Widespread routers’ DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking malware designed to steal users’ login credentials and the secret code for two-factor authentication. According to security researchers at Kaspersky Labs, ...
Read More »Cyber Security News
Upgrading cyber attacks to a Grade A risk status
Businesses do themselves a good deal of harm if they think it is only a tech issue and worryingly the Middle East’s response to combat the threat lags the rest of the world. Cybersecurity — you’re either ready or you’re not. The alarm has been sounding for quite some time. It is no longer a question of if your organisation ...
Read More »2018: Scariest Year of Evil Things on the Internet
Acts of evil on the internet are on the rise, according to the 2018 Internet of Evil Things survey. In its fourth consecutive year, the survey, conducted by Pwnie Express, polled more than 500 security professionals and found their collective responses to be “the scariest survey results we’ve seen yet.” The report indicates that security professionals have a heightened concern for growing threats, ...
Read More »Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests
Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access (RDMA) channels. However, a separate team of security researchers has now demonstrated a second network-based remote Rowhammer technique that can be used to attack systems using uncached memory or flush instruction while processing ...
Read More »Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext
For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered yesterday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing remote attackers to inject malicious code on ...
Read More »Around 57% Indian IT managers can’t identify network traffic and 61% are clueless about bandwidth consumption: Sophos report
Nearly 57 percent Indian IT managers can’t identify network traffic while 61 percent don’t know how their bandwidth is consumed, a new report said on Wednesday, adding that the majority of Indian IT managers have legal liabilities when it comes to unidentified traffic at their workplaces. According to British IT security company Sophos’ global survey titled The Dirty Secrets of Network ...
Read More »State of Cybersecurity 2018: Enterprises Can Do Better
There is certainly more awareness about the importance of cybersecurity now than ever before, but are things in cybersecurity better or worse than they were 12 months ago? In the past year, we have seen mega-malware such as Wannacry and NotPetya temporarily wipe out some enterprises and services. We have seen new records set by DDoS attacks, with the largest ...
Read More »Microsoft Patches Two Zero-Day Flaws Under Active Attack
It’s time to gear up for the latest May 2018 Patch Tuesday. Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs. In brief, Microsoft is addressing 21 vulnerabilities that are rated as critical, 42 rated important, and 4 rated ...
Read More »Why Security Tools Need Inline Bypass
Optimize Resiliency, Performance, Security and Cost Inline security tools — Web Application Firewalls (WAFs), Intrusion Prevention Systems (IPS) and Advanced Threat Protection (ATP) — are vital for securing your network, but can create their own problems, such as: • They represent network points of failure. • When an inline tool loses power, has a software failure or is taken off ...
Read More »A New Cryptocurrency Mining Virus is Spreading Through Facebook
If you receive a link for a video, even if it looks exciting, sent by someone (or your friend) on Facebook messenger—just don’t click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebook Messenger and targeting users of cryptocurrency trading platforms to steal their ...
Read More »