Thursday, July 19, 2018

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

ABB to Patch Code Execution Flaw in HMI Tool

Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools. read more

Cisco Finds Serious Flaws in Policy Suite, SD-WAN Products

Cisco informed customers on Wednesday that it has found and patched over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. read more

NIST to Withdraw 11 Outdated Cybersecurity Publications

The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications. read more

Data Privacy Automation Provider Integris Software Raises $10 Million

Integris Software, a Seattle-based provider of data privacy automation tools, today announced that it has raised $10 million through a Series A financing round led by Aspect Ventures. read more

Flashpoint Launches Ransomware Response & Readiness Service

Threat intelligence and research company Flashpoint on Wednesday announced the launch of a new service designed to help organizations prepare and respond to ransomware and other types of cyber extortion incidents. read more

Oracle Patches Record 334 Vulnerabilities in July 2018

Oracle Patches Over 200 Remotely Exploitable Vulnerabilities in July 2018 Critical Patch Update read more

GrandCrab: The New King of Ransomware?

Cryptominers have plateaued, GrandCrab is the new king of ransomware, adware -- surprise! -- is as prolific as ever, and VPNFilter might herald a new genre of sophisticated multi-purpose malware. These are some of the conclusions drawn from the...

Keeping it on the Down Low on the Dark Web

Sites on the Dark Web Have Several Motivations to Unmask Their Visitors read more

Microsoft Offers $100,000 in New Identity Bug Bounty Program

Microsoft on Tuesday announced the launch of a new bug bounty program that offers researchers the opportunity to earn up to $100,000 for discovering serious vulnerabilities in the company’s various identity services. read more

Siemens Informs Customers of New Meltdown, Spectre Variants

Siemens recently updated its security bulletin for the Meltdown and Spectre vulnerabilities to inform customers of the latest variants, specifically the ones known as LazyFP and Spectre 1.1. read more

RATs Bite Ukraine in Ongoing Espionage Campaign

An ongoing espionage campaign aimed at Ukraine is leveraging three different remote access Trojans (RATs), ESET security researchers warn. read more

Back in Washington, Trump Under Pressure to Reverse Course on Russia

President Donald Trump found himself isolated and under pressure to reverse course Tuesday after publicly challenging the US intelligence conclusion that Russia meddled in the 2016 election during his face-to-face with Vladimir Putin. read more

Malware Creator Admits to Building and Selling LuminosityLink RAT

A Kentucky man admitted in a U.S. court to developing and distributing the remote access Trojan known as LuminosityLink. read more

‘Blackgear’ Cyberspies Resurface With New Tools, Techniques

The hackers behind a cyberespionage campaign known as Blackgear are back with improved malware that abuses social media websites, including Facebook, for command and control (C&C) communications. read more

Downward Trend in Healthcare Ransomware Attacks May be Temporary

Confirming a trend noted by other researchers, a new report from network security firm Cryptonite notes that ransomware incidents have declined over the last six months. read more

Charitable Hackers Collaborate in Deep Web Forums

Through Multiple Methods and Collaborations, Many Hackers Donate Money to Good Causes read more

Irish Silk Road Suspect Extradited to US: Prosecutors

A 30-year-old Irish man accused of working for now defunct "dark web" marketplace Silk Road has been extradited to the United States to face charges in New York, four years after his arrest, prosecutors announced Friday. read more

Security Instrumentation Firm Verodin Raises $21 Million

Verodin, a Virginia-based company that helps organizations assess the effectiveness of their cybersecurity controls, on Tuesday announced that it has raised $21 million in a Series B funding round. read more

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.