Understanding a cybercrook’s thinking to make people your first defence against phishing

Ransomware attacks worldwide rose by 350 per cent from 2016 to 2017 says a recent special report by SC Magazine sponsored by Cofense, a provider of intelligent phishing defence solutions.

“Security pros constantly invent better mousetraps, but the mice never stop evolving,” is Josh Bartolomie’s first statement in the report. The Director of Research at Cofense goes on to ask: if the ‘mice’ keep evolving, how exactly can organisations stop attacks?

Anton Jacobsz, CEO at Networks Unlimited Africa, a distribution partner with Cofense in sub-Saharan Africa, says phishing attacks rely on a single moment of inattention or ignorance.

Critical DoS Bug Bubbles Up in Facebook Fizz TLS 1.3 Project

Users of the open-source project should upgrade immediately.

A critical denial-of-service (DoS) vulnerability in Facebook’s open-source implementation of the transport layer security (TLS) 1.3 protocol could cause an infinite loop – thus disrupting any web service that relies on it.

Kevin Backhouse, a researcher at Semmle, discovered the bug in the project (CVE-2019-3560), which is called Facebook Fizz. Fizz is used on most of Facebook’s own infrastructure to facilitate secure communications with web services using TLS 1.3 (i.e., https instead of http), but it was also made public last August for use by other organizations.

Round 4 — Hacker Puts 26 Million New Accounts Up For Sale On Dark Web

A hacker who was selling details of nearly 890 million online accounts stolen from 32 popular websites in three separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the dark web.

The Hacker News today received a new email from the Pakistani hacker, who goes by online alias Gnosticplayers and previously claimed to have hacked dozens of popular websites from companies which, according to him, probably had no idea that they were compromised.

The hacker last month made three rounds of stolen accounts up for sale on the popular dark web market called Dream Market, posting details of 620 million accounts stolen from 16 websites in the first round, 127 million records from 8 sites in the second, and 92 million from 8 websites in the third.

More than Half of RSA Attendees to Increase Mobile Cybersecurity Investment

A majority of attendees at RSA this week plan to spend more on mobile security in the coming year.

Seventy-six percent of respondents to a Lookout survey access corporate data from personal mobile devices and/or public WiFi networks.

“Mobility, SaaS and cloud computing are enabling end users to access corporate data from any device and any location, rendering traditional perimeter security ineffective,” said Santosh Krishnan, Chief Product Officer, Lookout. “So it is not surprising that, in this post-perimeter era, an overwhelming majority of respondents have accessed corporate data from personal mobile devices or through public WiFi networks. This is concerning, as attacks, like phishing, have evolved to take advantage of the fact that existing perimeter protections no longer have visibility into user traffic. Enterprises need to adopt a post-perimeter security architecture to secure access to their corporate data.”

Microsoft unveils cloud-based AI cybersecurity tools

Microsoft launched two cloud-based security tools, Azure Sentinel and Threat Experts, which use artificial intelligence to help security professionals respond to immediate threats more quickly.

Azure Sentinel is designed to pull in large amounts of data from other cloud-based services — Microsoft is billing the platform as a "cloud-native Security Information and Event Management tool."

Sentinel lets users connect to and collect data from all sources including applications, servers, and devices running on-premises or in the cloud.