Office Depot fined millions for tricking customers into believing their PCs were infected with malware

Graham Cluley

https://hotforsecurity.bitdefender.com/blog/office-depot-fined-millions-for-tricking-customers-into-believing-their-pcs-were-infected-with-malware-21021.html

Excerpt:

“What does the average person do when their computer starts behaving oddly? If their PC is getting slower, or they’re being pestered with an excessive number of pop-ups?”


Third-party cyber risk management is a burden on human and financial resources

https://www.helpnetsecurity.com/2019/03/28/third-party-cyber-risk-management/

Excerpt:

“Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective.”


Algorithms can now find bugs in computer chips before they are made

https://www.helpnetsecurity.com/2019/03/28/exposing-potential-flaws-in-new-chip-designs/

Excerpt:

“In early 2018, cybersecurity researchers discovered two security flaws they said were present in almost every high-end processor made and used by major companies.”


ASUS confirms server compromise, releases fixed Live Update tool

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/27/asus-fixes-live-update/

Excerpt:

“ASUS has finally confirmed that its servers were compromised and that its ASUS Live Update tool has been tampered with, as revealed on Monday.”


The ransomware attack cost Norsk Hydro $40 million so far

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/27/norsk-hydro-ransomware-losses/

Excerpt:

“A little over a week after the beginning of the ransomware attack targeting Norsk Hydro, the company has estimated that the costs it incurred because of it have reached 300-350 million Norwegian crowns ($35-41 million).”


Google accidentally promoted a malicious Bitcoin wallet on YouTube

Yessi Bello Perez

https://thenextweb.com/hardfork/2019/03/26/google-accidentally-promoted-a-malicious-bitcoin-wallet-on-youtube/

Excerpt:

Google-owned YouTube inadvertently advertized an illegitimate version of the Bitcoin $BTC▲0.53% wallet Electrum.”


Lazarus rises in Israel with attempted hack of defense company, researchers say

Sean Lyngaas

https://www.cyberscoop.com/lazarus-rises-israel-attempted-hack-defense-company-researchers-say/

Excerpt:

“A notorious hacking group experts have tied to the North Korean government has targeted an Israeli defense company, according to new research outlining what appears to be one of the group’s first attacks on an Israeli entity.”


ASUS Admits Its Live Update Utility Was Backdoored by APT Group

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/

Excerpt:

“Asus confirmed today that its Live Update utility has been indeed infected with malicious code by an advanced persistent threat (APT) group as part of a supply chain attack which managed to compromise some of its servers.”


CyberX raises $18 million to protect industrial control systems from cyberattack

https://www.helpnetsecurity.com/2019/03/26/cyberx-raised-18-million-in-funding/

Excerpt:

“CyberX, the IIoT and industrial control system (ICS) security company, announced that it has raised $18 million in a strategic funding round led by Qualcomm Ventures and Inven Capital. Existing investors Norwest Venture Partners, Glilot Capital Partners, Flint Capital, and OurCrowd also participated in the round, bringing total funding to date to $48 million.”


Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

Kim Zetter

https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers

Excerpt:

“Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says.”


A family tracking app was leaking real-time location data

Zack Whittaker

https://techcrunch.com/2019/03/23/family-tracking-location-leak/

Excerpt:

“A popular family tracking app was leaking the real-time locations of more than 238,000 users for weeks after the developer left a server exposed without a password.”


Norsk Hydro cyber attack: What’s new?

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/22/norsk-hydro-cyber-attack-whats-new/

Excerpt:

“Norwegian aluminum producer Norsk Hydro ASA was hit by ransomware-wielding attackers early this week.”


Attackers compromised ASUS to deliver backdoored software updates

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/25/asus-supply-chain-attack/

Excerpt:

“Unknown attackers have compromised an update server belonging to Taiwanese computer and electronics maker ASUS and used it to push a malicious backdoor on a huge number of customers, Kaspersky Lab researchers discovered.”


Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)

Shaun Nichols

https://www.theregister.co.uk/2019/03/22/medtronic_implanted_defibrillator_hackable/

Excerpt:

“Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect.”


13-Year-Old Allegedly Hacked Teacher Account to Create Student 'Hit List'

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/13-year-old-allegedly-hacked-teacher-account-to-create-student-hit-list/

Excerpt:

“A 13-year-old is currently under investigation after he allegedly used a teacher's credentials to hack into his school district's computing system to steal fellow students' personal information and create a "hit list."


1,600 Hotel Guests Secretly Live Streamed to 4,000+ Subscribers

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/1-600-hotel-guests-secretly-live-streamed-to-4-000-subscribers/

Excerpt:

“Four individuals from South Korea were detained for secretly recording, live streaming, and selling spy cam videos of 1600 motel guests between November 24 and March 2, with two of them being arrested and facing a maximum of five years in jail.”


