Close
Shopping Cart
Your Cart is Empty

Jillian Murphy Personal Training

Click here to add a short description

LEARN MORE

Latest Cyber News

Learn what is going on in the cyber world today.....

Cyber News Today

May 2, 2019

•Cisco disclosed a critical vulnerability in the Nexus 9000 Series Application Centric Infrastructure (ACI) Mode data-center switch that could allow an attacker to secretly access system-level resources. The company disclosed 39 other bugs, as well, on Thursday.

•Financial data from several large companies was leaked online after a technology company refused to pay a ransom. German IT provider Citycomp had data stolen in an attack, including information on Oracle, Porsche and Toshiba.

•Magecart launched a renewed attack on OpenCart websites. The credit card-stealing malware is going after the e-commerce platform, which is one of the three most popular shopping interfaces for sites to use.

•Slack warned potential investors that it could be the target of a nation-state-backed cyber attack. The group messaging platform revealed the ongoing threats ahead of its expected IPO.

•An exposed database holds sensitive information on more than 80 million American households — but no one seems to know who owns it.

•Apple removed several parental control apps from its store. The company said the programs were utilizing illicit, “highly invasive” mobile device management techniques.

Cyber News Today

May 9, 2019

•The city of Baltimore’s online government operations were completely stalled this week after a ransomware attack. The city’s IT director said the RobinHood malware forced the government to go “manual” with many tasks. Emergency services have not been impacted.

•A group of hackers stole information from three American antivirus companies. The group is offering source code and network access to the companies for $300,000. The companies affected have not been named yet but were recently contacted by the federal government to alert them of the breach.

•Attackers stole $41 million worth of Bitcoin from cryptocurrency exchange Binance. A representative from Binance said hackers used a variety of techniques, “including phishing, viruses and other attacks.”

•WordPress’ latest update includes a few long-awaited security updates. Each of the content management system’s updates will now include digital signatures, and there is a new “Site Health” page for users.

•Google’s latest security update fixed a number of vulnerabilities in the Android operating system, including several critical- and high-severity bugs. The most notable fix is for a vulnerability in Media framework that could “enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”

•A power supplier on the West Coast was hit with a cyberattack last week. The attack did not cause any loss of power for customers but did prevent visibility in some parts of the country.

•Cyber firms are increasingly turning to non-traditional sources of recruiting as the industry looks to fill a talent gap. Some companies are training researchers on the go, even if they do not have a traditional security degree.

Cyber News Today

May 16, 2019

•Facebook released an emergency update for WhatsApp after attackers were able to completely take over devices with just a phone call. While many mobile malware families usually require the user to open some sort of file, this vulnerability allowed hackers to infect a device as soon as the user answered a phone call using WhatsApp.

•President Donald Trump signed a national emergency this week that bans Chinese tech companies from selling their products in the U.S. While the executive order does not name any specific companies, it is largely thought that the U.S. is specifically targeting Huawei and ZTE.

•Google promised to replace all of its Titan security keys after a vulnerability was discovered in its Bluetooth pairing. The bug could allow an attacker to remotely communicate with the device and the device its paired with via Bluetooth.

•Apple fixed a variety of bugs in its products as part of its monthly security update. WebKit had the largest number of vulnerabilites, while others exist in Mail and DesktopServices.

•Two major Japanese online retailers say they were hit with a cyberattack that allowed attackers to steal shoppers’ information for two weeks. UNIQLO Japan and GU Japan stated that hackers breached their system using a credential-stuffing attack

Photos of U.S travelers and license plate images were recently stolen

June 6, 2019

Photos of U.S travelers and license plate images were recently stolen from a database maintained by Customs and Border Protection (CBP), the agency confirmed on Monday. In a statement to The Hill, a CBP spokesperson said it learned on May 21 that a "subcontractor … had transferred copies of license plate images and traveler images collected by CBP to the subcontractor's company network." "The subcontractor’s network was subsequently compromised by a malicious cyber-attack," the spokesperson said. The spokesperson added the subcontractor had transferred the photos to its own network "in violation of CBP policies and without CBP’s authorization or knowledge." The federal law enforcement agency maintains an expansive photo database that includes photos of people traveling into and out of the country. CBP, which is part of the Department of Homeland Security (DHS), has not named the subcontractor involved in the data breach." As of today, none of the image data has been identified on the Dark Web or internet," the border agency said in a statement. "CBP has alerted Members of Congress and is working closely with other law enforcement agencies and cybersecurity entities, and its own Office of Professional Responsibility to actively investigate the incident." It is unclear what photos were taken, and if they are related to the database of visa and passport photos the CBP maintains in order to assist with its facial recognition technology program expanding to airports across the U.S.The agency spokesperson declined to share further information on the extent of the breach, saying in an email responding to a list of questions, "I don’t have any additional information to share at this time."

Perceptics, a company that sells license plate reader technology to the U.S. government, confirmed in May that it had been hacked. The admission came after hackers posted the internal data of the company to the dark web, according to an article from tech outlet Motherboard.“We are aware of the breach and have notified our customers. We can’t comment any further because it is an ongoing legal investigation,” Casey Self, director of marketing for Perceptics, said in a statement to Motherboard at the time.

The company contracts with the U.S. government to sell license plate readers, driver cameras, and under-vehicle cameras to place at borders between the U.S., Canada and Mexico.

WhatsApp Vulnerability

June 6, 2019

Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call. Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices. According to an advisory published by Facebook, a buffer overflow vulnerability in WhatsApp VOIP stack allows remote attackers to execute arbitrary code on target phones by sending a specially crafted series of SRTCP packets. Apparently, the vulnerability, identified as CVE-2019-3568, can successfully be exploited to install the spyware and steal data from a targeted Android phone or iPhone by merely placing a WhatsApp call, even when the call is not answered. Also, the victim would not be able to find out about the intrusion afterward as the spyware erases the incoming call information from the logs to operate stealthily.

Though the exact number of targeted WhatsApp users is not yet known, WhatsApp engineers did confirm that only a "select number" of users were targeted by the NSO Group spyware using this vulnerability.