via email to initiate rogue wire transfers.
There are plenty of articles with scary numbers about the size and scope of the Insider Threat. This isn’t one of them – you already know it’s a huge concern and that few organizations maintain a reasonable level of control over it. So where do you get started? By looking at the root of the problem to understand who these insiders are, and why they pose a risk.
Adobe Systems this week rushed out an emergency patch to plug a security hole in its widely-installed Flash Player software, warning that the vulnerability is already being exploited in active attacks.
Adobe said a “critical” bug exists in all versions of Flash including Flash versions 21.0.0.197 and lower (older) across a broad range of systems, including Windows, Mac, Linux and Chrome OS. Find out if you have Flash and if so what version by visiting this link.
