Duncan Riley reports: Security researchers at Kaspersky Lab have uncovered a new and sophisticated advanced persistent threat framework that was likely developed by a nation-state. Dubbed “TajMahal,” the APT framework contains 80 malicious modules that can be used to attack and steal data from an intended victim. Described by Kaspersky researchers today as one of…
Category: Commentaries and Analyses
Majority of Hotel Websites Leak Guest Booking Info
Jai Vijayan reports: Information that people submit when making an online hotel reservation is often available in its entirety to a lot more parties than just the hotel itself. New research from Symantec shows that a majority of hotels—from small independent properties to large five-star resorts and chains—routinely leak detailed guest booking data with third-party…
25% of Phishing Emails Sneak into Office 365: Report
Kelly Sheridan reports: One in every 99 emails is a phishing attack, and a new study shows 25% of those phishing attacks bypass default security measures built into Office 365, researchers reported today. The data comes from Avanan’s Global Phish Report, which analyzed 55.5 million emails sent to Microsoft Office 365 and Google G Suite…
Ottawa should impose cyber obligations on banks, says national security expert
Howard Solomon reports: Ottawa has to give Canadian banks more pointed direction to improve their ability to withstand cyber attacks, says the country’s former national security advisor. “Government legislatively has to impose obligations on financial institutions, much in the same way they have done with money laundering,” Richard Fadden told parliament’s Public Safety committee on…
BakerHostetler’s 5th Annual Data Security Incident Response Report Highlights Collision of Privacy, Cybersecurity and Compliance; Details Efforts to Minimize Risk
A press release from BakerHostetler that will be of interest to many readers. BakerHostetler’s privacy and data protection team released its 2019 Data Security Incident Response Report, which leverages the metrics and insights drawn from 750 potential incidents in 2018 to help entities identify and prioritize the measures necessary to address their digital risk posture….
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
From a recent report by Brendan McKeague, Van Ta, Ben Fedore, Geoff Ackerman, Alex Pennino, Andrew Thompson, Douglas Bienstock of FireEye: Recently, FireEye Managed Defense detected and responded to a FIN6 intrusion at a customer within the engineering industry, which seemed out of character due to FIN6’s historical targeting of payment card data. The intent…