Latest tactics used by cybercriminals to bypass traditional email security

https://www.helpnetsecurity.com/2019/03/21/bypass-traditional-email-security/

Excerpt:

“Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts.”


Cost of telecommunications fraud estimated at €29 billion a year

https://www.helpnetsecurity.com/2019/03/22/telecommunications-fraud/

Excerpt:

“As our society evolves, so does our reliance on telecommunications technology. Cybercriminals prey on our daily use of electronic devices and continuously seek out new ways to exploit vulnerabilities and access information.”


The privacy risks of pre-installed software on Android devices

https://www.helpnetsecurity.com/2019/03/22/privacy-risks-pre-installed-software-android/

Excerpt:

“Many pre-installed apps facilitate access to privileged data and resources, without the average user being aware of their presence or being able to uninstall them.”


Google white hat hacker found new bug class in Windows

Pierluigi Paganini

https://securityaffairs.co/wordpress/82642/hacking/windows-privilege-escalation-bug-class.html

Excerpt:

“Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. The flaws are caused by the lack of necessary checks when handling specific requests.”


Round 4: Hacker returns and puts 26Mil user records for sale on the Dark Web

Catalin Cimpanu

https://www.zdnet.com/article/round-4-hacker-returns-and-puts-26mil-user-records-for-sale-on-the-dark-web/

Excerpt:

“A hacker who has previously put up for sale over 840 million user records in the past month, has returned with a fourth round of hacked data that he's selling on a dark web marketplace.”


Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

Pierluigi Paganini

https://securityaffairs.co/wordpress/82547/hacking/scanbox-pakistani-government-hack.html

Excerpt:

“Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. The attackers used the Scanbox Framework, the intrusion is similar to another attack that last week hit the Bangladeshi Embassy in Cairo.”


Cyber preparedness essential to protect EU from large scale cyber attacks

https://www.helpnetsecurity.com/2019/03/19/protect-eu-cyber-attacks/

Excerpt:

“The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable.”


Security fatigue leads many to distrust personal data protection, can you blame them?

https://www.helpnetsecurity.com/2019/03/18/distrust-personal-data-protection/

Excerpt:

“20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data. As a result, some people feel they need to take matters into their own hands or at least work with organizations that give them a greater sense of control.”


Unsecured Database Exposed 33 Million Job Profiles in China

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/unsecured-database-exposed-33-million-job-profiles-in-china/

Excerpt:

“A large database with approximately 33 million profiles for people seeking jobs in China has been fully accessible and unprotected online. This information included sensitive information that could have been used for scammers and identity theft.”


90% of consumers value additional security measures to verify mobile-based transactions

https://www.helpnetsecurity.com/2019/03/15/mobile-transactions-security-measures/

Excerpt:

“A strong majority of US adults value additional security measures for mobile transactions, with 90% reporting they would want the ability to approve some or all mobile device transactions before the transaction is completed, and 71% interested in approving all such transactions.”


North Korean Hackers Behind $571M Crypto Heists Says UN Report

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/north-korean-hackers-behind-571m-crypto-heists-says-un-report/

Excerpt:

“North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council.”


Mysterious Leaked Database Labels the 'BreedReady' Status of 1.8 Million Women in China

Melanie Ehrenkranz

https://gizmodo.com/mysterious-leaked-database-labels-the-breedready-status-1833205396

Excerpt:

“A white hat hacker discovered an unsecured database on Saturday listing the personal information of nearly 2 million women in China, which included a section titled, for some reason, “BreedReady.” The database was taken down as of Monday, but its existence still indicates that someone is collecting a wealth of deeply intimate information for hundreds of thousands of women.”


Over 2 billion records exposed by email marketing firm

Tomáš Foltýn

https://www.welivesecurity.com/2019/03/11/over-2-billion-records-exposed-marketing-firm/

Excerpt:

“Security researchers have discovered a humongous collection of email addresses and other data that was left sitting on the internet with no protection whatsoever.”


Game Development Companies Backdoored in Supply-Chain Attacks

Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/game-development-companies-backdoored-in-supply-chain-attacks/

Excerpt:

“Two popular games and a gaming platform developed by Asian companies were compromised following a series of successful supply-chain attacks which allowed the attackers to include a malicious payload designed to provide them with a backdoor.”


Marriott CEO reveals more details about the massive data breach

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/12/marriott-data-breach-details/

Excerpt:

“Last Thursday, Equifax CEO Mark Begor and Arne Sorenson, the CEO of Marriott International, appeared before a US Senate subcommittee to testify about the massive data breaches their companies have suffered.”


