Network Security News Weekly

Current cybersecurity news to keep
you informed.

IT Services | Government | Financial |
Healthcare | Non-Profit

Network Security News Weekly

Articles of interest from the week of April 9, 2018

Auth0 authentication bypass issue exposed enterprises to hack
Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. Auth0 implements a token-based authentication model for a large number of platforms, it managed 42 million logins every day and billions of logins per month for over 2000 enterprise customers. (By: , Security Affairs)

Recent Breaches Tied to Chat Network Provider
A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider [24] that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others. (By: ,

Mirai Variant Targets Financial Sector With IoT DDoS Attacks
A variant of the Mirai botnet was used to launch a series of distributed denial of service campaigns against financial sector businesses. The attacks utilized at least 13,000 hijacked IoT devices generating traffic volumes up to 30 Gbps, considerably less intense than the original Mirai assaults clocked at 620 Gbps. Researchers said the Mirai botnet and malware variant also exhibited characteristics that may link it to IoTroop botnet (or Reaper), first identified October 2017. (By: , Threatpost)

Experts spotted a campaign spreading a new Agent Tesla Spyware variant
Agent Tesla is a spyware that is used to spy on the victims by collecting keystrokes, system clipboard, screenshots, and credentials from the infected system. To do this, the spyware creates different threads and timer functions in the main function. The experts first discovered the malware in June, when they observed threat actors spreading it via a Microsoft Word document containing an auto-executable malicious VBA Macro. (By: , Security Affairs)

ATMJackpot, a new strain of ATM Malware discovered by experts
The number of ATM jackpot attacks is increasing in recent years, in January US Secret Service warned of cybercriminals are targeting ATM machines in the US forcing them to spit out hundreds of dollars with ‘jackpotting’ attacks. In May 2017, Europol arrested 27 for jackpotting attacks on ATM across Europe, in September 2017 Europol warned that ATM attacks were increasing. (By: , Security Affairs)

A Step By Step Guide to Ransomware Disaster Recovery
Ransomware attacks are steadily rising and evolving. These attacks are a threat to the business continuity of an organization that can prevent business operations from ever resuming after being disrupted. For that reason, it is necessary for enterprises to have a ransomware disaster recovery plan for when they experience an attack. (By: , )

Blockchain, with its encrypted and immutable record, will eventually be used create universal digital identities, filled with information that only we will control and that will link back to the issuing banks, governments or even employers. (By: Senior Reporter, Computerworld)

The Impact of All 50 States Having Breach Notification Laws
With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become a bit more complicated, says privacy attorney Adam Greene. Privacy Attorney Adam Greene discusses these critical considerations and more. (By: , Information Security Media Group, Corp.)

2020 Vision: How to Prepare for the Future of Information Security Threats
Physical and cyber-attacks will be deployed simultaneously, creating unprecedented damage. Many nation states and terrorist groups (or both, working together) will have the capability to bring together the full force of their armaments – both traditional and digital – to perform a clustered ‘hybrid’ attack. The outcome, if successful, would be damage on a vast scale. (By: , Infosec Island)

Sign Up For Netsec News Weekly

Contact Us

If you are concerned about a potential breach or if you are currently experiencing a breach and require immediate assistance, contact our 24x7x365 Emergency Hotline:


Ingalls Information Security
Ingalls Information Security is a Pure-Play Cybersecurity Services Company with 100% of Operations in the United States