Posts

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

DHS Has New Cyber Collaboration Center, But Private Companies May Hesitate to Share — Law.com

  • SonicWall CEO Bill Conner discusses the challenges faced by the new DHS National Risk Management Center initiative in relation to cooperation from the private sector.

ADT Acquires MSSP SDI, Eyes Small Business Cybersecurity Market Growth — MSSP Alert

  • ADT, the monitored security and home and business automation solutions provider, has acquired Secure Designs Inc. (SDI), a well-known MSSP and SonicWall partner that manages firewall equipment for small business customers.

The Changing Data Security Landscape — Database Trends and Applications

  • The SonicWall 2018 Cyber Threat Report is used in an analysis of the overall risk landscape for cybersecurity.

SonicWall to expand product engineering facility in India — ETCIO

  • Debasish Mukherjee, Country Manager India & SAARC SonicWall sat down with ETCIO to discuss the country’s expansion in Bangalore, India.

Cyber Security News

The Sensors That Power Smart Cities Are a Hacker’s Dream — Wired

  • Research from IBM Security and data security firm Threatcare that looked at sensor hubs from three companies—Libelium, Echelon, and Battelle—that sell systems to underpin smart city schemes.

Network of 15,000 bots used to spread cryptocurrency giveaway spam via Twitter — SC Magazine

  • A recently developed methodology for identifying Twitter bot accounts in large quantities turned up a cryptocurrency scam botnet operation found to leverage at least 15,000 bots to submit bogus tweets and likes.

Internet of Things Adoption to Rise Despite Security, Data Integration Challenges — The Wall Street Journal

  • Firms continue to adopt Internet of Things technologies, but believe large-scale deployments and returns on investment may take longer than expected to materialize due to ongoing security and implementation challenges.

iPhone Chipmaker Blames WannaCry Variant for Plant Closures — Bloomberg

  • Taiwan Semiconductor Manufacturing Co. blamed a variant of the 2017 WannaCry ransomware for the unprecedented shutdown of several plants, as it ramps up chipmaking for Apple Inc.’s next iPhones

Atlanta’s Reported Ransomware Bill: Up to $17 Million — Bank Info Security

  • The cost of the city of Atlanta’s mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million.

In Case You Missed It

SonicWall’s Consistent Value, Cyber Security Effectiveness Earn ‘Recommended’ Rating from NSS Labs

For far too long the modern organization has been told it must pay hundreds of thousands of dollars (or even millions) for powerful, enterprise-grade security.

But for more than 25 years, SonicWall’s mission has been to deliver consistent value and powerful cyber security for organizations of all sizes and budgets. For the fifth time since 2012, this has been validated by one of the most trusted, fact-based organizations in the industry: NSS Labs.

In its 2018 group test of next-generation firewalls (NGFW), NSS Labs strongly positioned SonicWall and the NSa 2650 firewall in the upper-right ‘Recommended’ quadrant of the 2018 NSS Labs Security Value MapTM (SVM).

“NSS Labs is committed to independent testing that helps enterprises make informed cybersecurity decisions,” said NSS Labs CEO Vikram Phatak in SonicWall’s official announcement. “With ‘Recommended’ ratings for five years, SonicWall next-generation firewalls are an excellent choice for any company seeking devices with strong security and consistent product quality to evolve their security architectures. We applaud SonicWall’s focus on product consistency and security effectiveness.”

This year’s in-depth firewall comparison was comprised of totals based on security effectiveness, block rates, stability, performance, product purchasing price, maintenance, installation costs, required upkeep, management and installation. In its head-to-head comparison tests, NSS Labs verifies that NSa 2650:

  • Remains one of the highest-rated and best-value NGFWs in the industry, with a 98.8 percent security effectiveness rating
  • Delivers second-best total cost of ownership (TCO) with $4 per protected Mbps
  • Tested 100 percent effective in countering all advanced HTTP evasion, obfuscation and fragmentation techniques
  • Earned 100 percent ratings in stability and reliability testing

Many factors are taken into consideration when weighing vendor options, measuring security efficacy and calculating TCO.

Security Effectiveness of Firewalls

NSS Labs conducts one of the industry’s most respected, comprehensive and fact-based validation programs for a full range of cybersecurity products, including network and breach security, endpoint protection, cloud and virtual security, and more.

