Search results for: dark markets

vBulletin

vBulletin zero-day exploited in the wild in wake of exploit release

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it didn’t take long for attackers to start using it. About vBulletin vBulletin is the most popular internet forum software in use today. W3Techs says that around 0.1% of all internet sites run a vBulletin forum, though only 6.4% of these use vulnerable 5.x versions. MH Sub I, the company that develops … More

finance

Which cyber threats should financial institutions be on the lookout for?

Banks and financial services organizations were the targets of 25.7 percent of all malware attacks last year, more than any other industry, IntSigths revealed in their latest report. These include: Trojans (banking, info-stealing, downloaders) ATM malware (since the start of 2018, more than 20 ATM malware families have hit banks around the globe) Ransomware (Mexican financial institutions were particularly targeted) Mobile banking malware – both fake banking apps and banking Trojans. (According to the company, … More

CoreSite helps extend customers’ networks to Google Cloud Platform’s global network

CoreSite Realty Corporation, a premier provider of secure, reliable, high-performance data center and interconnection solutions across the U.S., announced support for Google Cloud’s Dedicated Interconnect product in both their Los Angeles and Denver markets. This service from Google Cloud allows enterprise and network service providers that are collocated with CoreSite to directly connect to Google Cloud Platform through high-speed fiber interconnects. Dedicated Interconnect is a product in the Google Cloud Interconnect family. Google announced Dedicated … More

talk speak speaker

Week in review: Critical Chrome zero-day, TLS certs for sale on dark web, RSA Conference 2019

Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. How malware traverses your network without you knowing about it A research report has been released which, based on observed attack data over the second half of 2018 (2H 2018), reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot. A third … More

locks

Sale of SSL/TLS certificates on the dark web is rampant

There is no dearth of compromised, fake and forged SSL/TLS certificates for sale on dark web markets, researchers have found. TLS certificates are sold individually and packaged with a wide range of crimeware. Together these services deliver machine-identities-as-a-service to cybercriminals who wish to spoof websites, eavesdrop on encrypted traffic, perform man-in-the-middle attacks and steal sensitive data. The results of the research The researchers dove into online markets and hacker forums that were active on the … More

vault

Bank of Valletta suspended all operations in wake of cyber attack

Maltese Bank of Valletta (BOV) has been breached by hackers and has temporarily suspended all of its operations to minimize risk and review its systems. The bank shuttered its braches across the island, disabled ATMs, internet and mobile banking and prevented its customers from using BOV cards for effecting payments in stores, hotels, restaurants, etc. What is known about the attack? According to Times of Malta, the attack was detected shortly after the start of … More

xen1thLabs achieves ISO 17025 accreditation

xen1thLabs has achieved its accreditation as a Conformity Assessment Body (CAB) from the American Association for Laboratory Accreditation (A2LA) for testing laboratories. This accreditation brings quality assurance to xen1thLab’s cyber security testing services in the field of mobile communications and infrastructure, offered to national and international commercial entities, governments and infrastructure operators. The accreditation aligns with the newly published international standard ISO/IEC 17025:2017, which provides a stronger process orientation along with the implementation of risk-based … More

dark

Increased dark web activity putting merchants and consumers at risk

Cybercriminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels for increased revenue opportunities. In a joint report, IntSights scoured the Clear and Dark Web to assess retail data and goods being sold illegally, new cyber scam tactics and how cybercriminals impersonate brands online to trick unknowing consumers. Riskified analyzed the transaction-level results of hundreds of millions of purchases for indicators of fraud to identify trends and … More

Quantum Xchange selects Zayo Group for dark fiber to deploy Quantum network in the United States

Quantum Xchange partners with Zayo Group to deploy the first Quantum Key Distribution (QKD) network in the United States. As Quantum Xchange’s first strategic infrastructure partner, Zayo is providing access to 800 kilometers of existing optical fiber that spans from Boston to Washington, D.C. Quantum Xchange will use the dark fiber to activate the initial leg of its nationwide QKD network – connecting the financial markets on Wall Street with back office operations in New … More

threat hunting

Why humans are necessary to the threat hunting process

For thousands of years, humans have worked to collect intelligence on their enemies. Intelligence gathering is not a new practice; in fact, it is one of the oldest war tactics dating back to biblical times, when warlords and army commanders used it to gain advantages over their rivals. However, the methods have changed as new technologies and new forms of “warfare” have been developed. In recent years, cyber-attacks have led to an entirely new host … More

dark

Top 10 list of dark web activities that indicate a breach

Research analysts at Terbium Labs released a list of the most common activities seen on the dark web that indicate a breach, or other unwanted incident, has taken place. Despite increased security budgets and better defenses, organizations are losing the battle against cyber attacks. According to the 2018 Cost of Data Breach Study: Global Overview by Ponemon Institute and IBM Security, data breaches continue to be costlier and result in more consumer records being lost … More

technology

Week in review: The OT/ICS landscape for cyber professionals, putting the Sec into DevSecOps

Here’s an overview of some of last week’s most interesting news: How to allocate budget for a well-rounded cybersecurity portfolio What should a well-rounded cybersecurity portfolio look like? Android devices with pre-installed malware sold in developing markets New low-end Android smartphone devices being sold to consumers in developing markets, many of whom are coming online for the first time, contain pre-installed malware, according to Upstream. An overview of the OT/ICS landscape for cyber professionals Most … More