As attackers have become better at evading traditional signatures and malware sandboxes, security teams are increasingly turning to behavior-based detection models to find the signs of an active cyber attack. This behavioral approach to finding threats comes with a lot of advantages.
read more
Two Japanese Arrested After ATM Heist: Police, Media
Two Japanese men were arrested Tuesday for allegedly stealing money from an ATM, with local media reporting they were part of a coordinated nationwide heist that netted millions of dollars earlier this month.
read more
“Stealth Falcon” Threat Group Targets UAE Dissidents
An advanced persistent threat (APT) group believed to be linked to the government of the United Arab Emirates (UAE) has been observed targeting journalists, activists and dissidents.
read more
ICS System with Public Exploits Cannot be Patched
ICS-CERT has released a security advisory for an ICS product used in the energy industry that cannot be patched, and there are publicly available exploits.
read more
427 Million MySpace Passwords Appear For Sale
Former top social network MySpace was apparently hacked some time ago, with the data that was stolen at the time appearing online last week. News of the leaked MySpace account information comes just days after huge number of LinkedIn account details stolen back in 2012 appeared for sale.
read more
Database of California Electric Utility Exposed Online
A researcher reported finding an unprotected database belonging to Pacific Gas and Electric (PG&E), a major natural gas and electric utility based in California. The database appears to contain a lot of potentially sensitive information, but the company claims the data is “fake.”
read more
65 Million Users Affected by Tumblr Breach
The data breach disclosed earlier this month by the Yahoo-owned microblogging platform Tumblr affects 65 million users.
read more
New Report Maps CIS Critical Security Controls Against SAP
The SANS CIS top twenty critical security controls (CSCs) is a living document reflecting world-wide expert opinion on the primary controls that can best mitigate against cyber attacks. While it lists the controls, it makes no suggestion on how they should be implemented in any specific situation.
read more
Investigation Suggests Insider Involvement in $81 Million Theft at Bangladesh Central Bank
The official Bangladesh government probe into the $81 million dollar theft via SWIFT in February has suggested the possibility of insider involvement. In February 2016 attackers successfully tricked the New York Federal Reserve Bank into transferring $81 million from the Bangladesh central bank to accounts in the Philippines. Before today, the primary Bangladesh line has been to blame SWIFT for the breach.
read more
Recently Patched OpenSSL Flaw Still Plagues Top Sites
An OpenSSL vulnerability patched in early May with the release of versions 1.0.2h and 1.0.1t still hasn’t been patched on many of the world’s most visited websites, exposing potentially sensitive traffic to man-in-the-middle (MitM) attacks.
read more
