Five ways to manage authorization in the cloud

The public cloud is being rapidly incorporated by organizations, allowing them to store larger amounts of data and applications with higher uptime and reduced costs, while at the same time, introducing new security challenges. One of the more prominent challenges is identity management and authorization. Since the beginning of cloud computing, authorization techniques in the cloud have evolved into newer models, which acknowledge the many different services that now come together to form a company’s … More

The post Five ways to manage authorization in the cloud appeared first on Help Net Security.

Posted on 16 September 2019 | 11:15 pm

Targeted threat intelligence and what your organization might be missing

In this Help Net Security podcast recorded at Black Hat USA 2019, Adam Darrah (Director of Intelligence), Mike Kirschner (Chief Operating Officer) and Christian Lees (Chief Technology Officer) from Vigilate, talk about how their global threat hunting and dark web cyber intelligence research team extends the reach of a company’s security resources, and lives within the underground community to remain ahead of emerging threats. Where many other solutions rely on machine learning (ML) to access … More

The post Targeted threat intelligence and what your organization might be missing appeared first on Help Net Security.

Posted on 16 September 2019 | 11:00 pm

Researchers uncover 125 vulnerabilities across 13 routers and NAS devices

In a cybersecurity study of network attached storage (NAS) systems and routers, Independent Security Evaluators (ISE) found 125 vulnerabilities in 13 IoT devices, reaffirming an industrywide problem of a lack of basic security diligence. The vulnerabilities discovered in the SOHOpelessly Broken 2.0 research likely affect millions of IoT devices. “Our results show that businesses and homes are still vulnerable to exploits that can result in significant damage,” says lead ISE researcher Rick Ramgattie. “These issues … More

The post Researchers uncover 125 vulnerabilities across 13 routers and NAS devices appeared first on Help Net Security.

Posted on 16 September 2019 | 10:45 pm

BotSlayer tool can detect coordinated disinformation campaigns in real time

A new tool in the fight against online disinformation has been launched, called BotSlayer, developed by the Indiana University’s Observatory on Social Media. The software, which is free and open to the public, scans social media in real time to detect evidence of automated Twitter accounts – or bots – pushing messages in a coordinated manner, an increasingly common practice to manipulate public opinion by creating the false impression that many people are talking about … More

The post BotSlayer tool can detect coordinated disinformation campaigns in real time appeared first on Help Net Security.

Posted on 16 September 2019 | 10:30 pm

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks continued to rise into the summer of 2019 with cybercrime gangs’ focus on branded webmail and SaaS providers remaining very keen, according to the APWG report. The report also documents how criminals are increasingly perpetrating business email compromise (BEC) attacks by using gift card cash-out schemes. The number of phishing attacks observed in the second quarter of 2019 eclipsed the number seen in the three quarters before. The total number of phishing sites … More

The post Phishing attacks up, especially against SaaS and webmail services appeared first on Help Net Security.

Posted on 16 September 2019 | 10:15 pm

Only 15% of organizations can recover from a severe data loss within an hour

There’s a global concern about the business impact and risk from rampant and unrestricted data growth, StorageCraft research reveals. It also shows that the IT infrastructures of many organizations are struggling, often failing, to deliver business continuity in the event of severe data outages. A total of 709 qualified individuals completed the research study. All participants had budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 100-2,500 … More

The post Only 15% of organizations can recover from a severe data loss within an hour appeared first on Help Net Security.

Posted on 16 September 2019 | 10:00 pm

Mini eBook: CCSP Practice Tests

The Certified Cloud Security Professional (CCSP) shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures. Download the Mini eBook for a sneak peek into the Official (ISC)² CCSP Practice Tests book. Inside you’ll find: 50 CCSP practice test items and answers to gauge your knowledge. Discount code to save on the full version which includes 1,000 items.

The post Mini eBook: CCSP Practice Tests appeared first on Help Net Security.

Posted on 16 September 2019 | 9:45 pm

ImmuniWeb Discovery diminishes application security complexity and operational costs

ImmuniWeb, a global application security testing and security ratings company, is thrilled to announce the launch of ImmuniWeb Discovery that now offers: continuous discovery of external digital web assets actionable security ratings of asset hackability and attractiveness continuous web security testing, best practices and compliance monitoring (PCI DSS, GDPR) continuous monitoring of data leaks, source code exposure, phishing and domain squatting monthly subscription starting at $99 per organization ImmuniWeb Discovery substantially diminishes application security complexity … More

The post ImmuniWeb Discovery diminishes application security complexity and operational costs appeared first on Help Net Security.

Posted on 16 September 2019 | 9:30 pm

Security Firm: Data Breach Exposes Millions of Ecuadorians

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, a cyber security firm said Monday.

read more

Posted on 16 September 2019 | 8:02 pm

Telia Carrier implemets RPKI, reducing the risk of accidental route leaks

Telia Carrier has announced, that it has implemented RPKI – a technology that validates and secures critical route updates or BGP announcements on its #1 ranked global Internet backbone. BGP is the central nervous system of the Internet and RPKI reduces the risk of accidental route leaks, or even hijacks, which can result in critical outages or fraudulent traffic manipulation. Internet connectivity has become an indispensable part of our everyday lives and the networks at … More

The post Telia Carrier implemets RPKI, reducing the risk of accidental route leaks appeared first on Help Net Security.

Posted on 16 September 2019 | 8:00 pm

Accenture supports Exxaro to digitally transform its business and unlock new revenue streams

Accenture has collaborated with Exxaro, one of South Africa’s leading coal producers, to help digitally transform its business and unlock new revenue streams by managing the migration of its SAP solutions, and other centrally-run applications used by Exxaro business units, to Microsoft Azure. This supports Exxaro’s ambition to establish a secure, agile, cost-effective and scalable platform that will improve business processes and continuity. Accenture created a cloud transformation strategy for Exxaro that defined the business … More

The post Accenture supports Exxaro to digitally transform its business and unlock new revenue streams appeared first on Help Net Security.

Posted on 16 September 2019 | 7:00 pm

City of Robstown still working to recover evidence lost in ransomware attack

Gilbert Betancourt is an IT/Security contractor in town who reminds everyone that if it can happen to police computers, it can happen to anyone.

Posted on 16 September 2019 | 6:14 pm

Cyber Security Presentation

All are welcome to attend an important talk on Cyber Security by Professor Patricia Tamburelli, Director, Community College of Morris, Center for ...

Posted on 16 September 2019 | 6:09 pm

Zappos Shoppers Seek Deal for 10% Discount After 2012 Data Breach

A pool of Zappos shoppers that filed suit against the online retailer over a data security breach in 2012 are now asking a judge to rule on a deal that ...

Posted on 16 September 2019 | 5:52 pm

FBI helps arrest hundreds, accused of cybersecurity swindles

TAMPA, Fla, (WFLA) – Federal agencies, and even law enforcement overseas, worked together to arrest 281 people, including 74 in the United States.

Posted on 16 September 2019 | 5:41 pm

Security firm: Data breach exposes millions of Ecuadorians

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, ...

Posted on 16 September 2019 | 5:30 pm

The Week That Will Be

In addition, NSA is also charged with the protection of U.S. national security systems, including Department of Defense worldwide computer networks ...

Posted on 16 September 2019 | 5:30 pm

Federal, military cyber experts to be put to the test in President's Cup competition

DHS today launched the President's Cup Cybersecurity Competition, daring individuals and teams across the military and civilian workforces to ...

Posted on 16 September 2019 | 5:30 pm

Security firm: Data breach exposes millions of Ecuadorians

Millions of Ecuadorians are at risk of identity theft because a security breach exposed a trove of data including names, phone numbers and birth dates, ...

Posted on 16 September 2019 | 5:30 pm

Cyber Teams Safeguard National Security

During the midterm elections last year, U.S. Cyber Command had three teams deployed in Europe working with partner nations to hunt and track ...

Posted on 16 September 2019 | 5:18 pm

VMRay Completes $10M Series B Funding

VMRay, a Bochum, Germany-based provider of automated malware analysis and detection solutions, closed its $10m (€9m) series B funding.

Posted on 16 September 2019 | 5:07 pm

US Cyber Command Signals More Aggressive Approach Involving Persistent Engagement Ahead ...

Much better coordination will occur with partners, such as the National Security Agency, with any cyber mission linked to persistent engagement.

Posted on 16 September 2019 | 5:07 pm

Russian Hacker To Plead Guilty In JPMorgan Case

A Russian hacker who perpetrated the financial data theft of over 80 million JPMorgan Chase & Co. clients will plead guilty to the crime later this ...

Posted on 16 September 2019 | 4:56 pm

Will international trade law block IOT cybersecurity regulation?

Joel Trachtman thinks it's a near certainty that the WTO agreements will complicate US efforts to head off an Internet of Things cybersecurity meltdown, ...

Posted on 16 September 2019 | 4:56 pm

Data breach reveals personal data of almost all of Ecuador

Almost the entire population of Ecuador had their personal records exposed after a massive breach was revealed on Monday by technology news site ...

Posted on 16 September 2019 | 4:45 pm

US Turning Up the Heat on North Korea's Cyber Threat Operations

Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

US Turning Up the Heat on North Korea's Cyber Threat Operations

The US DHS and the FBI warned of new malware activity related to Hidden Cobra, a DDoS botnet previously linked to North Korea's intelligence ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador (AP) — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

Recidivist Hacker Sentenced for Violating Supervised Release Conditions

Lacroix was first convicted in 2014 of access device fraud and computer fraud for hacking into Bristol Community College's computer servers using ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador (AP) — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

Almost entire population of Ecuador has online data leaked

Researchers uncover a large data breach thought to impact an estimated 17 million people of Ecuador, Interior Minister Maria Paula Romo says, ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador (AP) — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

Security firm: Data breach exposes millions of Ecuadorians

QUITO, Ecuador — A cyber security firm says it discovered a serious flaw in a computer server that exposed the personal data of millions of ...

Posted on 16 September 2019 | 4:33 pm

Exposed server leaks PII on all 16.6 million Ecuador citizens

If another leaky Elasticsearch server may seem a little anticlimactic, considering how frequently they occur, the latest find by security researchers might ...

Posted on 16 September 2019 | 4:22 pm

New Linux Malware Mines Crypto While Remaining Undetectable

Two threat analysts recently stumbled upon new Linux malware that keeps its cryptocurrency mining operations hidden. On Sept. 16, Augusto ...

