Blog

Archive for the ‘cybercrime/malcode’ category: Page 110

Oct 4, 2021

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

Posted by in categories: cybercrime/malcode, energy, transportation

The researcher warns that there is a new APT hacker group that targets the fuel, electricity, and aviation industries.

Oct 4, 2021

One Identity has acquired OneLogin, a rival to Okta and Ping in sign-on and identity access management

Posted by in categories: cybercrime/malcode, governance

“Right now, organizations see a twofold gain from consolidating around a platform player in cybersecurity,” Nichols said. The first is, “to increase efficiency” but the other, he pointed out, is legislation. With more regulatory oversight in how companies are handling their cybersecurity challenges, the pressure is on them to make their systems more resilient, and having too many components becomes a challenge to manage for that reason, too.

“Joining One Identity provides us with the ability to further accelerate our growth and provide additional value for both of our customers,” added Brad Brooks, CEO of OneLogin, in a statement. “With OneLogin’s robust unified platform for both workforce and CIAM, combining forces with One Identity’s suite of products including their PAM solution will allow new and existing customers, on a global scale, to tap into the market’s only unified identity security platform.” consolidation is afoot in the world of cybersecurity, specifically around services to help organizations manage identity and access. Today, One Identity — which provides tools for managing “zero trust” access to systems, as well as running log management and other governance services for enterprises — announced that it has acquired OneLogin, a rival to companies like Okta, Ping and others in the area of secure sign-on services for end users.

Terms of the acquisition — which officially closed last week, on October 1 — are not being disclosed, but we are trying to find out.

Oct 3, 2021

Bioengineers Develop New Class of Giant Magnetoelastic Effect Human-Powered Bioelectronics

Posted by in categories: bioengineering, cybercrime/malcode, encryption

Traditional networks are unable to keep up with the demands of modern computing, such as cutting-edge computation and bandwidth-demanding services like video analytics and cybersecurity. In recent years, there has been a major shift in the focus of network research towards software-defined networks (SDN) and network function virtualization (NFV), two concepts that could overcome the limitations of traditional networking. SDN is an approach to network architecture that allows the network to be controlled using software applications, whereas NFV seeks to move functions like firewalls and encryption to virtual servers. SDN and NFV can help enterprises perform more efficiently and reduce costs. Needless to say, a combination of the two would be far more powerful than either one alone.

Oct 3, 2021

Building a template for the future 6G network

Posted by in categories: augmented reality, cybercrime/malcode, encryption, internet, virtual reality

Traditional networks are unable to keep up with the demands of modern computing, such as cutting-edge computation and bandwidth-demanding services like video analytics and cybersecurity. In recent years, there has been a major shift in the focus of network research towards software-defined networks (SDN) and network function virtualization (NFV), two concepts that could overcome the limitations of traditional networking. SDN is an approach to network architecture that allows the network to be controlled using software applications, whereas NFV seeks to move functions like firewalls and encryption to virtual servers. SDN and NFV can help enterprises perform more efficiently and reduce costs. Needless to say, a combination of the two would be far more powerful than either one alone.

In a recent study published in IEEE Transactions on Cloud Computing, researchers from Korea now propose such a combined SDN/NFV network architecture that seeks to introduce additional computational functions to existing network functions. “We expect our SDN/NFV-based infrastructure to be considered for the future 6G network. Once 6G is commercialized, the resource management technique of the network and computing core can be applied to AR/VR or holographic services,” says Prof. Jeongho Kwak of Daegu Gyeongbuk Institute of Science and Technology (DGIST), Korea, who was an integral part of the study.

The new network architecture aims to create a holistic framework that can fine-tune processing resources that use different (heterogeneous) processors for different tasks and optimize networking. The unified framework will support dynamic service chaining, which allows a single network connection to be used for many connected services like firewalls and intrusion protection; and code offloading, which involves shifting intensive computational tasks to a resource-rich remote server.

Oct 2, 2021

Hackers rob thousands of Coinbase customers using MFA flaw

Posted by in categories: cryptocurrencies, cybercrime/malcode

Crypto exchange Coinbase disclosed that a threat actor stole cryptocurrency from 6,000 customers after using a vulnerability to bypass the company’s SMS multi-factor authentication security feature.

Coinbase is the world’s second-largest cryptocurrency exchange, with approximately 68 million users from over 100 countries.

In a notification sent to affected customers this week, Coinbase explains that between March and May 20th, 2,021 a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.

Oct 2, 2021

Hackers bypass Coinbase 2FA to steal customer funds

Posted by in category: cybercrime/malcode

More than 6,000 Coinbase users had funds stolen from their accounts after hackers used a vulnerability in Coinbase’s SMS-based two-factor authentication system to breach accounts.

The intrusions took place earlier this year, between March and May, the exchange said in a data breach notification letter it has filed with US state attorney general offices.

“The third party took advantage of a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor authentication token and gain access to your account,” Coinbase said.

Sep 30, 2021

Ransomware gangs are complaining that other crooks are stealing their ransoms

Posted by in category: cybercrime/malcode

But even if victims pay the ransom – which isn’t recommended because it encourages more ransomware attacks – restoring the network can still be a slow process and it can be weeks or months before services are fully restored.

SEE: A cloud company asked security researchers to look over its systems. Here’s what they found.

Be it REvil or any other ransomware gang, the best way to avoid the disruption of a ransomware attack is to prevent attacks in the first place.

Sep 29, 2021

Conti Ransomware Expands Ability to Blow Up Backups

Posted by in category: cybercrime/malcode

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

Good at identifying and obliterating backups? Speak Russian? The notorious Conti ransomware group may find you a fine hiring prospect.

That’s according to a report published on Wednesday by cyber-risk prevention firm Advanced Intelligence, which details how Conti has honed its backup destruction to a fine art – all the better to find, crush and kill backed-up data. After all, backups are a major obstacle to encouraging ransomware payment.

Sep 27, 2021

Cloudflare Is Taking a Shot at Email Security

Posted by in categories: business, cybercrime/malcode, internet

Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email.

On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they’re made for use on top of any email hosting a customer already has, whether it’s provided by Google’s Gmail, Microsoft 365 Yahoo, or even relics like AOL.

Cloudflare CEO Matthew Prince says that from its founding in 2,009 the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary. “I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren’t sure there was anything for us to do in the space,” Prince says. “But what’s become clear over the course of the last two years is that email security is still not a solved issue.”

Sep 25, 2021

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

Posted by in category: cybercrime/malcode

Google’s cybersecurity researchers have discovered a new technique that hackers use to trick Windows systems into bypassing malware payload detection.