Facebook video scam targets Chrome users
Researchers at security company ESET have released details of a new piece of malware that spreads disguised as video posts on Facebook.
Malicious links appear as a video post you were tagged in on a timeline, or as a message sent to you via Facebook Messenger by a friend. They use the titles, 'My first video', 'My video', 'Private video' or a string of randomly generated characters.
For sufficient data protection, companies must do more than just mirroring
Many folks question all sorts of things within the IT world, one them being about backup and recovery solutions. Often questions arise that are compelling and need a good answer. One of the more popular queries is why someone would need to install a backup and recovery program when mirroring is already taking place. This is an excellent question, and comes up more often than you may think. Below you will find out why mirroring alone is not enough to ensure total protection regarding your data.
Though not entirely crazy, the stance of relying upon mirroring alone for data protection seems to come from an idea that is not fully informed regarding the potential problems that could arise. In fact, the truth of the matter is that issues will often spark during the restore process, and so individuals must be well-educated and prepared regarding why mirroring is not enough to grant the protection they may be looking for.
If you have QuickTime for Windows you need to uninstall it NOW
Apple’s QuickTime was popular years ago, particularly for anyone wanting to watch movie trailers on the web, but its time has long since passed. There’s really very little need to have it installed on your system these days.
Because you no longer need it isn’t the only reason to uninstall it though. Trend Micro’s Zero Day Initiative has released two advisories (ZDI-16-241 and ZDI-16-242) which detail new, critical vulnerabilities affecting QuickTime for Windows, and these won’t be patched as Apple has reportedly deprecated the software.
Threat hunting technique helps fend off cyber attacks
With data breaches making the news ever more frequently, businesses are on the look out for new ways to identify and guard against threats.
Cyber threat intelligence company DomainTools has released the results of a new survey conducted by the SANS Institute on the effectiveness of using threat hunting to aggressively track and eliminate cyber adversaries as early as possible.
UEBA is only one piece of the cyber risk management puzzle
Just like perimeter protection, intrusion detection and access controls, user and entity behavioral analytics ("UEBA") is one piece of the greater cyber risk management puzzle.
UEBA is a method that identifies potential insider threats by detecting people or devices exhibiting unusual behavior. It is the only way to identify potential threats from insider or compromised accounts using legitimate credentials, but trying to run down every instance of unusual behavior without greater context would be like trying to react to every attempted denial of service attack. Is the perceived attack really an attack or is it a false positive? Is it hitting a valued asset? Is that asset vulnerable to the attack? It is time for cyber risk management to be treated like other enterprise operational risks, and not a collection of fragmented activities occurring on the ground.
Watch out for phishing as US tax deadline day approaches
As the April 18 deadline for submitting individual and company tax returns in the US approaches, many people will be rushing to submit their information and this makes it a major opportunity for cyber criminals.
The run up to the deadline is likely to see millions of phishing emails sent to consumers and businesses. These will be trying to grab social security numbers, paycheck stubs, bank accounts, passwords, IDs and other key pieces of personal and professional information, using fake web sites and fraudulent emails that masquerade as official government collection agencies.
Cyber-criminals run things like a business
This cyber-crime thing has gotten to a point where we now really need a digital Batman to fix everything. Security firm Symantec has recently released its Internet Security Threat Report, revealing that cyber-criminals are almost as good as state-sponsored attackers.
They’re highly skilled, well-organized and structured like a business. Here’s what Kevin Haley, director at Symantec Security Response says:
Hackers love Microsoft's PowerShell
PowerShell, a scripting language inherent to Microsoft operating systems, is largely used to launch cyber-attacks, a new report suggests.
The Unified Threat Research report, released by next-generation endpoint security (NGES) firm Carbon Black, says that 38 percent of incidents reported by Carbon Black partners used PowerShell.
Security is a top priority when installing identity solutions
According to a new survey 78 percent of organizations say that security outweighs cost savings and user experience when choosing identity management solutions.
The survey by access control specialist SecureAuth used responses from over 230 IT security professionals in the US and UK.
New service helps service providers deliver cloud-based security
Security is a key concern for all enterprises, so it's not surprising that it's something managed service providers are keen to offer their customers in order to add value and differentiate their service.
Network breach detection company Eastwind Networks is launching a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) program. The new program is designed to help service providers stand out and grow their business with a simple cloud-based breach detection solution that ensures that customer data and assets are secure.
Kingston launches new hardware encrypted flash drives
One of the best known names in the flash memory market, Kingston acquired the IronKey brand from Imation in February of this year.
IronKey has long been one of the leading brands in encrypted Flash drives and today we see the first fruits of the new partnership with Kingston's launch of two new managed and 256-bit AES hardware encrypted USB drives.
Attack by cyber terrorists feared by 63 percent of US security professionals
Key concerns of information security executives include the growing threats of global cyber terrorism, the current state of security within the US and the ability of organizations to prevent such attacks.
These are among the findings of a new study by account management solutions provider Thycotic of more than 200 security industry attendees at RSA.
Keygen alert: free password generator released for PETYA ransomware
The PETYA ransomware is just one of the recent examples of malware that encrypts victims' hard drives until a fee is paid. The advice from the government is not to pay the ransom -- or at least not expect to get a decryption key if you do -- but a password generator has been created that means you can decrypt your hard drive for free.
While TeslaCrypt 4 boasts 'unbreakable encryption', the same cannot be said of PETYA, although the PETYA ransomware does have the irritating habit of overwriting MBRs. This does mean that there is no way to interact with the drive on the infected computer, but with access to a spare machine to read the drive and access to the online tool created by Leostone, you could have your data back in seconds. As the tool's website proudly proclaims, you can "Get your petya encrypted disk back, WITHOUT paying ransom!!!" -- here's what you need to do.
Immigration officials allowed to hack phones of refugees and asylum seekers
The British government secretly rolled out powers that permitted the immigration officials to hack the mobile phones of asylum seekers and refugees, the Observer reveals. The Home Office has confirmed the hacking powers which have sparked outrage from privacy and human rights groups.
Since 2013, immigration officials have not only been permitted to hack into migrants' phones and computers, but also to install surveillance equipment in homes and detention centers. With concern about governmental plans for the snooper's charter and the privacy invasion this entails, claims that the powers are needed to "deal effectively with all immigration crime" are likely to fall on deaf ears.
Draft encryption bill could spell the end of privacy and security as we know it
Apple's battle with the FBI has focused the attention of the technology community on encryption. But while just about all of the big players in the tech world backed Apple's refusal to create a backdoor for the FBI into iOS, Congress has a very different idea about how encryption and governmental access to data should be handled. This is perfectly demonstrated by a new bill.
The draft version of the Compliance with Court Orders Act of 2016 -- penned by Senators Diane Feinstein and Richard Burr -- would essentially force all US companies to decrypt data they may have encrypted, or to provide backdoors when asked. It's a bill described variously as 'dangerous', 'encryption-weakening', and 'anti-security', and it starts off aggressivley in stating that "no person or entity is above the law". In effect, it renders the encryption put in place by the likes of WhatsApp completely pointless as, if the bill is passed, companies would have to decrypt data on demand.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.