Friday , February 23 2018
Menu
Home / Cyber Security

Cyber Security

Wake-up Call! 73% of Firms Fail Insurer’s Cybersecurity Tests

International specialty insurer Hiscox have released their 2018 Cyber Readiness Report. Conducted by Forrester Consulting across 4,100 organizations in the UK, USA, German, Netherlands, and Spain, the report highlights the following findings: Out of 3 groups assessing readiness–novices, intermediates, experts–73% of respondents fell into the novice category. 66% of respondents …

Read More »

Crypto Miners Hijack Water Utility

Cybersecurity outfit Radiflow reports what may be the first documented case in the wild of cryptojacking in an infrastructure facility. Radiflow’s investigation into the European installation traced first infection to an HMI (Human Machine Interface) computer running Windows XP. It’s thought that the attack vector was an operator browsing to …

Read More »

Cyberintelligence: Knowing How to Make the Right Decisions

Author: Mikel Rufián Albarrán. Responsible for Cyberintelligence. Innotec System. Entelgy company The incorporation of Cyberintelligence capabilities may mean an increase in organizations’ profitability of up to 26%; however, in most countries, the commitment to this activity is still incipient with respect to other large economies. Enhancing its development is essential …

Read More »

Fake Patches Exploit Spectre, Meltdown Fears

Security research company Malwarebytes has spotted an early exploit of the Spectre and Meltdown vulnerabilities–but not in the way you might think. Rather than a technical attack using the exploits themselves, this is a social attack using a very convincing website purporting to be German government advice with links to …

Read More »

A Not So Warm and Fuzzy Feeling

This paper (PDF) from the 2017 Black Hat Europe conference is a timely reminder that theoretically secure development projects may inadvertently include vulnerabilities from lower-level components. The author describes a method that found potential vulnerabilities in common development languages including JavaScript, PHP, Ruby, Python, and Perl. Best practice to defend …

Read More »

Closing the Air Gap

CyberX labs raised interest at the 2017 Black Hat Europe Conference by describing a method to use compromised industrial programmable logic controllers (PLCs) to exfiltrate data from an industrial control system (ICS) network, using encoded radio signals generated from within the supposedly air-gapped target. View all the details here: https://cyberx-labs.com/en/blog/cyberx-security-researchers-demonstrate-reconnaissance-data-exfiltration-air-gapped-ics-scada-networks/

Read More »

Uber’s Data Breach Trifecta

Details emerged this week of a 2016 data breach at Uber compromising 57 million accounts (names, emails, cellphone numbers) plus further details, including license numbers of 600,000 US-based drivers. What’s more disturbing than the breach itself–although that’s important–is the way key individuals at Uber treated it. Rather than complying with …

Read More »

Machine Learning Applied to Cybersecurity

An interesting announcement this month came from Shape Security, who have launched the Blackfish system to identify and block stolen credentials earlier in the lifecycle. The problem is a growing one, with in excess of 3 billion sets of credentials reported stolen last year. According to the product website: “Instead …

Read More »

Bumper Harvest of Application Patches

Memory corruption and script engine flaws in the Internet Explorer and EDGE browsers, an attack vector potentially allowing a malicious spreadsheet to infect a user’s PC because of a problem disabling macros properly, and a significant set of updates for Adobe Acrobat and Reader. As ever, our advice on the …

Read More »