Deprecated: implode(): Passing glue string after array is deprecated. Swap the parameters in /home/customer/www/securecybersolution.com/public_html/news/php/library/SimplePie/Parse/Date.php on line 544

Critical infrastructure pain points: The toughest challenges

Accenture Federal Services recently hired cybersecurity expert and former CISA executive, Rick Driggers. He brings more than 30 years of federal government and military experience to AFS and will play a key role in developing cybersecurity solutions designed to protect critical infrastructure. This was the perfect time to sit down with Rick and learn more about critical infrastructure security as well as his future plans. You have been in the cybersecurity industry for quite a … More

The post Critical infrastructure pain points: The toughest challenges appeared first on Help Net Security.

Posted on 28 July 2021 | 6:00 am

How security leaders can build emotionally intelligent cybersecurity teams

How a leader motivates their team, gathers, and uses information, makes decisions, manages change initiatives, and handles crises is referred to as “leadership style”, and is known to be a key influencing factor in team dynamics. Daniel Goleman, an American psychologist, believed that at the heart of relationship between leadership style and team dynamics lay a series of traits referred to as “emotional intelligence” (EQ). EQ refers to the capability of individuals to recognize their … More

The post How security leaders can build emotionally intelligent cybersecurity teams appeared first on Help Net Security.

Posted on 28 July 2021 | 5:30 am

How security leaders can build emotionally intelligent cybersecurity teams

However, rather than focusing on cultivating EQ, cybersecurity leaders such as CISOs and CIOs are often preoccupied by day-to-day operations (e.g., ...

Posted on 28 July 2021 | 5:26 am

Confidence redefined: The cybersecurity industry needs a reboot

I’m sure many of us would like to leave 2020 behind and get back to our “normal” lives but, in some areas, I think that would be a mistake. Despite the challenges and obstacles we each faced during this time, we’ve collectively learned so much and owe it to ourselves and society to apply those learnings to create a better future. In some ways, the world looks more familiar than it did this time last … More

The post Confidence redefined: The cybersecurity industry needs a reboot appeared first on Help Net Security.

Posted on 28 July 2021 | 5:15 am

ECC turns down revision in criteria

It will set up Cyber Governance Policy Committee to ensure the protection of online data and information of citizens, public and private institutions. IT ...

Posted on 28 July 2021 | 5:15 am

South African container ports creak back to life after prolonged cyber-attack shutdown

South Africa's container terminals were shut down by a cyber-attack on 22 July, leaving dozens of ships stranded. Photo: Jonathan Boonzaier ...

Posted on 28 July 2021 | 5:15 am

Where does the SME fit into a supply chain attack?

“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods – both parts and software. These connections are known as the supply chain. It can be long and convoluted and has become a favoured attack vector for cybercriminals. In many cases, a company has its own supply chain while simultaneously being part of the supply … More

The post Where does the SME fit into a supply chain attack? appeared first on Help Net Security.

Posted on 28 July 2021 | 5:00 am

Where does the SME fit into a supply chain attack?

However, the malware had wormlike abilities, and NotPetya very rapidly wormed its way out of Ukraine and propagated around the world – causing ...

Posted on 28 July 2021 | 4:52 am

Biden warns 'real shooting war' will be sparked by severe cyber attack

"And it's increasing exponentially – the capabilities," he added, presumably a reference to the potency of cyber attacks. Biden next mentioned Russian ...

Posted on 28 July 2021 | 4:52 am

Trending cybercrimes and the big impact of lesser-known breaches

Sontiq released the Mid-Year 2021 Cybercrime Report, which highlights five key trends and the 2021 data breaches that pose the highest level of risk to victims. Companies are largely unprepared to fend off cyberattacks The report’s insights were derived from data generated by Sontiq’s call center, Identity Restoration Team, and through BreachIQ data breach analysis. Sontiq’s BreachIQ product is powered by a patent-pending, AI-driven system that analyzes more than 1,300 data points of a data … More

The post Trending cybercrimes and the big impact of lesser-known breaches appeared first on Help Net Security.

Posted on 28 July 2021 | 4:30 am

McAfee Enterprise and FCN Awarded $281M Cybersecurity Contract From Veterans Affairs

“We're excited to be partnering with VA and McAfee Enterprise to bring best-in-class cybersecurity capabilities to the men and women who have so ably ...

Posted on 28 July 2021 | 4:07 am

Investigation underway into cyber attack against LINE users in Taiwan

Taipei, July 28 (CNA) An investigation has been launched by law- enforcement authorities into a cyber attack targeting certain users of the popular ...

Posted on 28 July 2021 | 4:07 am

Investigation underway into cyber attack against LINE users in Taiwan

Taipei, July 28 (CNA) An investigation has been launched by law- enforcement authorities into a cyber attack targeting certain users of the popular ...

Posted on 28 July 2021 | 4:07 am

Ransomware attack on Grass Valley

The perpetrators of this cyber attack informed the City they had obtained ... an investigation with the assistance of a professional cybersecurity firm.

Posted on 28 July 2021 | 4:07 am

McAfee Enterprise and FCN Awarded $281M Cybersecurity Contract From Veterans Affairs

Under the five-year, $281 million contract, VA and the Veterans they serve will be protected by McAfee Enterprise's MVISION Endpoint Security, Data ...

Posted on 28 July 2021 | 4:07 am

Enterprise data breach cost reached record high during COVID-19 pandemic

IBM research estimates that the average data breach now costs upward of $4 million.

Posted on 28 July 2021 | 4:01 am

Exposing the latest cloud threats affecting enterprises

Netskope revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks. The findings are part of the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud … More

The post Exposing the latest cloud threats affecting enterprises appeared first on Help Net Security.

Posted on 28 July 2021 | 4:00 am

Information security: Developing practical policies and procedures

Cybersecurity is one of the leading concerns among today's executives and risk management professionals. Yet despite its importance, organizations ...

Posted on 28 July 2021 | 3:56 am

McAfee Enterprise and FCN Awarded $281M Cybersecurity Contract From Veterans Affairs

“As the administration's recent Executive Order on Improving the Nation's Cybersecurity (EO) emphasizes, our federal agencies need to move toward ...

Posted on 28 July 2021 | 3:56 am

IBM Report: Cost of a Data Breach Hits Record High During Pandemic

Data breaches cost surveyed companies $4.24 million per incident on average; highest in 17-year report history; Adoption of AI, hybrid cloud, and zero ...

Posted on 28 July 2021 | 3:56 am

Data privacy in the era of COVID-19 vaccine rollouts

Seven months into the year and it's clear data privacy will continue to be a critical issue in 2021. We've seen critical infrastructure and multiple credit ...

Posted on 28 July 2021 | 3:56 am

Consumers are increasingly concerned about online security and imminent attacks

According to a new Sophos Home survey, forty-five percent of consumers say they’re more at risk of being hit by an attack now than they were before the pandemic, and 61% believe their household could be the target of an attack in the next year. Despite these concerns, the research findings show that security practices are falling short for many. Many consumers are uninformed about online security “Consumers are largely in the dark about cybersecurity,” … More

The post Consumers are increasingly concerned about online security and imminent attacks appeared first on Help Net Security.

Posted on 28 July 2021 | 3:30 am

Executives have increased business analytics usage

The pandemic has spurred rapid adoption of enterprise technologies around the globe, according to ManageEngine. The first report of The 2021 Digital Readiness Survey found that U.S. executives have truly upped the ante — 67% have increased their use of business analytics compared to 47% of executives outside the U.S. 0% of U.S.-based respondents reported increased usage of artificial intelligence (AI). 72% of these respondents are relying on the technology to increase operational efficiency while … More

The post Executives have increased business analytics usage appeared first on Help Net Security.

Posted on 28 July 2021 | 3:00 am

Ivanti Neurons for Zero Trust Access enhances cybersecurity in the everywhere workplace

Ivanti released Ivanti Neurons for Zero Trust Access. Ivanti Neurons for Zero Trust Access helps organizations improve their security posture through a zero trust aligned and flexible direct-to-application access solution. With this announcement, Ivanti continues to deliver on its mission of securing the everywhere workplace, in which employees use various devices to access corporate networks, data, and services as they work from different locations. This announcement comes on the heels of President Biden’s Executive Order … More

The post Ivanti Neurons for Zero Trust Access enhances cybersecurity in the everywhere workplace appeared first on Help Net Security.

Posted on 28 July 2021 | 2:50 am

Stellar Cyber’s AI-driven incident correlation increases attack detection efficiency

Stellar Cyber announced a major leap to boost security analyst efficiency to identify attacks earlier. The new incident correlation technology utilizes advanced GraphML algorithms to automatically group and consolidate large volumes of alerts and events into a much smaller number of highly precise and actionable incidents. The advancement gives security analysts far more actionable information about how and where attacks are occurring, and which are the most severe. “Stellar Cyber’s initial interface aimed to increase … More

The post Stellar Cyber’s AI-driven incident correlation increases attack detection efficiency appeared first on Help Net Security.

Posted on 28 July 2021 | 2:45 am

How foreign hackers weaponised India's cybersecurity shield

How foreign hackers weaponised India's cybersecurity shield. Between 7-14 July, hackers took down the two-factor authentication system the Indian ...

Posted on 28 July 2021 | 2:37 am

Unknown number of British Columbians' personal information for sale online after health company ...

CTV News has confirmed at least some of the information leaked online is authentic, though the bulk ... B.C. AGENCIES NOTIFIED OF DATA BREACH.

Posted on 28 July 2021 | 2:37 am

How Microsoft security infrastructure can sink a business

They don't want to spend time hacking ten thousand organisations to find ... By focusing on a security strategy that mitigates the risks presented by a ...

