Inside | Real news, curated by real humans
Inside Security

Inside Security (May 14th, 2018)

Hackers targeted the Danish national train system over the weekend, according to this report. It was a DDoS attack, and customers couldn’t use the online ticketing service during the incident. Also, the restaurant chain Chili’s was breached, and its notification is here about the incident, which happened in March and April. Credit card data may have been stolen. While disclosing quickly, the chain didn’t say which stores or how many customer records might have been compromised.  The beat goes on….

-- David Strom, editor of Inside Security

  • Email gray
  • Permalink gray

Last week, the Talos Security group published a detailed analysis paper on wiper-based malware, which includes ransomware and other attacks that destroy your files. Some wipers destroy the system code but not your data, others target just data. The report shows the composition of the malware payload, how it moves about your network, and shows some sample timelines of previous attacks. Well worth reading.

  • Email gray
  • Permalink gray

Security researchers are reporting that seven malicious Android apps they have detected and reported to Google the first time, have slipped back into the Play Store after changing their names. All of these apps have built-in wait times of four hours before undertaking their actual malware purposes and use another app as launcher icon to better hide from detection. -- SYMANTEC

  • Email gray
  • Permalink gray

Facebook says it has suspended around 200 apps for potentially misusing people’s data, following an audit that was prompted by the Cambridge Analytica scandal. The social networking company will examine these apps further to determine if any data misuse was done and then they will be either reinstated or banned. – FACEBOOK NEWS

  • Email gray
  • Permalink gray

Midmarket IT solutions provider Presidio has acquired Red Sky Solutions for $40.8M in cash and stock. Presidio CEO is Bob Cagnazzi.

SafeBreach announced a $15 M series B round led by Draper Nexus. The Silicon Valley-based firm sells hacking simulation tools and its CEO is Guy Bejerano.

PhishLabs has raised a $20.5M round and has acquired its Canadian competitor BrandProtect. It is based in Charleston, SC and its CEO is Tony Prince.

Protego has raised a $2M seed round from Ron Gula and other investors. The Baltimore-based startup is putting together a security tool for serverless networks. Tsion Gonen is its CEO.

ERP Maestro has raised a $12M funding round, led by Aspen Capital. The Weston, Florida-based firm sells SAP-based access controls and its CEO is Jody Paterson.

Red Points has raised a $12M B funding round led by Eight Roads Ventures. It is based in Barcelona and sells machine-learning network protection tool. Its CEO is Laura Urquitzu.

  • Email gray
  • Permalink gray

A new malware campaign is infecting users through the Google Chrome store (since removed) with an extension called Niglethorn. It can use a fake YouTube page to play a video.  It runs on both Windows and Linux Chrome browsers and bypasses Google security checks. About 25,000 end users have been infected so far, and the malware is spread through Facebook networks. It steals data and sets up cryptominers. – RADWARE BLOG

  • Email gray
  • Permalink gray

The Zeus banking Trojan Panda is back and still primarily focused on financial services organizations. The campaigns are after Facebook and Twitter users and have control servers based in Russia and China. – F5 BLOG

  • Email gray
  • Permalink gray

Scammers designed a phishing website and encrypted it with AES in their attempts to steal unsuspecting users’ Apple IDs. The phish is designed to mimic Apple notifications, requiring victims to update their payment data. When you click on the “unlock account now” link as shown, you are directed to a page to collect your private data.  – TREND MICRO BLOG

  • Email gray
  • Permalink gray

Security researchers have discovered a severe vulnerability in the popular end-to-end encrypted Signal messaging app for Windows and Linux desktops. The bug could allow remote attackers to execute malicious code on recipients system just by sending a message—without requiring any user interaction. It has been fixed with this update and users are urged to download the new code. Alfredo Ortega announced a proof-of-concept last week. – THE HACKER NEWS

  • Email gray
  • Permalink gray

James Robinson, 32, is an Akron man who was arrested and charged in federal court for launching denial of service attacks that shut down websites for the city of Akron and the Akron Police Department. The attacks happened last August and shuttered sites for a week. – FBI WEBSITE

  • Email gray
  • Permalink gray

A low-volume data-stealing campaign named Vegas Stealer has the potential to get much bigger, according to researchers. It has begun targeting retail and manufacturing companies and tries to obtain credit card data and other private information. – PROOFPOINT BLOG

  • Email gray
  • Permalink gray

Yes, very true: 50 NERDS of GREY @ TWITTER

  • Email gray
  • Permalink gray

Many thanks to Inside Security's corporate supporters.  Please go check them out!

 

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   

Gain cybersecurity expertise from Harvard's VPAL in 8 weeks. Learn More.

HackerOne is the #1 hacker-powered security platform for finding critical vulnerabilities.

Subscribe to Inside Security

MORE NEWSLETTERS

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

TWICE WEEKLY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

TWICE WEEKLY

SUBSCRIBED!

Share via

Digging into the Trump Presidency, issue by issue

Inside Trump

Digging into the Trump Presidency, issue by issue

DAILY
Digging into the Trump Presidency, issue by issue

Inside Trump

DAILY

SUBSCRIBED!

Share via

The best source of in-depth news and analysis about Amazon

Inside Amazon

The best source of in-depth news and analysis about Amazon

DAILY
The best source of in-depth news and analysis about Amazon

Inside Amazon

DAILY

SUBSCRIBED!

Share via

The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

The news, trends and tech that is reshaping the rapidly changing world of retail

DAILY
The news, trends and tech that is reshaping the rapidly changing world of retail

Inside Retail

DAILY

SUBSCRIBED!

Share via