Security News
Obviously, these romance scams work obviously, but you know, whenever I see these types of messages in my Twitter inbox or even just on Facebook, because I see them a lot on social media. It's social engineering at its finest and I you know, never ceases to amaze me actually how good cyber criminals are sort of taking the pulse of what's going on out thereAnd definitely things like Valentine's Day where you know, people are going to be feeling a little vulnerable maybe or, or maybe they're you know, elated because they're in a new relationship or something and they're not paying as much attention as they should be.
Austria's foreign ministry has said a weeks-long cyber attack from a "State actor" against its systems has ended - amid local reports that pin the blame on a Russian hacking crew and its initial four-byte payload. The attack, which was announced to burghers of the state on a 4th January, was aimed at the ministry's IT infrastructure, according to local reports. Foreign minister Alexander Schallenberg said the attack had been ended, adding: "We managed to clean up our IT systems." He claimed that "No damage to the IT equipment could be detected".
The latest edition of the ISMG Security Report analyzes the indictments of four Chinese military officers in connection with the 2017 Equifax data breach. Also featured: Advice on implementing...
A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy SDKs offered by seven system-on-a-chip vendors. "SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing," explain Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
The US has charged the Chinese military with plundering Equifax in 2017. According to the indictment, the four allegedly pried open Equifax by exploiting a vulnerability in the Apache Struts Web Framework software used by the credit reporting agency's online dispute portal.
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a "Wi-Fi spreader" module to scan Wi-Fi networks, and then attempts to infect devices that are connected to them.
The latest in a string of China-linked hacking incidents came with the Monday indictment of four members of the Chinese military for breaking into the credit-reporting agency Equifax in 2017. The motives, as with several others hacks that preceded it, appear to be more about espionage than stealing trade secrets, cybersecurity experts say.
The takedown of Equifax begs the question of whether attackers might also have been camping out in the networks of other consumer credit reporting agencies - Experian, TransUnion and others - as well as other data brokers. Interesting overlay: In 2015, President Barack Obama threatened China with severe sanctions if it didn't cease its hack attack ways, and in September of that year, he reached a landmark agreement with Chinese President Xi Jinping, which aimed to put intellectual property off limits for nation-state espionage operators.
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. While the DOJ's announcement today portrays Equifax in a somewhat sympathetic light, it's important to remember that Equifax repeatedly has proven itself an extremely poor steward of the highly sensitive information that it holds on most Americans.