Posted on 16 September 2019 | 4:22 pm

NSF awards NMSU $5 million for Phase II of smart grid research

“Elevating all of NMSU's research and creativity efforts, particularly when it ... security and resilience frameworks; and data-driven decision-making.

Posted on 16 September 2019 | 4:22 pm

Cyber security players can tap S'pore's manpower, networks: Teo Chee Hean

Global cyber security firms, large and small, that set up base in Singapore to grow their businesses and capabilities can tap the Republic's technical ...

Posted on 16 September 2019 | 4:00 pm

Spike in activity of Emotet malware here

The level of activity of a variant of a global malicious software program, or malware, called Emotet increased by more than 300 per cent in Singapore ...

Posted on 16 September 2019 | 4:00 pm

Senator looks for answers to border biometrics breach

Sen. Mark Warner, D-Va., wants to know more about the security practices U.S. Customs and Border Protection has in place for third-party vendors, ...

Posted on 16 September 2019 | 3:48 pm

Iowa Wanted to Test Court Records Security. Now 2 Men Face Burglary Charges.

“State Court Administration does not condone forcible entry into any building as a part of cyber-security or any other type of testing,” the statement said.

Posted on 16 September 2019 | 3:37 pm

To Avoid a Security Bug, Make Sure You're Running the Latest Version of the LastPass Extension

In a blog post today, LastPass acknowledged a bug in the extension that could potentially allow malicious websites to trick the browser into giving it ...

Posted on 16 September 2019 | 3:37 pm

To Avoid a Security Bug, Make Sure You're Running the Latest Version of the LastPass Extension

In the blog post announcing the issue, LastPass also offered a few security tips of its own. Specifically, to not ... You know, basic computer security.

Posted on 16 September 2019 | 3:37 pm

Almost entire population of Ecuador has online data leaked

Wikileaks founder Julian Assange reportedly had his Ecuadorean ID card details leaked as part of a massive security breach that saw the personal ...

Posted on 16 September 2019 | 3:37 pm

Almost entire population of Ecuador has online data leaked

Almost the entire population of Ecuador had their personal data leaked online, security experts said Monday, a massive breach that the government ...

Posted on 16 September 2019 | 3:37 pm

Iowa Wanted to Test Court Records Security. Now 2 Men Face Burglary Charges.

“State Court Administration does not condone forcible entry into any building as a part of cyber-security or any other type of testing,” the statement said.

Posted on 16 September 2019 | 3:37 pm

Arkansas' governor promotes computer science classes at Eureka Springs Schools

"The opportunities in the industry for those that know coding, that know computer science, whether it's IT or cyber security, they'e extraordinary. They're ...

Posted on 16 September 2019 | 3:37 pm

Sequoyah High Cyber Security

SODDY DAISY, Tenn. (WDEF) – Some students at Sequoyah High School may soon be on the front lines when it comes to protecting you on the ...

Posted on 16 September 2019 | 3:26 pm

Sequoyah High Cyber Security

SODDY DAISY, Tenn. (WDEF) – Some students at Sequoyah High School may soon be on the front lines when it comes to protecting you on the ...

Posted on 16 September 2019 | 3:26 pm

CISA Launches First Annual President's Cup Cybersecurity Competition

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the first-annual President's Cup ...

Posted on 16 September 2019 | 3:26 pm

Sequoyah High Cyber Security

SODDY DAISY, Tenn. (WDEF) – Some students at Sequoyah High School may soon be on the front lines when it comes to protecting you on the ...

Posted on 16 September 2019 | 3:26 pm

Almost entire population of Ecuador has online data leaked

Quito (AFP) - Almost the entire population of Ecuador had their personal data leaked online, security experts said Monday, a massive breach that the ...

Posted on 16 September 2019 | 3:15 pm

Password-exposing bug purged from LastPass extensions

Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account ...

Posted on 16 September 2019 | 3:14 pm

Data of 24.3 million Lumin PDF users shared on hacking forum

The person who leaked the data claims it notified Lumin PDF earlier this year but got no reply.

Posted on 16 September 2019 | 3:08 pm

LastPass bug could have let hackers steal your passwords

The popular password manager LastPass has released a patch for a bug that would have allowed malicious websites to extract passwords that were ...

Posted on 16 September 2019 | 3:03 pm

Data of 24.3 million Lumin PDF users shared on hacking forum

The details of over 24.3 million Lumin PDF users have been shared today on a hacking forum, ZDNet has learned from a source. The hacker said they ...

Posted on 16 September 2019 | 3:03 pm

LastPass bug could have let hackers steal your passwords

The popular password manager LastPass has released a patch for a bug that would have allowed malicious websites to extract passwords that were ...

Posted on 16 September 2019 | 3:03 pm

Cyber security meet COCON on September 27, 28

The 12th edition of the annual international cyber security conference, COCON, will be held at Grand Hyatt here on September 27 and 28. More than ...

Posted on 16 September 2019 | 2:52 pm

Equifax Doesn't Want You to Get Your $125. Here's What You Can Do.

Equifax had one job — keep its vast trove of personal financial information on millions of Americans secure. In 2017, the company failed spectacularly ...

Posted on 16 September 2019 | 2:52 pm

Brokerage Firm Hit With $500000 Data Breach Penalty

It also found that the brokerage allowed cybercriminals to breach its systems, access customer information and steal money from clients. And it faulted ...

Posted on 16 September 2019 | 2:52 pm

Cyber Security Software Market to Witness Huge Growth by 2025 | Key Players- Raytheon Cyber ...

A new business intelligence report released by HTF MI with title “Global Cyber Security Software Market Size, Status and Forecast 2019-2025” that ...

Posted on 16 September 2019 | 2:52 pm

Clough Capital Partners LP Maintains Holding in Microsoft (MSFT); Facebook (FB) Shareholder ...

... Starmind Selected for Microsoft ScaleUp Program for its Technological Innovations in Al; 08/05/2018 – Microsoft Patch Tuesday, May 2018 Edition; ...

Posted on 16 September 2019 | 2:37 pm

Colorado cites cybersecurity concerns in banning QR codes on ballots

Colorado on Monday became the first state in the U.S. to ban the use of QR codes on ballots, citing cybersecurity concerns associated with the use of ...

Posted on 16 September 2019 | 2:30 pm

How much pass could LastPass pass if LastPass passed last pass? Login-leaking security hole fixed

LastPass has fixed a security bug that potentially allowed malicious websites to obtain the username and passphrase inserted by the password ...

Posted on 16 September 2019 | 2:30 pm

New Research Report on Mobile Anti Malware Market , 2019-2025

Mobile anti-malware software provide protection to mobile devices against unwanted spyware that access information without the users knowledge.

Posted on 16 September 2019 | 2:30 pm

Cybersecurity Month aims to raise awareness of cyber threats

Whether it's the threat posed by hackers that seek to steal and exploit individuals' personal data, or the potential for devastating attacks on the nation's ...

Posted on 16 September 2019 | 2:30 pm

Balancing Act: Companies Walking a Fine Line Between Innovation and Cybersecurity

CompTIA's “Cybersecurity for Digital Operations,” based on a survey of 500 U.S. businesses, also reveals that company executives, business staff and ...

Posted on 16 September 2019 | 2:30 pm

Computer On Module(COM) Market 2019 SWOT Analysis By Major Players: Kontron, Congatec ...

The overall Computer On Module(COM) market is made with the fundamental and direct conclusion to exploit the Computer On Module(COM) market ...

Posted on 16 September 2019 | 2:18 pm

Skidmap malware drops LKMs on Linux machines to enable cryptojacking, backdoor access

Dubbed Skidmap, the malware can also grant attackers backdoor access to affected systems by setting up a secret master password that offers access ...

Posted on 16 September 2019 | 2:18 pm

Alleged JPMorgan hacker set to plead guilty

Andrei Tyurin, one of the key suspects in the huge JPMorgan Chase hack in 2014, is set to plead guilty, according to a court filing obtained by ...

Posted on 16 September 2019 | 2:18 pm

Don't be the next Capital One

Based on chatter and data in the dark web, we can expect more data to surface from breaches like the recent attack on Capital One in the next few ...

Posted on 16 September 2019 | 2:18 pm

Security agencies feared state and territory electoral commissions were targeted in cyber attack

Australia's security agencies were concerned that state and territory electoral commissions may also have been targeted as part of a cyber attack on ...

Posted on 16 September 2019 | 2:10 pm

Security agencies feared state and territory electoral commissions were targeted in cyber attack

Australia's security agencies were concerned that state and territory electoral commissions may also have been targeted as part of a cyber attack on ...

Posted on 16 September 2019 | 2:10 pm

LastPass Patches Bug That Could Potentially Expose Passwords

Popular password management app LastPass has revealed in a blog post that it has recently patched a security bug that could have revealed a user's ...

Posted on 16 September 2019 | 2:07 pm

What startup CSOs can learn from three enterprise security experts

As some of the largest companies in Silicon Valley have shown, security can be difficult. From storing passwords in plaintext to data breaches galore, ...

Posted on 16 September 2019 | 2:07 pm

Security agencies feared state and territory electoral commissions were targeted in cyber attack

Australia's security agencies were concerned that state and territory electoral commissions may also have been targeted as part of a cyber attack on ...

Posted on 16 September 2019 | 2:07 pm

'They Hacked the Constitution': Snowden Warns a Massive Record Is Being Built of Everyone on ...

Edward Snowden, the man who blew the whistle on government surveillance, has a warning about the dangers of technology and privacy. Snowden ...

Posted on 16 September 2019 | 2:07 pm

City Blocks Email Account of Alderman Who Refuses Cybersecurity Training

Officials in the Tennessee city of Germantown have restricted the email account of an alderman who refuses to undergo cybersecurity training.

Posted on 16 September 2019 | 1:56 pm

After recent hacks, tighten up your iPhone security the easy way

This iPhone security post is presented by Dashlane. To say the least, Google Project Zero's recent surprising report on the iPhone's two-year ...

Posted on 16 September 2019 | 1:56 pm

Entreda Wins Cybersecurity Award At Fifth Annual WealthManagement.com Industry Awards

Industry-Leading Cybersecurity Provider Recognized for Rapid Expansion and Enhancement of Service Offerings for the Wealth Management Industry.

