‘DarkGate’ Campaign Targets Europeans with Multiple Payloads

A newly discovered malware campaign is targeting users in Europe with various payloads, has a reactive command and control (C&C) system and can remotely control infected machines, enSilo security researchers warn. Spreading through torrent files, the DarkGate malware can avoid detection by several anti-virus products and is also capable of detonating multiple payloads onto the infected machines, for crypto-currency mining, stealing crypto-coins, and encrypting victim’s files (ransomware). The campaign operators…

November 16, 2018
Read More >>

Facebook Patches Bug that Exposed Private Information

Facebook recently addressed a vulnerability that could have allowed anyone to access private information about users and their contacts. The vulnerability, Imperva security researcher Ron Masas explains, was found in Facebook’s online search function. He discovered that the HTML code for every search result contained an iframe element that could be exploited maliciously. The issue is that the endpoint that expects a GET request with a number of search parameters…

November 15, 2018
Read More >>

A Human-Centered Approach to Building a Smart, Satisfied Information Security Team

With limited personnel to manage the rising risk, the difficulty attracting, recruiting and retaining an appropriately skilled workforce has become a significant risk.  Shortfalls in skills and capabilities are manifesting as major security incidents damage organizational performance and reputation. Building tomorrow’s security workforce is essential to address this challenge and deliver robust and long-term security for organizations in the digital age. Filling the skill shortage will require organizations to change…

November 15, 2018
Read More >>

Fight Fileless Malware on All Fronts

Take a unified approach: patch and protect all elements of your ecosystem to prevent new attacks. The Ponemon Institute estimates that more than half of all attacks against businesses in 2017 were fileless. Cyber criminals continue to find new, creative ways to disrupt organizations, and a new favorite that gained traction last year is fileless malware. No doubt, 2018 statistics, when compiled, will indicate fileless malware is among the prevalent…

November 6, 2018
Read More >>

How to Protect SMBs Against Phishing Attacks via Social Engineering

Social engineering and artificial intelligence (AI) are bringing about a new golden age of hacking for criminals. They are capitalizing on common online habits of everyday people to tempt them to click on or install harmful applications – in the guise of browser extensions, clickbait and more – each specifically targeted to the individual user’s online habits using AI. Most breaches occur when employees make common, seemingly harmless mistakes. Now,…

November 6, 2018
Read More >>

DDoS Disruption: Election Attacks

In an increasingly politically and economically volatile landscape, cybercrime has become the new geopolitical tool. Attacks on political websites and critical national infrastructure services are ever more frequent not only because the tools to do these are simpler, cheaper and more widely available, but also due to desire and capabilities of attackers to impact real-world events such as election processes, while staying undiscovered. Not surprisingly, a third of respondents to NETSCOUT’s…

November 5, 2018
Read More >>

Buy, Rent, or Uber Your Security Operations Center

We all know that data breaches cost a lot—an average of $3.6M per organization. For cyber criminals, everyone’s a target—and perfect prevention isn’t practical. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate and respond to cyber threats 24/365 if we are to avoid costly breaches and the potential impact to reputation, revenue and customer confidence. What…

November 5, 2018
Read More >>

What You Need to Know about the Recent Apache Struts Vulnerability

Researchers recently revealed a vulnerability in Apache Struts, a popular type of enterprise software. Active exploit attempts weren’t far behind. The Equifax hack that occurred roughly a year ago was due to an earlier Apache Struts vulnerability (CVE-2017-9805). The team at Equifax was aware of the vulnerability but took some time to patch it — and in this gap the company was hacked, and the data of millions was stolen….

November 5, 2018
Read More >>

Crypto-Mining Malware Attacks on iPhones Up 400%: Report

Crypto-mining malware attacks against iPhones went up 400% in the last two weeks of September, security firm Check Point notes in a new report. Crypto-mining attacks have intensified over the past couple of years, fueled by a massive surge in the price of crypto-currencies. Threats range from botnets to fileless malware and malicious programs that abuse NSA-linked exploits for propagation. Industrial systems are frequently hit as well. Mobile users are…

October 16, 2018
Read More >>

Most SMBs Fold after Cyber Attacks: Here’s How to Protect Yours

Many small-to-medium businesses (SMBs) think they’re flying under the radar of cyber-attackers. But in reality, perpetrators specifically target smaller, more vulnerable businesses because of their lack of security expertise and fragile infrastructure, and because they often provide easy entryways to larger companies with whom the SMBs work. Even more alarming, more than 60 percent of SMBs go out of business within six months of devastating attacks, like ransomware and distributed…

October 12, 2018
Read More >>