If you are using a Bluetooth enabled device, be it a smartphone, laptop, smart TV or any other IoT device, you are at risk of malware attacks that can carry out remotely to take over your device even without requiring any interaction from your side.
Security researchers have just discovered total 8 zero-day vulnerabilities in Bluetooth protocol that impact more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT) devices—using the short-range wireless communication technology.
Using these vulnerabilities, security researchers at IoT security firm Armis have devised an attack, dubbed BlueBorne, which could allow attackers to completely take over Bluetooth-enabled devices, spread malware, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.
Cyber threats are growing in number and strength and the future of cybersecurity is looking ever more complex and challenging. Organizations are therefore turning to analytics and automation to aid cyber specialists in their job.
While cybersecurity can be a complex and challenging field, some aspects of it are all too clear. The number of threats to large organizations is growing rapidly, as is the number of bad actors who create them and the number of systems at risk from cyberattacks. Statista, a statistics portal, estimates that there are 22.9 billion connected devices in 2016, and predicts they will grow to 50 billion by 2020.1 The Internet of Things (IoT) will create massive needs and problems for cybersecurity as millions of devices come online. Data breaches are increasing, according to one report, by 85 percent a year, and in 2016, half a billion personal records were stolen or lost.2 How can organizations possibly keep up with such a scary growth trajectory?
In other domains of business that are subject to massive numbers of entities, a typical approach is to employ analytics and automation. These tools identify the most important events and entities. In customer analytics, for example, the normal approach is to segment customers by their value, focus on the most important ones, and predict what those customers are likely to buy. Automated offers can be customized to each customer’s preferences.
By Swati Khandelwal
Whenever we feel like the Locky ransomware is dead, the notorious threat returns with a bang.
Recently, researchers from two security firms have independently spotted two mass email campaigns, spreading two different, but new variants of the Locky ransomware.
Lukitus Campaign Sends 23 Million Emails in 24 Hours
The campaign spotted by researchers at AppRiver sent out more than 23 million messages containing Locky ransomware in just 24 hours on 28 August across the United States in what appears to be one of the largest malware campaigns in the second half of this year.
Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats.
Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer, and is believed to be carried out by Turla advanced persistent threat (APT) hacking group that’s been previously linked to Russian intelligence.
Gazer, written in C++, the backdoor delivers via spear phishing emails and hijacks targeted computers in two steps—first, the malware drops Skipper backdoor, which has previously been linked to Turla and then installs Gazer components.
By Swati Khandelwal
A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind.
A French security researcher, who uses online handle Benkow, has spotted the database on an “open and accessible” server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world.
The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password.
By Mohit Kumar
Do you believe that just because you have downloaded an app from the official app store, you’re safe from malware?
Think twice before believing it.
A team of security researchers from several security firms have uncovered a new, widespread botnet that consists of tens of thousands of hacked Android smartphones.
Dubbed WireX, detected as “Android Clicker,” the botnet network primarily includes infected Android devices running one of the hundreds of malicious apps installed from Google Play Store and is designed to conduct massive application layer DDoS attacks.
Nearly every company in the Fortune 500 is vulnerable to phishing attacks because they fail to utilize one of the most basic email security features available, according to a recently published report.
Cybersecurity firm Agari found more than nine out of 10 companies were not making use of a domain-based message, authentication, reporting and conformance (DMARC) protocol that would combat phishing attacks that use spoofed email addresses.
DMARC is an authentication standard that will reject messages that come from an unrecognized or unauthorized source. This is a relatively common phishing tactic, in which an attacker will use a spoofed domain to make it appear as though an email is coming from a trusted source.
By Swati Khandelwal
WikiLeaks has just published another Vault 7 leak, revealing how the CIA spies on their intelligence partners around the world, including FBI, DHS and the NSA, to covertly collect data from their systems.
The CIA offers a biometric collection system—with predefined hardware, operating system, and software—to its intelligence liaison partners around the world that helps them voluntary share collected biometric data on their systems with each other.
But since no agency share all of its collected biometric data with others, the Office of Technical Services (OTS) within CIA developed a tool to secretly exfiltrate data collections from their systems.