Security News

The Business Email Compromise is a particular type of phishing attack in which cybercriminals impersonate a trusted contact or other party, either internal or external. During the third quarter of 2020, the median number of BEC attacks received per company each week rose by 15% from the second quarter, according to the report.

An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots. Over the past two years, Ryuk has been responsible for a significant number of high-profile attacks, including incidents involving Pennsylvania-based UHS and Alabama hospital chain DCH Health System.

Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. Disclosure of the flaws come just as the owner of social-media platform have reportedly chosen Oracle as an American tech partner that could help keep the app running in the U.S.,on the heels of U.S. president Donald Trump threatening to ban the app over spying concerns.

Business Email Compromise, is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn't, like wire money. BEC emails can be difficult to detect using security solutions because no malware is involved.

Employees find significant value in having access to an identity compromise solution, having an available remediation solution creates a better mindset for those that use it, and there are halo results that benefit others, an Identity Theft Resource Center and Aura Identity Guard survey reveals. There is an opportunity to provide the needed support employees are asking for by giving them access to an identity compromise solution as a component of the benefits suite.

DEF CON is perhaps the ultimate "Come one/come all" hackers' convention, now in its 28th year, and it famously takes place in Las Vegas each year in a fascinating juxtaposition with Black Hat USA, a corporate cybersecurity event. The DEF CON Villages are breakout zones at the event where where likeminded researchers gather to attend talks and discussions in research fields all the way from Aerospace, Application Security and AI to Social Engineering, Voting Machines and Wireless.

The United States National Security Agency has issued new advice on securing mobile devices that says location services create a security risk for staff who work in defence or national security. The new guide [PDF], titled "Limiting Location Data Exposure", notes that smartphones, tablets and fitness trackers "Store and share device geolocation data by design."

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. From there, Twitter said, the attackers targeted 130 Twitter accounts, tweeting from 45 of them, accessing the direct messages of 36 accounts, and downloading the Twitter data of seven.

The influence campaign does not merely spread false news content on social media platforms such as Twitter and Facebook, as other disinformation campaigns have done. "We have dubbed this campaign 'Ghostwriter,' based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content," according to FireEye researchers in a Thursday analysis.

A vulnerability in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have found. The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.