The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information ESET researchers have discovered and analyzed a previously undocumented trojan that steals payment information from e-commerce websites’ customers. The trojan, which we named IIStealer, is detected by ESET security solutions as Win64/BadIIS.
Cyber Security
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge? Here at Black Hat, the CISA keynote promises to deliver increased cooperation within government agencies over cybercriminals, especially those focused on critical infrastructure and ransoms against systems that might cripple the country. But that’s not
Why companies and their security teams need to engage with a lawyer before an incident occurs Presentations at Black Hat often involve slides full of data or code. Rarely, or maybe never, have I seen a slide that details parts of a policy, contract or general legal text. Nick Merker, a partner at ICE Miller
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls. Every day my inbox seems to receive more and more spam. Understanding what generates it and how to avoid it is essential in the
How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year? Black Hat this year is, well, sparse. I get it… With masks at every turn and some attending virtually, it’s hard to have a conference, especially with the uncertainty of
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK. Golf clubs and cybercrime couldn’t really sound further apart, but when it comes to cybersecurity, businesses of all sizes are targets and their owners must never assume anything is completely watertight. Golf is, however, more associated with business, so when I was recently asked to investigate and test the cybersecurity of an
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation. Summer vacation planning is in full swing, and most of us are looking to travel again while adhering to the preventive measures that countries have in place regarding the COVID-19 pandemic. And traveling, of course, means looking for
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can – willingly or unwitingly – pose. The old adage “a chain is only as strong as its weakest link” is regularly repurposed for discussions about cybersecurity. It couldn’t
Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on. Amazon is the largest online marketplace in the world boasting over US$386 billion in revenue in 2020 with 200 million subscribers to its Amazon Prime service just in the United States. And that’s just a
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet The leading cybersecurity and law enforcement agencies from the United States, the United Kingdom, and Australia have issued a joint cybersecurity advisory focusing on the top 30 vulnerabilities that were commonly abused by threat actors over
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option According to the data shared by Twitter in its recently released transparency report, the popular social network’s users are reluctant to adopt two-factor authentication (2FA) to bolster their account security. In fact, the report paints
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products. Apple has released an update for its iOS, iPadOS, and macOS operating systems to patch a zero-day security flaw that is being actively exploited in the wild. The vulnerability affects a wide range of its products including the
The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors. The post-pandemic normal for global organizations increasingly means using digital technology to support more flexible working practices. Although tech giants such as Twitter and Facebook made headlines by promising some employees they can work from home forever,
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials One in 16 home Wi-Fi routers is still sporting the manufacturer’s default admin password, a recent study conducted by technology website Comparitech revealed. This flaw could allow cybercriminals to conduct all manner of cyberattacks, including
Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money The United States’ Federal Bureau of Investigation (FBI) has issued a warning about threat actors potentially attempting to disrupt the upcoming Tokyo 2020 Summer Olympics. It went on to warn that cybercriminals could utilize various
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. We hope you already know that you shouldn’t click on just any URLs. You might be sent one in a message; somebody might insert one under a social media post or you could be provided with one on basically any
How can organizations mitigate the risk of damaging cyberattacks while juggling the constantly changing mix of office and off-site workers? The pandemic may finally be receding, but remote working is very much here to stay. The model that appears to be gaining most traction is a hybrid one, where most staff are allowed to spend
From securing your devices to avoiding public Wi-Fi hotspots for logging into apps we look at measures you can take to remain safe while this holiday season. Summer vacations are slowly inching closer, a welcome respite from the COVID-19 pandemic that has been raging around the world for well over a year now. And with the
The newest update fixes a total of eight vulnerabilities affecting the desktop versions of the popular browser. Google has rolled out an update for its Chrome web browser that fixes a range of vulnerabilities, including a zero-day flaw that has been known to be actively exploited in the wild. The security loopholes affect the Windows,
If you’ll be watching Sports Streaming events on your SmartTV, laptop, tablet or cell phone, learn the tips to keep you and your personal data safe. After a year and a half of cancelled global events, the 2021 summer season is proving to be full of major sporting events across the globe, and all sports
The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities The second Tuesday of the month is here, which means that Microsoft has rolled out patches for security vulnerabilities in Windows and its other products as part of its monthly Patch Tuesday bundle. This month’s batch of security updates brings
Lessons to learn from the Kaseya cyberincident to protect your business’ data when doing business with a MSP. Managed service providers (MSPs) play a critical role in the IT ecosystem. By outsourcing many of their day-to-day IT requirements to these companies, smaller organizations in particular can save costs, improve service levels and focus more resources