Deprecated: implode(): Passing glue string after array is deprecated. Swap the parameters in /home/customer/www/securecybersolution.com/public_html/news/php/library/SimplePie/Parse/Date.php on line 544

11 Security Settings You Should Know About in Windows 11 - WIRED

Microsoft has rolled out its most secure operating system yet. ... on your computer, here are the security settings you need to be aware of.

Posted on 24 October 2021 | 11:21 am

Why I joined Skydio: Jeff Horne, Head of Security - sUAS News - The Business of Drones

Over the years, I've been on the frontlines of a number of cybersecurity issues—from conducting security vulnerability analysis via patch ...

Posted on 24 October 2021 | 10:50 am

Why I joined Skydio: Jeff Horne, Head of Security - sUAS News - The Business of Drones

Of course, cybersecurity isn't just something we need to think about in our personal or professional lives—it's a core issue impacting national ...

Posted on 24 October 2021 | 10:50 am

Why data governance matters - BusinessWorld Online

Now perceived as part of the wider challenge of maintaining operational resilience, issues in data quality, security, privacy and the threat of cyber- ...

Posted on 24 October 2021 | 10:48 am

Nokia Summons Mobile Heritage for 5G Security Services - SDxCentral

Nokia envisions a growing role in network security as it expands its reach across XDR, SOAR, EDR, managed services, and consulting.

Posted on 24 October 2021 | 10:45 am

Nokia Summons Mobile Heritage for 5G Security Services - SDxCentral

Nokia envisions a growing role in network security as it expands its reach across XDR, SOAR, EDR, managed services, and consulting.

Posted on 24 October 2021 | 10:45 am

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that were found to mimic the same library. <!--adsense--> The supply-chain attack targeting the open-source

Posted on 24 October 2021 | 10:38 am

What Makes a Cloud Enterprise Technology Stand Out | Hacker Noon

5 – Cybersecurity Processes and Cyber Insurance. The recent ransomware attack on Kaseya, an IT management services provider, highlighted the ...

Posted on 24 October 2021 | 10:38 am

A Rare Win in the Cat-and-Mouse Game of Ransomware - The New York Times

Emsisoft had been finding BlackMatter victims through posts to a Google-owned platform, VirusTotal, which is a kind of search engine for malware.

Posted on 24 October 2021 | 10:37 am

New cyber consultancy Sekuro assembles IPO team - Financial Review

New cyber security consultancy Sekuro, formed through the merger of Privasec, Solista, CXO Security and Navir, is one of the first companies to ...

Posted on 24 October 2021 | 10:32 am

Seven Strategies for CSO Cyber Security Survival - Analytics Insight

Fast forward to today and ransomware has become one of the greatest network security threats organizations have to deal with because it has become ...

Posted on 24 October 2021 | 10:31 am

Seven Strategies for CSO Cyber Security Survival - Analytics Insight

Fast forward to today and ransomware has become one of the greatest network security threats organizations have to deal with because it has become ...

Posted on 24 October 2021 | 10:31 am

Seven Strategies for CSO Cyber Security Survival - Analytics Insight

CSO Cyber Security Chief security officers (and CIOs, CISOs) have never had it so tough. Not only do they have all the traditional ...

Posted on 24 October 2021 | 10:31 am

Seven Strategies for CSO Cyber Security Survival - Analytics Insight

CSO Cyber Security Chief security officers (and CIOs, CISOs) have never had it so tough. Not only do they have all the traditional ...

Posted on 24 October 2021 | 10:31 am

Longtime financial advisers to Louisiana lawmakers retiring | Govt-and-politics - Mooresville Tribune

Missouri budget officials outline $50M cost of data breach. Oct 19, 2021. COLUMBIA, Mo. (AP) — Help for roughly 100,000 teachers whose Social ...

Posted on 24 October 2021 | 10:16 am

Nokia Summons Mobile Heritage for 5G Security Services - SDxCentral

Nokia envisions a growing role in network security as it expands its reach across XDR, SOAR, EDR, managed services, and consulting.

Posted on 24 October 2021 | 10:12 am

Kent first selectman touts sustainability initiatives, COVID management in her reelection campaign

“I built a new team and created the first-ever Citizen Emergency Response Team (CERT), and I'm improving the town's cybersecurity posture,” she ...

Posted on 24 October 2021 | 10:08 am

Is Burnout Causing Staffing Shortages — Or Worse? - Government Technology

From truck drivers to cybersecurity pros, the staffing shortages are even reaching crisis levels for some — with many saying the worse is still ...

Posted on 24 October 2021 | 10:06 am

Is Burnout Causing Staffing Shortages — Or Worse? - Government Technology

From truck drivers to cybersecurity pros, the staffing shortages are even ... While some people have left the workforce entirely, job security and ...

Posted on 24 October 2021 | 10:06 am

Acheraggi of various kinds also to ask for ransoms in bitcoin - D1SoftballNews.com

Usually the attack consists of malware that is let in from little controlled parties. For example, a company has an internal radio and uses the ...

Posted on 24 October 2021 | 9:45 am

A Rare Win in the Cat-and-Mouse Game of Ransomware - The New York Times

A team of private security sleuths, in their first public detailing of ... with computer code, it was a win, rare in the scale of its success.

Posted on 24 October 2021 | 9:43 am

A Rare Win in the Cat-and-Mouse Game of Ransomware - The New York Times

But when BlackMatter committed a critical error in an update to its code, researchers at Emsisoft, a cybersecurity firm in New Zealand, ...

Posted on 24 October 2021 | 9:43 am

Following the death of David Amess, COBRA episodes were withdrawn from television schedules.

... with a shipwreck explosion in Kent, along with a huge cyber-attack. ... as the title suggests, there's a massive cyberattack launched upon the ...

Posted on 24 October 2021 | 9:34 am

Ransomware: To pay or not to pay, that is the question - Security Boulevard

The brazen nation-state backed attacks on major companies and critical infrastructure brought cybersecurity issues to primetime news, and increased ...

Posted on 24 October 2021 | 9:28 am

Ransomware: To pay or not to pay, that is the question - Security Boulevard

The brazen nation-state backed attacks on major companies and critical infrastructure brought cybersecurity issues to primetime news, ...

