Weekly Cyber Security News: 3rd September 2018

Posted by on September 3, 2018 0 Comment

This post is your weekly cyber security news update for the 3rd of September 2018. This post is part of the weekly cyber security news series with content curated by the hackers & experts at Security Brigade.

How not to get phished (like the DNC)
Watch this video to learn how a Spear Phishing campaign led to Russian hackers gaining access to the Democratic National Committee’s e-mails. Pro tip: Always check the link URL before clicking through, it will help bring clarity on whether the link is legitimate or not.

Read More

Ransomware Attacks Down, Fileless Malware Up in 2018
The use of fileless malware in attacks continues to grow and now represents 42 out of 1,000 endpoint attacks. The uptick represents a 94 per cent increase in the use of fileless-based attacks between January and June 2018.

fileless_malware_2018_trend

ransomware_2018_trend

As the name suggests, fileless malware infects targeted computers leaving behind no artefacts on the local hard drive, making it easy to sidestep traditional signature-based security and forensics tools. Typical attacks exploit vulnerabilities in browsers and associated programs (Java, Flash or PDF readers), or via a phishing attack that entices a victim to click on an attachment. They prey on gullible targets clicking on malicious links or files.
Read More

Banking Trojans and Shady Apps Galore In Google Play

Despite Google’s defences for protecting Android’s official marketplace, cybercriminals still manage to sneak in a banking Trojan, or two, or three, security researchers have discovered. Recently, security researchers from different security companies based in Europe disclosed on Twitter that they found several banking Trojans in Google Play.


google play store trojan

Hackers found three such malicious apps posing as astrology software that offered the horoscope. What they divined, though, was theft of SMS and call logs, sending text messages in the victim’s name, downloading and installing apps without user approval, and stealing banking credentials.
Read More

Google Secretly Tracks What You Buy Offline Using Mastercard Data
Over a week after Google admitted the company tracks users’ location even after they disable location history, it has now been revealed that the tech giant has signed a secret deal with Mastercard that allows it to track what users buy offline.

Google has paid Mastercard millions of dollars in exchange to access this information.
Neither Google nor Mastercard has publicly announced the business partnership over allowing Google to measure retail spending, though the deal has now been disclosed by Bloomberg.
According to four unidentified people with knowledge of the deal cited by the news outlet, Google and Mastercard reached the agreement after a four-year negotiation, wherein all Mastercard transaction data in the U.S. has been encrypted and transmitted to Google.
Google packaged the data into a new tool for advertisers, called Store Sales Measurement, and currently being tested the tool with a small group of advertisers, allowing them to track whether online advertisements turned into real-world retail sales.
Read More

Weekly Cyber Security Update: 17th August 2018

Posted by on August 17, 2018 0 Comment

This post is a weekly cyber security update for the 17th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Second Quarter 2018 Top-Clicked Phishing Email Subjects
The Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018 include:
1. Password Check Required Immediately (15%)
2. Security Alert (12%)
3. Change of Password Required Immediately (11%)
4. A Delivery Attempt  (10%)
5. Urgent Press Release to Employees (10%)

Top Social Media Email Subjects Phishing Security Brigade

Read More

Hackers Steal $13.5 Million from Indian Bank in ATM Scheme
The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.
According to the FBI alert: “Historical compromises have included small-to-medium size financial institutions, likely due to the less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities. The FBI expects the ubiquity of this activity to continue or possibly increase shortly.”
The FBI urged banks to review how they’re handling security, including password requirements and multi-factor authentication for local administrators and business-critical roles.
Read More

Sebi To Expand The Scope of Cybersecurity Initiatives For MIIs
Regulator Sebi is planning to broaden the scope of cybersecurity initiatives for the market infrastructure institutions (MIIs) and look into the operational modalities of their implementation to deal with the cyber challenges.
“Taking cognisance of the threat posed by technological developments in the Indian capital markets. With the rise of cyber threats in the financial domain across the globe, Sebi had laid down a detailed framework about cyber security and cyber resilience that stock exchanges, clearing corporations and depositories are required to adopt,” the regulator said in its annual report for 2017-2018.
Read More

Mamata Banerjee Unveils West Bengal’s IT Policy With a Focus On AI & Big Data Analytics
The new policy revolves around Cybersecurity, Internet-of-Things (IoT), 3D printing, big data analytics, animation and gaming besides, robotics, drones, fin tech, artificial intelligence, Industry 4.0, quantum computing and others.
“West Bengal has surged ahead economically and seeks to leverage IT for social welfare and economic development. The state’s vision is to become one of the leading states in India in the IT, ITeS, ICT (Information and Communication Technology) and ESDM (Electronic System Design and Manufacturing) sectors,” it said. “The policy strives to unlock the vast potential of the IT&E to design a paradigm shift in the sector, all the while fostering social welfare,” it said.
Read More

Weekly Cyber Security News: 10th August 2018

Posted by on August 10, 2018 0 Comment

This is a weekly cyber security news update for the 10th of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

Pizza As  A Service 2.0
A unique and upgraded take by Paul Kerrison to describe the various types of cloud services available for modern IT deployment.

