Thailand passes Internet security law decried as ‘cyber martial law’

Patpicha Tanakasempipat

https://www.thestar.com.my/tech/tech-news/2019/02/28/thailand-passes-internet-security-law-decried-as-cyber-martial-law-updated/

Excerpt:

“Thailand's military-appointed parliament on Feb 28 passed a controversial cybersecurity law that gives sweeping powers to state cyber agencies, despite concerns from businesses and activists over judicial oversight and potential abuse of power.”


New browser attack lets hackers run bad code even after users leave a web page

Catalin Cimpanu

https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/

Excerpt:

“Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.”


Consumer attitudes towards security breaches are changing significantly

https://www.helpnetsecurity.com/2019/02/27/consumer-attitudes-towards-security-breaches/

Excerpt:

“Transatlantic businesses face greater short-term pain in the US but less long term retribution in the UK following a security breach, according to new data from payment security business, PCI Pal. The research into consumer trust and spending habits was conducted during the last quarter of 2018 and pointed to some very clear cultural differences between the two countries.”


Social media-enabled cybercrime is generating $3.25 billion a year

https://www.helpnetsecurity.com/2019/02/27/social-media-enabled-cybercrime/

Excerpt:

“Social media-enabled cybercrime is generating at least $3.25B in global revenue annually, according to an extensive six-month academic study undertaken by Dr. Mike McGuire, Senior Lecturer in Criminology at the University of Surrey.”


Most IoT devices are being compromised by exploiting rudimentary vulnerabilities

https://www.helpnetsecurity.com/2019/02/26/iot-devices-exploited-rudimentary-vulnerabilities/

Excerpt:

“Cybercriminals are looking for ways to use trusted devices to gain control of Internet of Things (IoT) devices via password cracking and exploiting other vulnerabilities, such as through the exploitation via voice assistants, according to the latest Mobile Threat Report unveiled by McAfee.”


Formjacking is the new get rich quick scheme for cybercriminals

https://www.helpnetsecurity.com/2019/02/21/formjacking-get-rich-quick-scheme/

Excerpt:

“Faced with diminishing returns from ransomware and cryptojacking, cybercriminals are doubling down on alternative methods, such as formjacking, to make money according to Symantec’s Internet Security Threat Report (ISTR), Volume 24.”


Hackers Use Compromised Banks as Starting Points for Phishing Attacks

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/hackers-use-compromised-banks-as-starting-points-for-phishing-attacks/

Excerpt:

“Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries.”


European standards org releases consumer IoT cybersecurity standard

https://www.helpnetsecurity.com/2019/02/20/consumer-iot-cybersecurity-standard/

Excerpt:

“The European Telecommunications Standards Institute (ETSI) has released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.


Popular Torrent Uploader 'CracksNow' Caught Spreading Ransomware

Wang Wei

https://thehackernews.com/2019/02/malware-torrent-download.html

Excerpt:

“It's not at all surprising that downloading movies and software from the torrent network could infect your computer with malware, but it's more heartbreaking when a popular, trusted file uploader goes rogue.”


The importance of consumer trust in the second-hand mobile market

https://www.helpnetsecurity.com/2019/02/18/second-hand-mobile-market/

Excerpt:

“58 percent of global consumers have yet to trade in an old mobile device, though almost two-thirds (64%) globally reported they would be willing to do so if more stringent data management processes were in place. These are the results of an exclusive global consumer research study examining consumer sentiment and actions for trading in mobile devices, released by Blancco Technology Group.”


Chinese company leaves Muslim-tracking facial recognition database exposed online

Catalin Cimpanu

https://www.zdnet.com/article/chinese-company-leaves-muslim-tracking-facial-recognition-database-exposed-online/

Excerpt:

“One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet.”


Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale

Swati Khandelwal

https://thehackernews.com/2019/02/data-breach-website.html

Excerpt:

“A hacker who was selling details of nearly 620 million online accounts stolen from 16 popular websites has now put up a second batch of 127 million records originating from 8 other sites for sale on the dark web.”


The Scarlet Widow Gang Entraps Victims Using Romance Scams

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/the-scarlet-widow-gang-entraps-victims-using-romance-scams/

Excerpt:

“We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but  the emotional entanglement ultimately leads to heartbreak.”


New Offensive USB Cable Allows Remote Attacks over WiFi

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/new-offensive-usb-cable-allows-remote-attacks-over-wifi/

Excerpt:

“Like a scene from a James Bond or Mission Impossible movie, a new offensive USB cable plugged into a computer could allow attackers to execute commands over WiFi as if they were using the computer's keyboard.”


