Industry News

Industry News

Get caught up on the latest news.

2015

Sep. 18, 2015 Compromised WordPress sites redirect visitors to Nuclear Exploit Kit? Thousands of websites – predominately WordPress websites – were compromised with malware code that ultimately redirects visitors to a landing page hosting the Nuclear Exploit Kit, according to Sucuri.
Sep. 08, 2015 Anti-Forensic Malware Widens Cyber-Skills Gap The rise of attacks that use file-less malware and other anti-forensics measures is creating a greater-than-ever skills gap in the cybersecurity industry. Increasingly, bad actors are using techniques that leave little trace on physical disks. And unfortunately, the white hats aren’t keeping up: There’s a shortage of digital forensics practitioners able to investigate these types of offensives.
Aug 21, 2015 Neutrino Serves CryptoWall 3.0 from Thousands of WordPress Sites The Neutrino Exploit Kit (EK) is spreading via fresh WordPress compromises, delivering a miserable payload: CryptoWall 3.0. Zscaler said inan analysis that in the beginning of July, Neutrino incorporated the HackingTeam 0-day (CVE-2015-5119), “and in the past few days we’ve seen a massive uptick in the use of the kit.”
Aug 19, 2015 Microsoft Releases Critical IE Patch for RCE Flaw Microsoft has been forced to release an out-of-band security update for a critical remote code execution vulnerability in Internet Explorer being actively exploited in the wild. Redmond claimed in an advisory that the flaw could be exploited by a specially crafted web page viewed through IE versions 7-11 inclusive.
Jul. 22, 2015 Windows Server 2003 end WS2003of life – what does this mean for your business? On 14 July Microsoft ended support for Windows Server 2003. This means that any companies still using it will no longer be updated, kept secure, nor receive any fixes. Despite this, 60% of businesses are still using Windows Server 2003, and have not yet migrated to an alternative.
Jul. 20, 2015 Microsoft releases out-of-band patch for all versions of Windows Microsoft released an out-of-band patch on Monday, which fixes a problem in the Windows Adobe Type Manager Library that could lead to remote code execution (RCE) on the host system if exploited.
Jul. 15, 2015 Microsoft kicks elderly Windows XP when it’s down Ends delivery of anti-malware signatures for Security Essentials on XP; stops serving clean-up tool.
Jul. 09, 2015 Despite warnings, majority of firms still run some Windows Server 2003 Enterprises are still heavily dependent on Windows Server 2003 even though there were plenty of warnings that support is coming to an end on July 14 — and this opens them up to security, compliance and operational risks.
Jun. 29, 2015 Cybercriminals adopt recently patched zero-day exploit in a flash Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.
May 05, 2015 Cybercriminals borrow from APT playbook in attack against PoS vendors Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns.
Apr. 16, 2015 POS threat ‘Punkey’ allows additional malware download for greater access Investigation efforts by the U.S. Secret Service and security firm Trustwave have turned up a new point-of-sale (POS) malware threat, dubbed “Punkey,” which shares the same code base as NewPosThings, another malware family targeting payment card terminals.
Mar. 23, 2015 New malware program PoSeidon targets point-of-salesystems Retailers beware: A new Trojan program targets point-of-sale (PoS) terminals, stealing payment card data that can then be abused by cyber-criminals. The malware combines key logging and memory scraping functionality.
Mar. 09, 2015 Analysts discover two POS malware families, PwnPOS and LogPOS Security researchers have discovered two point-of-sale (POS) malware families: “PwnPOS,” which showcases attackers’ “simple but thoughtful construction” for skirting detection, and the “LogPOS” family that uses Microsoft Windows’ mailslots to deliver stolen credit card data to attackers.
Mar. 08, 2015 Two New POS Breaches Lead to Fraud Global luxury hotel chain Mandarin Oriental Hotel Group and Natural Grocers, an organic and health food grocery chain with stores in 15 states, are the latest retailers to confirm card compromises connected to breaches of their point-of-sale systems.
Feb. 12, 2015 Forbes.com attackers exploited zero-days in Flash, IE Hackers that attacked Forbes.com’s Thought of the Day page for several days last November exploited zero-day vulnerabilities in Internet Explorer (IE) and Adobe Flash in an effort to target U.S. financial services and defense contracting companies.
Jan. 20, 2015 Are you ready for the end of Windows Server 2003? Microsoft is cutting off support for the popular OS in six months, so you need to start putting together a migration plan now.
Jan. 20, 2015 Laggards face looming Windows Server 2003 retirement Some won’t make the migration before Microsoft stops serving patches in July, say experts.

