Category: News

From infosecurity-magazine.com

Amazon has sent emails to users warning of a rogue insider who has been fired after disclosing customer details to a third party.

As detailed in a tweet posted by user Zain Jaffer, the email read: “We are writing to let you know your email address was disclosed by an Amazon employee to a third party in violation of our policies.” The email goes on to claim the employee has been fired, referred to law enforcement and stated that no other information related to the recipient’s account was shared.

“This is not a result of anything you have done and there is no need for you to take any action, we apologize for this incident,” it continued.

Read more…

From labs.bitdefender.com

The discovery of Stuxnet in 2010, followed by its in-depth analysis, uncovered several “industry firsts”, including hijacking of Windows Management Instrumentation (WMI) to enumerate users and spread to available network shares.

In the past decade, most of the malware features at least one technique to hijack WMI for persistence, discovery, lateral movement or defense evasion.

This whitepaper describes how WMI hijacking works and how it is used in several families of malware currently in existence.

Read more…

From securityboulevard.com

Cybersecurity is a growing concern for businesses and individuals worldwide, with more people creating and leaving digital footprints in the virtual world. To this end, people need to secure their information by tightening their security protocols.

Safeguarding information birthed the world of cybersecurity, which has become a lucrative career path for most tech-savvy people. There is room for as many people considering this career path, and acquiring the knowledge does not require a primary formal education.

There is a long list of online courses — whether paid or free — for those who wish to become successful in this field to choose from. To keep you from searching for a needle in a haystack, we’ve put together top seven online courses for a successful career in cybersecurity.

Read more…

From techcrunch.com

President Trump’s campaign website was briefly and partially hacked Tuesday afternoon as unknown adversaries took over parts of the page, replacing them with what appeared to be a scam to collect cryptocurrency. There is no indication, despite the hackers’ claims, that “full access to trump and relatives” was achieved or “most internal and secret conversations strictly classified information” were exposed.

Read more…

From securityaffairs.co

Researchers found more than 100 smart irrigation systems running ICC PRO that were left exposed online without a password last month.

Security experts from the Israeli security firm Security Joes discovered more than 100 irrigation systems running ICC PRO that were left exposed online without protection. ICC PRO is a top-shelf smart irrigation system designed by Motorola.

The ICC PRO systems were deployed with default factory settings, which don’t have a password for the default user’s account.

Read more…

From bleepingcomputer.com

Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies.

The company has sent out an email announcement to affected customers following the incident.

Read more…

From 2-spyware.com

Iiss ransomware is a type of cryptovirus that is classified as a money-extortion-based threat controlled by malicious actors.^[1] These threats are known for accessing user machines without permission and encrypting all files on them. This way, cybercriminals behind the malware can ask for a ransom payment in return for a unique key. This is one of the newest versions in Djvu ransomware family that stems from STOP ransomware, known for a long time already. However, this version is not the last probably, because criminals release a new variant once a week, at least.

Read more…