Categories
Security

Microsoft Policy Sets Standard For Openness On What Vulnerabilities To Patch

Microsoft has published a draft policy in which the company outlines what kinds of vulnerabilities it will patch and which vulnerabilities qualify for a bug bounty.
More on my blog at Forbes.

Categories
Security

Banks may need threat teams to fight the next wave of SWIFT-style attacks

Almost two-thirds of financial institutions have yet to form threat hunting teams โ€” a growing necessity as the number of high-profile attacks rises.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

When crypto exchanges act like banks, regulators may treat them as such

Exchanges arenโ€™t very transparent about their methods, but that in fact most handle such internal transactions exactly how regular banks have worked for centuries.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.

Categories
Uncategorized

Polish banks targeted by attackers who hijack customer sessions

Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

Why the ransom demand on Canadian banks was a no-win scenario

Two major Canadian banks, Bank of Montreal and Simplii Financial, have become victims of hacks that affected some 50,000 and 40,000 customers respectively. Neither bank decided to pay the ransom by the hackers’ May 28 deadline.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

Expired domain led to SpamCannibal's blacklist eating the whole world

The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
Read more on Virus Bulletin’s blog.

Categories
Security

MnuBot banking trojan communicates via SQL server

Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Read more on Virus Bulletin’s blog.

Categories
Security

XMRig used in new macOS cryptominer

A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Read more on Virus Bulletin’s blog.

Categories
Security

Tendency for DDoS attacks to become less volumetric fits in a wider trend

CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.
Read more on Virus Bulletin’s blog.