Courtesy of its highly customizable nature – along with its ability to persist in the system and to provide valuable information for fine-tuning the highly configurable payloads – the malware can be adapted for attacks against any environment, making it extremely dangerous.
The post Cybersecurity review of 2017: The year of wake-up calls – part 2 appeared first on WeLiveSecurity
Need a New Year's resolution? How about this one?
Start taking password security more seriously.
The post The worst passwords of the year revealed appeared first on WeLiveSecurity
Ransomware and data breaches remain major thorns in the sides of users and organizations across the world, often piercing their defenses without too much effort.
The post Cybersecurity review of 2017: The year of wake-up calls – part 1 appeared first on WeLiveSecurity
Over the past few years the Sednit group has used various techniques to deploy their various components on targets computers. The attack usually starts with an email containing either a malicious link or malicious attachment.
The post Sednit update: How Fancy Bear Spent the Year appeared first on WeLiveSecurity
Imagine the scenario where an Internet Service Provider (ISP) allows a security company providing malware protection the option to pay for their traffic to be prioritized and a lower the priority level imposed on all other providers.
The post What does revoking Net Neutrality mean for security? appeared first on WeLiveSecurity
Armed with the cultural theory described in part one as a possible explanation for why some people do not heed expert advice, we fielded a survey that queried US adults about their attitudes to 15 different technology hazards, including six that were cyber-related.
The post Adventures in cybersecurity research: risk, cultural theory, and the white male effect – part 2 appeared first on WeLiveSecurity
Granting ISPs the right to shape traffic, allowing for some traffic to be prioritized due to a commercial agreement, may have a negative effect on the outcome of using the service for both the consumer and the company providing the service.
The post Why we should fight for Net Neutrality appeared first on WeLiveSecurity
Again and again we have seen security breaches occur because people did not heed advice that we and other people with expertise in security have been disseminating for years, advice about secure system design, secure system operation, and appropriate security strategy.
The post Adventures in cybersecurity research: risk, cultural theory, and the white male effect appeared first on WeLiveSecurity
A US judge has sentenced a Nigerian man to three years and five months in a federal prison after he pleaded guilty to taking part in a business email compromise scam that targeted organisations around the world.
The post Business Email Compromise scammer sentenced to 41 months in prison appeared first on WeLiveSecurity
Banks are being urged to step up to the plate and to “work together to tackle this problem head on”, as their response has been found to be disproportionate to the scale of the problem.
The post UK banks urged to do more to tackle rampant online fraud appeared first on WeLiveSecurity
To help the reader navigate through the maze of such threats, ESET’s thought leaders have zeroed in on several areas that top the priority list in our exercise in looking forward.
The post Cybersecurity Trends 2018: The costs of connection appeared first on WeLiveSecurity
We still don’t have a solid scientific theory of memes; nonetheless, they already allow us to understand why certain things happen the way they do. Memes are “alive”; they reproduce, mutate, and evolve according to Darwinian laws.
The post Memes: the explanation of nearly everything – including computer viruses appeared first on WeLiveSecurity
It's the second Tuesday of the month, and you know what that means... Yep, it's time for another bundle of essential security updates from Microsoft.
The post It’s time to patch your Microsoft and Adobe software again against vulnerabilities appeared first on WeLiveSecurity
The energy costs are not the only charges in a transaction: the bitcoin network itself levies a charge which, according to a blog from Valve, the gaming provider behind the Steam network, has skyrocketed from $0.20 in 2016 to $20 per transaction today
The post Cryptocurrency in kilowatt hours: Counting the costs of anonymous transactions appeared first on WeLiveSecurity
A breakdown of the ‘spending pie’ shows that the ‘security services’ segment is projected to make up nearly 60% of the total IT security budgets, followed by the ‘infrastructure protection’ segment on a little over 18%.
The post Enterprise security spend to continue to trend higher appeared first on WeLiveSecurity
Besides delivering the promised functionalities, the malicious apps can display fake notifications and login forms seemingly coming from legitimate banking applications, harvest credentials entered into the fake forms, as well as intercept text messages to bypass SMS-based 2-factor authentication.
The post Banking malware on Google Play targets Polish banks appeared first on WeLiveSecurity
Businesses are often sent fake invoices and waybills which install ransomware. Teach staff to avoid these. If questionable, ask your IT dept to look at it. E-cards have been a target in the past and may be used again in holiday-themed attacked.
