Map tracks Sea Turtle DNS highjacking group attacks. (Source: Cisco Talos)

'Sea Turtle' DNS Hijacking Group Conducts Espionage: Report

Scott Ferguson • April 17, 2019

A nation-state sponsored espionage campaign dubbed "Sea Turtle" has been manipulating the domain name system to target more than 40 organizations, including intelligence agencies - especially in North Africa and the Middle East, Cisco Talos warns. Experts say defenses against DNS hijacking lag.

Breach Response

UK Man Gets Six-Year Sentence for Global Ransomware Scheme

Latest

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz • April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

DDoS

Ecuador Hit With 'Cyberattacks' After Assange's Arrest

Scott Ferguson • April 17, 2019

The government of Ecuador has been hit with millions of "cyberattacks" following its withdrawal of asylum protection for WikiLeaks founder Julian Assange and his arrest by British police last week, an Ecuadorian official says.

Cybersecurity

Australian Child-Tracking Smartwatch Vulnerable to Hackers

Jeremy Kirk • April 15, 2019

An Australian company that markets a smartwatch that lets parents monitor their children shut down its service on Monday after researchers revealed hackers could track a child's location, spoof the location, add themselves as a "parent" and view personally identifiable information associated with the account.

Anti-Malware

US CERT Warns of N. Korean 'Hoplight' Trojan

Scott Ferguson • April 12, 2019

U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea. The malware has the ability to disguise the network traffic it sends back to its originators, making it more difficult to track its movements.

Anti-Malware

Two Romanian Nationals Convicted in 'Bayrob' Malware Case

Scott Ferguson • April 12, 2019

Two Romanian nationals have been convicted by a federal jury for their roles in stealing more than $4 million from victims by creating a botnet of more than 400,000 PCs through custom-designed malware called Bayrob.

Application Security

Another Scathing Equifax Post-Breach Report

Nick Holland • April 12, 2019

The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.

Endpoint Security

Android Devices Can Now Be Used as a Security Key

Jeremy Kirk • April 11, 2019

Google's latest security feature enables the use of Android phones as a security key, eliminating the need for a separate token or hardware device. The free feature is potentially more appealing that Google's Titan security keys, which cost $50.

Cybersecurity

Dark Patterns: How Weaponized Usability Hurts Users

Mathew J. Schwartz • April 10, 2019

Dark patterns are out to get you. The term describes the practice of abusing usability norms to create user interfaces that trick users into divulging their personal details or sacrificing their privacy. Bipartisan legislation proposed in the U.S. Senate, however, would make malicious design illegal.

Anti-Malware

Kaspersky: New 'TajMahal' APT Malware Enables Espionage

Scott Ferguson • April 10, 2019

A new type of malware, dubbed TajMahal, offers its users a host of espionage techniques, including the ability to steal documents sent to a printer queue and pilfer data from a CD, Kaspersky Lab reports. But researchers have only identified one victim so far.

CISO Trainings

Women in Cybersecurity: A Progress Report

Tom Field • April 10, 2019

Nearly one-quarter of the global cybersecurity workforce is now made up of women. But women still face significant compensation and other career challenges, according to a new study. Mary-Jo de Leeuw of (ISC)2 shares analysis.

Critical Infrastructure Security

Trump Shakeup Impacts Cybersecurity Policy

Jeremy Kirk • April 9, 2019

The exits of the Department of Homeland Security secretary and Secret Service director are prompting discussion about the continuity of U.S. cybersecurity policy because the agencies play a key role in securing infrastructure and investigating financial cybercrime.

Fraud