(IN)SECURE Magazine Notifications RSS

Phishers’ new trick for bypassing email URL filters

2 hours 39 minutes ago

Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels). The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page. Why does this approach work? “Office documents (.docx, .xlsx, .pptx) are made up of a number of XML files that include all the … More →

The post Phishers’ new trick for bypassing email URL filters appeared first on Help Net Security.

Zeljka Zorz

Rockwell Automation industrial energy meter vulnerable to public exploits

3 hours 28 minutes ago

A low-skilled, remote attacker could use publicly available exploits to gain access to and mess with a power monitor by Rockwell Automation that is used by energy companies worldwide, ICS-CERT warns. All versions of Rockwell Automation’s Allen-Bradley PowerMonitor 1000 are vulnerable and there is currently no available fix for the flaws. About the vulnerabilities and available exploits PowerMonitor 1000 is an energy metering device used in industrial control applications, such as destribution centers, industrial control … More →

The post Rockwell Automation industrial energy meter vulnerable to public exploits appeared first on Help Net Security.

Zeljka Zorz

Flawed password managers allow malware to steal passwords from computer memory

4 hours 30 minutes ago

The most widely used password managers sport fundamental vulnerabilities that could allow malware to steal the master password or other passwords stored by the software directly from the computer’s memory, researchers with Independent Security Evaluators (ISE) have found. The findings They tested the 1Password, Dashlane, KeePass and LastPass password manager applications for Windows, which are collectively used by 60 million users and 93,000 businesses worldwide. They reverse engineered each software package to evaluate its handling … More →

The post Flawed password managers allow malware to steal passwords from computer memory appeared first on Help Net Security.

Zeljka Zorz

Ryuk: What does the helpdesk tell us?

7 hours 45 minutes ago

Cybercrime is the only criminal channel that provides a helpdesk. An amusing side note in the world of digital crime, and whilst considerable efforts have been taken to understand what the code infers about the source of attacks, very little is done regarding the administrative support provided by the malicious actors. In the case of ransomware this is a significant omission, since we have witnessed notable investment by malicious operators to ‘support’ victims to encourage … More →

The post Ryuk: What does the helpdesk tell us? appeared first on Help Net Security.

Help Net Security

Insights on modern adversaries and their tactics, techniques, and procedures

8 hours ago

In today’s ever-evolving cyber landscape, speed is essential for effective cyber defense. CrowdStrike’s Global Threat Report reveals “breakout time” – the critical window between when an intruder compromises the first machine and when they can move laterally to other systems on the network – for top cyber adversaries. This ranking offers organizations unprecedented insight into how fast they need to be at detecting, investigating and remediating intrusions (also known as the 1-10-60 rule) to thwart … More →

The post Insights on modern adversaries and their tactics, techniques, and procedures appeared first on Help Net Security.

Help Net Security

European standards org releases consumer IoT cybersecurity standard

8 hours 15 minutes ago

The European Telecommunications Standards Institute (ETSI) has released ETSI TS 103 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes. As more devices in the home connect to the internet, the cyber security of the Internet of Things (IoT) is becoming a growing concern. People entrust their personal data to an increasing number of online devices … More →

The post European standards org releases consumer IoT cybersecurity standard appeared first on Help Net Security.

Help Net Security

Free decryption tool could save victims millions in ransomware payments

8 hours 31 minutes ago

A new decryption tool has been released for free on the No More Ransom depository for the latest strand of GandCrab. This tool was developed by the Romanian Police in close collaboration with the internet security company Bitdefender and Europol, together with the support of law enforcement authorities from Austria, Belgium, Cyprus, France, Germany, Italy, the Netherlands, UK, Canada and US FBI. In addition to versions 1, 4 and early versions of 5, the new … More →

The post Free decryption tool could save victims millions in ransomware payments appeared first on Help Net Security.

