Tag Archives: EU

10Fold Security Never Sleeps- GDPR, Law and IoT

New Trojan malware campaign sends users to fake banking site that looks just like the real thing

“False login ages steal sensitive info”

A credential stealing trickbot banking malware has been engaging in a email spam campaign that gives users a fake webpage that is nearly identical to the original. Online banking users in the US, UK, Australia, and many other countries have been affected, and this number is expected to grow as those developing it have been experimenting with EternalBlue. This was the exploit that allowed WannaCry and Petya to spread so efficiently.

Can U.S. lawmakers fix IoT security for good?

“Inter-connectivity leaves devices vulnerable”

Several U.S. Senators believe they have proposals that will aid in preventing the attacks that have plagued IoT devices in the last few years. The proposed solutions, put forward in the Internet of Things Cybersecurity Improvement Act of 2017. Many expert analyses of the IoT Act reveals that it’s likely a hearty step in the right direction, but it may not be enough to stop the tide of attacks that cause major issues for many people.

How to protect personally identifiable information under GDPR

“New rules grant more rights in PII for consumers”

The GDPR goes into force May 25, 2018, impacting many firms worldwide that process data for EU citizens. Heavy fines and other penalties are due to the companies that do not enforce the more rigorous personal identifiable information (PII) regulations, often up to 4% of a firms yearly revenue. Breaches are also required to reported with three days.

Ex-NSA Analyst Raises $10 Million To Stop Hackers Destroying Power Grids

“Infrastructure targets more popular”

Part of an espionage mission to disrupt critical services began in 2013, when a U.S. dam was targeted by mercenaries hired by Iran’s revolutionary Guard Corps. This relays the importance of national cyber security, recognized by Rob Lee, who was once part of National Security Agency and currently co-founder at infrastructure-focused cybersecurity firm Dragos Inc. The firm has recently raised $10 million in Series A funding for its goals, and a recognition of the seriousness of the situation.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 177

More than half of major malware attack’s victims are industrial targets

“Petya intended effects examined”

Kaspersky Labs has released a new report with some grand insights in the Petya malware attack. First appearing as a widespread ransomware attack, it became clear later into the ordeal that the spread was more intended for destruction rather than financial gain. Kaspersky reported specifically that financial sectors were the most affected, as well as manufacturing or oil mechanisms.

Hacking Factory Robot Arms for Sabotage, Fun & Profit

“Could open a new world of ‘Subtle Blackmail'”

Black Hat talk will discuss how cybercriminals could manipulate robotic arms and create defects in vital products. Security researchers have been accumulating cache’s of big discoveries about IIoT vulnerabilities, and Black Hat is planning on continuing their release to raise awareness of critical flaws in infrastructure, power grids, and gas pipeline controls.

General Data Protection Regulation (GDPR) requirements, deadlines and facts

“EU legislation lowdown” 

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and non-compliance could cost companies dearly. This article details what every company that does business in Europe needs to know about GDPR.

Online fraud costs public billions but is still not a police priority, says watchdog

“Policing institutions not enforcing rules effectively”

The National Audit Office has claimed that various policing and regulatory agencies were insufficiently addressing the issue of online fraud. The NAO says that for most police forces the incidents are: “not yet a priority” and the problem had been overlooked by government, law enforcement and industry.

10Fold- Security Never Sleeps- 167

New Jaff Ransomware Variant Emerges

“Another active threat detected”

As WannaCry headlines begin to die down, another variant of a detrimental ransomware has begun to make the rounds. Jaff, a necurs distributed botnet, uses a similar deliery system as Locky and WannaCry. This gives security researchers an insight into the threat actors who designed Locky and Dridex, who also launched the Bart ransomware that grew concerns last year.

Survey Shows Disparity in GDPR Preparedness and Concerns

“New regulation affects any firm that does business in EU”

The GDPR will take affect one year from toay, but there seems to be little readiness for firms to take on the necessities outlined in the legislation. Specifically, geographic differences are highlighted in a recent study that shows just how ill-prepared disparate nations are.