Posted on 28 July 2021 | 2:26 am

Cabinet gives the green light to cyber security policy

As per the policy, a cyberattack on any institution of Pakistan will be considered an act of aggression against national sovereignty and all necessary and ...

Posted on 28 July 2021 | 1:52 am

Cabinet gives the green light to cyber security policy

Pakistan currently holds a weak cyber security posture to deal with any threat in the digital domain. Cyberattack on any institution to be considered ...

Posted on 28 July 2021 | 1:52 am

Fugue: 36% of organizations have suffered a serious cloud leak or breach in the last year

Above: The Fugue and Sonatype State of Cloud Security 2021 report found that 36% of orgs suffered a breach in the last year. Image Credit: Fugue.

Posted on 28 July 2021 | 1:41 am

District on alert for cyber crime

District on alert for cyber crime ... Scammers are at it again, this time targeting the Batesville School District. Superintendent Michael Hester issued the ...

Posted on 28 July 2021 | 1:07 am

Biden Administration Wants to Require Businesses to Disclose Ransomware Attacks | Voice of ...

Testifying before Senate Homeland Security and Governmental Affairs ... While supporting mandatory breach notifications, Downing and other officials ...

Posted on 28 July 2021 | 12:56 am

Tax Pros Should Encourage Clients to Get IP PINs to Reduce Threat of ID Theft

This is a free way for taxpayers to protect themselves, but we need the help of tax professionals to make sure more people know about it.” The IRS ...

Posted on 28 July 2021 | 12:22 am

Tax Pros Should Encourage Clients to Get IP PINs to Reduce Threat of ID Theft

Publication 5293, Data Security Resource Guide for Tax Professionals, provides a compilation of data theft information available on IRS.gov. Also, tax ...

Posted on 28 July 2021 | 12:22 am

eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering

... security manager for eBay was sentenced on Tuesday to 18 months in prison and was ordered to pay a $15,000 fine for his role in the cyber-stalking ...

Posted on 28 July 2021 | 12:22 am

eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering

... security manager for eBay was sentenced on Tuesday to 18 months in prison and was ordered to pay a $15,000 fine for his role in the cyber-stalking ...

Posted on 28 July 2021 | 12:22 am

eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering

"Instead, he agreed to harass them online in service of a corporate objective. Cooke then committed a second crime when he interfered with the police ...

Posted on 28 July 2021 | 12:22 am

UC San Diego Health announces data breach

The notice indicates that the breach occurred via “unauthorized access to some employee email accounts” but says it did not affect the “continuity of ...

Posted on 28 July 2021 | 12:22 am

Investigation Into UCSD Data Breach Underway

A computer hack at UC San Diego Health has compromised patients' personal information, reports NBC 7's Monica Dean ...

Posted on 28 July 2021 | 12:18 am

Can't wait to try Windows 11? Watch for these fake files that can ruin your PC

What they're often getting is fake installers loaded with malware. This can range from adware to Trojans, password stealers and more. https://www.

Posted on 28 July 2021 | 12:07 am

Data Breach; Holiday Bowl; Stop Child Hunger Act: Patch PM

Data Breach; Holiday Bowl; Stop Child Hunger Act: Patch PM · Today's headlines from across San Diego County. · Find out what's happening in San ...

Posted on 27 July 2021 | 11:48 pm

Rosen Discusses Urgent Need for Protections for US Critical Infrastructure, Building on Her ...

... about protecting our nation's critical infrastructure from cyberattacks. ... on to my Cyber Sense Act because the Colonial Pipeline attack -- it just was a ...

Posted on 27 July 2021 | 11:37 pm

Another One Bites the Dust: Court once again finds data breach forensic report isn't protected by ...

Because Rutter's did not know whether a breach occurred at the time Kroll was engaged, it would have been impossible to anticipate litigation. Further ...

Posted on 27 July 2021 | 11:26 pm

Cyber Hawaii introduces free cybersecurity training program for businesses

Whether you're a plumber or a landscaper, or in another industry that one does not normally associate with cybersecurity, the time could come that ...

Posted on 27 July 2021 | 11:26 pm

Microsoft: Windows 11 to follow Windows 10's servicing model

Only Patch Tuesday updates will be downloaded automatically and optional cumulative updates will appear under the optional updates section.

Posted on 27 July 2021 | 11:26 pm

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much ...

Posted on 27 July 2021 | 11:15 pm

Decision to withhold report on National Cyber Security Centre slammed by TDs

The report by FireEye, a global security company, examined the NCSC's organisational structure, staffing, work processes, skill sets and budgets. It also ...

Posted on 27 July 2021 | 11:03 pm

Decision to withhold report on National Cyber Security Centre slammed by TDs

The scale of the attack has led to questions about the state's approach to cybersecurity and the protection of its information networks. “The NCSC was ...

Posted on 27 July 2021 | 11:03 pm

Decision to withhold report on National Cyber Security Centre slammed by TDs

The scale of the attack has led to questions about the state's approach to cybersecurity and the protection of its information networks. “The NCSC was ...

Posted on 27 July 2021 | 11:03 pm

Tokyo Update: Opening Ceremony Snafus, Ticket Data Leak

... which many thought was appropriate given that the games would be greatly limited due to safety measures enacted as Tokyo sees its infection rate ...

Posted on 27 July 2021 | 10:52 pm

Biden says next 'real shooting' war could be result of major cyber attack

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on entities such as network ...

Posted on 27 July 2021 | 10:41 pm

How to fix An error occurred while starting Roblox

Disable proxy settings; Turn off antivirus Software; Allow Roblox through Firewall; Reinstall Roblox. 1] Reset your Router. Whenever you have internet ...

Posted on 27 July 2021 | 10:41 pm

Sen. Cruz: Biden Administration Weak on Response to Cyber-Attacks by Russia and China

China has repeatedly used ransomware and cyber-attacks to harm America. Not only has it attacked pipelines in an effort to cause physical damage, ...

Posted on 27 July 2021 | 10:41 pm

Southwestern College Begins 3 Career Training Courses in Technology

The programs — drone technology and applications, cyber security and fire science technology — are focused on computer and information ...

Posted on 27 July 2021 | 10:41 pm

Southwestern College Begins 3 Career Training Courses in Technology

Cyber security program: A 32-unit program that equips students with an additional internship requirement and aims to prepare upcoming cybersecurity ...

Posted on 27 July 2021 | 10:41 pm

Troubleshooters: Here's what to do if you've been a victim of unemployment fraud

"She asked me to email a picture of my ID, social security number, and recent bank statement," said Reiber. As soon as I hit the send button, ...

Posted on 27 July 2021 | 10:30 pm

Machine Learning Testing for Data Scientists

Pipeline and tests example. For our examples we will use an 'SQL Injection' classifier. The classifier gets an HTTP request as the input, and outputs the ...

Posted on 27 July 2021 | 10:30 pm

Future Of Information Of Space CBMs In South Asia – OpEd

In the present world cyber warfare is considered to be the most formidable means of non-kinetic war fighting. In South Asia the probability of eruption ...

Posted on 27 July 2021 | 10:18 pm

BERGEN COUNTY FOOD SECURITY TASK FORCE HOSTS FIRST EVER FOOD PANTRY SUMMIT

Since then, the Task Force has spearheaded several initiatives including expanding computer, refrigerators, and freezer access to our network of ...

Posted on 27 July 2021 | 9:56 pm

Biden Warns Cyber Attacks Could Lead to 'A Real Shooting War'

Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on entities such as network ...

Posted on 27 July 2021 | 9:34 pm

Data breach in Covid vaccine passport scheme in Northern Ireland 'very worrying'

A data breach in the Covid vaccine passport scheme which saw some people being sent other applicants' personal information is “concerning” and ...

Posted on 27 July 2021 | 9:33 pm

Editorial: Congress must improve cybersecurity

Cyber attacks occur daily all around the world. Some are trivial, others are extremely dangerous. The United States is especially vulnerable, so we ...

Posted on 27 July 2021 | 9:33 pm

Editorial: Congress must improve cybersecurity

A ransomware attack paralyzed the networks of at least 200 U.S. companies on July 2, according to a cybersecurity researcher whose company was ...

Posted on 27 July 2021 | 9:33 pm

Accounting firms advise clients to beware of ransomware attacks

“Business owners are starting to put more focus on cybersecurity and recognize that it's a very big part of all the other business risks that they're already ...

Posted on 27 July 2021 | 9:11 pm

Accounting firms advise clients to beware of ransomware attacks

“Business owners are starting to put more focus on cybersecurity and recognize that it's a very big part of all the other business risks that they're already ...

Posted on 27 July 2021 | 9:11 pm

Revised State Data Breach Laws Demand Attention

I've written quite a bit during the past year about cybersecurity, urging ... seriously their obligations to protect client confidential information and to be ...

Posted on 27 July 2021 | 9:11 pm

Accounting firms advise clients to beware of ransomware attacks

“Business owners are starting to put more focus on cybersecurity and ... clients and work with them to establish a cyber information security program ...

Posted on 27 July 2021 | 9:11 pm

Revised State Data Breach Laws Demand Attention

I'm returning to the topic of cybersecurity again today, this time to note that data breach notification laws in several states have been amended during ...

Posted on 27 July 2021 | 9:11 pm

China Cybersecurity Law Targets Troves of Data Collected by Electric Vehicles

BEIJING—On September 1, a new cybersecurity law in China takes effect that tightens rules on how data can be collected and shared with third ...

Posted on 27 July 2021 | 9:11 pm

LockBit ransomware automates Windows domain encryption via group policies

"The malware added a novel approach of interacting with active directory propagating ransomware to local domains as well as built-in updating global ...

Posted on 27 July 2021 | 9:10 pm

LockBit ransomware automates Windows domain encryption via group policies

... controller, they utilize third-party software to deploy scripts that disable antivirus and then execute the ransomware on the machines on the network.

