Iran-backed DNS hijack campaign targets telecoms, governments

Security Digest Information security news and advice from TechTarget's network| January 16, 2019 FEATURED STORY Iran implicated in DNS hijacking campaign around the world by Michael Heller, Senior Reporter FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions. (SearchSecurity.com) Advertisement NEWS   Ryuk ransomware poses growing threat to enterprises Cybersecurity vendors CrowdStrike and FireEye both published new research that shows an increase in Ryuk ransomware attacks on enterprises, which have earned hackers $3.7 million. (SearchSecurity.com)   UnCAPTCHA attack updated to bypass spoken phrases Researchers updated their unCAPTCHA proof of concept to be more efficient in bypassing audio CAPTCHAs and be able to handle spoken phrases and not just strings of numbers. (SearchSecurity.com)   Kaspersky Lab aided NSA hacking tools investigation News roundup: According to a new report from Politico, Kaspersky Lab aided the NSA in catching alleged data thief Harold Martin. Plus, telecoms are selling customer data, and more. (SearchSecurity.com)   Risk & Repeat: What APT10 means for managed service providers This week's Risk & Repeat podcast discusses how a Chinese state-sponsored threat group known as APT10 hacked into managed service providers to gain access to their clients. (SearchSecurity.com) EXPERT ADVICE   How NIST is preparing to defend against quantum attacks The NSA has begun the transition from ECC to new algorithms to resist quantum attacks. Learn about the threat posed by quantum computing from expert Michael Cobb. (SearchSecurity.com)   Updating TLS? Use cryptographic entropy for more secure keys Cryptographic entropy is necessary to secure session encryption keys in TLS 1.2, but RSA key transport is not supported in TLS 1.3. Discover the causes for concern with Judith Myerson. (SearchSecurity.com)   How to block public access for AWS S3 bucket security AWS S3 buckets leaked millions of files, including sensitive data, by enabling public access. Learn how to block public access with expert David Shackleford. (SearchCloudSecurity.com)   How can an authentication bypass vulnerability be exploited? A vulnerability was found in Western Digital's My Cloud NAS device that can be easily exploited by hackers. Discover what this vulnerability is and how users can be protected. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.