Posted on 24 October 2021 | 9:28 am

Ransomware: To pay or not to pay, that is the question - Security Boulevard

State of the ransomware attack. ... The problem is that even if the ransom is paid, cyber criminals may or may not provide the code key to release ...

Posted on 24 October 2021 | 9:28 am

Four Things To Focus On For Cybersecurity Awareness Month - Todayuknews

Now that we are more than halfway through Cybersecurity Awareness Month, it's a good time to reflect on the measures that all organisations can ...

Posted on 24 October 2021 | 9:19 am

Four Things To Focus On For Cybersecurity Awareness Month - Todayuknews

To avoid damaging cyber incidents, Security Operations teams need to continually educate employees about the risks to vital enterprise assets.

Posted on 24 October 2021 | 9:19 am

A Rare Win in the Cat-and-Mouse Game of Ransomware - The New York Times

Eric Goldstein, the executive assistant director for cybersecurity at the federal Cybersecurity and Infrastructure Security Agency, called the effort ...

Posted on 24 October 2021 | 9:13 am

Spotlight on Ireland's strength in cyber risk solutions - Independent.ie

... but one area that will remain high on the business agenda is cybersecurity – and the increased risk of cybercrime and cyberattacks.

Posted on 24 October 2021 | 9:06 am

Information Security Webinar in 2021 takes place | Science/technology | SGGP English Edition

The Southern Information Security Webinar in 2021 presented the overall picture of information security in Vietnam and the world, warnings, ...

Posted on 24 October 2021 | 8:56 am

Information Security Webinar in 2021 takes place | Science/technology | SGGP English Edition

The Southern Information Security Webinar in 2021 presented the overall picture of information security in Vietnam and the world, warnings, ...

Posted on 24 October 2021 | 8:56 am

Why closing cyber skills gap remains critical today? - Gulf Business

How do you think the Middle East cybersecurity landscape has evolved since the start of the pandemic? What new trends have you witnessed?

Posted on 24 October 2021 | 8:33 am

Why closing cyber skills gap remains critical today? - Gulf Business

Technologies and practices such as remote worker security solutions, multifactor authentication, zero trust approach with Zero Trust Access (ZTA) and ...

Posted on 24 October 2021 | 8:33 am

Why closing cyber skills gap remains critical today? - Gulf Business

Fortinet security fabric answers their security challenges; the integrated platform is designed to span the extended network while providing ...

Posted on 24 October 2021 | 8:33 am

What Is The Purpose Of A Physical Security Plan | SIA Online

Businesses of all kinds need to heighten their physical security plans, as these are their first layer of defense against other types of breaches.

Posted on 24 October 2021 | 8:27 am

Why closing cyber skills gap remains critical today? - Gulf Business

How do you think the Middle East cybersecurity landscape has evolved ... Technologies and practices such as remote worker security solutions, ...

Posted on 24 October 2021 | 8:24 am

FBI invades and takes down REvil, the hacker group that invaded Apple - Play Crazy Game

In 2021, the hacker group REvil was known for massive cyber attacks in large parts of the world, including theft of MacBook Pro design schemes, ...

Posted on 24 October 2021 | 8:20 am

Week in review: MITRE ATT&CK v10 released, BEC scammers' latest tricks, WFH security tactics

Cybersecurity crises are becoming commonplace. With the massive surge in ransomware attacks in the last few years, businesses can't afford to ...

Posted on 24 October 2021 | 8:14 am

Week in review: MITRE ATT&CK v10 released, BEC scammers' latest tricks, WFH security tactics

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and ...

Posted on 24 October 2021 | 8:14 am

Week in review: MITRE ATT&CK v10 released, BEC scammers' latest tricks, WFH security tactics

Cybersecurity crises are becoming commonplace. With the massive surge in ransomware attacks in the last few years, businesses can't afford to ignore ...

Posted on 24 October 2021 | 8:14 am

Latin America Antivirus Software Market likely to touch new heights by end of forecast period ...

Latin America Antivirus Software Market 2021 research report presents an analysis of market size, share, and growth, trends, cost structure, ...

Posted on 24 October 2021 | 8:13 am

Germany mulls tightening border security amid migrant influx | Daily Sabah

German Interior Minister Horst Seehofer gestures as he addresses a joint press conference with the president of the Federal Office for Information ...

Posted on 24 October 2021 | 8:10 am

International: TMT Talk Podcast Series - Latest episode - Monetization Challenges in Video ...

... deploy cross-border data transfer solutions, implement global training and awareness initiatives, and manage data and cyber security incidents ...

Posted on 24 October 2021 | 8:08 am

GARY COSBY JR.: Killware rises as the latest threat in the cyber world - Tuscaloosa News

... their part by keeping cybersecurity measures as up to date as possible and by frankly examining which systems actually need to be managed in ...

Posted on 24 October 2021 | 8:05 am

Two billion Google Chrome users have been warned of 'five high-level breaches.' - Brinkwire

Chrome version 95.0.4638.54 patches the exploits are ensures that your browser is protected from potential cyber attacks.

Posted on 24 October 2021 | 8:02 am

Week in review: MITRE ATT&CK v10 released, BEC scammers’ latest tricks, WFH security tactics

Here’s an overview of some of last week’s most interesting news, articles and interviews: Released: MITRE ATT&CK v10 MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations. Microsoft launches Privacy Management for Microsoft 365 Microsoft has made available Privacy Management for Microsoft 365, a new AI-based solution to help enterprises manage data privacy risks and build a privacy … More

The post Week in review: MITRE ATT&CK v10 released, BEC scammers’ latest tricks, WFH security tactics appeared first on Help Net Security.

Posted on 24 October 2021 | 8:00 am

Non-bailable Warrant Issued Against Varavara Rao in 2005 Maoists Attack Case - The Quint

From FIR to Malware Claims: A Timeline of the Bhima Koregaon Case. From FIR to Malware Claims: A Timeline of the Bhima Koregaon Case.