2014

Dec. 4, 2014 Why Attacks Exploit Common POS Systems A remote-access attack that compromised a parking facility provider with locations in Illinois, Pennsylvania, Ohio and Washington highlights how commonly used point-of-sale terminal and software brands are increasingly being exploited by hackers.
Nov. 26, 2014 Researchers identify POS malware targeting ticket machines, electronic kiosks Electronic kiosks and ticketing systems are being targeted by a new type of point-of-sale (POS) threat known as “d4re|dev1|,” which acts as an advanced backdoor with remote administration and has RAM scraping and keylogging features, according to IntelCrawler.
Nov. 10, 2014 Home Depot IT: Get hacked, blame Windows, switch execs to MacBooks If IT can’t deploy patches in a timely fashion, then take a page from Home Depot and blame Windows after getting hacked.
Nov. 04, 2014 New Variant of Backoff Malware Tougher to Detect A new and more fine-tuned version of the Backoff point of sale malware known as ROM has been spotted in the wild, according to researchers.
Nov. 03, 2014 Card Breaches: Retailers Doing Enough? Merchant, Banking Groups Clash over Payments Security. The debate over accountability for card fraud has heated in recent weeks between leading retail and banking associations.
Oct. 30, 2014 Home Depot Breach Cost CU’s $60 Million 7.2 Million Credit Union Cards Affected. The fallout from the Home Depot data breach is starting to be felt by financial institutions. Credit unions have spent nearly $60 million to reissue cards, deal with fraud and cover other costs as a result of the breach, according to the Credit Union National Association.
Oct. 24, 2014 Trying to Avoid Backoff Malware? Good Luck To avoid Backoff malware infections, Damballa advises firms to act as if they are in a state of continuous breach. Malware remains a popular modus operandi for hackers, many of whom are using the Backoff model to infiltrate some of your favorite retailers.
Oct. 24, 2014 The “Backoff” malware linked to data breaches is spreading The “Backoff” malware linked to data breaches is spreading.
Oct. 22, 2014 Zero-Day Attack New Exploit Linked to Russian “Sandwarm” Hackers Microsoft is warning Windows users that they’re vulnerable to a new zero-day flaw that attackers have been exploiting to remotely execute arbitrary code.
Oct. 10, 2014 Kmart Says Payment Cards Breached ‘New Form’ of Malware Evaded Anti-Virus Systems. Retailer Kmart has confirmed a breach that started in early September involving a “new form” of malware that infected the company’s payment card systems.
Oct. 09, 2014 Dairy Queen Confirms Card Breach 395 Locations Affected by Backoff Malware. Dairy Queen has confirmed that Backoff point-of-sale malware was used in a payment card breach that affected 395 of its 4,500 franchised U.S. locations.
Oct. 07, 2014 Despite looming end of life, study shows XP remains primary OS A recent series of customer studies by mobile management firm Fiberlink shows a pattern of risky behavior, and widespread usage of a soon to be dead operating system.
Sep. 26, 2014 Vendor: 100 Restaurants Breached Signature Systems Says Jimmy John’s Just One of the Victims. The point-of-sale vendor behind the recently confirmed Jimmy John’s data breach has stepped forward, saying that along with the 216 impacted Jimmy John’s locations, an additional 108 different restaurants were compromised.
Sep. 24, 2014 Fraud Tied to Home Depot Breach Mounting Ramp Up Called ‘Greater Than Target.’ Fraudulent transactions stemming from the massive Home Depot payment card breach have been occurring since early September, security experts say, forcing many financial institutions to reissue cards for affected customers.
Sep. 18, 2014 Home Depot: 56 Million Cards Breached Retailer Says Custom-Built Malware Evaded Detection. Home Depot says an estimated 56 million payment cards were exposed in the data breach at its U.S. and Canadian stores.
Sep. 16, 2014 Why retailers like Home Depot get hacked Experts say retailers have ignored for years the vulnerabilities that exist in payment systems.
Aug.24, 2014 Backoff malware threat worse than thought and you may be affected More than 1,000 businesses have had their point-of-sale systems compromised by Backoff, a family of malware that has the ability to record input from keyboards and control the communications of the infected hardware. Along with recording keystrokes and transmitting stolen PoS data to criminals, the Backoff family of malware can also scrape the short-term memories of computer and nearly immortalize itself by taking refuge in the explorer.exe process — Windows’ explorer.exe process generates file folders and program windows.
Aug.23, 2014 Secret Service: Over 1,000 Business Infected with “Backoff” PoS Malware The United States Secret Service estimated more than 1,000 businesses have been infected by the “Backoff” point-of-sale malware, and many of them are unaware they have been compromised, according to a Department of Homeland Security advisory.
Aug.06, 2014 United States: What You Need To Know About Backoff Malware: The New Threat Targeting Retailers. The phrase “backoff” is an implied threat typically reserved for bumper stickers and mud flaps, but if you are a retailer that permits the use of remote desktop applications in your business, the name Backoff should be considered much more intimidating.
Aug.04, 2014 How ‘Backoff’ Malware Works and Why Banks Should Care Bankers, beware of Backoff. The Department of Homeland Security sounded an alarm last week about this young strain of malicious software. The agency directed its warning mainly at retailers, but banks are also vulnerable to Backoff in several ways and need to put defensive mechanisms in place.
Aug.01, 2014 Emerging POS Attacks Target Small Merchants Why Researchers Say Remote Access Risks Are Growing. A new point-of-sale malware strain known as Backoff has been linked to numerous remote-access attacks, putting small merchants at greatest risk, according to an alert from federal authorities.
Jul. 31, 2014 Attackers exploit remote access tools to compromise retail systems DHS warns retailers of threat to point of-of-sale systems. Malicious hackers are taking advantage of commonly used enterprise remote access tools to break into retail point-of-sale (POS) systems and plant malware on them, the U.S. Department of Homeland Security warned Thursday.
Jul. 23, 2014 RAM Scraper Malware: Why PCI DSS Can’t Fix Retail There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data. Target, Neiman Marcus, Michael’s, and possibly P.F. Chang’s all have one thing in common: They are recent victims of a type of malware called a RAM scraper that infects point of sale (POS) terminals.
Apr. 28, 2014 Windows XP Sees its first major vulnerability after Microsoft ends support A division within the United States Department of Homeland Security has warned against using old versions of the Internet Explorer browser, following the discovery of a security flaw that can lead to “the complete compromise of an affected system.” The flaw has led the division to advise the use of alternative browsers until Microsoft fixes the problem.
Apr. 08, 2014 Windows XP Goes Dark; Will Hackers Be Lurking? As Microsoft finally pulls the plug on its popular Windows XP operating system Tuesday, the computers of millions of online banking users could be more susceptible than ever to fraud.
 