For this year’s comparison test, the SonicWall NSa 2650 next-generation firewall was compared against other industry offerings. During the NSS Labs evaluation, SonicWall NSa 2650 endured thorough testing exercises via the NSS Exploit Library, which exposed the appliance to more than 1,900 exploits.

To ensure real-world testing conditions, NSS Labs engineers utilize multiple commercial, open-source and propriety tools to launch a broad range of attacks. SonicWall NSa 2650 blocked 98.8 percent of all attacks was 100 percent reliable during testing. SonicWall also was successful in countering 100 percent of all advanced HTTP evasion, obfuscation and fragmentation techniques.

The SonicWall NSa 2650 strong security effectiveness and findings within the NSS report are applicable to the entire SonicWall NSa next-generation firewall series.

Total Cost of Ownership for Firewalls

“SonicWall offers the second-lowest TCO with $4 cost per protected Mbps.”

The cyber security industry’s pricing models are, frankly, out of date. Too many legacy vendors believe their old way of doing business — charging hundreds of thousands, or even millions of dollars — is beneficial to end customers and prospects. In some cases, high-end hardware is required, but there should also be powerful, cost-effective options for today’s business.

SonicWall understands and embraces this change.

It’s the reason we continually monitor and refine our pricing structures to ensure every organization is able to protect themselves from today’s most malicious cyberattacks. And we’re proud to say that NSS Labs found SonicWall to offer the second-lowest TCO with $4 cost per protected Mbps.

NSS Labs calculates TCO across a three-year period. At a high level, the formula includes:

  • Year 1 Purchase Price
  • Year 1 Installation & Labor
  • Year 1 Maintenance Costs
  • Year 2 Maintenance Costs
  • Year 3 Maintenance Costs

According to NSS Labs, “Calculations are based on a labor rate of $75 (USD) per hour and vendor-provided pricing information. Where possible, the 24/7 maintenance and support option with 24-hour replacement is used, since enterprise customers typically select that option. Pricing includes one enterprise-class CMS to manage up to five devices.”

As a best practice, enterprises and security-conscious organizations should include TCO as part of their NGFW evaluations, including:

  • Acquisition costs for NGFW and a central management system (CMS)
  • Fees paid to the vendor for annual maintenance, support and signature updates
  • Labor costs for installation, maintenance and upkeep

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

As Malware, Ransomware Surge in 2018, SonicWall Raises Alarm on Encrypted Threats and Chip-Based Attacks

  • SonicWall publishes a mid-year update of 2018 SonicWall Cyber Threat Report, finds more than 5.99 billion total malware attacks, up 102 percent, in the first six months of 2018.

Ghostbusters 2: how to deal with Spectre, the sequel – SC Magazine (UK)

  • Lawrence Pingree, SonicWall’s VP of Product Management discusses the possibilities of future exploits built on the Spectre vulnerability

Big Enterprise or Small Business, It Doesn’t Matter: Hackers Are Coming for You, Right Now – Joseph Steinberg

  • Quotes from a 2017 interview between Bill Conner and Joe Steinberg are resurfaced to explain that about half of all cyber-attacks are on small businesses.

Cyber Security News

Now Pushing Malware: NPM package dev logins slurped by hacked tool popular with coders – The Register

  • An unfortunate chain reaction was averted today after miscreants tampered with a widely used JavaScript programming tool to steal other developers’ NPM login tokens.

Hackers are selling backdoors into PCs for just $10 – ZDNet

  • Cyber criminals are offering remote access to IT systems for just $10 via a dark web hacking store — potentially enabling attackers to steal information, disrupt systems, deploy ransomware and more.

Senators press federal election officials on state cybersecurity – The Hill

  • Senators on Wednesday pressed top officials from the U.S. Election Assistance Commission (EAC) about their efforts to boost state cybersecurity election systems, with a focus on whether each state should have a mechanism in place to audit their results.

Cryptocurrency service Bancor robbed of billions; MyEtherWallet users targeted via malicious VPN Chrome extension – SC Magazine

  • Cryptocurrency token conversion service Bancor disclosed yesterday that hackers stole millions in funds from one of its online wallets, while Etherium crypto wallet service MyEtherWallet warned that hackers may have compromised anyone who accessed its service while using the free VPN service Hola and its Chrome extension.