Posted on 24 October 2021 | 7:48 am

Quick 10 Cybersecurity Tips to Ensure Safety at Your Business - Analytics Insight

Most businesses are now witnessing cyber-attacks day by day, here we are with cybersecurity tips that can safeguard your business. Why late?

Posted on 24 October 2021 | 7:30 am

Quick 10 Cybersecurity Tips to Ensure Safety at Your Business - Analytics Insight

Cybersecurity These cybersecurity tips can help you stay alert from cyber-attacks beforehand. Most businesses are now witnessing cyberattacks day by ...

Posted on 24 October 2021 | 7:30 am

Quick 10 Cybersecurity Tips to Ensure Safety at Your Business - Analytics Insight

Many businesses often use outdated security policies that can usually not consider the latest technologies or cyber-attacks and threats such as ...

Posted on 24 October 2021 | 7:30 am

Quick 10 Cybersecurity Tips to Ensure Safety at Your Business - Analytics Insight

Most businesses are now witnessing cyber-attacks day by day, ... If your business has not been reviewed, its network security controls, it is high ...

Posted on 24 October 2021 | 7:30 am

Hong Kong banks to disclose related property of clients who breach security law - KFGO

... of clients who are found in breach of the city's national security law, according to the latest guidelines from its banking association.

Posted on 24 October 2021 | 7:27 am

NC officials using new technology to stop cyber and ransomware attacks | WNCT

In the last two years, the state's Joint Cybersecurity Task Force responded to 40 incidents — 19 of them ransomware attacks.

Posted on 24 October 2021 | 7:26 am

Heavily-armed gunmen attack Nigerian prison, free hundreds of detainees – most still on the ...

Heavily-armed gunmen attack Nigerian prison, free hundreds of detainees – most ... houston texas ranked number two for cyber attack vulnerability ...

Posted on 24 October 2021 | 7:21 am

Hong Kong banks to disclose related property of clients who breach security law, East Asia ...

China imposed national security legislation in Hong Kong on June 30 last year.. Read more at straitstimes.com.

Posted on 24 October 2021 | 7:14 am

UK Foreign Secy for stronger defence, security ties with India

“It will take forward joint work agreed by the two Prime Ministers in the 2030 roadmap on maritime security, cyber security and counter terrorism ...

Posted on 24 October 2021 | 7:12 am

UK Foreign Secy for stronger defence, security ties with India

“It will take forward joint work agreed by the two Prime Ministers in the 2030 roadmap on maritime security, cyber security and counter terrorism ...

Posted on 24 October 2021 | 7:12 am

Bracing for cyber cover in today's data era - Gulf Business

For businesses to be ahead of the curve, they need to make investing in security measures a top priority and proactively address data privacy ...

Posted on 24 October 2021 | 7:09 am

Bracing for cyber cover in today's data era - Gulf Business

In today's always-on, always-connected economy, businesses are under pressure to enhance their cybersecurity strategy and prove to their customers ...

Posted on 24 October 2021 | 7:09 am

Bracing for cyber cover in today's data era - Gulf Business

For businesses to be ahead of the curve, they need to make investing in security measures a top priority and proactively address data privacy ...

Posted on 24 October 2021 | 7:03 am

Hong Kong banks to disclose related property of clients who breach security law - Business Line

China imposed national security legislation in Hong Kong on June 30 last year.

Posted on 24 October 2021 | 6:57 am

Building blocks of trust - Gulf Business

Cybersecurity Brand View, Cybersecurity ... Cybersecurity, Opinion. Application-first cybersecurity: what it is and why it matters. Editor's Picks ...

Posted on 24 October 2021 | 6:44 am

Hong Kong banks to disclose related property of clients who breach security law - WHTC

Banks should disclose property held by any client who is arrested or charged for an offence endangering national security or when they have knowledge ...

Posted on 24 October 2021 | 6:09 am

Users of YouTube, beware: malicious videos are spreading password-stealing malware ... - Brinkwire

YouTube users beware! Numerous malicious videos are spreading password-stealing malware to their viewers in the latest campaign.

Posted on 24 October 2021 | 6:08 am

Hong Kong banks to disclose related property of clients who breach security law - KFGO

... national security or when they have knowledge or suspicion that a property is “offence related property” after receiving information from law ...

Posted on 24 October 2021 | 6:03 am

Flubot: Things to know about new virus that steals banking details from Android devices ...

The Nigerian Communications Commission on Friday alerted Nigerians of the existence of a new, high-risk and extremely-damaging, Malware called ...

Posted on 24 October 2021 | 6:02 am

YouTube channels hacked and rebranded for live-streaming crypto scams - Cointelegraph

Google's Threat Analysis Group (TAG) attributes the attacks to a group of hackers recruited in a Russian-speaking forum, who sell the hacked ...

Posted on 24 October 2021 | 6:00 am

Hong Kong banks to disclose related property of clients who breach security law | Reuters

China imposed national security legislation in Hong Kong on June 30 last ... requests and guidelines regarding group-wide information sharing.

Posted on 24 October 2021 | 5:52 am

SolarWinds on the road to recovery after massive cyber attack - The National

IT company has posted positive financial results in the aftermath of the attack ... Tim Brown, chief information security officer of SolarWinds.

Posted on 24 October 2021 | 5:51 am

SolarWinds on the road to recovery after massive cyber attack - The National

We need to out-think them, learn what their patterns and activities are, and what they are after,” Tim Brown, chief information security officer of ...

Posted on 24 October 2021 | 5:51 am

SolarWinds on the road to recovery after massive cyber attack - The National

“If threat actors are patient and thoughtful, they can get a larger payday from a cyber crime perspective and can boast they got the job done. We need ...

Posted on 24 October 2021 | 5:51 am

Top 10 Boot Camps to Learn Machine Learning in 2021 - Analytics Insight

The Tech Academy offers boot camps in computer programming, machine learning, website development, cyber security, data science, game development, ...

Posted on 24 October 2021 | 5:41 am

Hong Kong banks to disclose related property of clients who breach security law | Reuters

China imposed national security legislation in Hong Kong on June 30 last year, making anything Beijing regards as subversion, secession, ...

Posted on 24 October 2021 | 5:36 am

SolarWinds on the road to recovery after massive cyber attack - The National

We need to out-think them, learn what their patterns and activities are, and what they are after,” Tim Brown, chief information security officer ...

