Nearly 600, 000 Alaska voters’ sensitive records exposed

News has surfaced that nearly 600,000 Alaska voters’ sensitive records exposed due to a CouchDB database configuration error. Security researchers at the Kromtech Security Research Center discovered the database of about 593,000 voters was accidentally configured for public access without password protection, potentially allowing anyone with a web browser to access and view the sensitive information. The exposed records contained the sensitive and personally identifiable information of prospective voters including names, addresses, dates of birth, ethnicity, marital status and voting preferences.

http://brn.firetrench.com

Continue reading

Equifax breach caused by a missed patch

News that Equifax has revealed that the cause of its massive data breach last week was a missed patch, the following attributable comment from

Amit Yoran, CEO of Tenable Network Security:

“Once again, we have a basic failure in cyber hygiene causing a massive data breach. The Equifax breach is the latest example of a known vulnerability with a patch readily available that was not applied, leaving millions of customers at risk. The fix was available for the Apache Struts vulnerability used in this attack for two months before Equifax was breached.

Every time a massive data breach makes headlines, we all have the same question: why does this keep happening? The answer is simple. These types of attacks take advantage of our own worst habits — the avoidance of doing something as simple as maintaining good cyber hygiene and patching systems.  Cyber criminals don’t need to waste a precious and rare zero-day exploit when they can easily get into your network using a known exploit of an unpatched vulnerability.

This should be a wakeup call for organizations of all sizes, across all industries. Knowing what systems your business relies on, and keeping those systems up to date and protected from exploitation isn’t a theoretical best practice — it frequently makes the difference between stopping an attack and a massive breach.”

21 million hit by Google Android malware attack

Security researchers have discovered the second-biggest outbreak to ever hit Google’s platform, with as many as 21.1 million infections. The malware’s been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times, according to data straight from Google Play.

http://brn.firetrench.com

Continue reading

Cryptocurrencies web mining: a slower way to profit

For several years, cybercriminals have taken advantage of cryptocurrency mining in order to make a profit. Mostly by using malware or potentially unwanted applications installed on the victim‘s machine. Now, ESET researchers have analyzed a special case of mining of cryptocurrencies – done directly within your web browser using JavaScript.

http://brn.firetrench.com

Continue reading

Bashware, the new threat leaving 400 million PCs vulnerable

News broke this week about a new security threat, Bashware, which can enable any malware to step over security solutions. Check Point researchers uncovered the attack technique and suggest that Bashware may potentially affect any of the 400 million computers currently running Windows 10 PC globally. Bashware makes use of Windows’ in-built Linux shell to make any malware essentially undetectable to security products.

http://brn.firetrench.com

Continue reading

Apps carrying Bankbot malware sneak into Google Play Store

It has been found by security researchers that more apps carrying the malicious BankBot Android banking malware have made their way into Google’s Play Store. The malware, which surfaced back in January, targets legitimate banking apps and uses fake overlay screens to trick unsuspecting users into providing their credentials. The malware is even able to hijack and intercept SMS messages, allowing it to bypass the SMS-based two-factor authentication security feature.

http://brn.firetrench.com

Continue reading

When State of the Art Security Creates More Problems

In an effort to stay ahead of attackers, some organisations have reported deploying more than 50 security solutions to address each unique challenge or threat. According to Marc Willebeek-Lemair, Alert Logic CSO (who previously founded and served as CTO of Tipping Point and several other security industry pioneers/innovators), this dated approach of implementing a variety of best of breed security technologies to solve very specific issues, has actually created environments that are inherently less secure than organisations that take a more balanced, integrated approach.

http://brn.firetrench.com

Continue reading