Breach department: Unauthorized party accesses Macys.com and Bloomingdales.com customer accounts – SC Magazine

  • For nearly two months, an unauthorized party reportedly used stolen usernames and passwords to log into the online accounts of certain Macys.com and Bloomingdales.com customers.

In Case You Missed It

5 Cyberattack Vectors for MSSP to Mitigate in Healthcare

It’s no secret that healthcare continues to be one of the most targeted industries for cybercriminals. Healthcare providers store and maintain some of the most valuable data and the appetite for fraudulent claims or fake prescription medications is insatiable.

Despite all of the regulations, there are still fewer watchdogs overseeing healthcare. For many providers, cyber security hasn’t been a priority until very recently.

With more and more organizations reaching out to cyber security experts for assistance, it’s more important than ever that managed security services providers (MSSPs) understand the healthcare industry so that they can tailor solutions aimed at improving the security posture of healthcare providers.

Inside Users Present the Greatest Threat

According to a 2018 survey of cyber security professionals conducted by HIMSS, over 60 percent of threat actors are internal users within a healthcare organization. Email phishing and spear-phishing attempts are aimed at tricking users into providing credentials or access to information for cybercriminals. Negligent insiders, who have access to trusted information, can facilitate data breaches or cyber incidents while trying to be helpful.

In addition to systematically monitoring and protecting infrastructure components, MSSPs need to consider a multi-faceted campaign that creates a cyber security awareness culture within healthcare organizations. This campaign should include template policies and procedures for organizations to adopt, regular and routine training efforts, and human penetration-testing.

From a systematic perspective, it’s important to have tools that will do everything possible to mitigate cyberattacks. Tools like next-generation email security to block potential phishing or spear phishing attempts; endpoint security solutions to monitor behavior through heuristic-based techniques; and internal network routing through a next-generation firewall to perform deep packet inspection (DPI) on any information transgressing the network — especially if it’s encrypted.

Mobile Devices Open Large Attack Surfaces

Mobile devices have changed the way that we do just about everything. And the same is true for the manner in which healthcare conducts business.

To enable mobility and on-demand access, many electronic health record (EHR) applications have specific apps that create avenues for mobile devices to access portions of the EHR software. The widespread adoption of mobile devices and BYOD trends are pushing healthcare to adapt new business models and workflows. Cyber risk mitigation must be a priority as momentum continues to build.

MSSPs need to pay very careful attention to the access that mobile devices have to the EHR application, whether hosted on-premise or in the cloud. For more protection, implement a mobile device management (MDM) solution if the organization doesn’t already have one.

IoT Leaves Many Healthcare Providers at Risk

The Internet of Things (IoT) is bringing connectivity and statistical information to providers in near real-time while offering incredible convenience to the patient. Even wearable devices have immense capabilities to monitor chronic illnesses, such as heart disease, diabetes and hypertension. With these devices comes an incredible opportunity for hackers and immense threat for healthcare providers.

IoT devices tend to have weaker protections than typical computers. Many IoT devices do not receive software or firmware updates in any sort of regular cadence even though all of them are connected to the internet. There are so many manufacturers of IoT devices, and they are distributed through so many channels. There are no standards or controls regarding passwords, encryption or chain of command tracking capabilities to see who has handled the device.

If it’s feasible for the organization, totally isolate any IoT-connected devices to a secure inside network not connected to the internet (i.e., air gapped).

Encryption for Data at Rest Is Critical

For healthcare providers, it’s equally important to have a strong encryption for both data at rest and data in transit. Encryption for data at rest includes ensuring the software managing PHI doesn’t have a really weak single key that could unlock everyone’s PHI. If at all possible, records should be encrypted with unique keys so that a potentially exposed key doesn’t open the door to everyone’s information.

Attacks Are Hiding within Encrypted Traffic

MSSPs serving healthcare organizations need to realize that there is not one layer of defense that they should rely on. That said, perhaps the most important layer is the firewall.

A next-generation firewall, with DPI capabilities, is a critical component to securing a healthcare network. Even internal traffic transgressing the network should be routed through the firewall to prevent any potential malicious traffic from proliferating the entire LAN and to log transactions.

As much as possible, isolate medical devices and software applications that host PHI inside a secure network zone and protect that zone with an internal DPI-capable firewall that will only allow access to authorized services and IP addresses.