Posted on 24 October 2021 | 5:30 am

Hong Kong Banks to Disclose Related Property of Clients Who Breach Security Law

China imposed national security legislation in Hong Kong on June 30 last year, making anything Beijing regards as subversion, secession, terrorism or ...

Posted on 24 October 2021 | 5:29 am

Online Banking Frauds: Here's how to protect yourself from phishing attacks - Zee News

Many people have switched to internet banking or net banking, but because they are unfamiliar with the medium, fraudsters might use phishing ...

Posted on 24 October 2021 | 5:24 am

Bank card skimming concern for cybersecurity in Trinidad and Tobago

While card skimming seems to be the most prevalent form of digital attacks, there are other threats to cyber security. Phishing, a practice where ...

Posted on 24 October 2021 | 5:15 am

Bank card skimming concern for cybersecurity in Trinidad and Tobago

Bank card skimming concern for cybersecurity in Trinidad and Tobago. Shane Superville. An Hour Ago Confiscated items used to committ card skimming ...

Posted on 24 October 2021 | 5:15 am

Bank card skimming concern for cybersecurity in Trinidad and Tobago

In a June 2021 article from the Jamaica Gleaner, Jamaica's director of the Regional Security System (RSS), captain Errington Shurland said cybercrime ...

Posted on 24 October 2021 | 5:15 am

Antivirus Software Market Structure, Industry Inspection, and Forecast 2028 - Puck77

Antivirus Software Market Structure, Industry Inspection, and Forecast 2028 | Microsoft, AVG Technologies., Avast Software s.r.o., McAfee, LLC, ...

Posted on 24 October 2021 | 5:15 am

As Hong Kong's Civil Society Buckles, One Group Tries to Hold On - The New York Times

Unions and other organizations have dissolved after facing pressure under a new security law. The Hong Kong Journalists Association is hoping it ...

Posted on 24 October 2021 | 5:01 am

Siddaramaiah accuses BJP Govt. of undermining food security - The Hindu

... former Chief Minister Siddaramaiah on Saturday accused the BJP of undermining the National Food Security Act, 2013, through a series of measure.

Posted on 24 October 2021 | 4:53 am

Police to increase security at a Pittsburgh high school following social media threat - WTAE

The school says police were notified and that an investigation is underway involving an intelligence unit that deals with cyber threats.

Posted on 24 October 2021 | 4:52 am

Ransomware payments increased to $ 590 million this year due to a surge in attacks: Report ...

Ransomware-related payments of $ 590 million were reported to U.S. authorities in early 2021, surpassing the total for the last decade as a cyber ...

Posted on 24 October 2021 | 4:41 am

Spotlight on Ireland's strength in cyber risk solutions - Independent.ie

... but one area that will remain high on the business agenda is cybersecurity – and the increased risk of cybercrime and cyberattacks.

Posted on 24 October 2021 | 4:39 am

Data Science in 2021: What is the Future of this Technology? - Analytics Insight

The information produced and stored for quite a long time and the information that is continually being caught offer incredible business insights that ...

Posted on 24 October 2021 | 4:33 am

Fix Error 0x800703e6, Install upgrade failed - The Windows Club

Sometimes, antivirus programs prevent Windows from installing the updates. Most of the time, this is a false positive flag, hence, ...

Posted on 24 October 2021 | 4:32 am

Human Hacking and Multi-Channel Phishing is Surging - Security Boulevard

If users are reusing the same password on multiple work accounts like Zoom, Microsoft 365, and LinkedIn, it is easy to gain credentials to one and ...

Posted on 24 October 2021 | 4:26 am

Human Hacking and Multi-Channel Phishing is Surging - Security Boulevard

Human hacking is a modern way to think about phishing in its entirety, which is anything malicious that reaches a user to steal credentials, data, ...

Posted on 24 October 2021 | 4:26 am

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

cybersecurity webinar. Webinar: The OWASP Top 10... and beyond.

Posted on 24 October 2021 | 4:25 am

CoinMarketCap Warns Customers About Duplicating Passwords After Alleged Hack - BeInCrypto

The cybercriminals took a list of email addresses leaked in another breach. They then compared them with other leaked data to create a list of ...

Posted on 24 October 2021 | 4:24 am

Whey Protein Market 2021-2028 analysis examined in new Industry research report - Puck77

Antivirus Software Market 2021 research report presents an analysis of market size, share, and growth, trends, cost structure, statistical and ...

Posted on 24 October 2021 | 4:06 am

CISA warns of malware discovered in npm package UAParser.js, which has 6M-7M ... - News AKMI

CISA warns of malware discovered in npm package UAParser.js, which has 6M-7M downloads weekly, that installs a password stealer and a crypto miner ...

Posted on 24 October 2021 | 3:49 am

CoinMarketCap hack leaves 3.1 million email addresses compromised - Cryptopolitan

Cream Finance loses $25 million in another security breach. So far, this is the first known hack on ... ransomware attacks · Cyber Security News ...

Posted on 24 October 2021 | 3:42 am

CoinMarketCap hack leaves 3.1 million email addresses compromised - Cryptopolitan

Additionally, it ran a detailed security audit to ensure that all the information it provides would be truthful to maintain trust with its users.

Posted on 24 October 2021 | 3:42 am

Password Managers Market Size, Growth 2028 | Key Companies - Puck77

1Password, CommonKey, LogMeIn, Apple, Splikity, Lunabee, Humaan, Meldium, Vaultier, Zoho, Siber Systems, Lamantine Software, SplashData and Aii ...

Posted on 24 October 2021 | 3:41 am

The popular Squid Game app has been banned by Google, and you must now erase it ... - Brinkwire

Avast is one of the most popular antivirus providers around now. The security experts offer a free antivirus tool, but if you want the best ...

Posted on 24 October 2021 | 3:35 am

Makar scores in 6th round of shootout, Avs beat Lightning | National news from the Associated Press

Capital One target of massive data breach. Jul 30, 2019. UNAIDS chief says behavior of ex-staffer was 'unacceptable'.

