Apple Blocks Comms-snooping Malware

Apple has moved to thwart a malware attack that used a legitimate – probably hijacked – developer certificate, by revoking the cert. Check Point wrote up the malware last week, calling “OSX/Dok” “the first major scale malware to target OSX users via a coordinated email phishing campaign”. A hapless user who okayed all the stages of infection would end up having all their communications snooped – even HTTPS sessions encrypted…

May 3, 2017
Read More >>

Lockheed Martin Bets on Blockchain For Cybersecurity

Lockheed Martin has contracted Guardtime Federal to provide blockchain cyber security, the defense company announced in a blog post. It’s the first US defense contractor to adopt blockchain as part of its security approach and Lockheed Martin says the partnership will allow it to “realize more efficient and secure software development and supply chain risk management.” A blockchain is a type of secure database that maintains a constantly expanding list…

May 3, 2017
Read More >>

Gartner Says Organisations Are Unprepared for the 2018 European Data Protection Regulation

The European General Data Protection Regulation (GDPR) will have a global impact when it goes into effect on 25th May, 2018, according to Gartner, Inc. Gartner predicts that by the end of 2018, more than 50 per cent of companies affected by the GDPR will not be in full compliance with its requirements. “The GDPR will affect not only EU-based organisations, but many data controllers and processors outside the EU…

May 3, 2017
Read More >>

UK office workers “too trusting” of email attachments

Major UK businesses are leaving themselves vulnerable to the most common form of cyber-attack, research by UK-based cyber security firm Glasswall Solutions has found. 58% of office workers among 1,000 employees surveyed at mid-to-large UK businesses revealed they usually open email attachments from unknown senders, leaving businesses open to breaches from documents carrying malicious exploits hidden inside common file-types. Despite the widely-publicised growing threat from social engineering, where hackers create…

May 3, 2017
Read More >>

Shodan search engine starts unmasking malware command-and-control servers

There’s now a new tool that could allow companies to quickly block communications between malware programs and their frequently changing command-and-control servers. Threat intelligence company Recorded Future has partnered with Shodan, a search engine for internet-connected devices and services, to create a new online crawler called Malware Hunter. The new service continuously scans the internet to find control panels for over ten different remote access Trojan (RAT) programs, including Gh0st…

May 3, 2017
Read More >>

Boston Fed conference: Security still comes down to the basics

BOSTON – Not every bank has the money or the staff to do everything on the “best practices” lists of multiple regulatory agencies. As one member of the audience at the Federal Reserve Bank of Boston’s 2017 Cybersecurity Conference this week noted, it is much more difficult for the “minnows” to comply with all the “guidance” out there, than it is for the “big fish.” But multiple speakers and panelists…

May 3, 2017
Read More >>