Help Net Security

Baffle releases a data protection solution for serverless cloud workloads

13 hours 25 minutes ago

Baffle, an advanced data protection company, announced it has released the first-to-market solution for data-centric protection of Amazon’s AWS Lambda, a pioneering serverless compute service. On the heels of its breakthrough for data-centric encryption, Baffle Advanced Data Protection Service gives enterprises the ability to provide a common data security model for existing infrastructure while also accelerating the “lift and shift” to serverless computing services such as AWS Lambda. Baffle’s award-winning and patented platform now provides … More →

The post Baffle releases a data protection solution for serverless cloud workloads appeared first on Help Net Security.

Industry News

Spark Connected launches The Gorgon, a new wireless power solution for 5G networks

13 hours 36 minutes ago

Spark Connected, a leading technology developer of advanced and innovative wireless power system solutions, announced a proprietary 30-Watt wireless power solution, named The Gorgon specifically engineered for Telecom Infrastructure and Security applications. The Gorgon wireless power solution consists of both a transmitter and companion receiver and is currently in field trials for 5G Fixed Wireless Access (FWA). The solution integrates into in-building mmWave 5G products and eliminates the need to wire external antenna or FWA … More →

The post Spark Connected launches The Gorgon, a new wireless power solution for 5G networks appeared first on Help Net Security.

Industry News

Exclusive Group acquires SecureWave to advance global VAD reach

14 hours 5 minutes ago

Exclusive Group, the value-added services and technologies (VAST) group, announced it is acquiring SecureWave, one of Israel’s leading independent cybersecurity VADs. The move adds another advanced economy to the worldwide market penetration of the Exclusive Group, establishes an in-country presence within one of the world’s most significant innovation hubs, and expands the Group’s service reach to the benefit of its global customers and partners. “This acquisition is about more than just filling in the gaps … More →

The post Exclusive Group acquires SecureWave to advance global VAD reach appeared first on Help Net Security.

Industry News

Treliant adds Gerald R. Roop as Principal

14 hours 36 minutes ago

Gerald R. Roop has joined Treliant as a Principal in the firm’s Regulatory Compliance and Risk service area, bringing significant experience partnering with financial services clients to develop sustainable compliance, risk, regulatory, and financial control programs and find new efficiencies in existing programs. In his career, Gerry has held key roles in both global advisory firms as well as executive financial roles within the industry, including Chief Financial Officer for a publicly traded financial services … More →

The post Treliant adds Gerald R. Roop as Principal appeared first on Help Net Security.

Industry News

RSAC Launch Pad enables companies to pitch high-profile venture capitalists

23 hours 15 minutes ago

RSA Conference released the names of three security innovators that will participate in the first-ever RSAC Launch Pad, an event designed to give burgeoning cybersecurity talent a platform to share their industry solutions. These companies will have the opportunity to pitch their new business to three high-profile venture capitalists (VCs) in a live, Shark Tank-style format. If the VCs believe in the company’s solution, participants may receive VC funding and/or mentorship support. The finalists were … More →

The post RSAC Launch Pad enables companies to pitch high-profile venture capitalists appeared first on Help Net Security.

Industry News

Detecting Trojan attacks against deep neural networks

1 day ago

A group of researchers with CSIRO’s Data61, the digital innovation arm of Australia’s national science agency, have been working on a system for run time detection of trojan attacks on deep neural network models. Although it has yet to be tested in the text and voice domain, their system is highly effective when it comes to spotting trojan attacks on DNN-based computer vision applications. What are deep neural networks? Artificial neural networks (ANNs) are computational … More →

The post Detecting Trojan attacks against deep neural networks appeared first on Help Net Security.

