Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Bomb threat spam ...

 Business

In late August, our mail traps started picking up some unusual blackmail messages. In them, cybercriminals claim to have planted a tetryl-charged bomb somewhere in the recipient’s office and say it will be detonated unless a ransom is paid or if police activity is observed near the building. In reality, of   show more ...

course, there is no bomb — it’s an empty threat mailed indiscriminately to companies of all sizes. Cybercriminals count on scaring the victim into a knee-jerk response, because with time to think, they will realize that paying ransom solves nothing — if there is a bomb in the building, it’s not going anywhere. In terms of structure and delivery method, this type of blackmail is the logical continuation of scam mailings threatening to publish users’ private information. The extortionists aren’t choosing specific targets for such threats; they use huge mailing lists and hope that at least some of the recipients will take the threat seriously enough to pay up. The main difference in the “explosive” version is the increase in the ransom amount. Whereas individuals are asked to cough up the equivalent of $500–1,000 in bitcoin (the maximum we’ve seen was around $5,000), for companies supposedly rigged with explosives the amount rises to roughly $20,000. The bulk of the scam e-mails are written in German, but we found English versions as well. This batch of attacks appears thus far to be the work of just one entity, but if victims succumb to the threat and transfer money, the method is sure to attract imitators. Another potentially distinguishing feature of this new wave of extortion e-mails is the potential punishment: Blackmail is a crime in itself, but some countries have separate laws for false bomb threats. What to do To avoid becoming a victim of any ransomware scam, we recommend staying vigilant and following a few simple tips: Don’t panic — and never pay. Even if the threat were real, yielding to it wouldn’t solve the problem. Even if you suspect or know a threat is false, don’t respond; that would only confirm to the attackers that your e-mail address is valid and that the message has been read. And that would only cause the inflow of fraudulent messages and other spam to increase. Use reliable security solutions that automatically identify dangerous e-mails and block them before they reach employees’ inboxes. Our corporate mail security solutions use heuristic algorithms to detect such e-mails. Particularly good at this task are Kaspersky Security for Microsoft Office 365 and Kaspersky Security for Mail Server, which is part of Kaspersky Total Security for Business.

 Identity Theft, Fraud, Scams

Unscrupulous criminals are impersonating employees of the United States Department of Justice to scam elderly victims of crime.

 Malware and Vulnerabilities

An attacker can exploit these vulnerabilities by having an administrator visit a link — or even view an image — by using a specifically crafted payload specific to the targeted website.

 Companies to Watch

CyberRisk Alliance (CRA), a business intelligence company serving the cybersecurity and information risk management marketplace, has acquired Security Weekly, a cybersecurity podcast network.

 Malware and Vulnerabilities

Researchers have discovered a new Android spyware campaign pushing the “TikTok Pro” app to exploit users' fears of the popular social media app getting being banned in the United States.

 Trends, Reports, Analysis

The COVID-19 pandemic has led to a significant shift in tactics employed by cyber-criminals, according to Bitdefender’s Mid-Year Threat Landscape Report 2020, published today.

 Expert Blogs and Opinion

The growth of the cloud has been truly astonishing. In less than fifteen years, it has become part of everyday life and casual conversations about moving photos and other data into the cloud.

 Feed

Ubuntu Security Notice 4488-2 - USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly   show more ...

use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges.

 Feed

Red Hat Security Advisory 2020-3616-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.

 Feed

Ubuntu Security Notice 4491-1 - It was discovered that GnuTLS incorrectly handled certain alerts when being used with TLS 1.3 servers. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.

 Feed

A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said

 Feed

We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore lack the necessary skills to

2020-09
Aggregator history
Wednesday, September 09
TUE
WED
THU
FRI
SAT
SUN
MON
SeptemberOctoberNovember