House panel: Equifax breach was ‘entirely preventable’


The devastating 2017 breach of credit-reporting company Equifax, which exposed data on 148 million people, was “entirely preventable” had the company applied proactive security measures, a congressional investigation has concluded.

“Had the company taken action to address its observable security issues prior to this cyberattack, the data breach could have been prevented,” says the report issued Monday by Republicans on the House Oversight and Government Reform Committee.

The committee’s 96-page report lays out why the hack, which compromised people’s names, social security numbers, addresses, credit card numbers, and other identifiers, has become a case study in failed IT leadership and software patching.

A “lack of accountability and no clear lines of authority in Equifax’s IT management structure” meant key security protocols were neglected, the House panel found: Equifax allowed over 300 security certificates to expire, including 79 for monitoring “business-critical” domains.

Read more…

Android Trojan steals money from victims’ PayPal account


ESET researchers have unearthed a new Android Trojan that tricks users into logging into PayPal, then takes over and mimics the user’s clicks to send money to the attacker’s PayPal address.

The heist won’t go unnoticed by the victim if they are looking at the phone screen, but they will also be unable to do anything to stop the transaction from being executed as it all happens in a matter of seconds.

The only thing that will prevent the theft is if the user has insufficient PayPal balance and no payment card connected to the account (as shown in this demo video):

Read more…

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack


microsoft security patch updates

Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its Windows operating systems and applications—10 of which are rated as critical and other important in severity.

One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs.

Read more…

The future of security – a 2019 outlook


Based on the way the industry is moving, 2019 is set to be an exciting year as AI gains more prominence and, quantum and crypto-agility start to make themselves known.


From the record-breaking number of data breaches to the implementation of the General Data Protection Regulation (GDPR), 2018 will certainly go down as a memorable year for the cybersecurity industry. And there have been plenty of learnings for both the industry and organisations, too.  Despite having two years to prepare for its inception, some companies were still not ready when GDPR hit and have faced the consequences this year. According to the law firm EMW, the Information Commissioner’s Office received over 6,000 complaints in around six weeks between 25th May and 3rd July – a 160 per cent increase over the same period in 2017. When GDPR came into force, there were questions raised about its true power to hold companies to account – with the regulation saying fines could be implemented up to £16.5 million or 4 per cent of worldwide turnover.

Read more…

November 2018: Most wanted malware exposed


Check Point has published its latest Global Threat Index for November 2018. The index reveals that the Emotet botnet has entered the Index’s top 10 ranking after researchers saw it spread through several campaigns, including a Thanksgiving-themed campaign.

This involved sending malspam emails in the guise of Thanksgiving cards, containing email subjects such as happy “Thanksgiving day wishes”, “Thanksgiving wishes” and “the Thanksgiving day congratulation!” These emails contained malicious attachments, often with file names related to Thanksgiving, to spread the botnet and deploy other malware and malicious campaigns. As a result, eth Emotet botnet’s global impact has increased 25% compared to October 2018.

Meanwhile, November was the first anniversary of the Coinhive cryptominer leading the Global Threat Index, which it has done since December 2017. During the past 12 months, Coinhive alone impacted 24% of organizations worldwide, while cryptomining malware had an overall global impact of 38%.

Read more…

Hong Kong fought 9,000 cyberattacks and lost $256.3m this year


HONG KONG is a thriving economy, which naturally makes it one of the top targets in the region when it comes to cybercrime.

Is Huawei mending fences in the UK? Source: Shutterstock


According to latest reports, in the first nine months of this year, Hong Kong’s residents and companies sustained more than 9,000 cyberattacks and lost HK$2 billion (US$256.3 million) to hackers and cyber criminals.

Compared to last year, that’s a 55 percent jump in the number of attacks — and compared to 2012 figures, the first nine months of this year jumped 565 percent.

However, the South China Morning Post (SCMP) reported that the numbers are actually much higher than reported.

It found that computers and mobile devices in the country sustained about one million cyberattacks on one digital security network alone over a period of three months from April to June this year.

Read more…

Hackers ramp up attacks on mining rigs before Ethereum price crashes into the gutter


Hackers have set off in motion a massive campaign that scans for Internet-exposed Ethereum wallets and mining equipment, ZDNet has learned today.

The mass-scan campaign has been raging for at least a week, since December 3, Troy Mursch, co-founder of Bad Packets LLC told ZDNet.

Attackers are scanning for devices with port 8545 exposed online. This is the standard port for the JSON-RPC interface of many Ethereum wallets and mining equipment. This interface is a programmatic API that locally-installed apps and services can query for mining and funds-related information.

In theory, this programmatic interface should be only exposed locally, but some wallet apps and mining equipment enable it on all interfaces. Furthermore, this JSON-RPC interface, when enabled, also does not come with a password in default configurations and relies on users setting one.

If the Ethereum wallet or mining equipment has been left exposed on the Internet, attackers can send commands to this powerful interface to move funds from the victim’s Ethereum addresses.

Read more…