Malware Coming to a Mac Near You? Yes, Say Security Firms

While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard. Malware targeting Apple’s Mac operating system accounted for two of the 10 most popular attacks in the first quarter of the year — the first time Apple’s software took more than a single slot, according to network-security firm WatchGuard Technologies’ quarterly threat report. While Mimikatz, a credential-stealing tool…

June 27, 2019
Read More >>

New Linux Worm Attacks IoT Devices

Silex has ‘bricked’ more than 2,000 Linux-based IoT devices so far. A new Internet of Things (IoT) bricking worm — malware designed to permanently disable the hardware it infects — is hitting Linux-based devices, and it appears the culprit responsible for the attack is 14 years old.  The new software, dubbed “Silex,” is running across the Internet looking for Linux systems deployed with default admin credentials. Once it finds such…

June 27, 2019
Read More >>

Breaking the Endless Cycle of “Perfect” Cybercrimes

A two-step strategy for creating an attack environment that is more complex, less profitable, and more likely to expose the attacker. Regardless of their methods, hackers are constantly attempting to improve upon what is essentially a perfect crime — a crime that is simple to execute, is performed with near total anonymity, and, most of all, pays off. These have been the hallmarks of successful crimes and criminals for generations,…

June 26, 2019
Read More >>

FIDO Alliance to Tackle Identity Verification and IoT Authentication

Standards group forms two new working groups to develop new open specifications. The FIDO Alliance this week launched new initiatives to advance identity verification and the automated authentication of IoT devices on a network. The group, which has created standards for passwordless authentication, has formed two new working groups – the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoTTWG) – both of which it…

June 26, 2019
Read More >>

Could Foster Kids Help Solve the Security Skills Shortage?

Foster Warriors is a new nonprofit initiative focused on helping foster kids find a place in the world, and especially in the world of security. Join us! They are rare moments, moments when the security industry can do something that’s not only in its own best interest but could also forge enormous social change. Change lives, even save lives. This may be one of those moments.  As the industry desperately…

June 26, 2019
Read More >>

AWS CISO Talks Risk Reduction, Development, Recruitment

Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services. AWS re:Inforce – BOSTON – Enterprise cloud adoption has ramped up in the 12 years Steve Schmidt has worked with Amazon Web Services (AWS), but he says the threat landscape hasn’t changed much. Businesses have simply become more aware of the many risks they face. “The biggest risk to most organizations, large or…

June 26, 2019
Read More >>

Global Cyberattack Campaign Hit Mobile Carrier Networks

A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals. A global cyberattack campaign believed to be the work of a nation-state group has hit telcos and mobile carriers around the world in an effort to gather intelligence on specific individuals. The attackers stole files that show the communication history and travel patterns of a targeted individual, according to a new report…

June 26, 2019
Read More >>

Microsoft Adds New Secure Storage Area to OneDrive

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-6328PUBLISHED: 2019-06-25 HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329. CVE-2019-6329PUBLISHED: 2019-06-25 HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328. CVE-2018-1858 PUBLISHED: 2019-06-25 IBM API Connect…

June 26, 2019
Read More >>

How to Avoid Becoming the Next Riviera Beach

Be prepared by following these five steps so you don’t have to pay a ransom to get your data back. On May 30, Dark Reading posted my column, “The Ransomware Dilemma: What if Your Local Government Is Next?” The article came on the heels of the ransomware attack on Baltimore’s government and that city’s decision not to pay the ransom. The article discussed the moral-versus-practical dilemma of paying ransoms. In…

June 25, 2019
Read More >>

A Socio-Technical Approach to Cybersecurity’s Problems

Researchers explore how modern security problems can be solved with an examination of society, technology, and security. Cybersecurity challenges cannot be solved with computers alone. They demand a closer look at how social and technical systems overlap, and how this growing overlap influences security. As it stands, many of these issues are being addressed separately. The general public and defense leaders understand the risk of online propaganda, but they know…

June 25, 2019
Read More >>