Security content from The Stack

Researchers discover new custom web font phishing attack

Proofpoint observes novel technique that uses custom web fonts to help phishing pages evade detection Cybersecurity researchers at Proofpoint have discovered a new phishing technique that allows cybercriminals to hide phishing pages via custom web font files. The researchers found the new technique after observing strange encoding in a credential harvesting scheme impersonating a major retail… Read More

IoT cryptomining exploits on the rise

December 2018 McAfee Labs threat report shows sharp increase in malware targeting IoT devices, which can then be used for cryptomining exploits IoT malware threats have increased from just over 5,000 in Q4 2016 to over 45,000 incidents detected in Q3 2018. IoT threats may target any kind of connected hardware including routers, smart devices,… Read More

BT wants Huawei hardware far, far Huawei from critical infrastructure

Company no longer using Huawei equipment in existing 3G and 4G networks, removing hardware from “core” of 5G service BT has confirmed reports in the Financial Times that it is stripping Huawei equipment from existing EE 3G and 4G core mobile operations and future 5G core operations. Speaking to The Register, the UK telco dismissed… Read More

Kubernetes security flaw allows hackers to infiltrate backend servers

First major security flaw in popular cloud container orchestrator Kubernetes discovered – and it may be impossible to tell if you have been compromised Find any firm at the forefront of digital transformation and there’s one thing you can bet on: it’s leveraging Kubernetes to deploy sophisticated applications that push the boundaries of modern-day application… Read More

Two Iranians indicted for SamSam ransomware attacks

The FBI has identified two of the perpetrators responsible for long-running cybercrime that crippled hospitals, government agencies and institutions in US and Canada According to the FBI, Iranian residents Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were two of the culprits behind the notorious ransomware attacks that infected more than 230 entities and caused… Read More

Time to get national cybersecurity strategy in order, UK committee warns

As the threat to critical national infrastructure rises, a parliamentary committee has warned the UK is ‘wholly’ unprepared to stop a devastating cyberattack Much has been made of Russia’s aggressive cyber-offensive in recent years, and while the UK has made threats of its own, the joint committee on national security strategy says the country needs to… Read More

AI system predicts business cyberattacks hatched in dark web forums

An international cybersecurity research team has developed an AI system that predicts business targeted cyberattacks from forum discussions on the dark web The dark web refers to the underbelly of the internet, cut loose from search engine indexes and accessible only via specialist browsers like Tor. Darkweb or deep-web marketplaces and forums are well known… Read More

RiskIQ names Magecart as hacker group behind British Airways data breach

Following the British Airways data breach that affected over 380,000 customers, cybersecurity firm RiskIQ has published an in-depth and detailed report on the ease of hacking into BA systems and the hackers behind the attack. In the report, RiskIQ names Magecart as the culprit– the same team behind the data hack at Ticketmaster UK earlier this year… Read More

Trend Micro apps found to be secretly harvesting data

Apple has had to investigate a series of apps hosted on its App Store, after it was revealed that the apps were making copies of user data. Dr. Cleaner Pro, Dr. Cleaner, Dr. Unarchiver, Dr. Antivirus, Dr. Battery, and Duplicate Finder, made by Trend Micro, Inc. were investigated by Apple which later removed Dr. Unarchiver… Read More

British Airways suffers data breach

British Airways customers have been cancelling credit cards after a data breach compromised over 380,000 card payments over a period of 16 days. The airline revealed on Thursday evening on its Twitter feed that it was looking into the matter. As well as customer details being stolen from the website, mobile app users were also… Read More

Why slack print security is leaving you wide open for breaches

Whatever the field of business, whether healthcare, finance, insurance, or public sector, protecting data and documents is critical to any organisation’s survival in the modern business world, and securing related print infrastructure should be no exception. Particularly with the rise of cloud computing and subsequent mobility trends, printing has become even more complex and it… Read More

Report: only half of UK companies have secured critical data

Only 51% of UK companies have fully secured critical data, according to a new report issued by NTT Security. This has implications for data breaches as well as GDPR and regulatory compliance and could result in heavy fines for almost half the companies in the UK. The Risk: Value 2018 Report was created by interviews and… Read More

Do NOT follow this link or you will be banned from the site!