Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

Tech giant ASUS is believed to have pushed malware to hundreds of thousands of customers through its trusted automatic software update tool after attackers compromised the company’s server and used it to push the malware to machines. Half a million Windows machines received a malicious backdoor through the ASUS update server, although the attackers appear … Read more

Aluminium maker defends itself against ransomware with manual plan

Hydro with 35,000 employees with smelting plants, factories and offices in 40 countries – globally experienced a ransomware attack since Monday was forced to switch some systems to manual operation. The ransomware used might have been the relatively new and difficult-to-detect strain, dubbed LockerGoga, which criminals use to quickly encrypt computer files, before demanding payment … Read more

Dataleak: Fila UK formjacked with malicious code in payment process

Group-IB said it discovered and reported to FILA UK malware known as GMO that was active on the fashion brand’s website for the past four months – and may have sniffed the payment card information of thousands of customers placing online orders through the tainted pages.“Cybercriminals might have injected a malicious code by either exploiting … Read more

Dataleak: Elsevier Left Users’ Passwords Exposed Online

Publisher Elsevier has leaked the unencrypted passwords and e-mail addresses of users via an unsecured server. The data was accessible to everyone on the internet. How long the data was online and how many users were affected is still unclear. Security investigator Mossab Hussein discovered Elsevier’s server. It contained unencrypted passwords of users and their … Read more

IMAP on email vulnerable for password-spraying attacks

IMAP (Internet message access protocol) is an authentication protocol enabling an account to be accessed from multiple devices. This is often used by desktop and mobile phone email clients to retrieve email from the email server. No additonal layer of protection is possible with multi-factor authentication. IMAP support is “on” by default on Office 365 … Read more

ENISA launched Smartphone Secure development Guidelines

ENISA launched a smartphone guidelines tool with the following subjects: – Ensure correct usage of biometric sensors and secure hardware; – Secure data integration with third party code; – Implement user authentication, authorization and session management correctly; – Ensure sensitive data is protected in transit; – Consent and privacy protection; – Protect paid resources; – … Read more

ETSI lanches first security baseline for consumer IoT devices

The security of IoT devices is becoming a growing concern. ETSI has therefore created a “security baseline” for these IoT devices. ETSI: “People entrust their personal data to a growing number of online devices and services. In addition, traditionally offline products and appliances are now connected and must be designed to withstand cyber threats. To … Read more

US Senators: risk assessement on foreign VPNs

In a letter to Director of the Department Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, Christopher Krebs, the two senators Wyden and Rubio requested an investigation of possible risks stemming from VPN and data-saving apps based in unfriendly foreign nations. The growth of usage of mobile VPN and data-saving (proxying) apps of Russian … Read more

European Commission adopts adequacy decision on Japan

The Commission has adopted today its adequacy decision on Japan, allowing personal data to flow freely between the two economies on the basis of strong protection guarantees. Before the Commission adopted its adequacy decision, Japan put in place additional safeguards to guarantee that data transferred from the EU enjoy protection guarantees in line with European … Read more