Posted on 16 September 2019 | 1:45 pm

Entreda Wins Cybersecurity Award At Fifth Annual WealthManagement.com Industry Awards

16, 2019 /PRNewswire/ -- Entreda, an industry-leading developer of integrated cybersecurity software and solutions for the retail wealth management ...

Posted on 16 September 2019 | 1:45 pm

Cyberattacks: The Ever-Rising Threats

[Stay on top of transportation news: Get TTNews in your inbox.] Cyberattacks represent an ever-increasing risk that motor carriers and fleets are up ...

Posted on 16 September 2019 | 1:33 pm

Cyberattacks: The Ever-Rising Threats

“Some may also secure crime coverage, to include computer fraud and funds transfer coverage,” he said, adding that the coverages generally are not ...

Posted on 16 September 2019 | 1:33 pm

Cyberattacks: The Ever-Rising Threats

In a malware or ransomware attack, the hacker's goal is to shut down a motor carrier's operating system to extort a payment either to turn the system ...

Posted on 16 September 2019 | 1:33 pm

Yanet Garcia hacked: Mexican weathercaster becomes latest victim of Instagram hacking as nude ...

Mexican influencer and TV host Yanet Garcia appears to have been hacked after a fake nude picture of the star was reportedly posted on her ...

Posted on 16 September 2019 | 1:22 pm

RocketCyber Threat Monitoring Unveils Microsoft Defender App

... the Defender Manager multi-tenant command-and-control app for the Microsoft Defender antivirus and advanced threat protection solution.

Posted on 16 September 2019 | 1:22 pm

PSafe Offers a Suite of Tools to Protect Online Daters From Malware, Chatbots, and Phishing Scams

Recent research from cybersecurity provider PSafe indicates that dating site and app users are still falling for simple scams that download malware ...

Posted on 16 September 2019 | 1:22 pm

LastPass Extension Bug Can Leak Passwords to Malicious Websites

LastPass is advising users to update the Chrome extension for its password manager. A bug in the software can be exploited to leak users' login ...

Posted on 16 September 2019 | 1:11 pm

Huge data leak exposes 198 million car buyers' records

Last month, Jeremiah Fowler, senior security researcher at SecurityDiscovery.com, came across an unsecured database containing records with ...

Posted on 16 September 2019 | 1:11 pm

NCSC: 5 Cyber Incident Trends Affecting UK Organizations

A National Cyber Security Centre (NCSC) report details cyber incident trends in the UK from October 2018 to April 2019. In the report, NCSC ...

Posted on 16 September 2019 | 1:11 pm

NCSC: 5 Cyber Incident Trends Affecting UK Organizations

A National Cyber Security Centre (NCSC) report details cyber incident trends in the UK from October 2018 to April 2019. In the report, NCSC ...

Posted on 16 September 2019 | 1:11 pm

LastPass Extension Bug Can Leak Passwords to Malicious Websites

LastPass is advising users to update the Chrome extension for its password manager. A bug in the software can be exploited to leak users' login ...

Posted on 16 September 2019 | 1:11 pm

Google warns users of popular password manager Lastpass that dangerous bug may have ...

'LastPass could leak the last used credentials due to a cache not being updated,' tweeted Tavis Ormandy, a vulnerability researcher at Google.

Posted on 16 September 2019 | 1:00 pm

Data of Virtually All Ecuadoreans Leaked Online

The personal data of almost every citizen of Ecuador has been leaked online ... "This data breach is particularly serious simply because of how much ...

Posted on 16 September 2019 | 1:00 pm

Warner presses CBP on security best practices for third-party contractors

Warner wrote that he'd “frequently pointed out the derisory state of third-party contractor and subcontractor information security practices and ...

Posted on 16 September 2019 | 1:00 pm

Warner presses CBP on security best practices for third-party contractors

After photos of travelers and vehicles crossing U.S. borders were nicked from a Customs and Border Patrol (CBP) subcontractor through a cyberattack, ...

Posted on 16 September 2019 | 1:00 pm

InnfiRAT Targets Personal Data, Cryptocurrency Wallets

A newly discovered remote access Trojan can steal various types of data from the infected machines, including personal data and cryptocurrency wallet information, Zscaler security researchers warn.

read more

Posted on 16 September 2019 | 12:57 pm

Study: Consumers Worry About Cybersecurity, Deem Smart Home Products Too Expensive

We now live in a world where nearly everything is “smart.” Consumers have no shortage of choice when it comes to purchasing smart home products.

Posted on 16 September 2019 | 12:56 pm

Government stays mum on China hack

The government has remained tight-lipped on reports China was behind a "sophisticated" cyber attack on federal parliament earlier this year.

Posted on 16 September 2019 | 12:53 pm

JPMorgan Hacker Will Plead Guilty Over Role in Vast Cyber-Attack

A Russian hacker at the center of an alleged scheme to steal financial data on more than 80 million JP Morgan Chase & Co. clients will plead guilty ...

Posted on 16 September 2019 | 12:48 pm

Griswold will drop QR codes from ballots to boost cybersecurity

Colorado Secretary of State Jena Griswold today announced that Colorado will become the first state in the country to stop using ballots with QR ...

Posted on 16 September 2019 | 12:48 pm

The Move to Enable Proactive AI in Security Operations

The information security world has been using AI for several years. TechTarget's Whatis.com website calls it Cognitive Security, defined as “the ...

Posted on 16 September 2019 | 12:48 pm

The Move to Enable Proactive AI in Security Operations

The information security world has been using AI for several years. TechTarget's Whatis.com website calls it Cognitive Security, defined as “the ...

Posted on 16 September 2019 | 12:48 pm

7 Apps You Should Delete from Your Phone Right Now

It sucks up your time, it sucks up your battery, and it sucks up your data. So we've ... Imagine if GasBuddy experienced a data breach. Do you want a ...

Posted on 16 September 2019 | 12:48 pm

JPMorgan Hacker Will Plead Guilty Over Role in Vast Cyber-Attack

A Russian hacker at the center of an alleged scheme to steal financial data on more than 80 million JP Morgan Chase & Co. clients will plead guilty ...

Posted on 16 September 2019 | 12:48 pm

Snowden Says He Would Return to US If He Can Get a Fair Trial

Edward Snowden, the National Security Agency contractor living in Russia after leaking information about the US government's mass surveillance program, has said he would like to return home if he can get a fair trial.

read more

Posted on 16 September 2019 | 12:42 pm

LastPass 4.33.0 Fixes Bug That Leaked User Data

Google's Project Zero security team found a LastPass bug that exposed user credentials on a website they previously visited. Lastpass version 4.33.0 ...

Posted on 16 September 2019 | 12:37 pm

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

... operating system command injection (OS CMDi), or SQL injection (SQLi) that could be leveraged by an attacker to get remote access to the device's ...

Posted on 16 September 2019 | 12:37 pm

Top Democrat demands answers from CBP on security of biometric data

Suprema biometric data security systems are used by about 5,700 companies in 83 countries, according to Warner, including banks and foreign law ...

Posted on 16 September 2019 | 12:37 pm

Microsoft Confirms Patch Tuesday Windows Audio Problem and Provides Workarounds

Microsoft has had a poor recent track record with its Patch Tuesday cumulative updates. While fixing specific issues, the company's patches have ...

Posted on 16 September 2019 | 12:37 pm

Top Democrat demands answers from CBP on security of biometric data

on Monday demanded more information about two recent data breaches of sensitive biometric information, including one that affected U.S. Customs ...

Posted on 16 September 2019 | 12:37 pm

Senior Trump officials, industry leaders populate CISA cyber summit agenda

The Cybersecurity and Infrastructure Security Agency has released an updated agenda for this week's cybersecurity summit at National Harbor, MD, ...

Posted on 16 September 2019 | 12:26 pm

WiryJMPer, Disguised as an ABBC Coin Wallet, Drops Netwire RAT

A malware dropper dubbed WiryJMPer is masquerading as a virtual wallet and using challenging obfuscation techniques to infect machines with the ...

Posted on 16 September 2019 | 12:26 pm

Defend yourself from hackers with smart security software for just $28—that's almost 70 percent off ...

Arming yourself with Norton Security Premium offers antivirus protection for up to 10 devices—including Windows 10 and MacOS laptops, Android ...

Posted on 16 September 2019 | 12:25 pm

Defend yourself from hackers with smart security software for just $28—that's almost 70 percent off ...

The software includes 25GB of secure cloud storage for online photos, videos and important files and information. And it comes with all-day access to ...

Posted on 16 September 2019 | 12:25 pm

Can next-gen SIEM help cybersecurity initiatives?

Key goals for AI-driven cybersecurity and next-gen SIEM are predictive restoration and automated remediation, but these capabilities remain well in ...

Posted on 16 September 2019 | 12:15 pm

Chicago Broker Fined $1.5m for Inadequate Cybersecurity

A US futures and securities clearing broker has been slapped with a $1.5m fine for failing to implement and enforce adequate cybersecurity measures.

Posted on 16 September 2019 | 12:15 pm

Chicago Broker Fined $1.5m for Inadequate Cybersecurity

Inadequate cybersecurity measures put in place within the Chicago-based company were found to be partially responsible for a data breach and the ...

Posted on 16 September 2019 | 12:15 pm

CEDIA 2019: Gryphon Online Safety Debuts All-in-One AC3000 Mesh Router With 100% Malware ...

September 16, 2019 | Home / September 16, 2019rave-video / CEDIA 2019: Gryphon Online Safety Debuts All-in-One AC3000 Mesh Router With ...

Posted on 16 September 2019 | 12:15 pm

Jury Selection Underway In Security Breach Trial Of Former Brownsville Fire Chief

Elizondo is currently being prosecuted on six counts of computer security breach. Elizondo is alleged to have accessed the fire department's ...

Posted on 16 September 2019 | 12:15 pm

Phishing Attack Targets The Guardian's Whistleblowing Site

ESET malware researcher Lukas Stefanko took at a quick look at the app for BleepingComputer and confirmed our findings that it performs RAT-like ...

Posted on 16 September 2019 | 12:12 pm

Phishing Attack Targets The Guardian's Whistleblowing Site

While this phishing page is no longer available, security researcher Robert Baptiste was able to download and share the app before it became ...

Posted on 16 September 2019 | 12:12 pm

Industrial Cyber Security Market to See Massive Growth by 2025 | Honeywell, ABB, Cisco

HTF MI recently introduced study “Global Industrial Cyber Security Market Size, Status and Forecast 2019-2025” with in-depth focused approach on ...

