Wednesday, April 24, 2019
SC Magazine

Flashpoint: Our site was not dishing malware

Flashpoint came out swinging today against an independent researcher who reported that the security company’s public-facing website was serving malware. In what Flashpoint called an “after action report,” the company denied the website was itself infected with malware, but did...
SC Magazine

Washington state legislature passes data breach law, but punts on privacy law

The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations. Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently...
SC Magazine

WordPress Social Warfare plugin vulnerabilities abused in the wild

About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild. Palo Alto’s Unit 42 research team is reporting that...
SC Magazine

App leaves over 2 million WiFi network passwords exposed on open database

More than two million WiFi network passwords were reportedly left exposed on an open database by the developer of WiFi Finder, an app designed to help device owners find and log in to hotspots. The developer, Proofusion, claims its product...
SC Magazine

How to be an ethical hacker

At first glance, the term “ethical hacking” may seem like an oxymoron. That’s because criminal “hacker” has become a pejorative that’s closely tied to the bad guys — black hat threat actors looking to steal or corrupt data or other assets within...
SC Magazine

Fake U.S. State Dept. docs used in European embassy cyberattacks

Cyberattackers, possibly Russian, recently struck numerous embassies in Europe with a malicious email attachment that uses a weaponized version of the TeamViewer remote desktop tool to gain control of the target computer. Check Point researchers reported that the attack is...
SC Magazine

Machines running popular AV software go unresponsive after Microsoft Windows update

April’s Microsoft Windows update has apparently been causing headaches for users who had previously installed anti-virus software from vendors such as Avast, Avira, ArcaBit, McAfee and Sophos. Users with these AV products who installed the April 9 Windows update may...
SC Magazine

EmCare data breach exposes 60,000 employees, patients

EmCare Inc. suffered a data breach after several employee email accounts were accessed by an unauthorized entity, resulting in the compromise of up to 60,000 individuals’ information. The Dallas-based company, which provides physician services, said in a statement that it...
SC Magazine

Unauthorized party muscles its way into Bodybuilding.com’s systems

Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data. According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident...
SC Magazine

WannaCry hero Marcus Hutchins pleads guilty, faces five years

UK citizen Marcus Hutchins has gone from international hero to felon after pleading guilty for his role in creating the Kronos banking trojan. Hutchins, who found the kill switch that turned off the WannaCry ransomware in May 2017, was arrested in...
SC Magazine

SC Media Reboot Leadership Awards announces its call for nominations

SC Media is issuing a call for nominations for its annual Reboot Leadership Awards, designed to further advance the acknowledgement of cybersecurity luminaries.  Three years ago SC Media launched the Reboot Leadership Awards to give us a platform to recognize the professionals who...
SC Magazine

Everything is hackable: The crowd is here to help

The cybersecurity industry at large is facing a massive skills shortage. Coupled with a growing attack surface and economically incentivized adversaries, this skills gap has made it more difficult than ever for organizations to shore up their defenses. Security experts are in high...
SC Magazine

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers...
SC Magazine

Ransomware ravages municipalities nationwide this week

Municipalities took a beating this week with at least four reporting being shut down from new ransomware attacks or struggling to recover from an older incident. Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of...
SC Magazine

Drupal releases correct four moderately critical third-party vulnerabilities

Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library. The three Symfony issues...

Stuxnet Family Tree Grows

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
ZDNet

Another dark web marketplace bites the dust –Wall Street Market

Two major dark web marketplaces for buying illegal products shut down in the span of a month.

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...