Tuesday, July 22, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

IndependentKrebs
admin

Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 22:02:02 +0000

Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.

Read More
ComputerWorldIndependent
admin

Credit-card breach hits another restaurant chain

Credit to Author: Matt Hamblen| Date: Fri, 17 Mar 2017 13:33:00 -0700

Another sizeable payment card data breach has been discovered at a U.S. restaurant chain.

In the latest example, several high-end eateries run by Select Restaurants in Cleveland were the victims of fraudulent cards used by customers at its restaurants, according to a report posted Thursday on KrebsOnSecurity, a reliable site written by reporter Brian Krebs. Krebs said he learned about the case from anti-fraud teams at multiple financial institutions investigating “a great deal of fraud on cards used at a handful of high-end restaurants around the country.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

String of fileless malware attacks possibly tied to single hacker group

Credit to Author: Lucian Constantin| Date: Fri, 17 Mar 2017 11:56:00 -0700

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools, and fileless malware techniques might be the work of a single group of hackers.

An investigation started by security researchers from Morphisec into a recent email phishing attack against high-profile enterprises pointed to a group that uses techniques documented by several security companies in seemingly unconnected reports over the past two months.

“During the course of the investigation, we uncovered a sophisticated fileless attack framework that appears to be connected to various recent, much-discussed attack campaigns,” Michael Gorelik, Morphisec’s vice president of research and development, said in a blog post. “Based on our findings, a single group of threat actors is responsible for many of the most sophisticated attacks on financial institutions, government organizations, and enterprises over the past few months.”

To read this article in full or to leave a comment, please click here

Read More
SecuritySophos
admin

The dark web: James Lyne goes inside the hacker’s playground for NBC News

Credit to Author: Bill Brenner| Date: Fri, 17 Mar 2017 19:12:02 +0000

The dark digital world facilitates massive hacks like the one that affected Yahoo. James Lyne, our global head of security research, walks NBC Nightly News reporter Tom Costello through this haven for hackers. The report comes hot on the heels of a two-part segment on the dark web and ransomware that aired on the Today […]

Read More
FortinetSecurity
admin

Grabbot is Back to Nab Your Data

Credit to Author: David Wang and He Xu| Date: Fri, 17 Mar 2017 10:59:31 -0700

Introduction Fortinet recently discovered a new botnet capable of stealing large amounts of user information, as well as remotely manipulating compromised machines. The malware appears to be based on an older botnet known as Grabbot, which was first discovered back in November of 2014[1]. This new variant improves on that existing functionality while adding several dangerous new features. This blog aims to offer a quick insight into how Grabbot functions. Replication The bot can be found hosted on a number of compromised websites with a…

Read More
MalwareBytesSecurity
admin

Diamond Fox – part 1: introduction and unpacking

Credit to Author: Malwarebytes Labs| Date: Fri, 17 Mar 2017 15:00:41 +0000

In this short series of posts, we will take a deep dive in a sample of Diamond Fox delivered by the Nebula Exploit Kit (described here). We will also make a brief comparison with the old, leaked version, in order to show the evolution of this product.

Categories:

Tags:

(Read more…)

The post Diamond Fox – part 1: introduction and unpacking appeared first on Malwarebytes Labs.

Read More
FortinetSecurity
admin

Blockchain and Financial System Impact

Credit to Author: Keith Rayle| Date: Fri, 17 Mar 2017 07:50:01 -0700

Blockchain is a technology that basically distributes a ledger. For those of you in the financial management world, you know a ledger as the trusted source of transactions or facts. The same is true with blockchain. But instead of existing in a large leather bound tome or in a financial management application, blockchains are managed by a distributed set of computing resources working together to maintain that ledger. Each transaction, or block within it, is linked together in an indisputable manner using public/private key encryption and internal…

Read More
SecurityTrendMicro
admin

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 13, 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 17 Mar 2017 12:00:04 +0000

There was never any doubt what my topic would be for this week’s blog. March Madness, right? Normally I’d be talking about the NCAA Basketball tournament, but not this time. Our March Madness is called Pwn2Own. We celebrated the 10th anniversary of Pwn2Own in Vancouver this week with the biggest contest ever with 11 teams…

Read More