Posted on 24 October 2021 | 3:32 am

National security one of election campaign focuses | The Japan Times

“Defense capability will be enhanced greatly,” starting in fiscal 2022, it said. Japan's defense spending has been generally limited to less than 1% ...

Posted on 24 October 2021 | 3:28 am

NCC Raises Alarm over New Virus Targeting Bank Details - Economic Confidential

According to the commission, a malware is a generic word used to describe a virus or software, designed specially to disrupt, damage, or gain ...

Posted on 24 October 2021 | 3:23 am

NCC Alerts Telecom Consumers On Fraudulent Flubot Malware - Leadership News

Ikechukwu Adinde, said malware is a generic word used to describe a virus or software, designed specially to “disrupt, damage, or gain unauthorized ...

Posted on 24 October 2021 | 2:41 am

Over 100 YouTube Channels Hijacked for Cryptocurrency Mining Scam. - Bestgamingpro

A successful cookie theft, like other phishing and malware assaults, necessitates that users install harmful files or applications onto their ...

Posted on 24 October 2021 | 2:33 am

FRENCH CYBER SECURITY COMPANY TO OPEN OFFICE IN UKRAINE

French Thales, which specializes in the development of high-tech products for defense and security, aerospace and transportation, intends to open ...

Posted on 24 October 2021 | 2:32 am

Google blocked 1.6 million phishing emails, here's why | Technology News,The Indian Express

... Since May 2021 as per a report by Google's Threat Analysis Group. ... government-backed hacking, and financially motivated abuse, as per the ...

Posted on 24 October 2021 | 2:25 am

From Zero to $9 Billion: Inside the Growth of U.S.-Listed Cyber ETFs - Traders Magazine

Cyber index outperformance driven by breaches. It's probably not surprising that cyber ETFs have seen strong growth, as data shows that cybercrime is ...

Posted on 24 October 2021 | 2:22 am

From Zero to $9 Billion: Inside the Growth of U.S.-Listed Cyber ETFs - Traders Magazine

By Phil Mackintosh, Senior Economist, Nasdaq. In case you didn't know, October is Cybersecurity Awareness Month. So today, we thought we'd take a ...

Posted on 24 October 2021 | 2:22 am

From Zero to $9 Billion: Inside the Growth of U.S.-Listed Cyber ETFs - Traders Magazine

... with 61% of the more than 2,000 CIOs surveyed increasing investment in cyber/information security in 2021. This positions cyber as an industry ...

Posted on 24 October 2021 | 2:22 am

From Zero to $9 Billion: Inside the Growth of U.S.-Listed Cyber ETFs - Traders Magazine

By Phil Mackintosh, Senior Economist, Nasdaq. In case you didn't know, October is Cybersecurity Awareness Month. So today, we thought we'd take a ...

Posted on 24 October 2021 | 2:22 am

Identity Management Software Market Forecast to 2025 with Global Key Companies Profile - Puck77

Zeotap, SolarWinds Passportal, Groove.id, LastPass for Business, IntelliTrust, etc – Puck77 ...

Posted on 24 October 2021 | 2:15 am

Effective Cyber Defenses Are Essential: SIFMA CEO - Traders Magazine

Cybersecurity is a top priority for the financial services industry and everyone recognizes there are very serious consequences to not having ...

Posted on 24 October 2021 | 2:14 am

Effective Cyber Defenses Are Essential: SIFMA CEO - Traders Magazine

And to these increasingly bold ransomware attacks, the threat remains very, very high,” he said. Bentsen said that the industry's work over the last ...

Posted on 24 October 2021 | 2:14 am

GARY COSBY JR.: Killware rises as the latest threat in the cyber world - Tuscaloosa News

Then I came home and read a story on killware, the latest type of cyberattack. We have already seen the impact of ransomware, a kind of attack ...

Posted on 24 October 2021 | 2:00 am

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline - The Hacker News

... with ransomware-as-a-service (RaaS) syndicates such as REvil and DarkSide renting their file-encrypting malware to affiliates recruited ...

Posted on 24 October 2021 | 1:55 am

Middle East faced wave of cybersecurity threats since start of pandemic | Arab News

The report shows that these cybercriminals rely on social engineering to compromise victims in Saudi Arabia. “Technically, the attack tricked victims ...

Posted on 24 October 2021 | 1:53 am

Glasgow engineering giant rocked by cyber attack - News Nation USA

GLASGOW'S Weir Group has issued a profit warning after being subject to an attempted ransomware attack. In a statement released after the stock ...

Posted on 24 October 2021 | 1:34 am

NC officials using new technology to stop cyber and ransomware attacks | WNCT

RALEIGH, N.C. (WNCN) — With cyber and ransomware attacks growing, North Carolina ... “They have less than ideal security and become easy targets.

Posted on 24 October 2021 | 1:26 am

Ransomware crew posed as real company to attract workers - WENY News

The group in 2018 created a front company called Combi Security that purported to be a computer security pen-testing company based in Moscow and Haifa ...

Posted on 24 October 2021 | 1:19 am

Ransomware crew posed as real company to attract workers - WENY News

FIN7 first drew attention more than a decade ago for malware campaigns targeting point-of-sale systems used by major retailers, with one scheme ...

Posted on 24 October 2021 | 1:19 am

UAE Cyber Security Council launches internship programme - News | Khaleej Times

The programme, which runs for three months, seeks to enhance the interns' cyber security skills and knowledge, further protect the UAE's dig...

Posted on 24 October 2021 | 1:17 am

Foreign Language Translation for the IC Gets a Machine Learning Boost From IARPA - Hstoday

Some of the hottest, trending languages are Kazakh, Swahili and Pashto. Well, at least for the U.S. Intelligence Community (IC). It's probably safe to ...

Posted on 24 October 2021 | 1:07 am

5 easy ways to dramatically increase security in Google Chrome - Digital Trends

If you're one of many people who use Chrome as your default web browser, then you might want to take some steps to ensure that it's extra secure.

Posted on 24 October 2021 | 1:04 am

Middle East faced wave of cybersecurity threats since start of pandemic - ToysMatrix

GAZA CITY: Some hope has returned to Gaza resident Ayman Dahman upon learning that his apartment building, completely destroyed during Israeli ...