Posted on 16 September 2019 | 12:09 pm

Cedarville University's Cybersecurity Program Receives Prestigious ABET Accreditation

Cedarville was one of a dozen universities chosen by ABET for the pilot phase of its brand-new cybersecurity accreditation, which ran in the 2017-18 ...

Posted on 16 September 2019 | 12:03 pm

InnfiRAT Malware Skitters Onto Systems, Sinks Teeth Into Cryptocurrency Data

According to security firm Zscaler, the new malware is coded in .NET and targets personal data on infected devices. InnfiRAT malware sinks its teeth ...

Posted on 16 September 2019 | 12:03 pm

LastPass fixes a major exploit

Password manager LastPass had an exploit that could be abused to reveal a user's credentials. The company has fixed the issue in its latest update, ...

Posted on 16 September 2019 | 12:03 pm

US treasury imposes penalties on North Korean hacking groups

The United States Department of the Treasury's Office of Foreign Assets Control (OFAC) has set penalties on multiple North Korean hacking groups.

Posted on 16 September 2019 | 11:53 am

Oppenheimer To Host Security Summit In Partnership With TetherView And Columbia University

"The proliferation of advanced technologies, such as the Internet of Things and cloud-based computing, has created an evolved cyber security ...

Posted on 16 September 2019 | 11:52 am

GrammaTech on List of Top Ten Homeland Security Solution Providers

ITHACA, N.Y., Sept. 16, 2019 /PRNewswire/ -- GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, ...

Posted on 16 September 2019 | 11:52 am

A New York State of Mind: The SHIELD Act

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, signed by Governor Cuomo on July 25, 2019, amends New York's data breach ...

Posted on 16 September 2019 | 11:52 am

Ireland's Data Protection Commission working with global partners to counter cyber crime

“Since 25 May 2018, with the application of the General Data Protection Regulation (GDPR), the data protection landscape has changed for ...

Posted on 16 September 2019 | 11:52 am

LastPass security bug: Check you're on the new fixed version

LastPass has notified users of a flaw with some of its browser extensions which may have allowed certain passwords to be revealed. The good news ...

Posted on 16 September 2019 | 11:52 am

Accused Canadian intelligence official had access to allies' secrets, RCMP commissioner says

The Security of Information Act, the law under which Ortis was charged, was passed after the attacks of Sept. 11, 2001. It addresses espionage and the ...

Posted on 16 September 2019 | 11:52 am

Oppenheimer To Host Security Summit In Partnership With TetherView And Columbia University

"The proliferation of advanced technologies, such as the Internet of Things and cloud-based computing, has created an evolved cyber security ...

Posted on 16 September 2019 | 11:52 am

Oppenheimer To Host Security Summit In Partnership With TetherView And Columbia University

With the rapidly changing cyber security landscape, new innovations are helping firms bolster their security defense systems, and our analysts are ...

Posted on 16 September 2019 | 11:52 am

Additional States Adopt Cybersecurity Requirements for Insurance Companies

Since July 1, 2019, Delaware, New Hampshire and Connecticut have enacted laws imposing new cybersecurity requirements on insurers. These laws ...

Posted on 16 September 2019 | 11:41 am

Emotet malware an emerging threat to Singapore organisations: Ensign

Activity from a piece of malware called Emotet has more than tripled in Singapore in the past year, posing a cybersecurity threat to organisations in the ...

Posted on 16 September 2019 | 11:40 am

Indaba Capital Management LP Has Upped Its Holding in Logmein (LOGM) by $799131; Argent ...

... the Year Honoree; 13/03/2018 LastPass Recognized in Independent Research Firm Enterprise Password Management Vendor Landscape Report; ...

Posted on 16 September 2019 | 11:40 am

Getting started with ethical hacking

In this article, we'll discuss the ways that even complete beginners with no security background can get into ethical hacking. In case you are ...

Posted on 16 September 2019 | 11:30 am

Woman comes up with amazing life hack for a Scottish fry-up

One Scottish lady has come up with an ingenious breakfast life hack that will save everyone time in the kitchen. Ara Haddon uploaded a photo of her ...

Posted on 16 September 2019 | 11:30 am

Colorado becomes first state to ban barcodes for counting votes over security concerns

(CNN) -- Citing security concerns, Colorado has become the first state to ... The state's secretary general told CNN she felt it was a necessary step to ...

Posted on 16 September 2019 | 11:30 am

Colorado becomes first state to ban barcodes for counting votes over security concerns

The argument for paper ballots isn't that they create a system that's unhackable — that's a term security experts take pains to avoid — it's that using ...

Posted on 16 September 2019 | 11:30 am

Why is the Epic Games Launcher not loading properly?

You could also try disabling your antivirus while running the Epic Games ... The same goes for disabling your antivirus for a set period of time.

Posted on 16 September 2019 | 11:30 am

US healthcare provider Premier Family Medical hit by ransomware attack

In a security alert posted to the organization's website, Premier said that it experienced a ransomware attack on July 8 that had affected all of its ...

Posted on 16 September 2019 | 11:30 am

US healthcare provider Premier Family Medical hit by ransomware attack

Utah-based medical practice alerts 320,000 patients to security breach ... “Information security is everyone's responsibility,” said Amanda Crawford, ...

Posted on 16 September 2019 | 11:30 am

FEMA offers free credit monitoring after mishandling disaster survivors' data

FEMA said it has addressed the breach by permanently deleting the unnecessarily shared information from the contractor's system, revising its data ...

Posted on 16 September 2019 | 11:30 am

Saudi Attacks Expose Threat to Critical Infrastructure

The strike on Saudi oil infrastructure highlights the easy vulnerability of such facilities even as the kingdom has splurged billions on sophisticated defense hardware.

read more

Posted on 16 September 2019 | 11:24 am

Colorado becomes first state to ban barcodes for counting votes over security concerns

The state's secretary general told CNN she felt it was a necessary step to ... Colorado maintains its position as a national leader on election security.

Posted on 16 September 2019 | 11:18 am

Why the Air Force acquisition chief wants to be hacked

I wanted to start off seeing what would happen if we brought real military hardware to hack and then asked the hacking community to be a partner with ...

Posted on 16 September 2019 | 11:18 am

Federal IT pros optimistic about security, but insider threats remain a challenge

Those are two of the key takeaways from a recent SolarWinds federal cybersecurity survey, which asked 200 federal government IT decision makers ...

Posted on 16 September 2019 | 11:18 am

Ensign InfoSecurity opens global headquarters in Singapore

Singapore's homegrown cyber security firm Ensign InfoSecurity has opened a new security operations centre (SOC) and its global headquarters in the ...

Posted on 16 September 2019 | 11:18 am

Ensign InfoSecurity opens global headquarters in Singapore

Singapore's homegrown cyber security firm Ensign InfoSecurity has opened a new security operations centre (SOC) and its global headquarters in the ...

Posted on 16 September 2019 | 11:18 am

LastPass bug could have exposed login credentials

Freemium password manager LastPass has patched a security flaw that could have allowed hackers to scrape login details from the last site you ...

Posted on 16 September 2019 | 11:18 am

Ensign InfoSecurity opens global headquarters in Singapore

Singapore's homegrown cyber security firm Ensign InfoSecurity has opened a new security operations centre (SOC) and its global headquarters in the ...

Posted on 16 September 2019 | 11:18 am

Federal IT pros optimistic about security, but insider threats remain a challenge

Federal IT professionals feel that threats posed by careless or malicious insiders and foreign governments are at an all-time high, yet network ...

Posted on 16 September 2019 | 11:18 am

LastPass Bug Almost Left Usernames and Passwords Exposed

A bug found on popular password manager service LastPass would have allowed hackers to view usernames and passwords for websites that had ...

Posted on 16 September 2019 | 11:18 am

Australia blames China for hacking parliament before election

The Chinese government was responsible for a cyber-attack on Australia's national parliament and the three biggest political parties before this year's ...

Posted on 16 September 2019 | 11:07 am

LastPass Fixes Bug That Leaked User Credentials

The LastPass password manager extension for some browsers had a serious vulnerability that, under some specific circumstances, would leak the ...

Posted on 16 September 2019 | 11:07 am

DriveForSuccess Brings Mindset Coaching Rewiring How Entrepreneurs Approach Growth Hacking

Growth hacking is a solid customer acquisition strategy that involves conducting growth experiments across growth channels. It operates at the ...

Posted on 16 September 2019 | 10:56 am

Real Estate Firm Offers Cyber Security, Self-Defense Classes

... pioneered at-home closings, is observing the commemoration by offering two classes for realtors, one on cyber security and one on self-defense.

Posted on 16 September 2019 | 10:56 am

Real Estate Firm Offers Cyber Security, Self-Defense Classes

... pioneered at-home closings, is observing the commemoration by offering two classes for realtors, one on cyber security and one on self-defense.

Posted on 16 September 2019 | 10:56 am

Microsoft reverts the change that muffled audio in Windows 10 and suggests a workaround

Microsoft is having a bad run of updates with its latest Patch Tuesday, with multiple issues percolating ever since its 18362.356 build for version 1903 ...

Posted on 16 September 2019 | 10:56 am

From Oil Plants to Gas Pipelines: Despite Splurging Billions on Defence, How Saudi Remains ...

The nation's oil infrastructure is also vulnerable to cyber attacks. In 2012, Aramco was among the firms hit by Shamoon, an aggressive disc-wiping ...

Posted on 16 September 2019 | 10:45 am

US Sanctions North Korean Group Behind WannaCry, Sony Hacks

The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 ...

Posted on 16 September 2019 | 10:45 am

US Sanctions North Korean Group Behind WannaCry, Sony Hacks

The group also developed malware to hack into online poker and gambling sites to steal cash. The sanctions mark a wider effort on the U.S. ...

Posted on 16 September 2019 | 10:45 am

Internet-connected gas pumps could be hackers next target

However, users of Russian underground forums are also requesting information on how to hack gas pumps, with tutorials available on the inner ...

Posted on 16 September 2019 | 10:45 am

Mark Warner raises questions about cybersecurity practices

Today, U.S. Sen. Mark Warner (D-VA), Vice Chairman of the Senate Intelligence Committee and former tech entrepreneur, wrote to U.S. Customs and ...

Posted on 16 September 2019 | 10:45 am

US Sanctions North Korean Group Behind WannaCry, Sony Hacks

Three North Korean threat groups have been sanctioned in the U.S. as part of a larger U.S. initiative against North Korea-linked malicious cyber ...