Posted on 27 July 2021 | 9:10 pm

The Pegasus Project: Uncovering spyware and its abuse

Essentially, malware can be deployed without the user ever having to interact with the device. Many apps and software that tout end-to-end encryption ...

Posted on 27 July 2021 | 9:00 pm

Public sector data leaks rose to 108 last year, but none severe

Public officers reported 108 cases of data leaks by the Singapore Government last year, up 44 per cent from 75 cases in 2019. All of the incidents were ...

Posted on 27 July 2021 | 9:00 pm

1 in 4 security teams report to CIOs, but would benefit from CISO leadership: survey

The survey was sent to more than 3,600 cybersecurity professionals holding an ISACA Certified Information Security Manager certification.

Posted on 27 July 2021 | 8:50 pm

Misconfigured Azure Blob at Raven Hengelsport exposed records of 246000 anglers – and took ...

A spokesperson for the Dutch Data Protection Authority, Autoriteit Persoonsgegevens, refused to comment on whether the company had notified it of ...

Posted on 27 July 2021 | 8:48 pm

UC San Diego Health announces security breach of some employee email accounts

UC San Diego Health is moving as quickly as possible while taking the care and time to deliver accurate information about which data was impacted. At ...

Posted on 27 July 2021 | 8:48 pm

Misconfigured Azure Blob at Raven Hengelsport exposed records of 246000 anglers – and took ...

A spokesperson for the Dutch Data Protection Authority, Autoriteit Persoonsgegevens, refused to comment on whether the company had notified it of the ...

Posted on 27 July 2021 | 8:48 pm

Alaska National Guard participates in DoD's largest unclassified cyber defense exercise

“These cyber threats extend our adversaries' reach across borders and time zones and it could have devastating consequences.” Scheunemann, a ...

Posted on 27 July 2021 | 8:48 pm

DOJ, FBI Officials Push For Ransomware Reporting Law

Officials at the DOJ, FBI and Cybersecurity and Infrastructure Security ... demand digital currency after freezing victims out of computer networks.

Posted on 27 July 2021 | 8:48 pm

The Top 5 Types Of COVID-19-Related Email Crime

Malware — Emotet, a popular banking Trojan, was the first malware to leverage the pandemic. LokBot has been connected to two pandemic-related ...

Posted on 27 July 2021 | 8:37 pm

TSA, Transportation Officials Give Insight into New Cybersecurity Mandates for Pipeline Operators

“Traditionally, PHMSA regulates safe pipeline operations and TSA regulates cybersecurity,” she said. “The Colonial Pipeline cyberattack illustrates ...

Posted on 27 July 2021 | 8:37 pm

TSA, Transportation Officials Give Insight into New Cybersecurity Mandates for Pipeline Operators

Agency leaders expressed a commitment to avoiding duplication of their efforts as lines blur between cyber and physical security. Homeland Security ...

Posted on 27 July 2021 | 8:37 pm

Michael Weiskopff: DOD Helps Defense Industrial Base Identify Cybersecurity Gaps

... offers some services intended to help industry partners identify and assess cybersecurity vulnerabilities, Federal News Network reported Monday.

Posted on 27 July 2021 | 8:26 pm

Amazon and Swiggy report data breaches for over 100 million debit and credit card owners

Information on over 100 million debit and credit card users leaked online from payment processors Jaspey .. The leak contains the user's name, ...

Posted on 27 July 2021 | 8:26 pm

Israel Wants to Have Its Ice Cream and Cybersecurity Too

July was a heavy month for the Israeli government dealing with a cybersecurity scandal along with an announcement from Ben & Jerry's withdrawing ...

Posted on 27 July 2021 | 8:25 pm

NB Students Will Learn Cybersecurity Skills With Cisco, Cyber NB, Government Partnership

“Demand for cybersecurity talent is growing and our students need to be prepared to join technology-based workforces that are still evolving,” said ...

Posted on 27 July 2021 | 8:17 pm

Data breach costs hit record highs

In 2021, breaches cost companies an average of USD 4.24 million according to the latest Cost of a Data Breach report, sponsored by IBM Security.

Posted on 27 July 2021 | 8:15 pm

News for Alumni and Friends

The students' research will address robot navigation, user online security, ... Skarlatos' Inspired Research in Computer Architecture and Operating ...

Posted on 27 July 2021 | 8:15 pm

Some 65% of Organizations Now Weigh Their 'Cyber Maturity'

New ISACA survey data also shows a 35% increase in cyberattacks over the past year. SteveZCloseUp.jpeg. Steve Zurier. Contributing Writer. July 27, ...

Posted on 27 July 2021 | 8:14 pm

Durbin Delivers Opening Statement At Senate Judiciary Committee On Ransomware Attacks

And these attacks can have permanent damage. Last year, it took an average of nine months for a business to fully recover from a ransomware attack.” “ ...

Posted on 27 July 2021 | 8:03 pm

How to increase online payment security for your business

The internet security encryption protocol (SSL) is a security certificate that makes using a website more secure. Most websites have such a certificate, ...

Posted on 27 July 2021 | 8:03 pm

Indonesian insurer probes potentially huge data breach

On the hacking and data leak website RaidForums, an unnamed user was reportedly selling around 460,000 documents containing personal ...

Posted on 27 July 2021 | 8:03 pm

Facebook's former chief engineer is joining cybersecurity startup Lacework as its co-CEO

Cloud security startup Lacework Inc. Tuesday named a Facebook veteran as its new co-CEO. Jay Parikh, who previously served as the social ...

Posted on 27 July 2021 | 7:52 pm

Watch for malware using uncommon programming languages, says BlackBerry

Malware authors are increasingly using new and uncommon programming languages to evade detection and hinder analysis, it says. “Malicious ...

Posted on 27 July 2021 | 7:52 pm

UC San Diego Health announces data breach

The notice indicates that the breach occurred via “unauthorized access to some employee email accounts,” but says it did not affect the “continuity of ...

Posted on 27 July 2021 | 7:52 pm

New Windows 10 warning makes you think twice about installing Windows 11

... security experts, there has been a sudden increase in the amount of malware being distributed under the guise of Microsoft's new operating system.

Posted on 27 July 2021 | 7:41 pm

Machine Identity Lies at the Core of Cybersecurity

Cybersecurity is an umbrella term for the process of protecting computer systems and networks from information disclosure, theft or damage of devices ...

Posted on 27 July 2021 | 7:41 pm

Hackers Pivot To Exotic Programming Languages To Carry Out Devastating Malware Attacks

As Eric Milam, VP of Threat Research at BlackBerry, explains, “Malware authors are known for their ability to adapt and modify their skills and behaviors ...

Posted on 27 July 2021 | 7:41 pm

Machine Identity Lies at the Core of Cybersecurity

With the rapid adoption of smart devices, internet and wireless network, the field is becoming increasingly relevant to create a safe and secure ...

Posted on 27 July 2021 | 7:41 pm

Top 10 Tips: Effective Cybersecurity Awareness Training for Law Firm Employees

Sharon D. Nelson, Esq. is president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. Ms..

Posted on 27 July 2021 | 7:30 pm

Limitations of post-breach privilege. XCSSET malware. Ransomware and data exposure incidents.

Rutter's counsel enlisted Kroll Cyber Security to conduct a forensic investigation into the breach, and while the plaintiffs requested that the report be ...

Posted on 27 July 2021 | 7:30 pm

Top 10 Tips: Effective Cybersecurity Awareness Training for Law Firm Employees

Sharon D. Nelson, Esq. is president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. Ms..

Posted on 27 July 2021 | 7:30 pm

Limitations of post-breach privilege. XCSSET malware. Ransomware and data exposure incidents.

Malware steals data from a wide range of apps. Florida cardiology practice sustains ransomware attack. Dutch sport fishing vendor undergoes data ...

Posted on 27 July 2021 | 7:30 pm

Limitations of post-breach privilege. XCSSET malware. Ransomware and data exposure incidents.

Rutter's counsel enlisted Kroll Cyber Security to conduct a forensic ... hit by a ransomware attack in May that not only took down their computer and ...

Posted on 27 July 2021 | 7:30 pm

Top 10 Tips: Effective Cybersecurity Awareness Training for Law Firm Employees

Sharon D. Nelson, Esq. is president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. Ms..

Posted on 27 July 2021 | 7:30 pm

Limitations of post-breach privilege. XCSSET malware. Ransomware and data exposure incidents.

Rutter's counsel enlisted Kroll Cyber Security to conduct a forensic ... hit by a ransomware attack in May that not only took down their computer and ...

Posted on 27 July 2021 | 7:30 pm

Top 10 Tips: Effective Cybersecurity Awareness Training for Law Firm Employees

Sharon D. Nelson, Esq. is president of the digital forensics, managed information technology and cybersecurity firm Sensei Enterprises. Ms..

Posted on 27 July 2021 | 7:30 pm

Senators Blackburn, Marshall, and Colleagues Urge President Biden to Sanction China, Protect ...

“I write regarding the recent Cybersecurity Advisory issued by the National ... The Cyberattack Advisory follows a recent cyberattack on Kaseya Ltd ...

Posted on 27 July 2021 | 7:07 pm

GDIT's Michael Baker Named WashingtonExec CISO Council Chair

Michael Baker, staff vice president and chief information security officer for General ... Baker's nearly 20 years of experience in cyber leadership, talent ...

Posted on 27 July 2021 | 6:57 pm

Update your iPhone, iPad, Mac right now, avoid the exploit

If you have an Apple desktop computer running MacOS, you should also make certain you have the most updated version of your operating system.