Posted on 24 October 2021 | 1:01 am

Waikato DHB failed OIA requirements over cyber security breach – Ombudsman | Stuff.co.nz

A May cyber attack on Waikato DHB left the health board operating like it was in a pre-computer era (file photo). A district health board has ...

Posted on 24 October 2021 | 12:54 am

Don't tap on any links! How to spot and deal with a scam text message | The Star

This will prevent the malware from sending any further data online. ... Health Ministry: No MySejahtera user data leak, API misuse caused ...

Posted on 24 October 2021 | 12:42 am

Waikato DHB failed OIA requirements over cyber security breach – Ombudsman | Stuff.co.nz

Waikato District Health Board largely ignored a series of questions from Local Democracy Reporting in June regarding the cyber security breach ...

Posted on 24 October 2021 | 12:38 am

Waikato DHB failed OIA requirements over cyber security breach – Ombudsman | Stuff.co.nz

When Local Democracy Reporting asked questions, the health board didn't meet its obligations under the Official Information Act, the Chief ...

Posted on 24 October 2021 | 12:38 am

Waikato DHB failed OIA requirements over cyber security breach – Ombudsman | Stuff.co.nz

A May cyber attack on Waikato DHB left the health board operating like it was in a pre-computer era (file photo). A district health board has ...

Posted on 24 October 2021 | 12:31 am

5 Tips For Keeping Your Computer Safe And Secure From Hackers & Viruses - RecentlyHeard

Computer security is more important than ever. As many people are using the computers to shop online and using online banking, it's very important ...

Posted on 24 October 2021 | 12:16 am

Psychiatrists Have Lots of Options When it Comes to Office Security | MedPage Today

But it is not inherently a violation of HIPAA to have such cameras in a medical setting." Panic buttons. Like security cameras, these are very ...

Posted on 24 October 2021 | 12:08 am

Vietnam: Guidelines on taxation of e-commerce and digital-based businesses

Categories: Asia-Pacific · Cyber Security · Data Privacy · Product Regulation & Liability · Regulatory · Tax · Vietnam.

Posted on 23 October 2021 | 11:59 pm

Computer and Information Jobs are Expected to Increase by 13 percent - GF - GamerRoof

They earned an average salary of $111,400 for bachelor's degree holders. Information Security Analysts, which plans and carry out security measures to ...

Posted on 23 October 2021 | 11:53 pm

Computer a mess? Your 5-step quick plan to clean it up - Kim Komando

... that could be a sign your computer is infected with malware. If you do see anything strange, run an antivirus or anti-malware scan.

Posted on 23 October 2021 | 11:50 pm

Wipro collaborates with National Grid to implement next generation hybrid cloud architecture

Wipro Limited has signed a multi-year global strategic IT and digital deal with London – headquartered National Grid to accelerate their digital innovation journey. As part of this engagement, Wipro through its Boundaryless Enterprise solutions will facilitate National Grid’s continued digital transformation, integration of its managed services and consolidation of multiple data centers across UK and US to next generation hosting services. These sustainable data centers will allow for enhanced program governance, as well as … More

The post Wipro collaborates with National Grid to implement next generation hybrid cloud architecture appeared first on Help Net Security.

Posted on 23 October 2021 | 11:30 pm

Is your university prepared for a cyber-attack? - Education Technology

The HE sector is particularly vulnerable to cyber-attacks because they ... You should ensure you have in place suitable security and technical ...

Posted on 23 October 2021 | 11:20 pm

Rising tide of leaks threatens to inundate Facebook - International - World - Ahram Online

Facebook's security team in 2019 reportedly created a fake account for a "conservative mother from North Carolina" given the profile name Carol ...

Posted on 23 October 2021 | 11:09 pm

Comment on the data security breach incident - BollyInside

Although Tech Etch has implemented many safeguards to protect the confidentiality of its current and former employees' health information, it believes ...

Posted on 23 October 2021 | 11:00 pm

Prodly raises $10M to expand its next-generation DevOps solutions for low-code apps

Prodly announced a Series A investment of $10 million led by Leta Capital, joined by TMT Investments, AltaIR Capital, and Flyer One Ventures. Existing investors Shasta Ventures, Norwest Venture Partners and AvanTech Ventures also participated. Prodly also announced plans to expand its next-generation DevOps solutions to additional low code cloud platforms. Prodly’s AppOps suite automates release management, sandbox seeding, and regression testing for Salesforce. Designed for non-coders, Prodly’s solutions simplify change management so companies can … More

The post Prodly raises $10M to expand its next-generation DevOps solutions for low-code apps appeared first on Help Net Security.

Posted on 23 October 2021 | 11:00 pm

Popular NPM library hijacked to install password-stealers, miners - Bleeping Computer

"I believe someone was hijacking my npm account and published some compromised packages ( 0.7.29 , 0.8.0 , 1.0.0 ) which will probably install malware ...

Posted on 23 October 2021 | 10:55 pm

SimCentric Technologies receives ISO certification - The Island

... the ISO 27001:2013 certification for information security management. ... to protecting customers with the highest information protection and, ...

Posted on 23 October 2021 | 10:53 pm

Council won't disclose how many councillors have recently tested positive for Covid-19 - OnTheWight

“Not looking for names, so data protection shouldn't be a problem, ... More Hogwash asking for numbers is not a data breach if it's not Seely ...

Posted on 23 October 2021 | 10:44 pm

53% of companies remain exposed to supply chain attacks - Techkreset

There was a demand for integrated backup / disaster recovery. Antivirus solutions have more than doubled, from 19% in 2020 to 47.9% this year. The ...

Posted on 23 October 2021 | 10:43 pm

Hand-Held Charging Machine Market with vigorous CAGR in Forecast Period 2021 to 2028 - IMIESA

Keypass, Chainway, Sunway – IMIESA ...

Posted on 23 October 2021 | 10:43 pm

Russian Drivers' Personal Data Available Online for Less than the Price of an iPhone - autoevolution

Regardless of the method used to obtain the database, the data collection happened for nearly 13 years, so if there's indeed a breach that someone ...