Pizza As A Service IT 2.0 Cloud Deployment

Read More

Optus Email Scam Target Customers with Fake Late Payment Penalties
The fake emails are sophisticated and use a web address that looks like the real Optus website. The email contains a link to a fake ‘pay your bill’ page, which then asks for your credit card details.

Optus Phishing Email

The fake email and payment form are cunningly crafted to trick people. It’s important you check the legitimacy of email links to protect your personal information—use contact details you find through a legitimate source and not those contained in the suspicious message.
Read More

2.6 billion records exposed in 2,300 disclosed breaches so far this year
After a surprising drop in the number of reported data breaches in the first quarter, breach activity appears to be returning to a more “normal” pace.

Incident Breach Healthcare Security

“2018 has been a curious year. After the wild ride of 2017, we became accustomed to seeing a lot of breaches, exposing extraordinary amounts of information. 2018 is remarkable in that the number of publicly disclosed breaches appears to be levelling off while the number of records exposed remains stubbornly high,” said Inga Goddijn, Executive Vice President for Risk Based Security. “It’s not easy to characterize 2.6 billion records exposed as an improvement, even if it is less than the 6 billion exposed at this time last year.”

Read More

Healthcare Industry Cyber Woes continues, UnityPoint Health’s 1.4 Million Records Breached
UnityPoint the healthcare company was recently breached as their employees were scammed with phishing emails, losing their email credentials in the process. Other than patient records, non-medical personally identifiable information like driver’s license numbers and Social Security numbers.
Read More

Weekly Cyber Security News: 1st August 2018

Posted by on August 1, 2018 0 Comment

This post is a weekly cyber security news update for the 1st of August 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

New Gmail Feature Could Open More Users To Phishing Risks
Google is rolling out a sweeping redesign of its popular Gmail service. The redesign has a new feature called “Confidential Email” which requires users to click a link to access confidential emails. Google has essentially created an opportunity where malicious cyber actors could exploit this feature leading to a potential 1.4 billion users more susceptible to dangerous phishing attacks.
Read More

Worst Cyber Attack in Singapore’s Healthcare Industry Recorded
Singapore’s Prime Minister made an announcement that 1.5 million patient personal records, including his own personal data, have been stolen in a major cyber attack against SingHealth.
The data breach included the leakage of 160,000 prescription records, this can easily be dubbed as a record-breaking cyber attack against Singapore’s premier healthcare firm.
Read More

Google Chrome Is Calling Out Insecure Websites
The latest version of Google’s web browser, Chrome 68, is taking on one of the web’s basic but most important issues: encryption. Chrome is taking a stand against websites by marking those that don’t use HTTPS by default, as insecure.
“This is a really significant change in our default standards for security,” explains security researcher Scott Helme. “We’re now expecting it to be secure and if it is not we will tell the user.” What users see from Google isn’t going to be a radical change but if a website isn’t using HTTPS it will show a message next to the URL in the search bar saying “not secure”.
Read More

US-CERT Warns of ERP Application Hacking
Enterprise resource planning (ERP) applications from vendors such as Oracle and SAP are under attack and the critical data living inside them is vulnerable to both criminal and nation-state hackers. The three key steps an organization can take to reduce their attack exposure are to carefully review configurations for known vulnerabilities; change default passwords and require strong passwords for administrators and users, and try to reduce the exposure of ERP applications to the Internet.
Read More

Weekly Cyber Security News: 24th July 2018

Posted by on July 24, 2018 0 Comment

This is a weekly cyber security news update for the for the 24th of July 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

The Biggest Hacks and Data Breaches of 2018 (so far)
We’re now more than halfway through 2018 and the number of data breaches is ramping up. This year has seen more third-party services being breached and customer data stolen from multiple companies in one go. From the devastating Aadhar breach to Ticketmaster, here’s a roundup of the year in breaches
Read More

Indian iPhone Spy Campaign Used Fake MDM Platform
Cyber attackers have used a bogus mobile device management (MDM) system to target a small – but presumably high-value – set of iPhones in India, in a cyber-espionage campaign that has some unusual hallmarks. Attackers deployed an open-source MDM – which is typically used in business environments to provide security, policy-enforcement, expense tracking and application management across a company’s mobile workforce.
Read More