Posted on 27 July 2021 | 6:56 pm

CODESYS Patches Dozen Vulnerabilities in Industrial Automation Products

Industrial automation software provider CODESYS this month informed customers about a dozen vulnerabilities affecting various products. More than half of these flaws were discovered by Cisco Talos and their details were disclosed on Monday.

read more

Posted on 27 July 2021 | 6:47 pm

Cybersecurity officials call on Congress to force private companies to disclose ransomware attacks

He testified Tuesday before the Senate Judiciary Committee alongside Eric Goldstein, the executive assistant director for cybersecurity for the ...

Posted on 27 July 2021 | 6:45 pm

FBI tells Congress ransomware payments shouldn't be banned

In the wake of the cyber-attack on Colonial Pipeline, the agency issued two security directives, forcing owners and operators of the most critical US ...

Posted on 27 July 2021 | 6:37 pm

FBI tells Congress ransomware payments shouldn't be banned

Pekoske urged companies to invest in cybersecurity upfront, rather than paying a ransom demand and “not getting anything in return.” The Justice ...

Posted on 27 July 2021 | 6:37 pm

Cabinet okays first-ever cyber security policy amid Pegasus spying scandal

Addressing a news conference in Islamabad after the cabinet meeting on Tuesday, Fawad said the world is moving towards the cyber warfare at a rapid ...

Posted on 27 July 2021 | 6:33 pm

Cabinet okays first-ever cyber security policy amid Pegasus spying scandal

Israel's Haaretz had reported that India targeted a phone which was earlier in PM Imran's use, through the malware. Several Pakistani officials, Kashmiri ...

Posted on 27 July 2021 | 6:33 pm

FBI tells Congress ransomware payments shouldn't be banned

... advantage of a victim's financial incentives: It can often be more tempting to pay in hopes of resolving the problem quickly, cybersecurity experts say, ...

Posted on 27 July 2021 | 6:33 pm

Cabinet okays first-ever cyber security policy amid Pegasus spying scandal

Cabinet okays first-ever cyber security policy amid Pegasus spying scandal. Information Minister Fawad Chaudhry says threat assessment committee ...

Posted on 27 July 2021 | 6:33 pm

Microsoft issues out-of-band Windows 10 update to fix printer issues

The issue appeared following the July 2021 Patch Tuesday updates for Windows 10. Microsoft confirmed the issue on July 23, when it said that it ...

Posted on 27 July 2021 | 6:11 pm

Tech biz must tell us about more security breaches, says UK.gov as it ponders lowering report ...

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information ...

Posted on 27 July 2021 | 6:11 pm

Organizations Can Create Cohesive Culture of Cyber Security Through Terranova Security and ...

This reality can lead to organizations often using multiple cyber security training programs to train employees, which can increase the costs and ...

Posted on 27 July 2021 | 6:11 pm

Organizations Can Create Cohesive Culture of Cyber Security Through Terranova Security and ...

Those managing cyber security-related training at organizations face a unique challenge in creating a strong cyber security culture. Different individuals ...

Posted on 27 July 2021 | 6:11 pm

Tech biz must tell us about more security breaches, says UK.gov as it ponders lowering report ...

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information ...

Posted on 27 July 2021 | 6:11 pm

Organizations Can Create Cohesive Culture of Cyber Security Through Terranova Security and ...

Those managing cyber security-related training at organizations face a unique challenge in creating a strong cyber security culture. Different individuals ...

Posted on 27 July 2021 | 6:11 pm

Antivirus Software Package Market is in Huge Demand | Microsoft, AVG Technologies, McAfee

An antivirus scans a computer system and mobile device memory, system files, and operating system (OS) using heuristic detection methods, ...

Posted on 27 July 2021 | 6:11 pm

Teaming up for Cybersecurity Education All India Council of Technical Education (AICTE) and EC ...

The webinar “Cyber Security Careers: A Guide to Recession-Proof Learning” discussed how the pandemic is paving the path for “hybrid learning” – and ...

Posted on 27 July 2021 | 6:07 pm

Teaming up for Cybersecurity Education All India Council of Technical Education (AICTE) and EC ...

The webinar “Cyber Security Careers: A Guide to Recession-Proof Learning” discussed how the pandemic is paving the path for “hybrid learning” ...

Posted on 27 July 2021 | 6:07 pm

Timeline remains the same to update unemployment system

In doing so, it said, the state will request enhanced security measures to protect the personal and financial information of jobless claimants. State officials ...

Posted on 27 July 2021 | 6:00 pm

Allegheny Intermediate Unit Notice of Security Incident

The ransomware incident resulted in unauthorized access to certain information about some current and former employees, as well as their dependents ...

Posted on 27 July 2021 | 6:00 pm

Allegheny Intermediate Unit Notice of Security Incident

To further protect personal information, the AIU has implemented additional security measures to enhance the security of its network. These ...

Posted on 27 July 2021 | 6:00 pm

Want An RTX 3090? An 11-Year-Old Found A Newegg Exploit And Got One

The global chip shortage is affecting everything from used car prices to gaming PC builds, and it's showing little sign that it will end any time soon.

Posted on 27 July 2021 | 6:00 pm

You Need To Look Out For These Software Vulns

6 on the list was an SQL injection, which occurs when software constructs all or part of an SQL command using externally influenced input from an ...

Posted on 27 July 2021 | 6:00 pm

FBI tracking more than 100 active ransomware groups

... as a hacker who rents a famous type of ransomware for a particular attack might not have any kind of prior affiliation with the malware's designers.

Posted on 27 July 2021 | 6:00 pm

Diners Beware: That Meal May Cost You Your Privacy and Security

Scanning QR codes instead of ordering from a physical menu is a way for companies to insert all the machinery of the online advertising ecosystem ...

Posted on 27 July 2021 | 6:00 pm

Timeline remains the same to update unemployment system

In doing so, it said, the state will request enhanced security measures to protect the personal and financial information of jobless claimants.

Posted on 27 July 2021 | 6:00 pm

New HP Cybersecurity Threat Report Finds “A Boom” in Hacking Tools

The report from HP Wolf Security threat research team found a 65% rise in the use of hacking tools downloaded from underground forums and file ...

Posted on 27 July 2021 | 5:48 pm

New HP Cybersecurity Threat Report Finds “A Boom” in Hacking Tools

CryptBot malware – historically used as an infostealer to siphon off credentials from cryptocurrency wallets and web browsers – is also being used to ...

Posted on 27 July 2021 | 5:48 pm

Ransomware Attacks Spur a Renewed Push for Company Mandates

... required to improve their cybersecurity and report hacking attacks to the federal government, national security officials and senators said Tuesday.

Posted on 27 July 2021 | 5:37 pm

1 in 3 Organizations Experiencing More Cyberattacks This Year, Says New ISACA Study

ISACA's 2021 State of Cybersecurity Part 2 looks at the threat landscape, the impact of the pandemic on security programs and the challenges—and ...

Posted on 27 July 2021 | 5:37 pm

PortSwigger Website Terms of Use

These Website Terms of Use together with the documents referred to in it ("Terms") constitute the terms and ... 2.1.1 PortSwigger's privacy notice; and.

Posted on 27 July 2021 | 5:37 pm

1 in 3 Organizations Experiencing More Cyberattacks This Year, Says New ISACA Study

ISACA's 2021 State of Cybersecurity Part 2 looks at the threat landscape, the impact of the pandemic on security programs and the challenges—and ...

Posted on 27 July 2021 | 5:37 pm

1 in 3 Organizations Experiencing More Cyberattacks This Year, Says New ISACA Study

ISACA's 2021 State of Cybersecurity Part 2 looks at the threat landscape, the impact of the pandemic on security programs and the challenges—and ...

Posted on 27 July 2021 | 5:37 pm

Why CPA firms need to know about restricted top-level web domains

Take a closer look at this growing area of internet naming and what it means for branding and cybersecurity. By Chris Cromer. 2 hours 30 minutes ago.

Posted on 27 July 2021 | 5:35 pm

“Mantis” threat actor targeting Windows Internet servers with malware

“The TG1021 uses a custom-made malware framework built around a common core, customized for IIS servers. The toolset is completely volatile and ...

Posted on 27 July 2021 | 5:15 pm

Small Businesses Bearing Brunt Of Ransomware Attacks, Senate Told

It is easier than ever for cyber actors to attack victims because many criminals do not need to create their own ransomware with the licensing of ...

Posted on 27 July 2021 | 5:15 pm

Apple warns users to immediately install update to counter serious security flaw

... Images Apple users are being urged to immediately install an update on their devices to avoid a nasty exploit that could lead to a malicious malware ...

Posted on 27 July 2021 | 5:15 pm

'Praying Mantis' threat actor targeting Windows internet-facing servers with malware

Over the last year, the company's incident response team has been forced to respond to a number of targeted cyber intrusion attacks aimed at several ...

Posted on 27 July 2021 | 5:07 pm

'Praying Mantis' threat actor targeting Windows internet-facing servers with malware

"TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, ...

Posted on 27 July 2021 | 5:07 pm

We need more protection from government surveillance — not less

... types of data; penetrating computer systems and databases and causing wide-scale, systemic disruptions to economies, infrastructure and security.

Posted on 27 July 2021 | 5:06 pm

Myth Buster: Innovation and Security *Can* Happen in Tandem

Experts from the Cybersecurity and Infrastructure Security Agency, State Department, Defense Logistics Agency, Microsoft Federal and ServiceNow ...

Posted on 27 July 2021 | 5:03 pm

Patient Receipts With PHI Stolen, Recovered From Doctor's Office

July 27, 2021 - Sierra Nevada Primary Care Physicians (Sierra Care Physicians) of California began notifying patients of a data security incident that ...

Posted on 27 July 2021 | 5:03 pm

Johnson may block Chinese takeover of UK's largest computer chip maker

Johnson had asked his national security adviser Sir Stephen Lovegrove to look into the sale, after previously being accused of acquiescing to the deal ...