Posted on 23 October 2021 | 10:41 pm

Report: Over 3 Million Email Addresses of CoinMarketCap Users Leaked - CryptoPotato

Coinmarketcap Confirms Data Leak. The report further revealed that the passwords to these leaked email addresses were not compromised in the hack.

Posted on 23 October 2021 | 10:27 pm

Human Hacking and Multi-Channel Phishing is Surging - Security Boulevard

SlashNext Threat Labs reports a growing trend of malicious URLs that appear identical to a meeting invite. This attack is used to harvest Microsoft ...

Posted on 23 October 2021 | 10:27 pm

Amid the Capitol riot, Facebook faced its own insurrection - Columbia Missourian

Capitol Breach Facebook Papers ... on Consumer Protection, Product Safety, and Data Security, on Capitol Hill, on Oct. 5, in Washington.

Posted on 23 October 2021 | 10:25 pm

You can now download the AMD link for Windows 11 Performance Errors; Microsoft Patch is ...

... fixed some issues that were known in the original version of Windows 11, the problem was further aggravated by the first patch Tuesday update.

Posted on 23 October 2021 | 10:25 pm

Ransomware Attacks Perpetrated via Vulnerability in BillQuick Billing Software - TechNadu

Huntress ThreatOps found BillQuick's SQL injection vulnerability that allows ransomware injections into the OS.

Posted on 23 October 2021 | 9:31 pm

Windows 11: Keep your laptop safe with these anti-virus deals | Express.co.uk

Trend Micro has a range of cyber security products available. The Windows security products are priced from £19.95, while its Maximum Security ...

Posted on 23 October 2021 | 9:06 pm

FRENCH CYBER SECURITY COMPANY TO OPEN OFFICE IN UKRAINE

French Thales, which specializes in the development of high-tech products for defense and security, aerospace and transportation, intends to open ...

Posted on 23 October 2021 | 8:34 pm

CISA warns of trojanized versions of JavaScript library's NPM package - HackRead

According to CISA, a crypto-mining malware was hidden in a popular JavaScript NPM library, UAParser.js. The library rakes in more than six to ...

Posted on 23 October 2021 | 8:02 pm

Google Uncovers Hackers Hijacking YouTube Accounts: Report - The Epoch Times

Combining cookie-based malware and social engineering tactics, their operational model is not very sophisticated nor radically innovative, ...

Posted on 23 October 2021 | 8:01 pm

Google Issues a Cookie-Stealing Malware Warning to High-Profile YouTube Accounts. - Brinkwire

Google's Threat Analysis Group (TAG) discovered on Wednesday, Oct.20 that several hackers were using cookie-stealing malware to exploit ...

Posted on 23 October 2021 | 7:45 pm

Google Issues a Cookie-Stealing Malware Warning to High-Profile YouTube Accounts. - Brinkwire

Google's Threat Analysis Group (TAG) discovered on Wednesday, Oct.20 that several hackers were using cookie-stealing malware to exploit ...

Posted on 23 October 2021 | 7:45 pm

Hackers Have Been Using a Rootkit That Somehow Got Microsoft's Digital Seal of Approval

With a rootkit, an attacker can remain embedded in a particular computer, unbeknownst to the device's operating system or its anti-malware defences, ...

Posted on 23 October 2021 | 6:44 pm

Identity and Access Management Software Market - Puck77

... Okta, Hyena, PortalGuard, OneLogin, Dashlane Business, Duo Security, PracticeProtect, Bitium, Meldium by LogMeln, PeoplePlatform ...

Posted on 23 October 2021 | 5:52 pm

Microsoft Weekly: Android on Windows, WHQL-signed malware, and 21H2 builds - Neowin

In the cybersecurity space, we also found out that Microsoft digitally signed a driver that was actually malware that can wreak havoc.

Posted on 23 October 2021 | 5:46 pm

Hacker sells the data for millions of Moscow drivers for $800 - Bleeping Computer

An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, ...

Posted on 23 October 2021 | 5:24 pm

Amazon's Astro: Are the Privacy Concerns Justified? - MakeUseOf

Amazon and Consumer Privacy ... Like other major manufacturers, Amazon's sprawling line of smart home gadgets has always been fingered as a threat to ...

Posted on 23 October 2021 | 5:09 pm

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in December 2020, ...

Posted on 23 October 2021 | 4:26 pm

Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks

Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in

Posted on 23 October 2021 | 4:25 pm

'Critical Severity' Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close to 8 million downloads per week.

read more

Posted on 23 October 2021 | 4:24 pm

1.6 million phishing emails were blocked by Google, let's know why - TheDigitalHacker

It has been reported that the emails were part of a malware campaign targeted at capturing YouTube accounts and pushing cryptocurrency scams.

Posted on 23 October 2021 | 4:10 pm

1.6 million phishing emails were blocked by Google, let's know why - TheDigitalHacker

According to the report published by Google's Threat analysis group, ... government-backed hacking, and financially motivated abuse.

Posted on 23 October 2021 | 4:10 pm

iBrave Cloud Web Hosting Lifetime Subscription + $20 Store Credit Is Up For An Amazing Offer

... FREE Antivirus & Antispam Protection; FREE Daily Backups; FREE 80+ One-Click Install Software; 99.9% Uptime Guarantee. System Requirements.

Posted on 23 October 2021 | 2:56 pm

“Just make sure your antivirus is up and running”. Lol. | Virginia Tech Football Board

“Just make sure your antivirus is up and running”. Lol. That's like, “She hot, but use protection, she's likely infected.”.

Posted on 23 October 2021 | 2:14 pm

Watch out for this phishing campaign that is after your passwords - Windows Report

The attackers are relentlessly creating malicious Workmail accounts to launch the attacks. Phishing is common, and attackers are continuously ...

Posted on 23 October 2021 | 11:25 am

How to Protect Your Laptop or PC - Bollyinside

Getting antivirus software is incredibly easy, and in fact, most PCs and laptops come pre-installed with some kind of antivirus software. However, ...

Posted on 23 October 2021 | 10:17 am

Feds Reportedly Hacked REvil Ransomware Group and Forced it Offline

The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what's the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber experts working with the

Posted on 23 October 2021 | 8:49 am

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks | Threatpost

... the company warned of big fines if the source installed antivirus software on the virtual machine; and two, the source was told that employees ...

