The attackers that hacked Twitter in July pretended to call from Twitter’s IT department about a VPN issue, then persuaded employees to enter their credentials into a website that looked identical to the real VPN login site. The claims by the hackers were credible – and successful – because Twitter’s employees
Author: Steve Zurier
More connectivity means greater cyber risk for plane manufacturers
Airplane manufacturers have cybersecurity controls in place and there haven’t been reports of successful cyberattacks on commercial airplane IT systems to date. But evolving cyber threats and increasing connectivity between airplanes and other systems could put future flight safety at risk if the FAA doesn’t prioritize oversight, according to the
Facebook starts ‘Hacker Plus’ loyalty program for bug bounties
Facebook today launched Hacker Plus – a loyalty program that aims to offer incentives to security researchers with additional rewards and benefits. In a post by Dan Gurfinkel, a security engineering manager at Facebook, the company said security researchers will be eligible for additional bonuses on bounty awards, access to more
Instagram flaw shows importance of managing third-party apps, images
A remote code execution (RCE) flaw found in Instagram that lets bad actors potentially take over a victim’s phone by sending a malicious image shines a spotlight on the vulnerabilities tied to third-party apps and image files. Researchers from Check Point crashed Mozjpeg, open source software that Instagram uses as a
FBI opens China-related counterintelligence case every 10 hours
FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China – the FBI opens a new China-related counterintelligence case roughly every 10 hours. Wray said of the nearly 5,000 active FBI counterintelligence cases underway across the U.S., almost half are related to China. He said
Palo Alto fixes nine vulnerabilities in PAN-OS
Palo Alto Networks has fixed nine vulnerabilities in its PAN-OS operating system for versions 8.1 or later. The CVSS scores ranged from a high of 9.8 to a low of 3.3. While none of the vulnerabilities were used by attackers in the wild, security researchers from Tenable and Positive Technologies published
Phishing attack targeted top financial pro at large company
Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar
SonicWall vulnerability fixed, but researchers say the patch took 17 days
Security researchers in the United Kingdom said it took SonicWall more than two weeks to patch a vulnerability in 1.9 million SonicWall user groups, affecting some 10 million managed devices and 500,000 organizations. In a blog released by Pen Test Partners, the researchers said the response took far too long for
Targeted BEC attacks steal business data in six countries
A targeted business email compromise (BEC) orchestrated by the Russian-speaking RedCurl group has successfully stolen information in 14 successful attacks on a variety of businesses – mostly construction companies, financial and consulting firms, retailers, insurance businesses, law firms and travel – in six countries. The attackers nicked employee profiles, client information
More attackers trying to sabotage incident response tactics
The security industry needs to become more clandestine in its approach to incident response, making it harder for attackers to know that they are being tracked. At least that’s what researchers concluded in the fifth installment of VMware Carbon Black’s semi-annual Global Incident Response Threat Report, which also focused heavily on