Posted on 27 July 2021 | 5:00 pm

IRS: IP PINS will protect against tax-related identity theft

WASHINGTON — Internal Revenue Service Security Summit partners today called on tax professionals to increase ... Sharing information about the IP PIN Opt-In Program is the second in a five-part weekly series sponsored by the ...

Posted on 27 July 2021 | 4:52 pm

Nasal antivirus response could determine COVID-19 severity, says UMMC study

Nasal antivirus response could determine COVID-19 severity, says UMMC study. Coronavirus. by: Kaitlin Howell. Posted: Jul 27, 2021 / 11:17 AM CDT ...

Posted on 27 July 2021 | 4:18 pm

Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years

Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years.

read more

Posted on 27 July 2021 | 4:06 pm

CISA Releases Security Advisory for Geutebruck Devices

Original release date: July 27, 2021

CISA has released an Industrial Control Systems (ICS) advisory detailing multiple vulnerabilities in multiple Geutebruck G-CAM E2 series devices and Encoder G-Code versions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the ICS Advisory ICSA-21-208-03 Geutebruck G-Cam E2 and G-Code and apply the necessary updates and workarounds

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 27 July 2021 | 4:05 pm

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework

Posted on 27 July 2021 | 3:47 pm

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. The flaws — tracked as CVE-2021-35208 and CVE-2021-35208 — were discovered and reported in

Posted on 27 July 2021 | 3:46 pm

The Legal Tech-To-English Dictionary: Cybersecurity

Lawyer 2: Um, there's software that recognizes and prevents malware, and we can also implement training for employees to help them identify potential ...

Posted on 27 July 2021 | 3:45 pm

The Role of Parental Control and Antivirus during the COVID-19 Pandemic

Antivirus software protects your devices from threats by detecting, destroying, and warning you about potential malware. Antivirus software keeps up with ...

Posted on 27 July 2021 | 3:45 pm

TikTok to open cyber-security centre in Ireland

TikTok is to open a new cyber-security centre in Ireland as part of efforts to “stay ahead of next-generation security threats”. The Chinese social media ...

Posted on 27 July 2021 | 3:33 pm

German county targeted by ransomware asks military for help

... were used to infiltrate the infrastructure of the perpetrators and to inform those affected by the malware,” Germany's interior ministry told EURACTIV.

Posted on 27 July 2021 | 3:22 pm

Advanced Malware Sandbox Solution Market – increasing demand with Industry Professionals ...

This Advanced Malware Sandbox Solution report will surely act as a handy instrument for the market participants to develop effective strategies with an ...

Posted on 27 July 2021 | 3:20 pm

LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that used affected ...

This malware is spread via exploits, phishing emails, USB devices, and brute force attacks in different countries. “LemonDuck's threat to enterprises is ...

Posted on 27 July 2021 | 3:11 pm

Vulnerabilities Allow Hacking of Zimbra Webmail Servers With Single Email

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization’s sent and received email messages, software security firm SonarSource reveals.

read more

Posted on 27 July 2021 | 3:09 pm

Australia finds Uber violated privacy laws, rewarded cyber criminals

Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred ...

Posted on 27 July 2021 | 3:00 pm

How to create a positive and effective cybersecurity environment instead of a shame culture

You can catch more flies with honey than vinegar. Learn some tips to establish a positive reinforcement cybersecurity culture rather than a ...

Posted on 27 July 2021 | 3:00 pm

From Sharks to Social Engineering: (ISC)² Security Congress Keynotes Address the New World of ...

Four keynotes, led by former Director of the Cybersecurity and Infrastructure Security Agency Chris Krebs, will spotlight how global events have ...

Posted on 27 July 2021 | 3:00 pm

PM Imran's Cabinet Approves Pakistan Cyber Security Policy 2021

The Federal Cabinet On Tuesday Approved National Cyber Security Policy 2021 For Data Protection And Prevention Of Cybercrimes. The Federal ...

Posted on 27 July 2021 | 2:48 pm

FRST log help, laptop infected with coinminer

Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc.

Posted on 27 July 2021 | 2:15 pm

1Password Raises $100 Million at $2 Billion Valuation

Password management solutions provider 1Password today announced receiving a $100 million investment that increases its valuation to $2 billion. Previously, the company raised $200 million in a Series A funding round.

read more

Posted on 27 July 2021 | 1:53 pm

Open source web app projects hailed for quickly patching bugs

The nine total bugs range from cross-site scripting and denial of service to SQL injection and authentication bypass. The bulk of the bugs were found ...

Posted on 27 July 2021 | 1:30 pm

Google launches new Bug Hunters vulnerability rewards platform

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof.

Posted on 27 July 2021 | 1:30 pm

Deakin University chooses LogMeIn to safeguard network

“Thanks to LastPass, we have a newfound ability to safeguard users' sensitive data, records and passwords, and they can rest assured knowing their ...

Posted on 27 July 2021 | 1:19 pm

Critical Vulnerability Found in Sunhillo Aerial Surveillance Product

An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group.

read more

Posted on 27 July 2021 | 1:02 pm

Latest HP Inc. Cybersecurity Threat Report Reveals Hackers Sharing Computer Vision Tools to ...

HP Wolf Security threat research team finds increasing cybercrime sophistication and a boom in monetization and hacking tools, while end users are ...

Posted on 27 July 2021 | 12:56 pm

Accel doubles down on 1Password, which just raised $100M more at a $2B valuation

Toronto-based 1Password is one of those rare companies that is a) profitable and b) transparent enough to share financials. And today, the company ...

Posted on 27 July 2021 | 12:56 pm

Hackers Turning to 'Exotic' Programming Languages for Malware Development

Threat actors are increasingly shifting to "exotic" programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts. "Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies," said Eric Milam, Vice President of

Posted on 27 July 2021 | 12:39 pm

Kaseya Denies Paying Cybercriminals Who Launched Ransomware Attack

IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files.

read more

Posted on 27 July 2021 | 12:32 pm

Vulnerability in Popular Survey Tool Exploited in Possible Chinese Attacks on U.S.

A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States.

read more

Posted on 27 July 2021 | 12:09 pm

S.Africa's Port Terminals Still Disrupted Days After Cyber-Attack

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals.

The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said.

read more

Posted on 27 July 2021 | 11:32 am

Why Are Users Ignoring Multi-Factor Authentication?

Two-Factor Authentication

read more

Posted on 27 July 2021 | 11:30 am

Password management platform 1Password raises $100M as business booms

1Password targets businesses like Slack, IBM, and GitLab with a platform that allows users to store passwords securely and log into myriad online ...

Posted on 27 July 2021 | 11:26 am

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year. The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory

Posted on 27 July 2021 | 11:14 am

Apple Releases Security Updates

Original release date: July 27, 2021

Apple has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to take control of an affected device.

CISA encourages users and administrators to review the security update page for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 27 July 2021 | 11:05 am

Microsoft Releases Guidance for Mitigating PetitPotam NTLM Relay Attacks

Original release date: July 27, 2021

On July 23, Microsoft released KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) to address a NTLM Relay Attack named PetitPotam. CISA encourages users and administrators to review KB5005413 and apply the necessary mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 27 July 2021 | 11:03 am

Canadian startup 1Password raises $100 million, valued at $2 billion

(Reuters) – 1Password, a Canadian security and privacy tech startup, said on Tuesday it raised $100 million in a round led by Silicon Valley venture ...

Posted on 27 July 2021 | 11:03 am

How To Deal With Galaxy S8 And Galaxy S8 Plus Virus Infection Warnings

Of course, if you had an antivirus app on your phone, you wouldn't have to worry too much about it. But since you are reading this article, you probably ...

Posted on 27 July 2021 | 10:52 am

Promise and peril in a changing cybersecurity sphere

In addition to the Microsoft Exchange hack that penetrated 250,000 networks worldwide, there were the ransomware attacks on Colonial Pipeline, which ...

Posted on 27 July 2021 | 10:30 am

Creating an Effective Threat Hunting Program with Limited Resources

Developing various data sets for threat hunting engagements will further mature your program and help uncover the unknown

read more

Posted on 27 July 2021 | 10:29 am

Malware developers turn to 'exotic' programming languages to thwart researchers

They are focused on exploiting pain points in code analysis and reverse-engineering.

Posted on 27 July 2021 | 10:13 am

BIMI: A Visual Take on Email Authentication and Security

There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to quickly identify

Posted on 27 July 2021 | 10:04 am

Cybercriminals are getting more sophisticated

HP Inc's Threat Insights Report notes that hacking tools in wide circulation were surprisingly capable. For example, one tool can solve CAPTCHA ...

Posted on 27 July 2021 | 9:30 am

Ransomware's silver lining

The most notorious Russian criminal hacker group engaged in ransomware ... In response to threats from President Biden, it appears that Russia's ...

Posted on 27 July 2021 | 9:00 am

Antivirus and Security Software Market Supply, Forecast To 2026 With Global Key Companies ...

Antivirus and Security Software market in-depth study gives a detailed view of the business. It allows you to see manufacturers footprints, understand ...

Posted on 27 July 2021 | 8:37 am

Enterprise Security Essentials

Doors and Locks (Endpoint Protection). This is the most basic form of protection for your home, just as antivirus and endpoint protection are the most ...

Posted on 27 July 2021 | 7:07 am

How To Keep Your ECommerce Site Safe From Hackers

Some methods hackers use to attack websites include SQL injection, ... you total protection from the most prevalent threats such as SQL injections and ...

Posted on 27 July 2021 | 6:13 am

Password Manager Software Market Top Manufacturers Analysis by 2026: LastPass, 1Password ...

Crucial references pertaining to the competition spectrum, identifying lead players have been well incorporated in this research report. LastPass

Posted on 27 July 2021 | 6:10 am

Password Manager Software Market Top Manufacturers Analysis by 2026: LastPass, 1Password ...

