Network Security News Weekly

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the week of April 30, 2018


Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (By: , McAfee)

Drupalgeddon 2: Profiting from Mass Exploitation
If an unpatched server is found, the vulnerability allows for unauthenticated remote code execution under the privileges of the user which the web server and Drupal are configured to run. The uptick in scanning and exploit activity closely follows the aforementioned public release of exploit code. (By: , Volexity)

Police shut down the biggest DDoS-for-hire service and arrested its administrators
The operation dubbed Power Off allowed to shut down the biggest DDoS-for-hire service (webstresser.org) and arrest its administrators, according to the investigators the platform was involved in over 4 million attacks and arrested its administrators. The Europol confirmed that Webstresser.org had 136,000 registered users and was used to target online services from banks, government institutions, police forces and the gaming world. (By: , Security Affairs)

Hackers built a 'master key' for millions of hotel rooms
The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. (By: , Zero Day)

MICROSOFT CITES 24% JUMP IN TECH SUPPORT SCAMS
According to company data, Microsoft received 153,000 reports from customers who had encountered or fallen for tech support scams in 2017, an increase of nearly a quarter over the year prior. Of that number, approximately 15,000 - or about 1 in 10 - admitted that they'd lost money from such scams. With the range of losses Wahlstrom described, that meant Microsoft's customers paid out between $3 million and $6 million to criminals. (By: , Computer World)

Nearly Half of U.K. Factories Admit to Falling Victim of Cyberattack
A new survey has found that 48 percent of U.K. factories have been hit by a cyberattack. The data comes after more than 80 of the country's manufacturing plants suffered cyberattacks, which could put critical national infrastructure at risk. (By: , )

How Can You Tell If Your Enterprise Has Been Hacked?
In cybersecurity, half of the struggle is simply preventing a data breach or cyber-attack on your enterprise. The other half is dealing with a hacker once they have infiltrated your enterprise’s network, as is sadly bound to happen one day. This can and often does involve closing the security hole that let the hacker in, removing their malicious presence from your servers, evaluating the damage, and alerting those affected by the breach. (By: , Solutions Review)

What You Need to Know About GDPR Breach Disclosure, Response
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident. (By: , Bank Info Security)



Sign Up For Netsec News Weekly

Ingalls Information Security
TOP