Zeljka Zorz

Webinar: Defending account takeovers at Remitly

1 day 1 hour ago

Account Takeover attacks don’t follow conventional attack patterns – they look, act, and feel like legitimate users. Without the right tooling, visibility into your environment, and intimate understanding of your users, defending against Account Takeover attacks (ATOs) can be extremely difficult. Worse yet, if done incorrectly, defending against ATOs can end up impacting legitimate users and traffic. There are ways to make defending these attacks much easier. This webinar (registration required) with guest Kevin Hanaford, … More →

The post Webinar: Defending account takeovers at Remitly appeared first on Help Net Security.

Help Net Security

IT security incidents affecting German critical infrastructure are on the rise

1 day 3 hours ago

The number of IT security incidents reported by critical infrastructure companies in Germany has soared. In 2017, the German Federal Office for Security in Information Technology (BSI) received 145 such reports from critical infrastructure providers. In the second half of 2018 alone that number reached 157, Welt am Sonntag reports. Reporting requirements The BSI is the federal agency charged with managing computer and communication security for the German government, as well as monitoring the security … More →

The post IT security incidents affecting German critical infrastructure are on the rise appeared first on Help Net Security.

Zeljka Zorz

How RSA Conference 2019 brings diverse security professionals together

1 day 4 hours ago

With RSA Conference 2019 USA just two weeks away, we asked Sandra Toms, Vice President and Curator, RSA Conference, to tell us more about the challenges involved in developing a broad educational resource for information security professionals the event is known for. Read the Q&A to discover how the conference brings security professionals together, what you can expect at this year’s event, and what RSA Conference plans for the future. The information security industry has … More →

The post How RSA Conference 2019 brings diverse security professionals together appeared first on Help Net Security.

Mirko Zorz

Building security into cloud native apps with NGINX

1 day 7 hours ago

Companies like Airbnb, Uber and DoorDash, which have a cloud-based software infrastructure as one of their main enablers, are disrupting the hospitality, transportation and food delivery sector. Why do all these new companies use the cloud and what advantages does it give them? Unlike legacy competitors, innovators with new infrastructure can: 1. Quickly scale and grow their customer base. 2. Support their business in different geographies and ensure availability. 3. Ensure convenience (users are accessing … More →

The post Building security into cloud native apps with NGINX appeared first on Help Net Security.

Help Net Security

Indicators of poor password hygiene exposed

1 day 8 hours ago

The recovered compromised credentials and personally identifiable information (PII) as well as the identified trends in online security habits and the data criminals tend to steal and use, have been released in the 2018 Credential Exposure Report by SpyCloud. SpyCloud’s research team recovered 3,457,017,136 exposed sets of online account credentials and PII from 2,882 different sources, many of which were high-profile data breaches that led to credentials going up for sale on dark web forums … More →

The post Indicators of poor password hygiene exposed appeared first on Help Net Security.

Help Net Security

74% of organizations face outages due to expired certificates

1 day 8 hours ago

As information security budgets grow and funds are allocated to protect the defensive perimeter, many companies have overlooked the critical importance of digital certificate management. And a new study shows it could cost them up to $67.2 million over the next two years. The study, a benchmarking report released today by Keyfactor and Ponemon Institute also finds that 71% of IT pros believe that their organization does not know exactly how many keys and certificates … More →

The post 74% of organizations face outages due to expired certificates appeared first on Help Net Security.

Help Net Security

DarkMatter launches KATIM R01 ultra secure smartphone for extreme field conditions

1 day 12 hours ago

DarkMatter Group unveiled KATIM R01, an ultra secure smartphone designed to withstand extreme field conditions. Designed, vetted and tested by DarkMatter’s engineers in the UAE, Finland and Canada, KATIM R01 combines premium looks with powerful technology, wrapped in a unique rugged design. It’s the latest in the Company’s end-to-end secure communications solutions ranging from devices to back end services, and a full secure suite of applications based on custom and quantum-resistance cryptographic protocols. “We combined … More →

The post DarkMatter launches KATIM R01 ultra secure smartphone for extreme field conditions appeared first on Help Net Security.

Industry News

Freelancing

Tasker: Total Automation for Android