Password Manager Software Market Top Manufacturers Analysis by 2026: LastPass, 1Password, Okta, Keeper, KeePass etc. · Password Manager ...

Posted on 27 July 2021 | 6:10 am

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. The issue, dubbed "PetitPotam," was discovered by security researcher Gilles Lionel, who shared

Posted on 27 July 2021 | 5:19 am

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims

Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense--> "On July 21, Kaseya obtained a decryptor for victims of the REvil ransomware attack, and we're working to remediate customers impacted by the

Posted on 27 July 2021 | 5:14 am

Cybercrime and hacking by hostile states demands a 'Digital Geneva Convention' – Stewart ...

While the anarchy of the early internet was a large part of its appeal, today it represents a significant threat to our security and the global economy.

Posted on 27 July 2021 | 3:56 am

Potential Keylogger?

-> Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java ...

Posted on 27 July 2021 | 3:37 am

State-affiliated threat actors attribute 57% of all known web app incidents over last five years - Report

... a Tower of Babel effect preventing them from reaching conclusions more definitive than the prevalence of SQL injection and cross-site scripting.”.

Posted on 27 July 2021 | 2:03 am

Judge: Ex-CIA Worker Can Represent Himself in Espionage Case

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday.

read more

Posted on 27 July 2021 | 1:03 am

Endpoint Security Is More Important Than Ever

When laptops were synonymous with mobility, antivirus software was considered enough to protect them, but not for long, since antivirus protection ...

Posted on 27 July 2021 | 12:00 am

Cybereason, Cyderes Ink MDR Security Services Partnership

The solution blends Cybereason Defense Platform endpoint detection and response (EDR), antivirus and threat hunting capabilities with Cyderes' ...

Posted on 26 July 2021 | 8:48 pm

China-Linked APT31 Exploiting Home Routers In French Hacking Operation

“It appears from our investigations that the threat actor uses a network of compromised home routers as operational relay boxes in order to perform ...

Posted on 26 July 2021 | 8:26 pm

US Congress considers "hacking back" legislation. Pipeline cybersecurity. The state and direction ...

Other problems could result from threat actors' propensity to stage attacks from domestic infrastructure, and from the trickiness of norms surrounding ...

Posted on 26 July 2021 | 8:03 pm

Apple Patches 'Actively Exploited' Mac, iOS Security Flaw

Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices.

read more

Posted on 26 July 2021 | 7:36 pm

PlugwalkJoe Does the Perp Walk

One day after last summer's mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" O'Connor appeared to have been involved in the incident. When the Justice Department last week announced O'Connor's arrest and indictment, his alleged role in the Twitter compromise was well covered in the media. But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks -- all in a bid to seize control over highly-prized social media accounts.

Posted on 26 July 2021 | 6:18 pm

Patch Tuesday, 'C release' updates to continue for Windows 11

Microsoft has confirmed that the upcoming Windows 11 will be serviced on a monthly basis using the same practices the vendor has honed with ...

Posted on 26 July 2021 | 5:48 pm

Firefox 90 Drops Support for FTP Protocol

Mozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser.

read more

Posted on 26 July 2021 | 4:19 pm

No More Ransom: We Prevented Ransomware Operators From Earning $1 Billion

No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion.

read more

Posted on 26 July 2021 | 2:50 pm

Amnesty Urges Moratorium on Surveillance Technology in Pegasus Scandal

Allegations that governments used phone malware supplied by an Israeli firm to spy on journalists, activists and heads of state have "exposed a global human rights crisis," Amnesty International said, asking for a moratorium on the sale and use of surveillance technology.

read more

Posted on 26 July 2021 | 2:00 pm

What We Learn from MITRE's Most Dangerous Software Weaknesses List

A look into MITRE's 2021 CWE Top 25 Most Dangerous Software Weaknesses

read more

Posted on 26 July 2021 | 1:36 pm

Responsable Adjoint SOC/CERT

... SIEM Incident-response Incident-management data-leak CTI Cyber-threat intelligence forensics Vulnerabilities scans cybersecurity network-security ...

Posted on 26 July 2021 | 1:07 pm

'Holy Moly!': Inside Texas' Fight Against a Ransomware Hack

It was the start of a steamy Friday two Augusts ago when Jason Whisler settled in for a working breakfast at the Coffee Ranch restaurant in the Texas Panhandle city of Borger. The most pressing agenda item for city officials that morning: planning for a country music concert and anniversary event.

read more

Posted on 26 July 2021 | 12:37 pm

MosaicLoader malware (virus) - Free Guide

And the most important rule is to always use a reliable antivirus program. If you want to be safe or easily remove all threats from the computer, we ...

Posted on 26 July 2021 | 12:33 pm

Leading Threat to Industrial Security is Not What You Think

As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments.

read more

Posted on 26 July 2021 | 12:26 pm

GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies

GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects’ dependencies.

read more

Posted on 26 July 2021 | 12:23 pm

Twitter handle swatter jailed after victim dies following home raid

The 60-year-old victim's daughter believes he was "scared to death."

Posted on 26 July 2021 | 11:49 am

How to Mitigate Microsoft Windows 10, 11 SeriousSAM Vulnerability

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.  Attackers can exploit this vulnerability to obtain hashed passwords

Posted on 26 July 2021 | 11:21 am

Enterprises Warned of New PetitPotam Attack Exposing Windows Domains

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain.

read more

Posted on 26 July 2021 | 11:14 am

WhatsApp chief says government officials, US allies targeted by Pegasus spyware

The officials were allegedly targeted in attacks dating back to 2019.

Posted on 26 July 2021 | 10:36 am

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. "LemonDuck, an actively updated and robust malware that's primarily known

Posted on 26 July 2021 | 10:13 am

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers using an unusual

Posted on 26 July 2021 | 3:38 am

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring

Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's known as a "Fraud-as-a-Service" operation. The apprehended suspects, a 24-year-old software engineer and a 15-year-old boy, are said to have been

Posted on 25 July 2021 | 3:27 pm

Threat Actors Target Kubernetes Clusters via Argo Workflows

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.

read more

Posted on 23 July 2021 | 4:00 pm

House Passes Several Critical Infrastructure Cybersecurity Bills

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.

read more

Posted on 23 July 2021 | 3:03 pm

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code

After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtually every industry today, and their importance is increasing steadily, as they move to the forefront of business strategies. This comes as no

Posted on 23 July 2021 | 2:14 pm

TikTok fined €750,000 for Violating Children's Privacy

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in the Dutch language, making it difficult for young children to understand what would happen to their data.

read more

Posted on 23 July 2021 | 2:03 pm

Dutch Police Arrest Alleged Member of 'Fraud Family' Cybercrime Gang

Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.”

read more

Posted on 23 July 2021 | 2:00 pm

Cyber Risk Management Firm Safe Security Raises $33 Million

Cyber risk measurement and mitigation platform provider Safe Security this week announced that it has received a $33 million strategic investment led by BT Group.

The funds, Safe Security says, will be used to double the size of its engineering team, as well as to increase the company’s spending on research and development.

read more

Posted on 23 July 2021 | 1:02 pm

GitHub boosts supply chain security for Go modules

Go is now one of the most popular programming languages on the platform.

Posted on 23 July 2021 | 1:01 pm

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers

A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded over 1,283 times since February 2019, was last updated seven months ago (version 1.1.2), with its corresponding repository leading to non-existent

Posted on 23 July 2021 | 4:29 am

Security Researchers Need Better Laws

... a security problem, then you're only going to get hacked by advanced persistent threat actors, not people who want to help you,” said John Jackson, ...

Posted on 23 July 2021 | 3:56 am

 Cisco Releases Security Updates

Original release date: July 22, 2021

Cisco has released security updates to address multiple vulnerabilities in Intersight Virtual Appliance. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-ucsi2-iptaclbp-L8Dzs8m8 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 22 July 2021 | 2:01 pm

Drupal Releases Security Updates

Original release date: July 22, 2021

Drupal has released security updates to address a critical third-party-library vulnerability that could affect Drupal 7,  8.9, 9.1, and 9.2. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Drupal security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 22 July 2021 | 2:00 pm

APT Hackers Distributed Android Trojan via Syrian e-Government Portal

An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks," Trend Micro researchers Zhengyu

Posted on 22 July 2021 | 12:04 pm

Reduce End-User Password Change Frustrations

Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter issues related to security software, policies, and password restrictions.  One of the most common areas where security may cause challenges for

Posted on 22 July 2021 | 10:12 am

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without

Posted on 22 July 2021 | 8:21 am

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam

A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing a computer without authorization and obtaining information from a protected computer, as well as for making extortive communications. The Spanish

Posted on 22 July 2021 | 8:04 am

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and

Posted on 22 July 2021 | 6:25 am

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, "with a high degree of

Posted on 22 July 2021 | 3:41 am

Several New Critical Flaws Affect CODESYS Industrial Automation Software

Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud operational technology (OT) infrastructure. The flaws can be turned "into innovative attacks that could put threat actors in position to remotely

Posted on 22 July 2021 | 3:38 am

New Windows and Linux Flaws Give Attackers Highest System Privileges

Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the operating system installation password and even decrypt private keys. The vulnerability has been nicknamed "SeriousSAM.""Starting with Windows 10

Posted on 22 July 2021 | 3:36 am

Serial Swatter Who Caused Death Gets Five Years in Prison

A 18-year-old Tennessee man who helped set in motion a fraudulent distress call to police that lead to the death of a 60-year-old grandfather in 2020 was sentenced to 60 months in prison today.