Posted on 16 September 2019 | 10:45 am

Aviation Cyber Security Market Recent Trends Shaping the Industry for Brigth Future

Coherent Market Insights released a new market study on 2018-2026 Aviation Cyber Security Market with 100+ market data Tables, Pie Chat, Graphs ...

Posted on 16 September 2019 | 10:42 am

LastPass quietly fixed a rather severe security bug

We're strong advocates for the use of a password manager but news of a security bug present in LastPass has us just a little bit worried. Last week ...

Posted on 16 September 2019 | 10:33 am

Critical LastPass Flaw Discovered: Update Now

If you use the LastPass password manager, make sure your LastPass browser extensions are updated to version 4.33.0 or 4.33.4. A patch released ...

Posted on 16 September 2019 | 10:33 am

The Need For Overhauling Cybersecurity In A Post-Reg BI Landscape

The recent passage of Reg BI comes at a time when the advisor-client relationship is already becoming more collaborative, open and transparent.

Posted on 16 September 2019 | 10:33 am

Microsoft's Windows 10 1903 Patch Tuesday Update Killed Wi-Fi For Some Users

The same goes for Windows , unfortunately, as we have seen many times in the past. More recently, Microsoft 's Patch Tuesday roll out from last week ...

Posted on 16 September 2019 | 10:30 am

Hackonomics: What is attracting hackers to Nepal?

Governments need to take the threat of cybercrime seriously and come up with a holistic cyber security strategy. The number of people using the ...

Posted on 16 September 2019 | 10:25 am

Software Defined Radio Hack Chat

Our Hack Chats are live community events in the Hackaday.io Hack Chat group messaging. This week we'll be sitting down on Wednesday, ...

Posted on 16 September 2019 | 10:22 am

Spam Campaign Targeting German Users with Ordinypt Malware

A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping ...

Posted on 16 September 2019 | 10:22 am

Will DOD's new cyber rules crush small business?

Katie Arrington, DOD's chief information security officer for the Office of the Undersecretary of Defense for Acquisition and Sustainment, told reporters ...

Posted on 16 September 2019 | 10:22 am

Is your web cam being hacked? Here's how you can check

Hackers can gain access to your webcam through malware from spammy links, pop-ups, and pirated content. Or, maybe they find an “in” through one ...

Posted on 16 September 2019 | 10:22 am

Russia hacked the FBI to prevent the bureau from being able to track Russian spies in the US

Russian operatives hacked into the FBI's communication systems beginning in 2010 as part of a broad effort to monitor and cripple the bureau's ...

Posted on 16 September 2019 | 10:11 am

Google Warns Of LastPass Password Exposure

Google Project Zero reports that 16 million LastPass users face credential compromise. Their passwords could be leaked to any website they visit.

Posted on 16 September 2019 | 10:00 am

Sen. Warner raises questions about cybersecurity practices amid breaches

In the letter to the U.S. Customs and Border Protection, Sen. ... On top of the facial images, the cyber attack resulted in the theft of several gigabytes of ...

Posted on 16 September 2019 | 10:00 am

Experts Commentary On 1 Billion Mobile Users Vulnerable To Ongoing 'SimJacker' Surveillance ...

... scam calls, information leakage, denial of service and espionage,” said researchers with AdaptiveMobile Security in a post breaking down the attack ...

Posted on 16 September 2019 | 10:00 am

Sen. Warner raises questions about cybersecurity practices amid breaches

In the letter to the U.S. Customs and Border Protection, Sen. Warner asked about the information security practices of CBP contractors, in light of a ...

Posted on 16 September 2019 | 10:00 am

You should update the LastPass password manager browser extension immediately

The developers behind popular password manager LastPass have patched a loophole that exposed your last used password. Originally discovered in ...

Posted on 16 September 2019 | 10:00 am

Sen. Warner raises questions about cybersecurity practices amid breaches

WASHINGTON — Senator Mark Warner wrote letters to the U.S. Customs and Border Protection and South Korean company Suprema HQ after ...

Posted on 16 September 2019 | 10:00 am

North Korean Spear-Phishing Campaign Attacks US Firms – Expert Commentary

Prevailion researchers discovered an ongoing, spear-phishing campaign coined “Autumn Aperture” that targets U.S.-based firms . The campaign is ...

Posted on 16 September 2019 | 9:54 am

From ransomware to SQL injection: the cyber threats all businesses need to be aware of

But as you've probably guessed, most are in it for the money. With the WannaCry attack alone netting the perpetrators £108,000 in Bitcoin, hacking is ...

Posted on 16 September 2019 | 9:48 am

LastPass patched a bug that could have exposed your passwords

If you use LastPass to manage your passwords, now would be a good time to make sure you're running the latest version, 44.33.0. As Gizmodo ...

Posted on 16 September 2019 | 9:48 am

From ransomware to SQL injection: the cyber threats all businesses need to be aware of

With the WannaCry attack alone netting the perpetrators £108,000 in Bitcoin, hacking is big business. That's why, if it were ever true, the popular ...

Posted on 16 September 2019 | 9:48 am

Build 18362.356 of Windows 10 is causing problems for Ethernet / WiFi adapters

The last Patch Tuesday (build 18362.356) of Windows 10 released a few days ago is bringing some very important issues related to Ethernet / Wi-Fi ...

Posted on 16 September 2019 | 9:48 am

From ransomware to SQL injection: the cyber threats all businesses need to be aware of

Why do hackers target your company's data? Well, some do it for fun, and some do it to make a social or political point. But as you've probably ...

Posted on 16 September 2019 | 9:48 am

From ransomware to SQL injection: the cyber threats all businesses need to be aware of

SQL injections can be quite technical, but in layman's terms involve manipulating a login form to gain access to a database or application.

Posted on 16 September 2019 | 9:48 am

LastPass Patches Bug Leaking Last-Used Credentials

A vulnerability recently addressed in LastPass could be abused by attackers to expose the last site credentials filled by LastPass.

A freemium password manager, LastPass stores encrypted passwords online and provides users with a web interface to access them, as well as with plugins for web browsers and apps for smartphones.

read more

Posted on 16 September 2019 | 9:40 am

Google Reveals Security Bug in LastPass Password Manager That Exposed Users' Last Entered ...

LastPass has fixed a security bug that could have exposed user credentials entered on the last visited website. Users are advised to confirm they are ...

Posted on 16 September 2019 | 9:37 am

Video

Australia's spy agencies have reportedly concluded China was responsible for a cyber attack on the nation's parliament before the May election.

Posted on 16 September 2019 | 9:37 am

New Linux malware mines crypto after installing backdoor with secret master password

Cybersecurity researchers have identified a new strain of Linux malware that not only mines cryptocurrency illicitly, but provides the attackers with ...

Posted on 16 September 2019 | 9:37 am

QBE North America Launches Enhanced Cyber Risk Solution

The product also gives businesses the option to take a pre-breach cyber risk self-assessment to determine their current level of protection and what ...

Posted on 16 September 2019 | 9:37 am

Is your business at risk of cyber crime?

Publicity around major cyber attacks focuses on the damage to public organisations, government bodies and large businesses – but why would ...

Posted on 16 September 2019 | 9:37 am

Chicago Brokerage Slammed by the US Commission with US$ 1.5 Million Fine

Phillip Capital (PCI), a Chicago-based futures brokerage, was fined US$ 1.5 million for lack of cybersecurity measures. According to an order from the ...

Posted on 16 September 2019 | 9:37 am

China responsible for parliamentary cyber attack

China responsible for parliamentary cyber attack ... have reportedly concluded China was responsible for a cyber attack on the nation's parliament b.

Posted on 16 September 2019 | 9:26 am

Serious Flaws in CODESYS Products Expose Industrial Systems to Remote Attacks

Several critical and high-severity vulnerabilities have been found recently in widely used CODESYS industrial products made by Germany-based 3S-Smart Software Solutions.

read more

Posted on 16 September 2019 | 9:19 am

Seven Questions That Need Answers Before Any Attack on Iran

An attack on Iran would not be a police action in a failed state, such as the U.S. intervention in Somalia in the early 1990s; it would not be low-risk in ...

Posted on 16 September 2019 | 9:19 am

Daily briefing.

First, a senior member of the Royal Canadian Mounted Police (RCMP), Cameron Ortis, has been charged under Canada's Information Security Act, ...

Posted on 16 September 2019 | 9:15 am

Public Service Profiles: Rich Littlehale '92 Talks Cybersecurity and Law Enforcement

When Rich Littlehale '92 returned to the McKeen Study in Massachusetts Hall last week to speak on his journey from Bowdoin to his dream job in ...

Posted on 16 September 2019 | 9:03 am

Australia didn't blame China for parliament hack in case it upset trade relations – report

Australian spooks concluded that China was to blame for a series of hacks on its parliament and leading political parties – but kept it quiet for fear of ...

Posted on 16 September 2019 | 9:03 am

US Treasury Sanctions Notorious North Korean Hacking Groups

In October 2018, research reports released by cybersecurity and threat intelligence firm, Group-IB, revealed that Lazarus had succeeded in stealing ...

Posted on 16 September 2019 | 9:03 am

Blockchain Continues to Disrupt Across Industries, Cryptocurrency Services Expand, Malware ...

[co-author: Veronica Reynolds]. Blockchain Clearing, Settlement, Custody and Capital Markets Developments. By: Diana J. Stern. This week, R3 and a ...

Posted on 16 September 2019 | 9:03 am

North Korea hackers reaping billions

New US sanctions against North Korean hackers and revelations about North ... have become a crucial revenue stream and a security threat that soon could ... The US Treasury Department, in blacklisting the three hacking groups ...

Posted on 16 September 2019 | 9:02 am

Securing the 2020 Elections From Multifarious Threats

Securing 2020 Presidential Election

That foreign nations will attempt to interfere with the U.S. 2020 elections is a given.

read more

Posted on 16 September 2019 | 8:52 am

UN debates cyber treaty, norms

It's the first substantial discussion of the U.N. cyber group created at the ... UNINTENDED CONSEQUENCES — Nearly two-thirds of DDoS attacks in ...

Posted on 16 September 2019 | 8:52 am

Swindon College staff and students warned over cyber attack

A college has advised students and staff to check their financial data after it fell victim to a cyber attack. Swindon College said a targeted attack ...

