Security content from The Stack


Researchers discover new custom web font phishing attack

Proofpoint observes novel technique that uses custom web fonts to help phishing pages evade detection Cybersecurity researchers at Proofpoint have discovered a new phishing technique that allows cybercriminals to hide phishing pages via custom web font files. The researchers found the new technique after observing strange encoding in a credential harvesting scheme impersonating a major retail… Read More


IoT cryptomining exploits on the rise

December 2018 McAfee Labs threat report shows sharp increase in malware targeting IoT devices, which can then be used for cryptomining exploits IoT malware threats have increased from just over 5,000 in Q4 2016 to over 45,000 incidents detected in Q3 2018. IoT threats may target any kind of connected hardware including routers, smart devices,… Read More


Hackers bypass two-factor authentication at scale

Hackers break into Gmail and Yahoo accounts of journalists and activists “at scale”, even those with two-factor authentication (2FA) enabled Multiple credentials phishing campaigns targeting human rights activists and journalists across the Middle East and North Africa have been disclosed by Amnesty International. Credentials phishing deploys imitations of websites, wherein a login prompt lures a… Read More


US missile defence systems fail cybersecurity audit

Security controls and processes for ballistic missile defense system (BMDS) not consistently implemented leaving technical information exposed, according to a security audit released by the US Department of Defense Inspector General (DOD IG) A US DOD cybersecurity audit of US missile defence systems has revealed officials are failing to implement basic cybersecurity controls such as… Read More


68% of UK businesses hit by a cyberattack this year

New research from RedSeal reveals UK industry needs greater support from the government against mounting cyber threats  Fears over the UK’s withdrawal from the European Union might have dominated the business press in 2018, but new research from security vendor RedSeal has outlined the equally real, present (and arguably larger), danger posed by cyberattackers to… Read More


BT wants Huawei hardware far, far Huawei from critical infrastructure

Company no longer using Huawei equipment in existing 3G and 4G networks, removing hardware from “core” of 5G service BT has confirmed reports in the Financial Times that it is stripping Huawei equipment from existing EE 3G and 4G core mobile operations and future 5G core operations. Speaking to The Register, the UK telco dismissed… Read More


Kubernetes security flaw allows hackers to infiltrate backend servers

First major security flaw in popular cloud container orchestrator Kubernetes discovered – and it may be impossible to tell if you have been compromised Find any firm at the forefront of digital transformation and there’s one thing you can bet on: it’s leveraging Kubernetes to deploy sophisticated applications that push the boundaries of modern-day application… Read More


Two Iranians indicted for SamSam ransomware attacks

The FBI has identified two of the perpetrators responsible for long-running cybercrime that crippled hospitals, government agencies and institutions in US and Canada According to the FBI, Iranian residents Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri were two of the culprits behind the notorious ransomware attacks that infected more than 230 entities and caused… Read More


Time to get national cybersecurity strategy in order, UK committee warns

As the threat to critical national infrastructure rises, a parliamentary committee has warned the UK is ‘wholly’ unprepared to stop a devastating cyberattack Much has been made of Russia’s aggressive cyber-offensive in recent years, and while the UK has made threats of its own, the joint committee on national security strategy says the country needs to… Read More


AI system predicts business cyberattacks hatched in dark web forums

An international cybersecurity research team has developed an AI system that predicts business targeted cyberattacks from forum discussions on the dark web The dark web refers to the underbelly of the internet, cut loose from search engine indexes and accessible only via specialist browsers like Tor. Darkweb or deep-web marketplaces and forums are well known… Read More


RiskIQ names Magecart as hacker group behind British Airways data breach

Following the British Airways data breach that affected over 380,000 customers, cybersecurity firm RiskIQ has published an in-depth and detailed report on the ease of hacking into BA systems and the hackers behind the attack. In the report, RiskIQ names Magecart as the culprit– the same team behind the data hack at Ticketmaster UK earlier this year… Read More


Trend Micro apps found to be secretly harvesting data

Apple has had to investigate a series of apps hosted on its App Store, after it was revealed that the apps were making copies of user data. Dr. Cleaner Pro, Dr. Cleaner, Dr. Unarchiver, Dr. Antivirus, Dr. Battery, and Duplicate Finder, made by Trend Micro, Inc. were investigated by Apple which later removed Dr. Unarchiver… Read More



Do NOT follow this link or you will be banned from the site!