Posted on 21 July 2021 | 7:59 pm

2021 CWE Top 25 Most Dangerous Software Weaknesses

Original release date: July 21, 2021

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

CISA encourages users and administrators to review the Top 25 list and evaluate recommended mitigations to determine those most suitable to adopt.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 July 2021 | 5:07 pm

Malware Targeting Pulse Secure Devices

Original release date: July 21, 2021

As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed 13 malware samples related to exploited Pulse Secure devices. CISA encourages users and administrators to review the following 13 malware analysis reports (MARs) for threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) and to review CISA’s Alert Exploitation of Pulse Connect Secure Vulnerabilities for more information. 

MARS:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 July 2021 | 3:00 pm

Adobe Releases Security Updates for Multiple Products 

Original release date: July 21, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 July 2021 | 10:39 am

Apple Releases Security Updates

Original release date: July 21, 2021

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 July 2021 | 10:37 am

Google Releases Security Updates for Chrome

Original release date: July 21, 2021

Google has released Chrome version 92.0.4515.107 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 July 2021 | 10:35 am

$49 malware receives major upgrade to strike both Windows and macOS PCs

The new family stems from Formbook, an old but prevalent malware strain.

Posted on 21 July 2021 | 10:00 am

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams

Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t prevent these attacks from happening, what can lean security teams look forward to?  Surprisingly, leaner teams have a much greater chance than

Posted on 21 July 2021 | 9:52 am

Joker billing fraud malware found in Google Play Store

The Android malware circumvented security controls by using short URL tricks.

Posted on 21 July 2021 | 9:13 am

The United States says China has violated dozens of pipeline companies in the last decade

From 2011 to 2013, Chinese-backed hackers targeted and often violated nearly ... In other words, hackers were preparing to control the pipeline as well as ... the Biden administration states that the threat of hacking to US oil and gas ...

Posted on 21 July 2021 | 12:11 am

Spam Kingpin Peter Levashov Gets Time Served

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.

Posted on 20 July 2021 | 9:30 pm

Oracle Critical Patch Update Advisory - July 2021

Posted on 20 July 2021 | 7:30 pm

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution. Hundreds of millions of

Posted on 20 July 2021 | 11:47 am

HP patches vulnerable driver lurking in printers for 16 years

Cyberattackers could exploit the bug to secure system-level privileges.

Posted on 20 July 2021 | 11:00 am

Microsoft heads to court to take on imposter, homoglyph domains

Fake domains impersonating Microsoft are a thorn not only in the company's side but in that of its customers.

Posted on 20 July 2021 | 9:44 am

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payload on the system, making it potentially profitable as a delivery service," Bitdefender researchers

Posted on 20 July 2021 | 8:48 am

Researchers Warn of Linux Cryptojacking Attackers Operating from Romania

A threat group likely based in Romania and active since at least 2020 has been behind an active cryptojacking campaign targeting Linux-based machines with a previously undocumented SSH brute-forcer written in Golang. Dubbed "Diicot brute," the password cracking tool is alleged to be distributed via a software-as-a-service model, with each threat actor furnishing their own unique API keys to

Posted on 20 July 2021 | 5:49 am

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Browse the comments on virtually any story about a ransomware attack and you will almost surely encounter the view that the victim organization could have avoided paying their extortionists if only they'd had proper data backups. But the ugly truth is there are many non-obvious reasons why victims end up paying even when they have done nearly everything right from a data backup perspective. 

Posted on 19 July 2021 | 9:11 pm

UK and White House blame China for Microsoft Exchange Server hack

Updated: The UK government says the country is responsible for "systematic cyber sabotage."

Posted on 19 July 2021 | 2:47 pm

US Formally Accuses China of Hacking Microsoft

“This irresponsible and harmful behavior resulted in security risks and significant economic loss for our government institutions and private companies, ...

Posted on 19 July 2021 | 1:30 pm

US accuses China of masterminding cyber attacks worldwide

“This irresponsible and harmful action poses security risks and significant economic losses to government agencies and private companies, with ...

Posted on 19 July 2021 | 11:26 am

NSO Group's Pegasus spyware used against journalists, political activists worldwide

A probe into the group suggests that its products are being used for purposes beyond criminal or terrorist investigations.

Posted on 19 July 2021 | 10:26 am

Facebook fights Biden claim that social media is 'killing people' through anti-vax, COVID-19 misinformation spread

Facebook says it is time to move past "finger pointing."

Posted on 19 July 2021 | 8:47 am

Swedish man sentenced for gold-backed cryptocurrency scam

Prosecutors say that investors were defrauded out of over $16 million.

Posted on 19 July 2021 | 7:49 am

Beat cybercriminals at their own game with AI technology

By Derek Manky, chief: security insights and global threat alliances at Fortinet's FortiGuard Labs. Considering this, the only way that security leaders ...

Posted on 17 July 2021 | 3:56 am

Artwork Archive cloud storage misconfiguration exposed user data

An unsecured bucket exposed information from Artwork Archive.

Posted on 16 July 2021 | 1:00 pm

Toddler mobile banking malware surges across Europe

The Android malware is a new and persistent threat to European citizens and banks alike.

Posted on 16 July 2021 | 11:01 am

Chinese APT LuminousMoth abuses Zoom brand to target gov't agencies

Fake Zoom apps are being spread to conduct cyber surveillance.

Posted on 16 July 2021 | 10:09 am

Microsoft points the finger at Israeli spyware seller for DevilsTongue attacks

Updates released this week protect against two key zero-day vulnerabilities weaponized by customers.

Posted on 16 July 2021 | 8:28 am

Does cybercrime impact cryptocurrency prices? Researchers find out

Memestocks can ramp up with hype: can crypto do the same due to criminality?

Posted on 14 July 2021 | 12:02 pm

US charges Greek national for selling insider trading subscriptions in the Dark Web

"TheBull" offered customers insider information, tips, and pre-release earnings.

Posted on 14 July 2021 | 8:40 am

Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting

The cryptocurrency farm was hidden in an old warehouse.

Posted on 14 July 2021 | 8:30 am

Microsoft Patch Tuesday, July 2021 Edition

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. A half of dozen of the vulnerabilities addressed today are under active attack, according to Microsoft.

Posted on 13 July 2021 | 9:41 pm

Spike in “Chain Gang” Destructive Attacks on ATMs

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime -- known variously as "ATM smash-and-grab" and "chain gang" attacks -- is rapidly increasing in other states.

Posted on 9 July 2021 | 7:31 pm

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya's customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

Posted on 8 July 2021 | 3:22 pm

Microsoft Issues Emergency Patch for Windows Flaw

Microsoft on Tuesday issued an emergency software update to quash a security bug that's been dubbed "PrintNightmare," a critical vulnerability in all supported versions of Windows that is actively being exploited. The fix comes a week ahead of Microsoft's normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.

Posted on 7 July 2021 | 2:34 pm

Another 0-Day Looms for Many Western Digital Users

Countless Western Digital customers saw their MyBook Live network storage drives remotely wiped in the past month thanks to a bug in a product line the company stopped supporting in 2015, as well as a previously unknown zero-day flaw. But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can't or won't upgrade to the latest operating system.

Posted on 2 July 2021 | 4:05 pm

Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax

Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month. Intuit says the change is tied to an "exciting" and "free" new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.

Posted on 1 July 2021 | 6:56 pm

Bitdefender Premium VPN

Other antivirus companies that provide VPNs have similar issues. We'd like to see Bitdefender break out its VPN-specific policies into a clearer ...

Posted on 28 June 2021 | 6:02 pm

IC3 Logs 6 Million Complaints

Posted on 17 May 2021 | 6:30 pm

Scammers Target Families Who Post Missing Persons on Social Media

Posted on 14 May 2021 | 1:00 pm

WordPress 5.7.2 Security Release

WordPress 5.7.2 is now available. This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8. You can update to […]

Posted on 13 May 2021 | 1:04 am

Oracle Critical Patch Update Advisory - April 2021

Posted on 20 April 2021 | 7:30 pm

WordPress 5.7.1 Security and Maintenance Release

WordPress 5.7.1 is now available! This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated. WordPress 5.7.1 is a short-cycle security and maintenance release. The next […]

Posted on 15 April 2021 | 3:05 am

Rise In Use of Cryptocurrency In Business Email Compromise Schemes

Posted on 13 April 2021 | 6:35 pm

If You Make or Buy a Fake COVID-19 Vaccination Record Card, You Endanger Yourself and Those Around You, and You Are Breaking the Law

Posted on 30 March 2021 | 5:15 pm

Telephony Denial of Service Attacks Can Disrupt Emergency Call Center Operations

Posted on 17 February 2021 | 7:00 pm

Oracle Critical Patch Update Advisory - January 2021

Posted on 19 January 2021 | 7:30 pm

Iranian Cyber Actors Continue to Threaten US Election Officials

Posted on 15 January 2021 | 9:15 pm

Oracle Critical Patch Update Advisory - October 2020

Posted on 20 October 2020 | 7:30 pm

Oracle Security Alert for CVE-2020-14750 - 01 November 2020

Posted on 1 October 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2020

Posted on 14 July 2020 | 7:30 pm

Hacking Your Psyche To Prevent Isolation Fatigue

Americans have been reporting increased feelings of depression, anxiety, loneliness, and even hopelessness at least once per week since the start of ...

Posted on 29 June 2020 | 1:41 pm

Reuters goofs up, shows innocent Delhi man as wanted Indian hacker behind global spy racket

The Reuters exclusive story published early this month identified a herbal medicine business owner as a wanted hacker. He was subsequently ...

Posted on 29 June 2020 | 1:30 pm

The World's Greatest Golf Club Without the Course Has Officially Launched Hack Mulligan – Golf's ...

Stick and Hack, the World's Greatest Golf Club, Without the Course, is thrilled to announce the official launch of their comic strip Hack Mulligan, which ...

Posted on 29 June 2020 | 12:56 pm

Indian government hack exposes 80000 coronavirus patients' data

Kerala Cyber Warriors allegedly targeted Delhi government servers to highlight security pitfalls. Indian hackers claim to have accessed more than ...

