Tag Archives: Symantec

Drone Hacking Concerns, Spam Rate Record

Army orders the removal of DJI drones, citing cyber security concerns

“National security risks cited”

A memo from the U.S. Army verified by Reuters advises that all operations involving  DJI drones “cease all use, uninstall all DJI applications, remove all batteries/storage media and secure equipment for follow-on direction.” Further into the memo the army outlines the greater cyber vulnerabilities associated with the DJI, and the discontinuation covers all of the relevant software and hardware related to the DJI products.

Big data breach unmasks Bloomberg chat room users

“Almost one thousands anonymous users unmasked”

This week a London investment firm has sent out a list of participants, including names and employers, of an anonymous Bloomberg chat room that had been breached sometime last month by cybercriminals. The breach is the largest for Bloomberg’s financial information firm, and led to the temporary shutdown of the metal and mining chat, among others.

Spam Rate Hits Two-Year High

“Emergence of specific malware likely to blame”

In July of this year the global spam rate has skyrocketed to the levels of March 2015, largely due to the emergence and spread of email malware from Symantec. Self-spread malware variants are the worst offenders, contributing to the 54.9% spam rate throughout the whole month.

Australian Information Commissioner commends Red Cross for data breach response

“Database backup of thousands of donors now deemed safe”

In October of 2016, many metrics relevant to thousands of donors had appeared publicly online. This prompted security concerns among thousands, fearing their sensitive information was put in jeopardy. Almost a year later in 2017, Australian Information and Privacy Commissioner Timothy Pilgrim concluded his investigation and claims that his confidence is now restored in the Red Cross and the security of its personal information stores.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 165

WannaCry ‘Highly Likely’ Work of North Korean-linked Hackers, Symantec Says

“Lazarus hacking group suspected”

One of the most debilitating ransomware attaks in recent memory was almost certainly the work of North-Korean linked hacking organization ‘Lazarus,’ security group Symantec claims. The suggestion was based on information that the tools and infrasturcture of the program are similar to that of previous Lazarus projects.

Russian Hackers Infected 1 Million Phones With Banking Trojan

“Over 20 suspects involved”

Russian Interior Ministry authorities announced that a major cybercriminal gang has been disbanded on Monday. This paricular group had been responsible for almost $900,000 from banking instituions after the infection of over one million Android devices. The group leader is believed to be a 30-year-old in Ivanovo, however members are spread through at least five regions of Russia.

Hackers easily trick scanner to unlock Samsung Galaxy S8

“Concerns of featured security measure”

Samsung has been touting their new iris recognition technology as ‘virtually impossible’ to replicate, advertising it as the new flagship S8 security feature. However the hacking group Chaos Computer Club (CCC) has had a differnet story to tell about the new phone’s technology. The organization has claimed that it has easily defeated the feature with just a camera, printer, and a contact lens.

Emerging Threats to Add to Your Security Radar Screen

“New tech promises even more complex defense in the future”

The technology of the future, such IoT and machine learning devices, promise to increase productivity to points never before imagined. However, they also promise to make security threats even more broad than they currently are. As more and more businesses across all fields employ the technology, the vulnerabilities continue to spread with them.

10Fold- Security Never Sleeps- 158

Mysterious Hajime Botnet Grows to 300,000 IoT Devices: Kaspersky

“About 300,000 devices already captured”

Kaspersky Labs security researchers has revealed that a new botnet malware emerging in October of last year, Hajime, has been busy ensnaring thousands of IoT devices. This new strain came on the scene around the same time we saw the Mirai attacks and targets devices in the same way without using them for DDoS processes.

Chipotle Investigating Payment Card Breach

“Unauthorized activity recently detected on network”

Popular restaraunt chain Chipotle Mexican Grill informed its recent customers on Tuesday that the company’s payment archives from its over 2,000 locations may have been breached. With an investigation ongoing, the information being made to the public is still limited.

Game guide malware ‘targeted more than 500,000 users’

“Popular mobile games affected”

App based game guides that include some of the most popular programs have been used to attack over half a million Android users. Google Play harbors the applications responsible for the malware, with researchers at Checkpoint reporting that the apps project unwanted ads and other issues to users.

Web Attacks Decline, Ransomware Attacks Surge

“More efficient and lucrative attacks developed”

New ransomware attacks on end users have been detailed by Symantec’s annual Internet Security Threat Report. The report shows the effects of cyberattacks on intended victims as well as the growing trend in ransomware attacks, up 36% last year.

Enjoy your read? Check out our other content here.

10Fold – Security Never Sleeps – 35

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Security researchers have found that nearly all versions of the Magento e-commerce platform allows hackers to embed malicious JavaScript code insider customer registration forms on millions of e-commerce sites. A symantec partner has allegedly been caught running a tech support scam by leveraging bogus threats to sell overpriced security software. Sixteen lawmakers are trying to end congress’ gridlock by offering new bills that would help ensure student and employee privacy. Blockchain has emerged as a more secure, transparent, faster and less expensive financial alternative and continues to push for adoption throughout various industry.

Bug In Magento Puts Millions Of E-Commerce Sites At Risk Of TakeOver – Publication: Ars Technica – Reporter name: Dan Goodin

Millions of online merchants are at risk of hijacking attacks made possible by a just-patched vulnerability in the Magento e-commerce platform. The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition prior to and, respectively, according to researchers from Sucuri, the website security firm that discovered and privately reported the vulnerability. It allows attackers to embed malicious JavaScript code inside customer registration forms. Magento executes the scripts in the context of the administrator account, making it possible to completely take over the server running the e-commerce platform.

Symantec Partner Caught Running Tech Support Scam – Publication: Network World – Reporter name: Gregg Keizer

According to San Jose, Calif.-based Malwarebytes, Silurian Tech Support ran a scam in which its employees, who billed themselves as support technicians, used obscure but harmless entries in Windows’ Event Viewer and Task Manager to claim that a PC had been overwhelmed by malware, then leveraged those bogus threats to sell overpriced copies of Symantec’s Norton security software and an annual contract for follow-up phone support.

5 Things Congress Should Learn From New State Privacy Bills – Publication: Wired – Reporter name: Any Greenberg

On Wednesday 16 states’ lawmakers, with the advice and coordination of the American Civil Liberties Union, introduced bills designed to shore up Americans’ privacy on a long list of issues that federal lawmakers have either ignored or allowed to become paralyzed in Congress’s endless gridlock. That collective legislative push, which the ACLU is calling Take CTRL, addresses everything from student and employee privacy to new police surveillance techniques. The bills, together, would cover more than a 100 million Americans, by the count of the ACLU’s advocacy and policy counsel Chad Marlow.

How Will Bitcoin And Blockchain ‘Cross The Chasm’? An Analysis Of 5 Strategies – Publication: Forbes – Reporter name: Laura Shin

Blockchain, or distributed ledger, technology is more secure, transparent, faster and less expensive than current financial systems. And it has applications in other sectors like identity issuance, land titles, provenance and more. But for all its superiority, it finds itself in what disruptive innovation author Geoffrey Moore would call “the chasm”: Right now, tech enthusiasts and other people who have strong reason to prefer this technology over existing options have adopted it, but the companies in the space now need to attract users outside the core believers.