Posted on 16 September 2019 | 8:52 am

Moody's: Hospitals highly vulnerable to cyberattacks

A new report from Moody's Investors Service rates the risk of cyberattacks on the hospital sector as high, noting such attacks are growing in frequency ...

Posted on 16 September 2019 | 8:30 am

Allegheny Technologies (ATI) Market Valuation Declined While Van Den Berg Management I Has ...

... 28/03/2018 – Vitality Biopharma Files Intellectual Property in All Major Pharmaceutical Markets Worldwide; 08/05/2018 – Microsoft Patch Tuesday, ...

Posted on 16 September 2019 | 8:27 am

Recycled Source Code Used to Create New MobiHok Android RAT

MobiHok is a new Android RAT marketed by the actor known as mobeebom. It is a recycled version of the older, established SpyNote RAT.

read more

Posted on 16 September 2019 | 8:20 am

US imposes sanctions on North Korean hackers accused in Sony attack, dozens of other incidents

It illuminates the threat. And anytime we face a threat like this, the best thing the government can do is inform the victims and get the information out ...

Posted on 16 September 2019 | 8:18 am

Private Browsing Won't Protect You From Everything

But most malware will cause harm after it is installed on your computer, and malicious websites will harm you regardless of your browsing mode.

Posted on 16 September 2019 | 8:18 am

ClamAV Anti-Virus Validator for Laravel

ClamAV Validator is a Laravel package by Krishnaprasad MG that provides a custom virus validator based on ClamAV antivirus scanner for file ...

Posted on 16 September 2019 | 8:07 am

M2M Services Market – Incidents of Cyber-attack leading to Information Theft across Connected ...

The global M2M services market is featured by the dominance of some of the large telecom companies that have global presence, says a recent ...

Posted on 16 September 2019 | 8:07 am

How Are Serverless Applications Attacked?

An interesting serverless application hacking method we recently played with is a Voice-Command SQL injection. Our head of security and ethical ...

Posted on 16 September 2019 | 7:56 am

Global Computer Aided Detection (CAD) Market 2019 – EDDA technology, Inc., FUJIFILM Medical ...

This new report on the worldwide Global Computer Aided Detection (CAD) Market 2019 Analysis, Size, Share, Growth, Trends, and Forecasts is ...

Posted on 16 September 2019 | 7:45 am

Protect 10 devices with one-year of Norton Security Premium for $28 (30% off)

Today only, as part of its Gold Box Deals of the Day, Amazon is offering a one-year Norton Security Premium AntiVirus subscription for $27.99 with free ...

Posted on 16 September 2019 | 7:45 am

Tor Raises $86K to Smash Bugs

Members of The Onion Router (Tor) community have raised $86,081 as part of an initiative aimed at securing funds to find and squash issues in the popular browser.

Called the Bug Smash Fund, the initiative was launched at the beginning of August 2019, with the purpose of creating a reserve for the Tor Project to use for maintenance and bug patching.

read more

Posted on 16 September 2019 | 7:36 am

How to Repair Broken Windows Search in Windows 10 Version 1903

The update in question is KB4515384, which was published by the software giant on September 10 as part of the monthly Patch Tuesday cycle.

Posted on 16 September 2019 | 7:22 am

Weekly Security News Roundup: Exploit Kits Spread Ransomware, Trojans in 3 Days

According to Bleeping Computer, researchers detected four malvertising ... while the second used the Radio exploit kit to install Nemty ransomware.

Posted on 16 September 2019 | 7:00 am

How Cloud-Based Automation Can Keep Business Operations Secure

The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data. "You have to compare [the cloud]

Posted on 16 September 2019 | 6:57 am

Emotet, today's most dangerous botnet, comes back to life

Emotet botnet resumes malspam operations after going silent for nearly four months.

Posted on 16 September 2019 | 6:51 am

WhatsApp 'Delete for Everyone' Doesn't Delete Media Files Sent to iPhone Users

Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two years ago contains an unpatched privacy bug, leaving its users with false sense of privacy. WhatsApp and its rival Telegram messenger offer "Delete for Everyone," a potentially life-saving feature

Posted on 16 September 2019 | 6:24 am

Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities

A new study reveals vulnerability rates are not decreasing in our connected devices -- far from it.

Posted on 16 September 2019 | 6:00 am

Popular consumer and enterprise routers, IoT devices contain remote access vulnerabilities

... buffer overflow issues, cross-site scripting (XSS) errors, command injection security flaws, XSS request forgery, and SQL injection problems.

Posted on 16 September 2019 | 5:52 am

Microsoft's Latest Round of Patch Updates for Windows 10 Causing Several Unexpected Issues

Microsoft's latest round of Patch Tuesday updates for Windows 10 had been released earlier this week, bringing several unexpected issues. First, the ...

Posted on 16 September 2019 | 4:56 am

Antivirus Software Package Market 2019 – Global Industry Applications Analysis, Opportunities ...

Antivirus Software Package Market 2019 – Global Industry Applications Analysis, Opportunities, Size, Share, Growth, Trends and Forecast To 2025.

Posted on 16 September 2019 | 4:45 am

Antivirus Software Package Market 2019 Global Trend, Segmentation and Opportunities Forecast ...

Software that helps in scanning, detecting, and removing harmful programs from devices are called antivirus. They are installed in the computers and ...

Posted on 16 September 2019 | 4:22 am

Unexpected Issues in Latest Windows 10 Cumulative Update

Microsoft's newest round of Patch Tuesday updates for Windows 10 have been launched earlier this week, bringing various unexpected issues. First ...

Posted on 16 September 2019 | 4:22 am

Hundreds Laid Off by Symantec as Part of Restructuring Plan

Cybersecurity giant Symantec has informed more than 200 employees in the United States that they are being laid off as part of a recently announced restructuring plan for fiscal year 2020.

read more

Posted on 16 September 2019 | 3:46 am

LastPass bug leaks credentials from previous site

LastPass has released a fix last week. Vulnerability details are now public. Users advised to update.

Posted on 16 September 2019 | 3:45 am

With endpoint security breaches on the rise, how do you find the right EDR solution?

At the same time, it's become clear that antivirus software solutions are no match for the growing sophistication and volume of today's advanced ...

Posted on 16 September 2019 | 3:26 am

US government demands data on thousands of gun scope app users

Over 10,000 users may be caught in the crossfire of ICE’s request.

Posted on 16 September 2019 | 3:00 am

Database leaks data on most of Ecuador's citizens, including 6.7 million children

Elasticsearch server leaks personal data on Ecuador's citizens, their family trees, and children, but also some users' financial records and car registration information.

Posted on 16 September 2019 | 3:00 am

Snowden Says Would Like French Asylum

Whistleblower Edward Snowden, living in Russia since leaking a trove of classified documents showing the scope of post-9/11 US government surveillance, wants to claim asylum in France, according to an interview published Saturday.

read more

Posted on 16 September 2019 | 2:52 am

Poor Web Hosting And Maintenance Leads To Hacking

There are other popular examples like the XSS, SQL injection, IDOR, and file inclusion. To prevent this type of attack on your website, profound and ...

Posted on 16 September 2019 | 2:18 am

Microsoft Releases Windows 10 Update KB4516421 to Fix Microphone Bug

... several other bugs to fix on Windows 10 following the release of new cumulative updates earlier this month on the September 10 Patch Tuesday.

Posted on 16 September 2019 | 2:07 am

Research report explores the Global Antivirus Software Market for the forecast period, 2019-2024

Global Antivirus Software Market 2019 – Worldwide Business Perspective, Comprehensive Analysis, and Forecast 2019-2024 throughout the forecast ...

Posted on 16 September 2019 | 1:33 am

Drones attack Saudi Arabia oil production plants, slice output in half

The price and supply fallout highlights how technology has the potential to threaten core economic systems.

Posted on 16 September 2019 | 1:19 am

Global Enterprise Antivirus Services Market 2019 – Kaspersky, Tencent, Quick Heal, Comodo ...

Global Enterprise Antivirus Services Market report include current market scenario and offers a comprehensive analysis on Enterprise Antivirus ...

Posted on 16 September 2019 | 1:00 am

Global Antivirus Software for Business Market 2019 – Symantec, McAfee, Trend Micro, Avast ...

Global Antivirus Software for Business Market report include current market scenario and offers a comprehensive analysis on Antivirus Software for ...

Posted on 16 September 2019 | 12:48 am

Global Enterprise Antivirus Software Market 2019 – Symantec, McAfee, Trend Micro, Avast ...

Global Enterprise Antivirus Software Market report include current market scenario and offers a comprehensive analysis on Enterprise Antivirus ...

Posted on 16 September 2019 | 12:48 am

Huawei Is Now Selling Laptops With Pre-Installed Linux OS

Huawei Technologies Co, the Chinese electronics giant, is reportedly selling flagship laptop series 'MateBook with pre-installed Linux OS instead of ...

Posted on 16 September 2019 | 12:32 am

Microsoft Warns of a New High CPU Usage Bug in Windows 10

The software giant explains on its Windows 10 update dashboard that the September 2019 cumulative updates, which were part of the Patch Tuesday ...

Posted on 16 September 2019 | 12:26 am

Pen test goes pear-shaped: cybersecurity firm staff arrested over courthouse burglary

A midnight raid was not what court administrators had in mind for electronic record security tests.

Posted on 16 September 2019 | 12:19 am

UK Teen Arrested in US-Led Music Hacking Probe

British police said Friday they had arrested a 19-year-old man for stealing unreleased songs from musicians' websites and cloud-based accounts, as part of a US-led investigation.

read more

Posted on 15 September 2019 | 11:42 pm

Never search for free antivirus apps or software on Google

Avoid searching for Antivirus apps or software on Google as there are scores of fake products out there and it becomes difficult to identify the original ...

Posted on 15 September 2019 | 10:33 pm

Israeli police arrest execs from vendor of mobile surveillance tech

Ability execs arrests over the weekend after raids on the company's offices.

Posted on 15 September 2019 | 7:48 pm

Look, you really need to get a password manager

LastPass and Dashlane both update passwords automatically, though some users have reported that the feature doesn't work as well as advertised.

Posted on 15 September 2019 | 4:05 pm

Ohio Gamer Sentenced to 15 Months Prison in 'Swatting' Case

An Ohio gamer upset about a $1.50 bet while playing Call of Duty: WWII online was sentenced Friday to 15 months in prison for recruiting a prankster to make a bogus emergency call that resulted in the fatal shooting of a Kansas man by police.

read more

Posted on 14 September 2019 | 8:49 am

US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks

The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean

Posted on 14 September 2019 | 5:16 am

Disqus & Kickstarter hacker warns against password reuse

Former hacker aims for a white-hat career, apologizes to one of his victims, and gives out advice to users.