Posted on 29 June 2020 | 12:44 pm

'Offensive capability': $1.3b for new cyber spies to go after hackers

State actors are trying to hack computer networks. Prime Minister Scott Morrison will on Tuesday announce the ASD will be given more than $1 billion ...

Posted on 29 June 2020 | 12:22 pm

The New World Of Enterprise Security

As more people began working from home, we saw hacking patterns change. Hackers quickly realized that people were using virtual private networks ...

Posted on 29 June 2020 | 12:00 pm

UK judge warns Assange on US extradition hearing attendance

... indictment that alleges Assange conspired with members of hacking organizations and sought to recruit hackers to provide WikiLeaks with classified ...

Posted on 29 June 2020 | 11:48 am

How to mitigate risks due to Cyber threats to optimise your insurance premium

Chief among these are exposure to very high level of cyber threats and hacking. According to Cyber Security experts, such cases have grown ...

Posted on 29 June 2020 | 11:48 am

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal ...

Posted on 29 June 2020 | 11:15 am

Make your own relaxing face masks with these creative hacks

In this series, you'll learn various tips and tricks to make gardening, grilling and even sewing easier. No matter the problem, there's a Home Hack for that!

Posted on 29 June 2020 | 11:15 am

Hacker Drains $500K From DeFi Liquidity Provider Balancer

Decentralized finance (DeFi) liquidity provider Balancer Pool admitted early Monday morning that it had fallen victim to a sophisticated hack that ...

Posted on 29 June 2020 | 11:03 am

Calls for reform grow louder as UK Computer Misuse Act turns 30

The UK's principal computer hacking law marks its 30th anniversary today (June 29), amid industry calls for a radical revamp. The Computer Misuse ...

Posted on 29 June 2020 | 11:03 am

Woman's Hack For Eating Sushi With Soy Sauce Goes Viral

Clearly, many people have never thought to do this as the video has proven a huge hit, amassing more than 2.6 million views. As tends to be the way on ...

Posted on 29 June 2020 | 11:03 am

DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About

A spat between the Balancer and STA team following the $500,000 hack suggests that the DeFi protocol was aware of the weakness. 2640 Total ...

Posted on 29 June 2020 | 10:41 am

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to ...

Posted on 29 June 2020 | 10:18 am

This Melbourne mum uses her oven to dry her laundry and it's going viral

But for those of us who aren't blessed with a dryer at home, one Melbourne mum's solution may be the life hack you never knew you needed.

Posted on 29 June 2020 | 9:45 am

Russian leader of Infraud stolen ID, credit card ring pleads guilty

... to corruption charges after being accused of being one of the leaders of a carding ring trading in stolen identities, credit cards, and hacking tools.

Posted on 29 June 2020 | 9:22 am

Mum shares genius £4 hack which makes squash last twice as long

But one woman has shared a nifty hack that helps drinks last longer. Stephanie Palin, a special needs teaching assistant from Chesire, has come up ...

Posted on 29 June 2020 | 9:00 am

Australia cyberattack exploited vulnerability usually used in cryptojacking malware attacks

The Australian Cyber Security Centre revealed that hackers exploited known vulnerabilities in the Telerik user interface. Image by Gerd Altmann from ...

Posted on 29 June 2020 | 8:37 am

Hacker Drains Over $450000 from Balancer Pools

Hacker siphoned more than $450,000 in deflationary tokens on Monday from two multi-token pools on Balancer, an automated market maker protocol.

Posted on 29 June 2020 | 8:37 am

WordPress 5.4.2 Security and Maintenance Release

WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions […]

Posted on 10 June 2020 | 7:19 pm

WordPress 5.4.1

WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next […]

Posted on 29 April 2020 | 7:56 pm

Oracle Critical Patch Update Advisory - April 2020

Posted on 14 April 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2020

Posted on 14 January 2020 | 7:30 pm

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]

Posted on 13 December 2019 | 12:07 am

WordPress 5.2.4 Update

Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress […]

Posted on 19 November 2019 | 4:47 am

Oracle Critical Patch Update Advisory - October 2019

Posted on 15 October 2019 | 7:30 pm

WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an […]

Posted on 14 October 2019 | 9:54 pm

WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions […]

Posted on 5 September 2019 | 1:51 am

Mitigations Against Adversarial Attacks

This is the fourth and final article in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, […]

Posted on 11 July 2019 | 6:53 am

Adversarial Attacks Against AI

This article is the third in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:52 am

Malicious Use Of AI

This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:50 am

Bad AI

This article is the first in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:49 am

Security Issues, Dangers, And Implications of Smart Information Systems

F-Secure is participating in an EU-funded Horizon 2020 project codenamed SHERPA (as mentioned in a previous blog post). F-Secure is one of eleven partners in the consortium. The project aims to develop an understanding of how machine learning will be used in society in the future, what ethical issues may arise, and how those issues […]

Posted on 8 July 2019 | 9:19 am

Sockpuppies!

Yesterday, a colleague of mine, Eero Kurimo, told me about something odd he’d seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets. Here’s an example: “Mainostettu” is the Finnish word Twitter uses to denote that a tweet has been promoted. […]

Posted on 1 July 2019 | 8:14 am

Oracle Security Alert for CVE-2019-2729 - 18 Jun 2019

Posted on 18 June 2019 | 10:00 pm

Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections

I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case, recommendation systems on social networks. My […]

Posted on 24 May 2019 | 5:10 pm

Spam Trends: Top attachments and campaigns

Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw huge spam campaigns using ZIP […]

Posted on 8 May 2019 | 12:41 pm

Oracle Security Alert for CVE-2019-2725 - 26 Apr 2019

Posted on 26 April 2019 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2019

Posted on 16 April 2019 | 7:30 pm

Discovering Hidden Twitter Amplification

As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large amounts of data in order to […]

Posted on 3 April 2019 | 3:39 pm

Mira Ransomware Decryptor

We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it’s feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the […]

Posted on 1 April 2019 | 2:19 pm

A Hammer Lurking In The Shadows

And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. In short, this is how the trojanized Setup.exe works: An executable embedded in the Resources section has been overwritten by […]

Posted on 29 March 2019 | 2:12 pm

Analysis of LockerGoga Ransomware

We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […]

Posted on 27 March 2019 | 5:19 pm

Analysis Of Brexit-Centric Twitter Activity

This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]

Posted on 12 March 2019 | 7:56 am

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]

Posted on 12 March 2019 | 3:34 am

Why Social Network Analysis Is Important

I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]

Posted on 21 February 2019 | 1:20 pm

Oracle Critical Patch Update Advisory - January 2019

Posted on 15 January 2019 | 7:30 pm

NRSMiner updates to newer version

More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […]

Posted on 3 January 2019 | 5:04 am

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Posted on 13 December 2018 | 3:13 am

Phishing Campaign targeting French Industry

We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]

Posted on 26 November 2018 | 1:16 pm

Ethics In Artificial Intelligence: Introducing The SHERPA Consortium

In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]

Posted on 22 November 2018 | 8:25 am

Spam campaign targets Exodus Mac Users

We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […]

Posted on 2 November 2018 | 5:56 pm

Oracle Critical Patch Update Advisory - October 2018

Posted on 16 October 2018 | 7:30 pm

Oracle Security Alert for CVE-2018-11776 - 31 August 2018

Posted on 1 September 2018 | 12:00 am

Value-Driven Cybersecurity

Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]

Posted on 31 August 2018 | 1:20 pm

Taking Pwnie Out On The Town

Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]

Posted on 14 August 2018 | 11:58 am

Oracle Security Alert for CVE-2018-3110 - 10 August 2018

Posted on 10 August 2018 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2018

Posted on 17 July 2018 | 7:30 pm

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads […]

Posted on 5 July 2018 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2018

Posted on 17 April 2018 | 7:30 pm

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]

Posted on 3 April 2018 | 7:56 pm

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for […]

Posted on 16 January 2018 | 11:00 pm

Oracle Critical Patch Update Advisory - January 2018

Posted on 16 January 2018 | 7:30 pm

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's […]

Posted on 29 November 2017 | 8:33 pm

Oracle Security Alert for CVE-2017-10269 - 13 November 2017

Posted on 13 November 2017 | 7:30 pm

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to […]

Posted on 31 October 2017 | 2:20 pm

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 27 October 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 7:30 pm

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this […]

Posted on 19 September 2017 | 10:17 pm

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2019

Posted on 16 July 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 7:30 pm

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

Posted on 16 May 2017 | 10:39 pm

WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]

Posted on 15 May 2017 | 4:02 pm

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 7:30 pm

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]

Posted on 6 March 2017 | 5:53 pm

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. […]

Posted on 26 January 2017 | 7:34 pm

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 7:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 7:30 pm

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 7:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 7:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 7:30 pm

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 7:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 10:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 8:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 8:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 3:40 pm

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 8:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 9:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 8:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 6:33 pm

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 9:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 10:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 10:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 8:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 10:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 7:40 pm

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 4:07 pm

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 7:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 9:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 8:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 6:05 pm

Critical Patch Update - October 2009

Posted on 20 October 2009 | 3:39 pm

Critical Patch Update - July 2009

Posted on 16 July 2009 | 1:00 am

Critical Patch Update - April 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 6:53 pm

Critical Patch Update - July 2008

Posted on 15 July 2008 | 8:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 10:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 10:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 8:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 8:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 3:57 pm

Critical Patch Update - January 2007

Posted on 16 January 2007 | 11:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 6:37 pm

Critical Patch Update - April 2006

Posted on 18 April 2006 | 8:42 pm

Critical Patch Update - January 2006

Posted on 18 January 2006 | 12:20 am

Critical Patch Update - January 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 10:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 7:46 pm