Latest

Endpoint Security

How Patched Android Chip Flaw Could Have Enabled Spying

Prajeet Nair  •  May 7, 2021

A severe vulnerability in a system on certain Qualcomm chips, which has been patched, potentially could have enabled attackers to remotely control Android smartphones, access users' text messages and listen in on conversations, according to a new report from Check Point Software Technologies.

Cryptocurrency Fraud

'Panda Stealer' Targets Cryptocurrency Wallets

Prajeet Nair  •  May 7, 2021

Researchers at Trend Micro have uncovered a new cryptocurrency stealer variant that uses a fileless approach in its global spam email distribution campaign to evade detection.

►

Cryptocurrency Fraud

ISMG Editors Discuss Cryptocurrency Regulations and More

Anna Delaney  •  May 7, 2021

Four editors at Information Security Media Group discuss timely cybersecurity issues, including a call for cryptocurrency regulation and the impact of hospital ransomware attacks.

DDoS Protection

DNS Flaw Can Be Exploited for DDoS Attacks

Akshaya Asokan  •  May 7, 2021

Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.

Application Security

Can Evidence Collected by Cellebrite's Tools Be Trusted?

Anna Delaney  •  May 7, 2021

The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.

Endpoint Security

Intel, AMD Dispute Findings on Chip Vulnerabilities

Doug Olenick  •  May 6, 2021

Intel and AMD are disputing the findings of researchers from two universities who say they've discovered new attacks on Intel and AMD processors that can bypass most of the defenses put in place earlier for similar "Spectre" and "Meltdown" attacks.

Governance & Risk Management

Exim Patches 21 Flaws in Message Transfer Agent

Akshaya Asokan  •  May 6, 2021

Exim, one of the most-used message transfer agents, has issued patches for 21 flaws that could put thousands of users at risk of attacks, researchers at security firm Qualys say.

Governance & Risk Management

PHP Composer Flaw That Could Affect Millions of Sites Patched

Prajeet Nair  •  May 5, 2021

A patch has been issued for a serious vulnerability that affects PHP Composer - a tool used to manage and install software dependencies in the PHP ecosystem. Security researchers at SonarSource say the flaw could put millions of websites at risk.

DDoS Protection

DDoS Attack Knocks Belgian Websites Offline

Doug Olenick  •  May 5, 2021

The websites of about 200 public and private entities in Belgium were knocked fully or partially offline Tuesday by a distributed denial-of-service attack against the publicly funded internet service provider Belnet.

Fraud Management & Cybercrime

Ransomware Hits Australian Telecom Provider Telstra’s Partner

Akshaya Asokan  •  May 5, 2021

A ransomware gang claims to have stolen SIM card data and banking information in an attack on Schepisi Communications, a service provider to Australian telecommunications company Telstra, a local news outlet reports.

►

Business Continuity Management / Disaster Recovery

Ransomware: Reducing the Risk to Universities

Anna Delaney  •  May 4, 2021

In light of the surge in ransomware attacks against universities, institutions need to make asset management a much higher priority, removing obsolete systems and upgrading essential systems to the latest version to avoid exploits of unpatched vulnerabilities, says Matthew Trump of the University of London.

Cyberwarfare / Nation-State Attacks

Iran's Military Reportedly Backs Ransomware Campaign

Akshaya Asokan  •  May 4, 2021

Iran's Islamic Revolutionary Guard Corps was behind a ransomware campaign that used a contracting company called "Emen Net Pasargard" to target more than a dozen organizations, according to the security firm Flashpoint. But could cyberespionage be the campaign's true mission?