Impersonation, sender forgery and corporate email spoofing top the charts

https://www.helpnetsecurity.com/2019/02/13/q4-2018-phishing-scammers/

Excerpt:

“This Q4 of 2018 was a busy period for phishing scammers. INKY researchers saw a spike in email volume this time of year as people use email to gather their receipts from online shopping, shipping notifications, returns, and virtual holiday greetings.”


Swiss government invites hackers to pen-test its e-voting system

Catalin Cimpanu

https://www.zdnet.com/article/swiss-government-invites-hackers-to-pen-test-its-e-voting-system/

Excerpt:

“The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.”


88% of UK businesses breached during the last 12 months

https://www.helpnetsecurity.com/2019/02/12/uk-breaches-increasing/

Excerpt:

“The UK’s cyber threat environment is intensifying. Attacks are growing in volume, and the average number of breaches has increased, according to Carbon Black.”


Average DDoS attack volumes grew by 194% in 12 months

https://www.helpnetsecurity.com/2019/02/11/ddos-attack-volumes-grew-by-194-in-12-months/

Excerpt:

“The volume and complexity of DDoS attacks continued to grow in Europe during the final quarter of 2018, according to Link11. While Link11’s Security Operations Center (LSOC) registered 13,910 attacks in Q4 (12.7% down compared to Q3), the average attack volume grew by 8.7% to 5Gbps, and 59% of attacks used multiple attack vectors.”


"Lucky Draw" Smishing Campaign Asks Money to Deliver Car Prize

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/lucky-draw-smishing-campaign-asks-money-to-deliver-car-prize/

Excerpt:

“A new smishing campaign, or text message phishing campaign, is targeting Nokia owners in India. These text messages pretend to be from Nokia and state that the recipient has won a lucky draw to win a car or money.”


How the government and private sector can better defend against a cascading cyberattack

Sean Lyngaas

https://www.cyberscoop.com/cyber-tabletop-exercise-foundation-defense-of-democracies-chertoff-group/

Excerpt:

“The U.S. government and private sector need to be planning now for a cascading cyberattack on critical infrastructure by mapping out emergency authorities and supply-chain contingencies — lest they be caught off-guard during the real thing, a new study says.”


70 real-life hackers and cybersecurity practitioners share their personal insights

Zeljka Zorz

https://www.helpnetsecurity.com/2019/02/06/tribe-of-hackers/

Excerpt:

“Entering the information security industry can be a formidable undertaking and renowned professionals often seem larger than life and unapproachable (even though most are on Twitter and their email address is public).”


Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public

Catalin Cimpanu

https://www.zdnet.com/article/security-firm-identifies-hacker-behind-collection-1-leak-as-collection-2-5-become-public/

Excerpt:

The threat intel team at Recorded Future, a US-based cyber-security firm, claims to have identified the hacker who assembled and then sold a massive collection of email addresses and passwords known as Collection #1.”


Hacker talks to baby through Nest security cam, jacks up thermostat

Lisa Vaas

https://nakedsecurity.sophos.com/2019/02/01/hacker-talks-to-baby-through-nest-security-cam-jacks-up-thermostat/

Excerpt:

“If the internet’s army of creeps isn’t busy blasting bogus warnings about fake nuclear warhead missiles through people’s Nest security cameras, they’re trying to parboil kids by jacking up the Nest thermostat.”


Hacker who reported a flaw in Hungarian Magyar Telekom faces up to 8-years in jail

Pierluigi Paganini

https://securityaffairs.co/wordpress/80610/breaking-news/magyar-telekom-hack.html

Excerpt:

“Hungarian police arrested a young hacker because he discovered and exploited serious vulnerabilities in the systems of the Magyar Telekom”


Why vaporworms might be the scourge of 2019

Marc Laliberte

https://www.helpnetsecurity.com/2019/02/05/vaporworms/

Excerpt:

“Not too long ago, the WatchGuard Threat Lab predicted the emergence of vaporworms as a major new cyber threat that will affect organizations of all sizes in 2019. We coined the term to describe a new breed of fileless malware with self-propagating, wormlike properties. At the time of the initial prediction, our team was fairly sure this idea was more than conjecture, but now the advent of the vaporworm in 2019 seems to be an abject certainty.”


Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate

https://www.helpnetsecurity.com/2019/02/01/phishing-incidents-investigation/

Excerpt:

“Account takeover-based (ATO) attacks now comprise 20 percent of advanced email attacks, according to Agari’s Q1 2019 Email Fraud & Identity Deception Trends report. ATO attacks are dangerous because they are more difficult to detect than traditional attacks – compromised accounts seem legitimate to email filters and end users alike because they are sent from a real sender’s email account.”