As noted in the SentinelOne-sponsored EMA Security Megatrends 2019 report, the two greatest threats currently facing enterprise are ransomware and ATAs, advanced targeted attacks that have been designed for a specific environment. The last two years have seen an increase in both kinds of threats, as well as their combination: targeted ransomware such as Ryuk, SamSam, and now Matrix. Matrix variants have been observed before, but ...
Read More »Blog
Attackers rely on Google Sheets to spread malware through CSV files
The malware appears to be a variant of the infamous NanoCore trojan.CSV files containing the malware payload circumvent Google filters using Google Sheets as a distribution method. A unique malware that uses Google Sheets has been discovered by well-known cyber security researcher Marco Ramili. The malware is found to be an improved version of the NanoCore RAT detected in 2014. ...
Read More »Google adds Password Checkup Chrome extension
Google has rolled out a new Chrome extension that will inform users if their passwords have been compromised. The service, which was introduced as part of Google’s Safer Internet Day offerings, is called Password Checkup. The Chrome extension checks a person’s username and password against a list of four billion credentials that are known to be compromised. If a match occurs the ...
Read More »Google releases February 2019 security patch for Pixel devices, Essential Phone gets updated too
Google has started pushing out latest monthly Android security update for its Pixel smartphones and Pixel C tablet. On Monday, Google Pixel 3, Pixel 3 XL, Pixel 2, Pixel 2 XL, Pixel, Pixel XL, and Pixel C devices got their latest February 2019 security patch along with bug fixes. Parallely, Essential has also rolled out the latest February 2019 security update for Essential ...
Read More »Google’s New Tool Alerts When You Use Compromised Credentials On Any Site
With so many data breaches happening almost every week, it has become difficult for users to know if their credentials are already in possession of hackers or being circulated freely across the Internet. Thankfully, Google has a solution. Today, February 5, on Safer Internet Day, Google launches a new service that has been designed to alert users when they use an exact ...
Read More »3 ways state actors target businesses in cyber warfare, and how to protect yourself
The year 2019 is likely to see an increase of state actors taking aim at the private sector in foreign companies, continuing an ongoing trend over the past several years, according to the 2019 Cyber Threat Outlook published by defense industry firm Booz Allen Hamilton on Monday. The report cites economically-motivated attacks, that aim to “steal information, such as intellectual property and ...
Read More »Attackers Use CoAP for DDoS Amplification
Attackers recently started abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks, NETSCOUT warns. CoAP is a simple UDP protocol designed for low-power computers on unreliable networks that appears similar to HTTP, but which operates over UDP (User Datagram Protocol) port 5683. The protocol is mainly used by mobile phones in China, but is also ...
Read More »Over 3000 Magneto shops have been hacked via insecure extensions in the last 3 months
Attackers use an extension bug to download other extensions and later search for zero-day security issues.Failing to keep the extensions up-to-date is one of the main cause for the rise in such attacks. In the latest research, it has been found that Magneto shops can be targeted by leveraging vulnerable third-party extensions or modules. The attackers can abuse these weak ...
Read More »Top WordPress attacks: Insight into major attacks that involved compromise of WordPress sites
WordPress is the most popular content management system which is based on PHP and MySQL. A recent study revealed that WordPress-associated vulnerabilities have seen a 30% increase in 2018 when compared to the previous year. The number of vulnerabilities related to WordPress recorded in 2018 was 542. Moreover, most of these vulnerabilities, almost 98% were related to WordPress plugins and only 2% ...
Read More »Google works on spotting dodgy ‘evil domains’
Google is working on a way for Chrome to do a better job of spotting fake websites that seek to trick people into handing over personal information. It is concentrating on websites that use letters and numbers to approximate a recognised brand. The work will mean Chrome will warn people they are about to visit sites it believes are fake. ...
Read More »