INFOSECURITY NEWSLETTER

May 3, 2017

10 Cybercrime Myths that Could Cost You Millions

Mark Wilczek, Darkreading.com, April 29, 2017

Cybercrime is all over the place, with damages, according to one estimate by Cybersecurity Ventures, expected to double from $3 trillion in 2015 to $6 trillion by 2021. In a prominent 2016 ransom attack, according to the 2016 McAfee Threat Report, a criminal was supposedly able to pocket $121 million within just six months, netting $94 million after expenses. Still, too often people believe in myths that prevent them from building effective countermeasures.

Read More

Anatomy of a Phishing Email

Jim Mitchell, Delta-risk.net, April 27, 2017

A phishing email is typically the starting point for many cyber attacks. While spam filters, whitelists, and anti-virus engines do an adequate job of keeping these emails from passing through to end users’ inboxes, there are still plenty of emails that make it through. GreatHorn’s 2017 Phishing Report revealed that the average business end user “faces at least one risky email per day,” while 91 percent of corporate phishing emails are display name spoofs.

Read More

Banks Confident of Their Approach to Security – But Still Get Hit by Hackers

Guy Clapperton, Nakedsecurity.sophos.com, April 27, 2017

Banks around the world are pretty confident about their security, it seems – but what is that confidence built on? According to a report from Accenture outlining the banks’ attitude to their security, 73% of respondents considered that security was embedded in their culture – but on average they had 85 targeted breaches per year, one-third of which are successful.

Read More

8 Ways Governments Can Improve Their Cybersecurity

JMichael Chertoff and Jeremy Grant, April 25, 2017

It’s hard to find a major cyberattack over the last five years where identity — generally a compromised password — did not provide the vector of attack. Target, Sony Pictures, the Democratic National Committee (DNC) and the U.S. Office of Personnel Management (OPM) each were breached because they relied on passwords alone for authentication. We are in an era where there is no such thing as a “secure” password; even the most complex password is still a “shared secret” that the application and the user both need to know, and store on servers, for authentication.

Read More

Google and Facebook Duped in Huge Scam

Chris Baraniuk, Bbc.com, April 28, 2017

In March, it was reported that a Lithuanian man had been charged over an email phishing attack against “two US-based internet companies” that were not named at the time. They had allegedly been tricked into wiring more than $100m to the alleged scammer’s bank accounts. On 27 April, Fortune reported that the two victims were Facebook and Google. The man accused of being behind the scam, Evaldas Rimasauskas, 48, allegedly posed as an Asia-based manufacturer and deceived the companies from at least 2013 until 2015.

Read More

Ransomware Hidden Inside a Word Document That’s Hidden Inside a PDF

Bill Brener, Nakedsecurity.sophos.com, April 24, 2017

SophosLabs has discovered a new spam campaign where ransomware is downloaded and run by a macro hidden inside a Word document that is in turn nested within a PDF, like a Russian matryoshka doll. The ransomware in this case appears to be a variant of Locky. Most antivirus filters know how to recognize suspicious macros in documents, but hiding those document inside a PDF could be a successful way to sidestep it, according to SophosLabs researchers.

Read More

One-Third of Federal Agencies Reported Data Breaches in 2016

Dark Reading Staff, Darkreading.com, May 1, 2017

Nearly all federal respondents surveyed consider themselves vulnerable and cite problems with security staffing and spending, a new report shows . One-third of federal government agencies reported experiencing a data breach in the last year, and 65% have experienced one in the past, according to the 2017 Thales Data Threat Report, Federal Edition. Nearly all (96%) respondents consider themselves “vulnerable” to data breaches; about half (48%) state they are “very” or “extremely” vulnerable.

Read More


Millions of Android Devices Vulnerable to Network Scan Attack

Ali Raza, Hackread.com, April 29, 2017

Researchers have recently discovered hundreds of vulnerable apps on Google Play Store which are allowing hackers to inject them with malicious code which, upon downloading, steal all data from an infected Android device. The problem, according to the researchers [PDF] is that some of the apps are creating open ports on smartphones, which is not a new problem since the same issue was faced by computers but it is something new when it comes to smartphone technology.

Read More

Stealthy Mac Malware Spies on Encrypted Browser Traffic

Lucian Constantin, Csoonline.com, April 28, 2017

A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal sensitive information. The new program, dubbed OSX/Dok by researchers from Check Point Software Technologies, was distributed via email phishing campaigns to users in Europe. One of the rogue emails was crafted to look as if it was sent by a Swiss government agency warning recipients about apparent errors in their tax returns. The malware was attached to the email as a file called Dokument.zip.

Read More
financial newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th