About ProviNET

ProviNET is a SonicWall SecureFirst Gold Partner. For nearly three decades, ProviNET has delivered trusted technology solutions for healthcare organizations. Whether it’s a single project or full-time onsite work, ProviNET designs and implements customized solutions so healthcare organizations can focus on core services.

ProviNET’s tight-knit group of experienced, industry-certified personnel are focused on customer satisfaction. They are a reputable organization, fulfilling immediate IT needs and helping plan for tomorrow. They are ready to put their extensive knowledge to work for healthcare, developing strategies and solving challenges with the latest technology.

To learn more about ProviNET, please visit www.provinet.com.

Ransomware Surges, Encrypted Threats Reach Record Highs in First Half of 2018

To ensure organizations are aware of the latest cybercriminal attack behavior, today SonicWall published a mid-year update to the 2018 SonicWall Cyber Threat Report.

“The cyber arms race is moving faster than ever with bigger consequences for enterprises, government agencies, educational and financial institutions, and organizations in targeted verticals,” said SonicWall CEO Bill Conner in the official announcement.

Cyber threat intelligence is a key weapon in organizations’ fight against criminal organizations within the fast-moving cyber arms race. The mid-year update outlines key cyberattack trends and real-world threat data, including:

Data for the annual SonicWall Cyber Threat Report is gathered by the SonicWall Capture Threat Network, which sources information from global devices and resources including more than 1 million security sensors in nearly 200 countries and territories.

“SonicWall has been using machine learning to collect, analyze and leverage cyber threat data since the ‘90s,” said Conner. “This commitment to innovation and emerging technology is part of the foundation that helps deliver actionable threat intelligence, security efficacy and automated real-time bread detection and prevention to our global partners and customers.”

Get the Mid-Year Update

Dive into the latest cybersecurity trends and threat intelligence from SonicWall Capture Labs. The mid-year update to the 2018 SonicWall Cyber Threat Report explores how quickly the cyber threat landscape has evolved in just a few months.

GET THE UPDATE

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Breaking down SonicWall’s 12 new features for mid-tier enterprises — TechRepublic

  • Following the release of SonicWall’s latest product news, TechRepublic provides an overview of the features released. This article concludes that the new mid-tier offerings make SonicWall an option for companies of any sector and size.

Review: SonicWall TZ400 Provides Local Governments with Deep, Frontline Protection – StateTech

  • SonicWall’s firewall appliance is a strong choice for state and local governments watching the bottom line.

Cyber Security News

Sophos shares tank as revenues slow – UK Investor Magazine

  • Shares in cyber security group Sophos fall by a fifth as growth slows. The company’s shares fell by more than 20% as it said billings growth – an indicator of future revenues – in the three months to the end of June had slowed to just 6pc, or 2pc when adjusted for foreign currency changes.

New Virus Decides If Your Computer Good for Mining or Ransomware — The Hacker News

  • Researchers at Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well.

Macro-based malware campaign replaces desktop and Quick Launch shortcuts to install backdoor — SC Magazine

  • Researchers have uncovered an unusual malicious macro-based malware campaign that effectively modifies infected users’ shortcut files so that they secretly download a backdoor program.

Trump nominates former Energy official to lead Homeland Security tech research arm — The Hill

  • President Trump announces that he is tapping William Bryan, an Army veteran and former Department of Energy official, to lead the Department of Homeland Security’s technology research and development arm.

Adidas Reports Data Breach — The Wall Street Journal

  • Adidas warned late on Thursday that hackers may have lifted customer data from its US website.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

SonicWall Targets Mid-Tier Enterprises with New Network Security Software and Appliances SiliconANGLE

  • Following the release of SonicWall’s latest product news, SiliconANGLE unpacks updates to the SonicWall Capture Security Center. This article also touches on the company’s six new firewall appliances.

Cyber Security News

Despite Caution Over Cryptocurrency, Investors are Bullish The New York Times

  • Initial coin offerings are raising billions for cryptocurrency start-ups, like the Russia messaging service Telegram, which raised nearly $2 billion.

Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records Wired

  • Earlier this month, security researcher Vinny Troia discovered that Exactis, a data broker based in Palm Coast, Florida, had exposed a database that contained close to 340 million individual records on a publicly accessible server. The haul comprises close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses.

Reality Winner, N.S.A. Contractor Accused in Leak Pleads Guilty The New York Times

  • Reality Winner, the former government contractor charged with leaking classified information, pleaded guilty in federal court Tuesday as part of a plea agreement reached with federal prosecutors.