How susceptible are hospital employees to phishing attacks?

https://www.helpnetsecurity.com/2019/03/13/hospital-phishing-attacks/

Excerpt:

”Cybersecurity threats are a rising problem in society, especially for healthcare organizations. Successful attacks can jeopardize not only patient data but also patient care, leading to cancellations and disruptions in the critical services that hospitals provide.”


Hackable car alarms leave three million cars at risk of hijack

Graham Cluley

https://hotforsecurity.bitdefender.com/blog/hackable-car-alarms-leave-three-million-cars-at-risk-of-hijack-20932.html

Excerpt:

“Millions of car owners were left at risk of having their vehicles stolen, because of the poor security of third-party app-connected car alarms.”


Ransomware Attack on Jackson County Gets Cybercriminals $400,000

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/ransomware-attack-on-jackson-county-gets-cybercriminals-400-000/

Excerpt:

“A ransomware attack hit the computers of Jackson County, Georgia, reducing government activity to a crawl until officials decided to pay cybercriminals $400,000 in exchange for the file decryption key.”


IT managers can’t ignore endpoints because most cyberattacks start there

https://www.helpnetsecurity.com/2019/03/12/endpoint-security-facts/

Excerpt:

“IT managers are more likely to catch cybercriminals on their organization’s servers and networks than anywhere else, according to the 7 Uncomfortable Truths of Endpoint Security survey by Sophos.”


One man charged and two cryptocurrency businesses suspended following organised crime investigation

http://austrac.gov.au/media/media-releases/one-man-charged-and-two-cryptocurrency-businesses-suspended-following-organised?platform=hootsuite

Excerpt:

“A 27-year-old Bulleen man has been arrested during the second phase of an Australian Federal Police (AFP) investigation into an organised crime syndicate. Following the arrests, AUSTRAC suspended the registrations of two digital currency exchange businesses the man is associated with.”


Thousands of patients impacted by ransomware attack at medical billing company

Graham Cluley

https://www.tripwire.com/state-of-security/healthcare/thousands-patients-ransomware-attack-medical-billing-company/

Excerpt:

Following a ransomware attack at a medical billing company, thousands of patients are being warned that their highly sensitive medical information and personal details were amongst the breached data.”


Saudi caller ID app leaves data of 5+ million users in unsecured MongoDB server

Catalin Cimpanu

https://www.zdnet.com/article/saudi-caller-id-app-leaves-data-of-5-million-users-in-unsecured-mongodb-server/

Excerpt:

“Dalil, an Android app that provides caller ID services similar to Truecaller but for Saudi and other Arabian users, has been leaking user data for a week because of a MongoDB database that has been left accessible online without a password.”


IoT automation platforms open smart buildings to new threats

https://www.helpnetsecurity.com/2019/03/06/iot-automation-platforms-compromise/

Excerpt:

“IoT automation platforms in smart buildings are presenting attackers with new opportunities for both physical and data compromise, Trend Micro researchers warn in a newly released report.”


Users are too confident in their protection from threats

Zeljka Zorz

https://www.helpnetsecurity.com/2019/03/06/user-data-protection-practices/

Excerpt:

“Most users care about online privacy and take some steps to make sure their data is protected, a new Malwarebytes survey has revealed.”


Indian Hackers On The Offensive After Successive Hits On Govt Sites

Alwin K Jose

https://fossbytes.com/indian-hackers-offensive-pakistan-hacking-attacks/

Excerpt:

“A recent report by Hindustan Times stated that hackers from Pakistan attacked over 90 websites of the Indian Government. The recent escalations in tensions between the neighbors led to a surge in attacks in cyberspace, targeting key infrastructures.”


Human behavior can be your biggest cybersecurity risk

Adenike Cosgrove

https://www.helpnetsecurity.com/2019/03/04/human-behavior-cybersecurity-risk/

Excerpt:

“Changes in user behavior are increasingly blurring the lines between personal and business. Trends like Bring Your Own Device (BYOD) and flexible working often mean that people are using work devices outside of the office. In fact, recent research has shown that half of UK workers allow friends and family members to access their work devices with no restrictions, creating a very real cybersecurity risk for businesses.”


Enterprise attitudes to cybersecurity: Strategies to balance risk and business acceleration

https://www.helpnetsecurity.com/2019/03/04/enterprise-attitudes-to-cybersecurity/

Excerpt:

“IT decision makers are facing major challenges between dynamic adversaries, significant legislation and regulation requirements, business digital transformation needs, and a rapidly-growing array of technology solutions.”


Social media fake news fans tension between India and Pakistan

Sankalp Phartiyal

https://www.reuters.com/article/us-india-kashmir-socialmedia/social-media-fake-news-fans-tension-between-india-and-pakistan-idUSKCN1QH1NY

“With India and Pakistan standing on the brink of war this week, several false videos, pictures and messages circulated widely on social media, sparking anger and heightening tension in both countries.”