Security News
The European Union on Monday agreed to tighten up rules for the sale and export of cybersurveillance technology. EU lawmakers and the European Council reached a provisional deal to update controls of so-called dual use goods such as facial recognition technology and spyware to prevent them from being used to violate human rights.
A tech-support scammer making random phone calls in the hope of finding a victim called the cyber-crime squad of an Australian police force, which used the happy accident to document the con trick and inform the public on what to watch out for. The call was placed to the Financial and Cybercrime Investigation Branch in the state of South Australia, where the cops serve 1.75 million citizens.
Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting vulnerability and are relying exclusively on links posted on Facebook to reach potential victims. This, they say, suggests that the tech support scammers were regularly changing these links to avoid blacklisting.
Trustwave released a report which depicts how technology trends, compromise risks and regulations are shaping how organizations' data is stored and protected. "Our findings illustrate organizations are under enormous pressure to secure data as workloads migrate off-premises, attacks on cloud services increases and ransomware evolves. Gaining complete visibility of data either at rest or in motion and eliminating threats as they occur are top cybersecurity challenges all industries are facing."
Twitter went offline for almost two hours on Thursday, in an outage that the social media platform - used by hundreds of millions worldwide - blamed on a technical glitch. On Thursday Twitter said that, under changes to its Hacked Materials Policy, it would "No longer remove hacked content unless it is directly shared by hackers or those acting in concert with them."
Hackers have stolen nearly a terabyte of data from a Miami-based tech firm, leaking a number of the pilfered files on a Russian hacker forum. A Russian-language note left along with the leaked data alludes to the hackers waiting to see if the company will pay up before releasing the rest of the data, which likely will be more full credit-card information, a treasure trove for hackers, according to the report.
Intel on Wednesday announced the new security technologies that will be present in the company's upcoming 3rd generation Xeon Scalable processor, code-named "Ice Lake.". "Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations," said Lisa Spelman, corporate VP of the Data Platform Group and GM of the Xeon and Memory Group at Intel.
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. Microsoft and its partners analyzed over 186,000 TrickBot samples, using it to track down the malware's command-and-control infrastructure employed to communicate with the victim machines and identify the IP addresses of the C2 servers and other TTPs applied to evade detection.
Microsoft on Monday revealed that it worked together with industry partners to shut down the infrastructure used by TrickBot operators and block efforts to revive the botnet. The Washington Post reported last week that the U.S. Cyber Command too attempted to hack TrickBot's C&C servers, in an attempt to take the botnet down to prevent attacks seeking to disrupt the U.S. presidential elections.
The nations of the Five Eyes security alliance - Australia, Canada, New Zealand, the USA and the UK - plus Japan and India, have called on technology companies to design their products so they offer access to encrypted messages and content. Which is why the seven signatories to the Statement "Urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content".