Posted on 13 September 2019 | 5:36 pm

Car Dealer Marketing Firm Exposed 198 Million Data Records

A publicly accessible, unprotected database belonging to car dealership marketing firm Dealer Leads was found to expose 198 million records, including personally identifiable information, Security Discovery reports.

read more

Posted on 13 September 2019 | 1:23 pm

Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information. Jose Rodriguez, a Spanish security researcher, contacted The Hacker

Posted on 13 September 2019 | 1:06 pm

US Puts Sanctions on N.Korea Hacking Groups Behind Major Thefts

The US Treasury on Friday placed sanctions on three North Korea government-sponsored hacking operations which it said were behind the theft of possibly hundreds of millions of dollars and destructive cyber-attacks on infrastructure.

read more

Posted on 13 September 2019 | 12:32 pm

US Treasury sanctions three North Korean hacking groups

US wants to seize financial assets associated with the Lazarus Group, Bluenoroff, and Andarial.

Posted on 13 September 2019 | 11:47 am

Arizona Schools Provide Model for Managing Ransomware

On Wednesday, September 4, 2019, ransomware was discovered at Flagstaff Unified School District, Arizona. Schools were closed on Thursday and Friday of that week, but re-opened after the weekend. No ransom was paid, and only two days schooling was lost.

read more

Posted on 13 September 2019 | 10:45 am

Shape Security Raises $51 Million at $1 Billion Valuation

Shape Security has raised a further $51 million in Series F growth funding, valuing the company at $1 billion. The total capital raised to date is now $183 million.

read more

Posted on 13 September 2019 | 9:25 am

WiryJMPer Dropper Employs Heavy Obfuscation to Deliver Netwire

A recently discovered malware dropper employs heavy obfuscation and poses as a virtual coin wallet, in an attempt to deliver a Netwire payload, Avast’s security researchers reveal.

read more

Posted on 13 September 2019 | 9:10 am

Sophos Makes Sandboxie Free in Transition to Open Source

Sophos this week removed the license check and activation requirements from Sandboxie, essentially making the isolation tool free.

The move, the cybersecurity firm says, is the first step it makes toward releasing the sandbox-based isolation program open source.

read more

Posted on 13 September 2019 | 8:32 am

Multiple Code Execution Flaws Found In PHP Programming Language

Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language that

Posted on 13 September 2019 | 8:23 am

IBM Launches z15 Mainframe With New Data Protection Capabilities

IBM z15 mainframe

IBM on Thursday unveiled the IBM z15, a mainframe that provides enterprises new capabilities for protecting sensitive customer data across hybrid multi-cloud environments.

read more

Posted on 13 September 2019 | 7:20 am

InnfiRAT malware lurks in your machine to steal cryptocurrency wallet data

The new Trojan will also harvest information from open browser sessions.

Posted on 13 September 2019 | 6:58 am

Scammer behind sextortion campaigns arrested in France

Twenty-year-old Frenchman arrested at Paris Airport on Monday for extorting tens of victims.

Posted on 13 September 2019 | 5:54 am

France will attempt to block Facebook’s Libra cryptocurrency on European soil

Country officials say unresolved privacy issues could pose a risk to consumers.

Posted on 13 September 2019 | 5:45 am

Sophos open-sources Sandboxie, a utility for sandboxing any application

Sandboxie is now a free download. Source code to be open-sourced at a later date.

Posted on 12 September 2019 | 2:20 pm

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards

Posted on 12 September 2019 | 12:02 pm

Researchers invent cryptocurrency wallet that eliminates ‘entire classes’ of vulnerabilities

The key? Shifting to hardware isolation and system resets.

Posted on 12 September 2019 | 11:00 am

Hey Google: What we search for most in cybersecurity .. cyber security?

Google search data reveals the most popular hacker in the world, alongside the cybersecurity topics we care most about.

Posted on 12 September 2019 | 9:25 am

Simjacker attack exploited in the wild to track users for at least two years

Simjacker attack abuses STK and S@T Browser technologies installed on some SIM cards.

Posted on 12 September 2019 | 8:30 am

California mulls over ban of facial recognition tech in police body cameras

The state Senate appears to be listening to appeals to reel in the widespread use of biometrics.

Posted on 12 September 2019 | 7:18 am

WebARX — A Defensive Core For Your Website

Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or

Posted on 12 September 2019 | 6:44 am

Google discloses vulnerability in Chrome OS 'built-in security key' feature

Security issue fixed in late June, with the release of Chrome OS 75. Additional remediation steps below.

Posted on 12 September 2019 | 5:20 am

CISO Kit — Breach Protection in the Palm of Your Hand

CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors do not acknowledge off-hours or weekends, introducing the

Posted on 12 September 2019 | 4:28 am

Popular Period Tracking Apps Share Your Sexual Health Data With Facebook

Hello Ladies, let's talk about periods, privacy, and Facebook. Are you using an app on your smartphone to keep tracks on your periods? Well, it's worrying, because it might be sharing your extremely sensitive information like menstrual cycle and sexual activities with Facebook. A new investigative report from UK-based advocacy group Privacy International revealed how some most popular

Posted on 12 September 2019 | 3:55 am

The Hottest Malware Hits of the Summer

It's been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here's a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution Trends The heat must have had an effect as this summer saw malware

Posted on 11 September 2019 | 12:03 pm

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company's CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Posted on 11 September 2019 | 10:02 am

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. Dubbed NetCAT, short for Network Cache ATtack, the new network-based side-channel vulnerability could allow a remote attacker to sniff

Posted on 11 September 2019 | 8:09 am

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Immediately after Mozilla announced its plan to soon enable 'DNS over HTTPS' (DoH) by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, 'DNS over HTTPS' performs DNS lookups—finding the server IP address of a certain domain name—over an encrypted HTTPS

Posted on 11 September 2019 | 6:39 am

Mozilla Launches 'Firefox Private Network' VPN Service as a Browser Extension

Mozilla has officially launched a new privacy-focused VPN service, called Firefox Private Network, as a browser extension that aims to encrypt your online activity and limit what websites and advertisers know about you. Firefox Private Network service is currently in beta and available only to desktop users in the United States as part of Mozilla's recently expunged "Firefox Test Pilot"

Posted on 11 September 2019 | 2:48 am

Hundreds of BEC Scammers Arrested in Nigeria and U.S. — $3.7 Million Recovered

Breaking News — The Nigerian prince and his allies who might have also asked you over an email for your assistance to help save "the first African astronaut lost in space" have finally been arrested by the FBI. Don't take it too seriously, as there's no Nigerian prince or an astronaut seeking your help. Instead, it was an infamous 'Nigerian 419' scam email template where fraudsters try to

Posted on 11 September 2019 | 1:32 am

Intel Releases Security Updates

Original release date: September 10, 2019

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel's Security Advisories INTEL-SA-00290 and INTEL-SA-00285 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 10 September 2019 | 7:45 pm

Google Releases Security Updates for Chrome

Original release date: September 10, 2019

Google has released Chrome version 77.0.3865.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 10 September 2019 | 6:25 pm

Patch Tuesday, September 2019 Edition

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a "critical" rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Posted on 10 September 2019 | 3:09 pm

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client

Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an

Posted on 10 September 2019 | 1:36 pm

MS-ISAC Releases Security Event Primer on Malware

Original release date: September 10, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Event Primer on Malware. The white paper outlines general malware operations and includes common malware event types and best practice recommendations. An attacker can use malware to gain access to a network, obtain sensitive data, and damage systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Event Primer – Malware, see CISA’s Tip on Protecting Against Malicious Code, and implement the recommended best practices.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 10 September 2019 | 1:01 pm

Microsoft Releases September 2019 Security Updates

Original release date: September 10, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 10 September 2019 | 12:43 pm

Adobe Releases Security Updates

Original release date: September 10, 2019

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-45 and APSB19-46 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 10 September 2019 | 12:14 pm

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext

What could be worse than your router leaking its administrative login credentials in plaintext? Cybersecurity researchers from Trustwave's SpiderLabs have discovered multiple security vulnerabilities in some router models from two popular manufacturers—D-Link and Comba Telecom—that involve insecure storage of credentials, potentially affecting every user and system on that network. Researcher

Posted on 10 September 2019 | 11:42 am

Adobe Releases Security Patches For Critical Flash Player Vulnerabilities

It's Patch Tuesday again—the day of the month when both Adobe and Microsoft release security patches for vulnerabilities in their software. Adobe has just released its monthly security updates to address a total of 3 security vulnerabilities in only two of its products this time—Adobe Flash Player and Adobe Application Manager (AAM). None of the security vulnerabilities patched this month in

Posted on 10 September 2019 | 10:31 am

Looks like Dota 2's anti-hack fix is immobilising innocent heroes

Looks like Dota 2's anti-hack fix is immobilising innocent heroes ... them, and one user said that restarting their computer didn't seem to solve it either.

Posted on 10 September 2019 | 8:50 am

Business Email Compromise The $26 Billion Scam

Posted on 10 September 2019 | 7:20 am

Secret Service Investigates Breach at U.S. Govt IT Contractor

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks. In mid-August, a member of a popular Russian-language cybercrime forum offered to sell access to the internal network of a U.S. government IT contractor that does business with more than 20 federal agencies, including several branches of the military. The seller bragged that he had access to email correspondence and credentials needed to view databases of the client agencies, and set the opening price at six bitcoins (~USD $60,000).

