News

  • Analyzing OilRig’s malware that uses DNS Tunneling
    by Pierluigi Paganini on April 18, 2019 at 8:47 pm

    Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been […] The post Analyzing OilRig’s malware that uses DNS Tunneling appeared first on Security Affairs. […]

  • BrandPost: Are You Leaving the Wired Network Door Wide Open?
    by Brand Post on April 18, 2019 at 7:58 pm

    Most organizations lock down Wi-Fi access but rely on physical security and static segmentation as the primary defensive technique for the wired network. This blog is the first in a 3-part series that explores why this practice is commonplace today, the risks of this approach, and what alternatives exist.Let me start by telling you about a scenario that I often present when talking with customers:“I want to get inside your building. Towards the end of lunchtime, I find a group of employees returning to the office and walk with them. I’m wearing a badge that looks just like your company badge. I’m carrying a package in one hand and talking on a cellphone with my other hand. Will the employees hold the door open for me?”To read this article in full, please click her […]

  • LinkedIn Data Found in Unsecured Databases
    on April 18, 2019 at 5:44 pm

    A privacy foundation found unsecured databases that held LinkedIn data, including email addresses. […]

  • TA505 Targets Financial and Retail Using 'Undetectable' Methods
    on April 18, 2019 at 5:00 pm

    CyberInt found TA505 is using tactics and a remote administration tool, developed by TektonIT. […]

  • Fraudsters Exploit Sympathies Surrounding Notre Dame Tragedy
    on April 18, 2019 at 4:22 pm

    Following the tragic events in Paris, cyber-criminals have taken advantage of people's goodwill. […]

  • As Governments Adopt Artificial Intelligence, There’s Little Oversight And Lots Of Danger
    by James Hendler, The Conversation on April 18, 2019 at 2:40 pm

    AI can help make government more efficient – but at what cost? Citizens' lives could be better or worse, based on how the technology is used […]

  • Drupal patched security vulnerabilities in Symfony, jQuery
    by Pierluigi Paganini on April 18, 2019 at 2:01 pm

    The developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. The developers of the Symfony PHP web application framework addressed […] The post Drupal patched security vulnerabilities in Symfony, jQuery appeared first on Security Affairs. […]

  • Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission
    by Pierluigi Paganini on April 18, 2019 at 12:36 pm

    Facebook made the headlines once again for alleged violations of the privacy of its users, this time collecting contacts from 1.5 Million email accounts without permission. New problems for Facebook, the company collected contacts from 1.5 Million email accounts without user’permission. We recently read about an embarrassing incident involving the social network giant that asked […] The post Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission appeared first on Security Affairs. […]

  • IDG Contributor Network: Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law
    by Michael R. Overly on April 18, 2019 at 12:33 pm

    On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019 (PAA). The proposed rewrite would increase a business’s compliance obligations as well as its potential exposure to civil and regulatory liability, shifting California even closer to the requirements of the GDPR. If passed, the PAA will go into effect on January 1, 2021, giving businesses one additional year to implement the new requirements.To read this article in full, please click her […]

  • APT28 and Upcoming Elections: evidence of possible interference (Part II)
    by Pierluigi Paganini on April 18, 2019 at 11:08 am

    In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy’s phishing techniques to confirm or […] The post APT28 and Upcoming Elections: evidence of possible interference (Part II) appeared first on Security Affairs. […]