Newly discovered vulnerability raises fears of another WannaCry

“Tens of thousands of devices potentially open to attacks”

A recently found flaw in widely used networking programs have a new flaw that could leave users open to ransomware like WannaCry. The U.S. Department of Homeland Security announced the potential for harm on Wednesday, which is claimed to be able to take control of the compromised device entirely without a patch applied by the user and admisistrator.

 

10Fold- Security Never Sleeps- 163

“Patched” WannaCry Ransomware Has No Kill-Switch

“New variant proves tough to stop”

The recent WannaCry ransomware outbreak was stopped by registering domains that act as kill-switches, ending a particularly malicious software that attacked government organizations, hospitals, ISP’s, carmakers, and more in a matter of days. A new variant that is not affected by the previous kill-switch is now available, however, making researchers concerned over a new potentially serious outbreak of the same malware. Organizations in Europe are the most critically affected thus far, prompting Europel to organize a task force specifically to assist in the investigation.

‘WannaCry’ Malware Attack Could Just Be Getting Started: Experts

“200,000 computers estimated to be affected”

Computers worldwide have been affected by a massive ransomware attack last week. Researchers believe this attack could just be the beggining of a storm of new malware, with two fresh variants detected since the end of last week.

The 22-year-old who saved the world from a malware virus has been named

“WaanaCry was no match for this young researcher”

Marcus Hutchins has been credited with the stop of the notorious WannaCry ransomware attack last week. From a small bedroom in his parents home on the Devon coast, cyber security researcher Hutchins was able to impede the spread of the malware from causing any further damage.

Microsoft Warns Governments Against Exploit Stockpiling

“Should serve as a ‘wake up call'”

Microsoft President and Chief Legal Officer Brad Smith has reiterated a call for a ‘Digital Geneva Convention’ after news of the WannaCry outbreak broke last week. Smith claimed that the recent scare should remind all governments that the internet security realm is still vulnerable, and coordination internationally is a worthy and necessary cause.

NHS Hack Could Be About to Become Far Worse As People Switch on Computers After Weekend

“Experts believe a re-infection possible”

NHS specialists are concerned that equipment and comouters may be re-infected after they were shut off over the weekend to stop the spread of last weeks malware attack. Over 200,000 devices in 150 countries were infected, originating in the UK Friday before making it to all parts of the globe in mere hours.

10Fold- Security Never Sleeps- 108

Vulnerabe IBM Code Pulled After Insistence From Security Experts

“Potential to affect several versions of WebSphere”

A researcher who was able to successfully exploit a proof of concept code able to affect WebSphere versions 7, 8, 8.5, and 9 was censored without major damages occurring. Maurizio Aggazini was cooperating with IBM to responsibly patch and censor vulnerabilities experienced in the firm’s products. These include the deserialization of untrusted data sources, causing DoS issues and allowing re,ote execution of hacking.

Half of Androids Able to be Compromised to Seemingly Outdated Malware

“Ghost Push capable on infecting Androids up to version 5”

A fairly dated yet successful malware program known as Ghost Push is reportedly still one of the most widely effective software’s used to exploit unsuspecting users. Cheetah Mobile experts say that the majority of the infections are received from application downloads not installed through the Google Play store. The Trojan program is capable of preventing third parties from gaining root privilege.

UK Firms Could Face Huge Increase in Data Breach Fines in 2018

“New EU legislations could enact harsh penalties”

PCI Security Standards Council is recommending technology companies to bypass extremely increased costs of fines that new legislation from the European Union is poised to enact. In 2015 90% of large scale firms and 74% of SME’s had reported at least one security breach, reaching just about 1.4 billion pounds worth of consumer protection fines. The EU General Data Protection Regulation is set to put harsher regulations into place that will affect firms that will instill penalties of up to €20m.

Hackers Successfully Infiltrate Senate GOP Committee

“Accelerates fears of security vulnerabilities”

While news reports of Democratic Party server hacks run rampant through the press, Republicans have been hit with a particularly devastating cyberattack by Russian operatives. For the last six months, cybercriminals have allegedly been siphoning credit card information from customers in the web storefront of the National Republican Senatorial Committee, selling the data in the black market.