Home IFTTT Trend Micro Simply Security This Week in Security News

This Week in Security News

By
Friday, September 04, 2015
Read
Add Comment
iStock_000014209210_Medium

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days.

Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!

 

A Cyberespionage Campaign against Targets in the Middle East is Under Way

Our threat researchers released a new report that details the activities of a group of hackers we call Rocket Kitten. The report highlights some new activities uncovered with the help of another research organization, ClearSky, who collaborated with us on the new report.

Blackmail and Deletion Offers Hit Ashley Madison Users

How much is keeping a secret worth? According to hackers taking advantage of the Ashley Madison hack, it’s worth only up to one Bitcoin – around 230 US dollars at current exchange rates. Some attackers promised to delete the compromising personal information if the victim paid their blackmail. 

China and Russia are Using Hacked Data to Target U.S. Spies, Officials Say
Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said. 

Court Rules Employers are Liable for Poor Cybersecurity

On top of suffering financial and reputational loss, employers are now open to being punitively charged with neglecting due diligence in protecting the digital security of consumers. The United States Court Of Appeals for the Third Circuit ruled that the FTC has the authority to sue companies that experience data breaches.

Bulletproof Hosting Environment are Rising

The underground itself has become professionalized to a level that would rival the way multinational corporations would operate with subsidiaries, and overseas. A myriad of new services are available and greater operational security is paid to the forums themselves with more advanced attack capabilities as well as lower prices, which allow for more criminals who are not cyber-capable to get in the game. 

Cyber Risk Poses Increased Threat in Mergers and Acquisitions
Companies need to treat cyber security threats as business risks that could derail multibillion-dollar mergers and acquisitions – and not relegate risk mitigation to technology staff, prominent senior executives and directors have warned this week.

Email Spam has been on a General Decline

Threat actors have learned how to work smarter using targeted attack methods to identify who they want to target and limit the number of individuals they will attack. Spammers today have access to the cybercriminal underground markets (Cyber Arms Bazaar) where they can buy email lists to be used in their campaigns.

The Next Generation of Would-Be Cybercriminals are the Lone Rangers of the Underground

The underground market for malware tools, vulnerabilities, exploit kits and every other criminal niche is fully mature and the barriers to entry have fallen away over the years. Individual attackers can access established criminal toolkits at low to no cost, former high value malware such as ZeuS have become almost open source projects, spawning a variety of improvements or imitators and basic tools such as keyloggers or system lockers are being combined to devastating effect.

The FBI Alerts that Business Email Scam Losses Exceed $1.2 Billion

The FBI, in a new alert, estimates that fraud losses linked to so-called business email compromise scams worldwide totaled more than $1.2 billion from October 2013 to August 2015. But some financial fraud experts say the losses from this largely overlooked threat could be even higher because the incidents often are not reported.

Attackers Target Organizations in Japan and Transform Local Sites into C&C Servers for EMDIVI Backdoor

Our researchers identified an active campaign compromising Japanese websites to serve as command and control (C&C) servers for the EMDIVI backdoor they’re using to target companies in Japan and the U.S.

Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.



from Trend Micro Simply Security http://ift.tt/1i16lJh
via IFTTT
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us