Hotels, Airlines and Travel Sites Battle Bot Attacks ZDNet

  • Attackers in certain countries appear to have a particular focus on breaching organizations operating in the travel sector.

60,000 Android Devices Hit With Ad-Clicking Bot Ransomware SC Magazine

  • A new malicious Android app has infected at least 60,000 devices gaining the ability to extract some important information from each device along with installing some ad click malware.

New Fears Over Chinese Espionage Grip Washington The Hill

  • Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractor’s computer and collected data on submarine technology.

In Case You Missed It

Capture Cloud Platform: A Security Ecosystem that Harnesses the Power of the Cloud

We have fantastic advancements in technologies right now. With software-defined everything (SDx) and cloud becoming more accessible and affordable, both large and small organizations can effectively execute their digital business strategies with greater ease and speed.

As new applications, systems and SDx architecture are deployed to advance the digital business, many organizations also find themselves retooling their cyber security model to maintain the health and defense of their networks and services.

Organizations now must have complete knowledge, visibility and control of the security ecosystem, and the capacity to manage and remove cyber risks that can be disruptive and disastrous to the business.

To help make the cloud journey powerful, agile and safe, SonicWall developed its Capture Cloud Platform to address CISOs’ top three cyber security priorities:

  1. Give actionable cyber threat intelligence to help better understand security risks and quickly respond to them
  2. Reduce security silos by consolidating and integrating security technologies
  3. Manage cyber risk with greater visibility and control

Integrated Security, Management & Analytics

The core value of the Capture Cloud Platform is the integration of several key capabilities with our cloud-based centralized management, reporting and analytics services, including the Capture Advanced Threat Protection (ATP) sandbox, which includes Real-Time Deep Memory Inspection (RTDMITM) technologies, and Capture Labs and Capture Threat Network threat intelligence services.

This all-in-one approach enables our complete portfolio of high-performance hardware, virtual appliances and clients to harness the power, agility and scalability of the cloud and allows organizations to:

  • Drive end-to-end visibility and share intelligence across a unified security framework
  • Proactively protect against known and unknown cyberattacks (e.g., zero days)
  • Gain contextual awareness to detect and respond to security risks with greater speed and accuracy
  • Make informed security policy decisions based on real-time and consolidated threat information

SonicWall Capture Cloud Platform service-oriented architecture tightly unifies the current and future SonicWall security and management services organizations needs to run an efficient security operation center (SOC). It eases and, in most cases, automates the governance of their network, endpoints and cloud security services with single-pane-of-glass (SPOG) experience.

10 Components of the Capture Cloud Platform

Organizations are empowered by Capture Cloud Platform to make the shift from the old on-premises world of IT into the new hybrid cloud-as-a-service world by coalescing SonicWall security solutions with simple, common management tools that not only help achieves desired security and operational goals but also real business values.

Currently, Capture Cloud Platform is comprised of 10 key SonicWall security and service components:

  1. Capture Security Center
  2. Real-Time Cyber Threat Intelligence
  3. Capture Client
  4. Capture ATP
  5. Cloud App Security
  6. Management & Analytics
  7. NSv Series virtual firewalls
  8. NSa Series hardware firewalls
  9. Web Application Firewall (WAF)
  10. MySonicWall & Licensing (credentials required)

The combination of these services delivers mission-critical layered cyber defense, threat intelligence, analysis and collaboration, and common management, reporting and analytics, that work synchronously together.

This help organizations stay on top of the cyber threat landscape, protect sensitive information, meet compliance, and maintain normal service operations while moving the company’s digital transformation forward safely.

Visit our Capture Cloud Platform to get detailed information on each of the solution values and learn how the platform can securely accelerate your cloud journey.

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

Cloud Encryption Market: Security to Remain Primary Factor for Adoption of Cloud Encryption Tech You n Me

  • This article reviews the cloud encryption market and how key players like SonicWall are releasing innovative new products, like the company’s range of cloud security products that includes the SonicWall Cloud Analytics application for deep security data analysis and automated breach detection.

Sophos XG vs SonicWall NS: Top NGFWs Compared eSecurity Planet

  • In an article detailing the strengths and weaknesses of top vendor next-generation firewalls (NGFWs), the SonicWall NSA is featured in comparison to the Sophos XG.