The post Happy holidays, scam spotters! appeared first on WeLiveSecurity
As we reported in September, in campaigns we detected in two different countries, man-in-the-middle attacks had been used to spread FinFisher, with the “man” in both cases most likely operating at the ISP level.
The post StrongPity2 spyware replaces FinFisher in MitM campaign – ISP involved? appeared first on WeLiveSecurity
The developer’s keyboard apps boast 40 million users across Android and iOS, but “only” Android users were affected by the security lapse.
The post Virtual keyboard app exposes personal data of 31 million users appeared first on WeLiveSecurity
The cast of characters behind the attacks, or their motives, are unclear. However, the onslaughts come at a time when the bitcoin price hits new highs, possibly triggering efforts on the part of cybercriminals to manipulate and cash in on the price.
The post Cryptocurrency exchange Bitfinex plagued by DDoS attacks appeared first on WeLiveSecurity
These factors can be key to the success or failure of the ISMS implementation, due to the day-to-day activities in the organization and the resources required for system operation.
The post Six things to consider before implementing an ISMS appeared first on WeLiveSecurity
The association expects the increased costs incurred in security breaches to come both from traditional areas, such as network cleanup and customer notification, and newer areas such as litigation.
The post ISF predicts increasing impact of data breaches next year appeared first on WeLiveSecurity
Throughout its monitoring of the threat, ESET found dozens of C&C servers every month. The bulk of ESET’s research was conducted late last year, with the peak of Wauchos’s activity going back approximately to that time.
The post ESET helps law enforcement worldwide to disrupt Gamarue botnet appeared first on WeLiveSecurity
Wauchos is an extensible bot that allows its owner to create and use custom plugins. However, there are some plugins that are widely available and that are used by many different botnets.
The post ESET takes part in global operation to disrupt Gamarue appeared first on WeLiveSecurity
The health service is now on the lookout for a partner to help run the project, having invited interested parties to tender for a contract that is set to run for three to five years. The new center is set to be based in the English city of Leeds.
The post NHS’s cyber-defenses to get a £20 million shot in the arm appeared first on WeLiveSecurity
The extension currently includes an input field that users can use to subscribe an email address in order to receive an alert when they may be affected by a future breach.
The post Firefox to warn users when visiting breached websites appeared first on WeLiveSecurity
Clarksons, the global shipping firm, has turned the tables on criminal hackers who attempted to extort a ransom payment after stealing confidential information from the company's network.
The post Shipping giant refuses to pay hackers ransom after data stolen appeared first on WeLiveSecurity
The Volatility Foundation, the non-profit organization behind the Volatility Framework, sponsors the yearly Volatility Plugin Contest to acknowledge the best forensic tools built on the Volatility platform.
The post ESET malware researchers awarded prize in open-source memory forensics competition appeared first on WeLiveSecurity
Exactly how does the attack work and is it expensive to create? The attack, while seeming to be technology voodoo, is actually rather simple. It requires a transmitting relay near the key and a second relay near the car to receive the relayed signals and mimic the key.
The post Keyless convenience or security risk? Car theft in action appeared first on WeLiveSecurity
Since nothing is what is seems, it's hard to be sure who was really behind the attacks shown in the series. The world still believes fsociety was responsible (and they themselves do too, to an extent), but the truth is that there is a group in the shadows that is pulling all the strings.
The post Mr. Robot: Now we know where Tyrell was hiding appeared first on WeLiveSecurity
Image-hosting website Imgur discovered at the end of last week that hackers broke into its systems in 2014, and stole the account details of some 1.7 million registered users.
The post Imgur hackers stole 1.7 million email addresses and passwords appeared first on WeLiveSecurity
At the heart of the regulation is the requirement for banks to allow licensed third-party providers (TPPs) of financial services to access securely their customer-account data, as long as the customer has given their prior consent.
The post New reality in European banking looming large: the lowdown appeared first on WeLiveSecurity
Just as in past decades when cash drawers and bank vaults were targeted for theft, today’s e-shops and online banks have fallen under the scope of cybercriminals. Their “digital-focus” is just an evolutionary step beyond robbing stagecoaches in the Wild West, and banks in the 20th century.
The post Busy Browsers attract Black Friday Burglars appeared first on WeLiveSecurity
Some three-quarters of users up to 34 years of age reported that they “definitely” or “probably” use their phone too much. Almost half (47 percent) of all ages said they make a conscious effort to pare back their mobile phone time, most commonly by keeping their devices in their bag or pocket or by switching off notifications.
