Inside | Real news, curated by real humans
Inside Security

Inside Security (Sep 13th, 2018)

Today’s premium story is about a new cryptocurrency ploy to spoof a legit website. Sadly, it is just one in a long list of other exploits.

If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account.  -- David Strom

  • Email gray
  • Permalink gray

1. There is a new malware downloader called Coblnt which is associated with the Cobalt Gang. Researchers have identified its characteristics, one notable one is having multiple stages that makes it very potent. -- PROOFPOINT BLOG

  • Email gray
  • Permalink gray

2. Ironically, the backup and data recovery vendor Veeam has accidentally exposed its marketing database of millions of records to the public. Only after repeated attempts by one researcher was the data finally secured. -- DIACHENKO BLOG @ LINKEDIN

  • Email gray
  • Permalink gray

See it. Secure it. Halo Cloud Secure eliminates your public cloud blind spots.

Halo Cloud Secure is an automated public cloud infrastructure security solution that delivers comprehensive visibility, protection, and continuous compliance monitoring for compute, storage, database, networking, and identity services to reduce cyber risk. Check your AWS accounts for FREE right now.

3. If you are in the market for a used Alexa, reconsider your purchase. Some of them are being sold with deliberate malware that can record network traffic and audio. Purchase with care. -- VPNMENTOR

  • Email gray
  • Permalink gray

4. The British electric utility NPower has inadvertently emailed about 5,000 customer data to the wrong customers. Apparently their third-party fulfillment vendor was to blame. -- COMPUTING (UK)

  • Email gray
  • Permalink gray

5. While Apple was gearing up for its major announcement, they were also eliminating a new collection of badly behaving apps from Trend Micro. The MacOS apps were stealing users’ data without their consent. Trend admitted their mistake, although it took three different posts to get it right. -- TREND MICRO BLOG

  • Email gray
  • Permalink gray

6. Researchers have uncovered a pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients. The pair can enable privilege escalation attacks. Both vendors have issued patches. -- CISCO TALOS

7. If you want to steal a Tesla model S, all it takes is some electronics to clone its key fob. This is according to a team of academic Belgian researchers. Blame it on the car’s weak encryption methods. The team received a $10k bounty and the issue has been fixed. -- WIRED  

8. If you get an email saying your Wordpress blog database needs an update, chances are good it is a phishing attack.-- SUCURI BLOG

9. A new open source method to create secure trusted hardware enclaves has been invented. Called Keystone, it is still in very early developmental stages. -- KEYSTONE WEBSITE

10. This post dissects how a family of Android malware can intercept SMS MFA authentications. It is well worth reviewing to understand how clever malware authors can be. -- SECURITY BLVD.

  • Email gray
  • Permalink gray

Researchers have found yet another new cryptocurrency exploit, this time with spoofing the Jaxx Liberty Wallets. It is a versatile wallet that has been downloaded more than a million times. This is just the latest in crypto exploits. I wrote an article for IBM’s Security Intelligence blog at the beginning of the year here that reviews some of the older exploits in this fast-moving world.

My article categorizes these exploits into DDoS attacks, wallet thefts, mining-based malware and website hacks. All of them have become more numerous, particularly when the price of crypto coins rises

Content for premium users only

That is pretty depressing when you think about it. -- LESLEY CARHART @ TWITTER

  • Email gray
  • Permalink gray

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

  • Email gray
  • Permalink gray

 

Many thanks to Inside Security's corporate supporters.  Please go check them out!

Endgame

Endgame's endpoint security platform protects the world’s largest organizations from targeted attacks, eliminating the time & cost associated with incident response. Learn more

 

Nok Nok Labs has the ambition to transform authentication, by unifying it into one standard protocol, giving business the control they need. Learn more

 

[YOUR LOGO HERE – click for details]
 
   




 

Subscribe to Inside Security

MORE NEWSLETTERS

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

TWICE WEEKLY
Electric vehicles, self-driving automobiles, smart cars and the world of 21st century transportation

Inside Automotive

TWICE WEEKLY

SUBSCRIBED!

Share via

Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

Essays and musings from Inside.com founder Jason Calacanis

WEEKLY
Essays and musings from Inside.com founder Jason Calacanis

The Jason Calacanis Newsletter

WEEKLY

SUBSCRIBED!

Share via

A concise presentation of the world's most important, interesting news

Inside Daily Brief

A concise presentation of the world's most important, interesting news

DAILY
A concise presentation of the world's most important, interesting news

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

Fascinating, curious and amazing journalism, all in one link.

DAILY
Fascinating, curious and amazing journalism, all in one link.

ReadThisThing

DAILY

SUBSCRIBED!

Share via