Cybersecurity

Windows to Delete Programs that Coerce Users to Upgrade

Windows to Delete Programs that Coerce Users to Upgrade

Microsoft recently announced that the Windows Defender, as well as their other security software, will delete programs which “bully” the user into upgrades or unwanted software. Barak Shein of Windows Defender Security Research confirmed that the company is ramping up its efforts against programs which make exaggerated claims about the health of the user’s system. Microsoft says that it has updated its evaluation criteria which defines what is malware and what is unwanted software.   The move is intended to protect users from software that display error messages in an exaggerated way to pressure the user into paying for a […]

CT, MRI Machines Hot Targets for Cyber Attack

A report by researchers from Ben-Gurion University in Beersheba, Israel recently warned that core medical equipment, particularly CT and MRI machines, are highly vulnerable to cyberattacks. The researchers said that attackers will look to exploit the increasing number of vulnerabilities of Medical Imaging Devices with outdated firmware. A number of incidents in the past have shown that hospitals are favorite targets of cyber criminals, especially ransomware distributors, since they prefer to pay the ransom than to prolong the disruption in services. The research team added that attackers could even manipulate the machines to pose harm to the patient and said […]

Hackers Divert Ransom Payments From Rival Cybercriminals

Hackers Divert Ransom Payments From Rival Cybercriminals

Earlier this week, researchers from cybersecurity company Proofpoint said that payments intended for ransomware distributors are being intercepted by other cybercriminals.   Rival attackers are said to be diverting the ransom, which is usually made in Bitcoin, to their own wallets by executing a man-in-the-middle attack using a Tor proxy browser. Ransomware victims are often instructed to buy and send cryptocurrency payments via Tor, but the researchers found that by doing so, the BTC wallet address in the ransom note got replaced.     The rival attackers were able to execute the diversion on the LockeR, GlobeImposter, and Sigma ransomware where […]

Microsoft Disables Intel Spectre Fix in New Update

Microsoft Disables Intel Spectre Fix in New Update

Microsoft recently issued an emergency out-of-band Windows update that disables Intel’s patch for the Spectre variant 2 attack. According to Microsoft, Intel’s mitigation caused a number of unexpected reboots and stability problems, as well as possible data corruption and loss. Around last week, Intel itself had warned customers not to deploy their fix due to the aforementioned issues. Hardware makers Dell and HP also pulled the BIOS updates which used Intel’s code that they had released. The Windows update is available for Windows 7 SP1, 8.1, and 10 for both client and server.       Source: ZDNet

Dutch Cyber Unit Hacked Russian Election Hackers in 2014

Dutch Cyber Unit Hacked Russian Election Hackers in 2014

It was revealed by Dutch media this week that the Netherlands’ Joint Sigint Unit was able to infiltrate state-backed Russian hacking group APT29 or “Cozy Bear” back in 2014.   Cozy Bear is suspected to be behind the DNC hack in 2016. The JSCU was said to have breached the group’s network and observed its members and their activities using a nearby security camera. The JSCU shared their findings with the CIA and NSA until the 2016 elections when they discontinued their surveillance on the account of it being compromised. Source: TechCrunch

New Digital Geneva Convention Needed, Says Microsoft

New Digital Geneva Convention Needed, Says Microsoft

At the recent World Economic Forum in Davos, Switzerland, Microsoft president Brad Smith spoke against the recent spate of cyberattacks and pushed for a global set of norms which will regulate the activity of governments in cyberspace. Smith called for a “new digital Geneva Convention” and said that global tech companies should work with political leaders to reassess existing regulations and proposed that an international body should apply said regulations, in addition to new laws. This is the second time Smith pushed for a digital Geneva Convention, the first being in February 2017 right after the DNC hacking incident. Source: […]

TAFE Institutions in Australia to Offer Cybersecurity Courses

TAFE Institutions in Australia to Offer Cybersecurity Courses

To tackle the shortage of skills in the sector, Australia’s TAFE institutions have announced that they will now be offering cyber security qualifications which have been developed in partnership with ANZ Bank, the Australian Information Security Association, BAE Systems, Cisco Australia and New Zealand, CITT, the Commonwealth Bank of Australia, Deloitte, ISACA, NBN, REA Group, and Telstra. According to newly appointed Minister for Law Enforcement and Cybersecurity Angus Taylor, Australia will be in need of around 11,000 qualified cybersecurity specialists in the coming years since the industry is expected to grow around three times within the next decade. AustCyber, an […]

Major Tech Companies Allow Russia to Scrutinize Software Used by US Government

Major Tech Companies Allow Russia to Scrutinize Software Used by US Government

According to a Reuters source, major tech firms such as SAP, Symantec, and McAfee are allowing the Russian government access to the source code of software being used across US government agencies. Allowing Russian defense agencies to probe the inner workings of their products is the only way tech companies will be able to do business in Russia, which its government says is necessary so that it can detect possible flaws that could be exploited. However, US lawmakers and security experts say that this could potentially put the security networks of federal agencies such as the Pentagon, NASA, the State […]

Google’s Alphabet Launches Cybersecurity Business

Google’s Alphabet Launches Cybersecurity Business

Last Wednesday, Google’s parent company, Alphabet, announced the launch of its new, independent cybersecurity firm named Chronicle. Chronicle was initially conceived in Alphabet’s moonshot company X in 2016. According to CEO and ex-Symantec executive Stephen Gillett, Chronicle is currently developing an intelligence and analytics platform to help businesses stop cyber attacks and make sense of their cybersecurity data. Gillett added that the platform will help IT teams with issues such as gaps in available information due to budgetary constraints, and lessening the workload by effectively filtering security alerts. Chronicle’s platform is currently being tested by a number of Fortune 500 […]

Skype, Signal, Slack, Twitch Affected by Software Framework Flaw

Skype, Signal, Slack, Twitch Affected by Software Framework Flaw

Last Monday, the Electron team revealed that it had patched a bug that affects the Electron framework, a a popular software-building framework used by a number of desktop apps such as Skype, Signal, Slack, Basecamp, WordPress.com, Twitch, Ghost, and others. The remote code execution vulnerability in Electron only affects Windows apps. The team also included a workaround for developers whose apps cannot be updated to the new Electron framework code, but warned that attackers may soon find a way to exploit it. Microsoft also announced that it has updated Windows Defender so that it can detect any attempts of attackers […]