The post Smartphone adoption among older Americans continues growth spurt appeared first on WeLiveSecurity
Between approximately July 23 and 29, Mesri reportedly engaged in his blackmail campaign. After the TV network didn’t pay the required $6 million in digital cryptocurrency, he began leaking portions of the stolen data on July 30.
The post US indicts alleged culprit of HBO hack-and-extort campaign appeared first on WeLiveSecurity
Girls Inc. of San Diego County was founded 50 years ago as a local affiliate of the national Girls Inc. The national organization was started as the Girls Club of America more than 150 years ago, to help young women who had migrated from rural communities in search of job opportunities.
The post Girls Inc. in the spotlight: Nonprofit Pitch Fest contest grand prize winner appeared first on WeLiveSecurity
For a user, it can be difficult to figure out whether an app is malicious. First off it is always good only to install applications from the Google Play store, since most malware is still mainly spread through alternative stores.
The post New campaigns spread banking malware through Google Play appeared first on WeLiveSecurity
In journalism, having good contacts is key and this is true when it comes to defending your digital assets. The following are some sources – of information and, possibly, assistance – that you might want to cultivate.
The post Cybersecurity for journalists and the news media appeared first on WeLiveSecurity
he holidays are a time when people purchase gifts for their friends, families, and yes, even for themselves. Increasingly, children are using and accessing more and more digital devices — making it important for everyone to work together to secure these devices.
The post Only…zero days left until the holiday shopping season! appeared first on WeLiveSecurity
German parents are being told to destroy smartwatches they have bought for their children after the country's telecoms regulator put a blanket ban in place to prevent sale of the devices, amid growing privacy concerns.
The post Kids’ smartwatches banned in Germany over spying concerns appeared first on WeLiveSecurity
The Information Commissioner's Office (ICO) in the United Kingdom has issued a stark reminder and straight-to-the-point warning for all employees who might be tempted to snoop on others’ personal data.
The post UK’s ICO issues stark reminder of backlash for privacy invasion appeared first on WeLiveSecurity
Unfortunately, as with every opportunity, there are people who want to benefit from your success without putting in the hard work. Cybercriminals will view the increase in traffic and spending as opportunities to make extra money.
The post Is your business ready for the Holiday Season? appeared first on WeLiveSecurity
Simple DoS attacks, which are a one-on-one affair, have been all but supplanted by DDoS attacks. The latter involve concerted campaigns from armies of devices conscripted into botnets which, as if lined up and marching in lockstep, aim to knock the unlucky target offline.
The post One-third of internet pounded by DoS attacks appeared first on WeLiveSecurity
If there's one thing we should all have learnt from our years on the internet it should be this: once you say something somewhere, it's very hard to take it back and pretend it never happened.
The post Think you deleted that embarrassing WhatsApp message you sent? Think again appeared first on WeLiveSecurity
In a world where money is often represented as numbers moving from one place to another, the difference between types of payment cards may seem a bit nebulous.
The post Tips for buying and sending gift cards appeared first on WeLiveSecurity
Commentary on government struggles to protect internet security while stockpiling cyber vulnerabilities in order to launch attacks and gain intelligence.
The post US Vulnerability Equities Policy: transparency welcome, but serious questions remain appeared first on WeLiveSecurity
In all the cases we investigated, the final payload was a mobile banking trojan. Once installed, it behaves like a typical malicious app of this kind: it may present the user with fake login forms to steal credentials or credit card details.
The post Multi-stage malware sneaks into Google Play appeared first on WeLiveSecurity
Currently the US government employs an inter-agency review, created under former President Barack Obama. Known as the Vulnerability Equities Process, it is tasked with deciding what happens to any cybersecurity flaws that is discovered by the National Security Agency (NSA).
The post US rules on reporting cybersecurity flaws set to change according to source appeared first on WeLiveSecurity
The high level of fear of cybercrime dovetails with the self-reported rates of victimization, as 25% of the respondents reported that their personal information or that of their household member has been stolen by hackers over the past 12 months.
The post Americans’ unease about cybercrime towers over conventional crimes appeared first on WeLiveSecurity
Unless companies processing citizens’ personal data fully understand the reasoning behind the decisions made based on their machine-learning models, they will find themselves between a rock and a hard place.
The post Transparency of ML algorithms is a double-edged sword appeared first on WeLiveSecurity