Posted on 9 September 2019 | 11:47 am

North Korean Malicious Cyber Activity

Original release date: September 9, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-21 and MAR-10135536-10, for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 9 September 2019 | 10:59 am

FBI Safe Online Surfing Challenge

Original release date: September 9, 2019

The Federal Bureau of Investigation (FBI) has launched the Safe Online Surfing (SOS) Challenge, encouraging educators to promote web literacy and safety for students during the 2019-20 school year. FBI developed the program to educate children on how to navigate the web securely using activities that correspond with specific grade levels. Public, private, and home schools with at least five students are eligible to participate in the online challenge.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI SOS Challenge Announcement and the CISA Tip Keeping Children Safe Online.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 9 September 2019 | 9:25 am

New Malware Uses Windows BITS Service to Stealthy Exfiltrate Data

Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and

Posted on 9 September 2019 | 8:18 am

Facebook Patches "Memory Disclosure Using JPEG Images" Flaws in HHVM Servers

Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM (HipHop Virtual Machine)—a high-performance, open source virtual machine developed by Facebook for

Posted on 9 September 2019 | 3:12 am

U.S. Cyber Command Shares 11 New Malware Samples

Original release date: September 8, 2019

U.S. Cyber Command has released 11 malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends users and administrators review the CISA Tip on Protecting Against Malicious Code for best practices on protecting systems and networks against malware.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 8 September 2019 | 10:13 am

Exim Releases Security Patches

Original release date: September 6, 2019

Exim has released patches to address vulnerabilities affecting Exim 4.92.1 and prior versions. A remote attacker could exploit this vulnerability to take control of an affected email server.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-15846 page and upgrade to Exim 4.92.2 or apply the necessary patches. CISA also encourages users and administrators to review the CERT Coordination Center's Vulnerability Note VU#672565 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 6 September 2019 | 11:03 am

Ransomware Protection Strategies

Original release date: September 6, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has observed an increase in ransomware attacks across the Nation. Helping organizations protect themselves from ransomware is a chief priority for CISA. Organizations are encouraged to review the following resources to help prevent, mitigate, and recover against ransomware:

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or a Secret Service Field Office.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 6 September 2019 | 10:54 am

Exim TLS Flaw Opens Email Servers to Remote 'Root' Code Execution Attacks

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that affect all

Posted on 6 September 2019 | 7:48 am

Flaws in Over Half a Million GPS Trackers Expose Children Location Data

What if the tech intended to ensure that your kids, senior citizens, and pets are safe even when they're out of sight inadvertently expose them to stalkers? An estimated 600,000 GPS tracking devices for sale on Amazon and other large online merchants for $25–$50 have been found vulnerable to a handful of dangerous vulnerabilities that may have exposed user's real-time locations, security

Posted on 6 September 2019 | 4:01 am

Google Fined $170 Million For Violating Kids' Privacy On YouTube

Google has finally agreed to pay $170 million fine to settle allegations by the Federal Trade Commission and the New York attorney general that its YouTube service earned millions by illegally harvesting personal information from children without their parents' consent. The settlement requires Google to pay $136 million to the FTC and an additional $34 million fine to New York state for

Posted on 6 September 2019 | 1:52 am

New Free Offering Enables Any MSP and Security Integrator to Add Incident Response to their Services Portfolio

The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider (MSP) or Security

Posted on 5 September 2019 | 11:47 am

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number

Posted on 5 September 2019 | 4:15 am

WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions […]

Posted on 4 September 2019 | 8:51 pm

Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn

Beware! Billion of Android users can easily be tricked into changing their devices' critical network settings with just an SMS-based phishing attack. Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data

Posted on 4 September 2019 | 10:44 am

‘Satori’ IoT Botnet Operator Pleads Guilty

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the "Satori" botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.

Posted on 3 September 2019 | 11:14 pm

Spam In your Calendar? Here’s What to Do.

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working. But periodically they circle back to old tricks, and few spam trends are as perennial as calendar spam, in which invitations to click on dodgy links show up unbidden in your digital calendar application from Apple, Google and Microsoft. Here's a brief primer on what you can do about it.

Posted on 3 September 2019 | 1:56 pm

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct, an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company's commercial email practices.

Posted on 2 September 2019 | 3:52 pm

Phishers are Angling for Your Cloud Providers

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client's brand and their customers. Here's a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Posted on 30 August 2019 | 11:21 am

Ransomware Bites Dental Data Backup Firm

PerCSoft, a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack.

Posted on 29 August 2019 | 12:59 pm

Cybersecurity Firm Imperva Discloses Breach

Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells firewall technology designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of Web-based software applications.

Posted on 27 August 2019 | 11:52 am

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United States.

Posted on 22 August 2019 | 4:38 pm

Cyber Actors Use Online Dating Sites To Conduct Confidence/Romance Fraud And Recruit Money Mules

Posted on 5 August 2019 | 10:00 am

Oracle Critical Patch Update Advisory - July 2019

Posted on 16 July 2019 | 2:30 pm

Mitigations Against Adversarial Attacks

This is the fourth and final article in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, […]

Posted on 11 July 2019 | 1:53 am

Adversarial Attacks Against AI

This article is the third in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 1:52 am

Malicious Use Of AI

This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 1:50 am

Bad AI

This article is the first in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 1:49 am

Security Issues, Dangers, And Implications of Smart Information Systems

F-Secure is participating in an EU-funded Horizon 2020 project codenamed SHERPA (as mentioned in a previous blog post). F-Secure is one of eleven partners in the consortium. The project aims to develop an understanding of how machine learning will be used in society in the future, what ethical issues may arise, and how those issues […]

Posted on 8 July 2019 | 4:19 am

Sockpuppies!

Yesterday, a colleague of mine, Eero Kurimo, told me about something odd he’d seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets. Here’s an example: “Mainostettu” is the Finnish word Twitter uses to denote that a tweet has been promoted. […]

Posted on 1 July 2019 | 3:14 am

Oracle Security Alert for CVE-2019-2729 - 18 Jun 2019

Posted on 18 June 2019 | 5:00 pm

Cyber Actors Exploit 'Secure' Websites In Phishing Campaigns

Posted on 10 June 2019 | 9:00 am

Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections

I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case, recommendation systems on social networks. My […]

Posted on 24 May 2019 | 12:10 pm

Spam Trends: Top attachments and campaigns

Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw huge spam campaigns using ZIP […]

Posted on 8 May 2019 | 7:41 am

Oracle Security Alert for CVE-2019-2725 - 26 Apr 2019

Posted on 26 April 2019 | 12:00 pm

Oracle Critical Patch Update Advisory - April 2019

Posted on 16 April 2019 | 2:30 pm

Discovering Hidden Twitter Amplification

As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large amounts of data in order to […]

Posted on 3 April 2019 | 10:39 am

Mira Ransomware Decryptor

We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it’s feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the […]

Posted on 1 April 2019 | 9:19 am

A Hammer Lurking In The Shadows

And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. In short, this is how the trojanized Setup.exe works: An executable embedded in the Resources section has been overwritten by […]

Posted on 29 March 2019 | 9:12 am

Chinese Embassy Scam

Posted on 28 March 2019 | 9:15 am

Analysis of LockerGoga Ransomware

We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […]

Posted on 27 March 2019 | 12:19 pm

FBI Warns of Fraud Actors Scamming Investors Through Fictitious Standby Letters of Credit

Posted on 18 March 2019 | 10:00 am

Analysis Of Brexit-Centric Twitter Activity

This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]

Posted on 12 March 2019 | 2:56 am

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]

Posted on 11 March 2019 | 10:34 pm

Why Social Network Analysis Is Important

I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]

Posted on 21 February 2019 | 7:20 am

Oracle Critical Patch Update Advisory - January 2019

Posted on 15 January 2019 | 1:30 pm

NRSMiner updates to newer version

More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […]

Posted on 2 January 2019 | 11:04 pm

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Posted on 12 December 2018 | 9:13 pm

Phishing Campaign targeting French Industry

We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]

Posted on 26 November 2018 | 7:16 am

Ethics In Artificial Intelligence: Introducing The SHERPA Consortium

In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]

Posted on 22 November 2018 | 2:25 am

Spam campaign targets Exodus Mac Users

We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […]

Posted on 2 November 2018 | 12:56 pm

Oracle Critical Patch Update Advisory - October 2018

Posted on 16 October 2018 | 2:30 pm

Oracle Security Alert for CVE-2018-11776 - 31 August 2018

Posted on 31 August 2018 | 7:00 pm

Value-Driven Cybersecurity

Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]

Posted on 31 August 2018 | 8:20 am

Taking Pwnie Out On The Town

Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]

Posted on 14 August 2018 | 6:58 am

Oracle Security Alert for CVE-2018-3110 - 10 August 2018

Posted on 10 August 2018 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2018

Posted on 17 July 2018 | 2:30 pm

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads […]

Posted on 5 July 2018 | 12:00 pm

Oracle Critical Patch Update Advisory - April 2018

Posted on 17 April 2018 | 2:30 pm

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]

Posted on 3 April 2018 | 2:56 pm

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for […]

Posted on 16 January 2018 | 5:00 pm

Oracle Critical Patch Update Advisory - January 2018

Posted on 16 January 2018 | 1:30 pm

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's […]

Posted on 29 November 2017 | 2:33 pm

Oracle Security Alert for CVE-2017-10269 - 13 November 2017

Posted on 13 November 2017 | 1:30 pm

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to […]

Posted on 31 October 2017 | 9:20 am

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 27 October 2017 | 2:30 pm

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 2:30 pm

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 2:30 pm

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this […]

Posted on 19 September 2017 | 5:17 pm

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 2:30 pm

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 2:30 pm

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

Posted on 16 May 2017 | 5:39 pm

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 2:30 pm

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 2:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 2:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 1:30 pm

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 2:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 2:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 2:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 2:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 2:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 2:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 2:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 2:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 2:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 2:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 1:30 pm

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 1:30 pm

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 1:30 pm

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 1:30 pm

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 1:30 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 2:26 pm

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 2:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 2:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 2:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 5:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 3:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 3:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 10:40 am

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 2:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 3:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 2:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 1:33 pm

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 4:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 5:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 5:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 3:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 4:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 1:40 pm

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 11:07 am

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 2:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 4:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 2:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 12:05 pm

Critical Patch Update - October 2009

Posted on 20 October 2009 | 10:39 am

Critical Patch Update - July 2009

Posted on 15 July 2009 | 8:00 pm

Critical Patch Update - April 2009

Posted on 14 April 2009 | 5:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 5:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 1:53 pm

Critical Patch Update - July 2008

Posted on 15 July 2008 | 3:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 5:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 4:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 3:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 3:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 10:57 am

Critical Patch Update - January 2007

Posted on 16 January 2007 | 5:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 1:37 pm

Critical Patch Update - April 2006

Posted on 18 April 2006 | 3:42 pm

Critical Patch Update - January 2006

Posted on 17 January 2006 | 6:20 pm

Critical Patch Update - January 2005

Posted on 18 October 2005 | 5:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 5:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 5:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 2:46 pm