Cybersecurity

Cisco Warns of Exploits Against Product Vulnerability

Cisco Warns of Exploits Against Product Vulnerability

Earlier this week, Cisco updated its earlier warning for the flaw in its Adaptive Security Appliance and said that it is being targeted by attacks. The advisory was first issued last January 29, just days before the flaw was to be explained by the NCC group researcher who discovered it. However, Cisco said that it had discovered more vulnerabilities than what had been detailed in prior reports. Cisco urges customers to immediately update their products since the flaws had received a 10 of 10 CVSS rating, which indicates the highest level of severity.    Source: ZDNet

Chrome Set to Mark All Http Pages As “Not Secure”

Chrome Set to Mark All Http Pages As “Not Secure”

In a blogpost last Thursday, Chrome security product manager Emily Schechter announced that coming this July, all websites that are not yet using https encryption will be marked in Chrome 68 as “not secure”. Https provides encryption which “wraps” the website and its user within a secure tunnel to prevent attacker intrusion. Schechter adds that they have been strongly advocating https for years and the new warning sign is intended to make users understand that http sites lack adequate security. It was noted that Google also ranks https sites higher in its search results to encourage developers to adopt the […]

Researchers Warn Against Conversation-Hijacking Attacks

Researchers Warn Against Conversation-Hijacking Attacks

Researchers from cyber security firm AppRiver recently warned that they have observed a spike in conversation-hijacking attacks where hackers use highly personalized phishing emails to trick recipients that they are conversing with a trusted party. The hackers are said to be using the technique to spread the Gozi banking trojan which collects the victim’s financial details . The attackers start by sending phishing emails en masse to obtain the victim’s email login and password. They then use these trusted accounts to reply to ongoing conversations where they attach the malware. AppRiver said that in January alone, they have observed more […]

Microsoft’s Anti-Ransomware Protection Bypassed by Researcher

Microsoft’s Anti-Ransomware Protection Bypassed by Researcher

Security researcher Yago Jesus from SecurityByDefault recently said that he was able to bypass Microsoft’s “Controlled Folder Access” feature which is being touted as a reliable anti-ransomware measure. CFA allows the user to block changes to files in user-designated directories via a prompt. However, Jesus found that all Office apps were automatically whitelisted, which means that an attacker can add simple scripts in OLE objects inside Office files to bypass CFA. The researcher reported his findings to Microsoft, but the company said that it was not a security vulnerability. Even though they said that the issue will be fixed, Jesus […]

Report Says Majority of Organizations Still Lack a Cyber Security Strategy

Report Says Majority of Organizations Still Lack a Cyber Security Strategy

Insurance and underwriting firm Hiscox recently established in their new report called “Cyber Readiness” that as high as 73% of organizations are still ill-equipped to prevent cyber attacks. Based on the answers of decision makers in 4,100 organisations from UK, USA, Germany, the Netherlands, and Spain, it was shown that a contributor to the problem is the lack of cybersecurity professionals. Former GCHQ director and Hiscox advisor Robert Hannigan says that he expects the problem to continue as cyber criminals get access to more sophisticated tools and IoT devices with minimal security rapidly proliferate.   Source: ZDnet

High Court Decides in Favor of Suspected Hacker Lauri Love

High Court Decides in Favor of Suspected Hacker Lauri Love

A landmark appeal was recently made in favor of Lauri Love, a hacker suspected of breaking into organizations such as the FBI, the US Central Bank, the US Army, NASA. Currently extradited in the UK, Love would have been sentenced up to 99 years in prison and millions of dollars in fines had he been found guilty of violations under the Computer Fraud and Abuse Act (CFAA). However, Lord chief justice, Ian Burnett of Maldon and Justice Duncan Ouseley backed the 33-year old student’s appeal last Monday and ruled that extradition would be “oppressive by reason of his physical and […]

Cybersecurity Bill Passed in Singapore Parliament

Cybersecurity Bill Passed in Singapore Parliament

Last Monday, a bill intended to reinforce the protection of computer systems that provide essential services against cyber-attacks was passed in the Singaporean Parliament. The Cybersecurity Bill will require owners of such systems, called Critical Information Infrastructure (CII), to report cybersecurity breaches, among other statutory obligations. CII owners who do not comply with codes of practice and standards of performance, conduct cybersecurity audits and risk assessments, and participate in cybersecurity exercises as dictated by the Bill may be penalized up to S$ 100,000, two years in prison, or both. However, several MPs raised concerns that the authorities could possible intrude […]

Apple, Cisco Partner with Allianz SE to Offer Cyber Policy Discounts

Apple, Cisco Partner with Allianz SE to Offer Cyber Policy Discounts

Last Monday, Apple Inc., Cisco Systems Inc, Allianz SE, and insurance broker Aon Plc., announced that they will be teaming up to provide discounts on cyber insurance to companies who use hardware from both companies. According to Jason Hogg of Aon Cyber Solutions, the offering will help businesses streamline their cyber security which is often “siloed” due to the separation of roles of each department. Businesses that are able to fortify their cyber security using the product may be able to get more favorable coverage terms such as lower or zero deductibles, and support services in the event of an […]

Japanese Teen Arrested for Wallet Password-Stealing Malware

Japanese Teen Arrested for Wallet Password-Stealing Malware

A 17-year old boy was recently arrested by the Japanese police for being suspected as the author of a malware that steals the private keys of cryptocurrency wallets. The teen reportedly embedded the malware in the market data viewer app that he created. One of the places the app was distributed was on the Monacoin forum, which is regarded as “the first Japanese cryptocurrency”. A user said that around 170 Monacoins worth roughly around $500 was stolen from his wallet after he downloaded and installed the app. When questioned by the police, the teen simply said in his defense that […]

Apple Restores Telegram in App Store

Apple Restores Telegram in App Store

Apple announced that it has restored popular secure messaging app Telegram in its App Store. Telegram and Telegram X had been removed yesterday when Apple found that inappropriate content was being spread on the messaging platform. Both apps however, were not removed from Play Store. CEO Pavel Durov revealed that around 500,000 users download Telegram everyday on Play Store, and 100,000 for iOS. Telegram, which is touted as a more secure than apps such as WhatsApp, use end-to-end encryption, supports self-destructing messages, and leaves no data on company servers.  Source: ZDNet