India’s telecom regulator recommends stricter data security rules
“The white paper recognizes the need for a rights-based data protection framework, but how it goes about providing that is problematic,” says Apar Gupta, a Supreme Court lawyer who has worked extensively on privacy and freedom of speech related issues in India. “It articulates the central problem as achieving an acceptable trade-off between innovation and data protection, instead of attempting to harness innovation to facilitate individual autonomy, dignity, and self-determination.”
Read More

Cyber attacks a major threat to startups

Startups Infographic

Banks and telecom companies have the most robust cybersecurity systems in India, while only 8% of startups are secure. When it comes to response, only 3% of startups are equipped to deal with a cyber attack, while 40% of banks are prepared. Visit our website to see the range of client’s we’ve worked with: https://lnkd.in/f7eVxVd We cater to all industry verticals, creating customized security solutions driven by expert manual testing that is empowered by AI and machine learning.
Read More

Weekly Cyber Security News: 17th July 2018

Posted by on July 17, 2018 0 Comment

This is a weekly news update for the 17th of July 2018. This post is part of the weekly news series on cybersecurity with content curated by the hackers & experts at Security Brigade.

India Among Top Three Countries Most Targeted For Phishing

Phishing and malware-based attacks are the most prolific online fraud tactics developed over the past decade. Phishing attacks not only enable online financial fraud but these sneaky threats chip away at our sense of security as they get better at mimicking legitimate links, messages, accounts, individuals and sites.
According to the RSA Quarterly Fraud Report for the period between January 1 to March 31, 2018, phishing accounted for 48 per cent of all cyber-attacks. The report that contains fraud attack and consumer fraud data and analysis, noted that Canada, the United States, India and Brazil were the countries most targeted by phishing.
Read More

The Biggest Hacks And Data Breaches of 2018 (so far)

We’re now more than halfway through 2018, and the number of data breaches is ramping up. This year has seen more third-party services being breached and customer data stolen from multiple companies in one go. From the devastating Aadhar breach to Ticketmaster, here’s a roundup of the year in breaches.
Read More

Online Bank Accounts Among Hackers’ Favorite Targets

The number-one threat is attacks that target web application users. Alarmingly, 87 per cent of banking web applications and all government web applications tested by Positive Technologies were susceptible to attacks against users. Users of government web applications, in particular, tend not to be security-savvy, which makes them easy victims for attackers.
Read More

The IoT’s Perplexing Security Problems

With over 50 billion dollars spent globally on IoT products, companies need to pay attention to the deployment of IoT devices. Devices are regularly put online with default passwords, legacy code riddled with known vulnerabilities, and a lack of defined policies and procedures to monitor them, leaving companies extremely vulnerable.
Read More

Endpoint Security-Related Issues That Providers Encounter

Endpoint security is of critical importance to all kinds of organizations. Efforts are on to secure all endpoints in enterprise networks. These include mobile devices, laptops, desktops, servers etc. “Fileless attacks”, which exploit gaps in traditional security, are also on the rise and efforts are on to prevent these as well.
Read More

Weekly Cyber Security News: 2nd July 2018

Posted by on July 2, 2018 0 Comment

This is weekly news update for the 2nd of July 2018. This post is part of the weekly news series on cyber security with content curated by the hackers & experts at Security Brigade.

Indian Banks Forced to Migrate ATM Machines from Windows XP
RBI released a new circular making it mandatory for Indian banks to update their ATM operating systems from Windows XP to higher versions.
The link below addresses Control Measures for the ATMs along with timelines prescribed by RBI.
Read More

India’s New Data-Privacy Law puts Tech Giants on a Nervous Note
The law details several specifics, including defining what fair use is, deciding whether tech giants can transfer data across international borders, and designing an effective enforcement mechanism.
However, Srikrishna said that India would walk the “middle path” between the US’ laissez-faire approach and the EU’s more stringent data-privacy laws.
Read More

Why Indian Facebook Users Get Less Data Privacy Than Europeans
“The white paper recognizes the need for a rights-based data protection framework, but how it goes about providing that is problematic,” says Apar Gupta, a Supreme Court lawyer who has worked extensively on privacy and freedom of speech related issues in India. “It articulates the central problem as achieving an acceptable trade-off between innovation and data protection, instead of attempting to harness innovation to facilitate individual autonomy, dignity, and self-determination.”
Read More

Is the FIFA world cup a hackers paradise?
As game-goers engage in all sorts of mobile transactions. From online betting to social media comments to retail purchases, their attack surfaces increase considerably.
Cyber criminals have anticipated this growth and are constantly looking for new ways to exploit any transaction that happens in a non-secure environment.
Read More

Why big companies ignore SAP patches, and why you shouldn’t
Many large enterprises have been lagging in SAP patches. This exposure is pervasive. And it is only a matter of time before threat actors pull off a high-profile data breach.
Read More