Cyber Security News

How a Few People Took Equifax to Small Claims Court Over Its Data Breach and Won The New York Times

  • After 145 million Americans’ financial information was exposed last year, some of them won cases against the credit reporting agency in local courts.

Script Kiddie Goes From ‘Bitcoin Baron’ to ‘Lockup Lodger’ After DDoSing 911 Systems The Register

  • Randall Charles Tucker was given a 20-month sentence Tuesday after pleading guilty earlier this year to one count of felony intentional damage to a protected computer. He had faced as many as 41 months.

New Phishing Scam Reels In Netflix Users To TLS-Certified Sites — Threat Post

  • Researchers are warning of a new Netflix phishing scam that leads victims to sites with valid Transport Layer Security (TLS) certificates.

Korean Cryptocurrency Exchange Bithumb Loses More Than $30 Million in Hack The Wall Street Journal

  • Seoul-based bitcoin exchange Bithumb said Wednesday it had lost over $30 million as the result of being hacked, the second cyberattack in two weeks to hit a major South Korean cryptocurrency exchange as safety concerns hamper the industry and weigh on prices.

This New Windows Malware Wants to Add Your PC to a Botnet – or Worse ZDNet

  • Dubbed Mylobot after a researcher’s pet dog, the origins of the malware and its delivery method are currently unknown, but it appears to have a connection to Locky ransomware – one of last year’s most prolific forms of malware.

China-Based Hackers Breached Satellite, Defense Firms: Study The Hill

  • China-based hackers infiltrated satellite operators, defense contractors and telecommunications companies in the U.S. and southeast Asia, according to researchers at Symantec Corp.

In Case You Missed It

Cyber Security News & Trends

Each week, SonicWall collects the cyber security industry’s most compelling, trending and important interviews, media and news stories — just for you.


SonicWall Spotlight

CEO Spotlight- Bill Conner, SonicWall 1080 KRLD Radio

  • Bill Conner and David Johnson sit down and discuss SonicWall’s momentum, attack vectors threatening business and what’s happening in cybersecurity today on David’s CEO Spotlight radio segment.

Brightstar is the first SonicWall MSSP in India CRN.in

  • The recent SonicWall and Brightstar India partnership news continues to garner coverage featuring the launch of Security as a Service (SeCaaS) in the region.

“Digital Infrastructure Is Critical In Transforming a City and Creating a Sustainable Smart Ecosystem” BWSmart Cities

  • SonicWall’s Debasish Mukherjee, Country Manager India & SAARC, explains how crucial digital infrastructure is in transforming the cities of the future and how the role of new-age trends — like IoT, cloud and machine learning — drive the growth of the network security market.

Cyber Security News

Intel Chip Flaw: Math Unit May Spill Crypto Secrets to Apps–Modern Linux, Windows, BSDs Immune The Register

  • A security flaw within Intel Core and Xeon processors can be potentially exploited to swipe sensitive data from the chips’ math processing units.

U.S. warns World Cup attendees of Russian hacking risks The Washington Times

  • World Cup attendees risk having their personal data compromised by hackers, state-sponsored or otherwise, the head of the U.S. National Counterintelligence and Security Center warned ahead of the annual soccer tournament starting in Russia this week.

Luckymouse Threat Group Strikes National Data Center to Exploit Government Website ZDNet

  • Researchers say the Chinese threat actors behind the campaign aimed to compromise government resources.

UK Watchdog Issues $330K Fine for Yahoo’s 2014 Data Breach Tech Crunch

  • Another fallout from the massive Yahoo data breach that dates back to 2014: The UK’s data watchdog issued a £250,000 (about $334,000 USD) penalty for violations of the Data Protection Act 1998.

FBI Announces Arrrest of 74 Email Fraudsters ZDNet

  • Police have carried out a worldwide wave of arrests that have seen 74 people detained and over $16 million in purloined funds seized by suspected whalers or business email compromise (BEC) fraudsters.

Hackers Target Payment Transfer System at Chile’s Biggest Bank, ‘Take $10M’  — The Register

  • Banco de Chile has become the latest victim in a string of cyberattacks targeting the payment transfer systems of banks. Hackers reportedly used a variant of the complex KillDisk wiper malware to distract attention before targeting systems linked to the SWIFT inter-bank transfer network.

In Case You Missed It