2013

May 01, 2013 Cyber Attacks Timeline Bi-weekly review of the main cyber attacks. Probably this month will be remembered for the huge cyber-heist against two Payment Processors, and affecting two banks (National Bank of Ras Al-Khaimah PSC in the United Arab Emirates and the Bank of Muscat in Oman), which suffered a massive loss of $45 million due to an endless wave of unlimited withdrawals from their ATMs.
May 01, 2013 Is antivirus worth the investment? Only 8% of European companies plan to decrease spending on antivirus (AV) in 2013, compared with 21% that will increase their investment in this area, according to a recent poll by Computer Weekly. This is a worrying trend, because some types of AV can actually cause more harm than good.
Apr. 23, 2013 Cyber Attacks Timeline Two reports again claim China is the number one source of serious attacks. Whilst many nations are behind advanced, persistent cyber attacks, China is involved in most of them, producing many of the tools used by Internet-based spies and carrying out plenty of espionage campaigns, according to reports released today.
Apr. 05, 2013 APT attackers getting more evasive, even more persistent Fear of discovery fuels sneakier tactics by writers of persistent malware.
Feb. 13, 2013 The myth of signature-based security (and no, this is not about A/V) The breach at the New York Times (and subsequent release of other newspaper breaches) put a highlight on the level of effectiveness of anti-virus technology.