Posted on 23 October 2021 | 8:02 am

Hackers Set Up Fake Company to Get IT Experts to Launch Ransomware Attacks

The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called "Bastion Secure" to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. "With FIN7's latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity

Posted on 23 October 2021 | 7:59 am

Malicious NPM Packages Caught Running Cryptominer On Windows, Linux, macOS Devices

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named okhsa, klow, and klown — were published by the same

Posted on 23 October 2021 | 4:24 am

'Lone Wolf' Hacker Group Targeting Afghanistan and India with Commodity RATs

A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a "lone wolf" threat actor operating a Lahore-based fake IT company called Bunse

Posted on 23 October 2021 | 4:23 am

Malware Discovered in Popular NPM Package, ua-parser-js

Original release date: October 22, 2021

Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system. 

CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1   

For more information, see Embedded malware in ua-parser-js.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 23 October 2021 | 1:57 am

Toshiba develops chip-based QKD system to address the demand for cryptography

Toshiba announced it has developed a chip-based quantum key distribution (QKD) system. This advance will enable the mass manufacture of quantum security technology, bringing its application to a much wider range of scenarios including to Internet of Things (IoT) solutions. QKD addresses the demand for cryptography which will remain secure from attack by the supercomputers of tomorrow. In particular, a large-scale quantum computer will be able to efficiently solve the difficult mathematical problems that are … More

The post Toshiba develops chip-based QKD system to address the demand for cryptography appeared first on Help Net Security.

Posted on 23 October 2021 | 12:30 am

AirHop partners with Juniper Networks to accelerate 4G and 5G network deployments

AirHop Communications announced they are joining the Juniper Networks Technology Alliance Partner ecosystem. The partnership will enable the integration of AirHop’s field-hardened Radio Access Network (RAN) automation and optimization applications as O-RAN Alliance compatible eSON xApps and eSON360 rApps on Juniper’s RAN Intelligent Controller (RIC). The integrated automation and optimization Apps will accelerate and simplify 4G and 5G network deployments and operations, resulting in increased spectral efficiency by up to 30%, contributing to lower OpEx … More

The post AirHop partners with Juniper Networks to accelerate 4G and 5G network deployments appeared first on Help Net Security.

Posted on 22 October 2021 | 11:30 pm

REvil Ransomware Gang Hit by Law Enforcement Hack-Back Operation

The global fight against ransomware took a new twist this week with the United States leading a law enforcement effort to hack back and disrupt the extortion group behind the Colonial Pipeline cyberattack.

read more

Posted on 22 October 2021 | 6:59 pm

Microsoft Introduces Security Program for Non-Profits

Tech giant Microsoft has rolled out new security offering to provide non-profit organizationss with additional security in the event of a nation-state attack.

read more

Posted on 22 October 2021 | 5:16 pm

US Intel Warns China Could Dominate Advanced Technologies

U.S. officials issued new warnings Friday about China’s ambitions in artificial intelligence and a range of advanced technologies that could eventually give Beijing a decisive military edge and possible dominance over health care and other essential sectors in America.

read more

Posted on 22 October 2021 | 4:54 pm

Organizations Can Now Try Out End-to-End Encrypted Microsoft Teams Calls

Microsoft Teams end-to-end encryption (E2EE)

Microsoft this week announced that organizations can now enable their employees to make one-to-one calls on Teams that are protected by end-to-end encryption.

read more

Posted on 22 October 2021 | 3:13 pm

Facebook Introduces New Tool for Finding SSRF Vulnerabilities

Facebook on Thursday announced a new tool designed to help security researchers hunt for Server-Side Request Forgery (SSRF) vulnerabilities.

read more

Posted on 22 October 2021 | 2:41 pm

After Nation-State Hackers, Cybercriminals Also Add Sliver Pentest Tool to Arsenal

The cybercriminal group tracked as TA551 recently showed a significant change in tactics with the addition of the open-source pentest tool Sliver to its arsenal, according to cybersecurity firm Proofpoint.

read more

Posted on 22 October 2021 | 2:12 pm

Researchers Discover Microsoft-Signed FiveSys Rootkit in the Wild

A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. Bucharest-headquartered cybersecurity technology company Bitdefender named the malware "FiveSys," calling out its possible credential theft and in-game-purchase hijacking

Posted on 22 October 2021 | 12:41 pm

Ex-carrier employee sentenced for role in SIM-swapping scheme

He was paid a daily fee to route victim numbers to handsets controlled by other criminals.

Posted on 22 October 2021 | 11:24 am

Snap's Stock Drops as iPhone Privacy Controls Pinch Ad Sales

Snapchat’s corporate parent disclosed Thursday that its ad sales are being hurt by a privacy crackdown that rolled out on Apple’s iPhones earlier this year, raising investor fears that the app’s financial growth is going into a tailspin.

read more

Posted on 22 October 2021 | 11:24 am

Critical Vulnerabilities Found in AUVESY Product Used by Major Industrial Firms

A total of 17 types of vulnerabilities, including many rated critical and high severity, have been found by researchers in the Versiondog data management product made by AUVESY.

read more

Posted on 22 October 2021 | 10:54 am

South African police arrest eight men suspected of targeting widows in romance scams

The gang concocted "sob stories" to lure their victims into parting with cash.

Posted on 22 October 2021 | 10:33 am

Released: MITRE ATT&CK v10

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on real-world observations. Version ten comes with new Data Source objects, new and changed techniques in its various matrices, key changes to facilitate hunting in ICS environments, and more. Source: MITRE MITRE ATT&CK v10 The most prominent change in this newest version of the framework is new objects with aggregated information about … More

The post Released: MITRE ATT&CK v10 appeared first on Help Net Security.

Posted on 22 October 2021 | 10:01 am

Cookie Theft Malware Used to Hijack YouTube Accounts

Google says it has disrupted phishing attacks in which threat actors were attempting to use cookie theft malware to hijack YouTube accounts and abuse them to promote cryptocurrency scams.

read more

Posted on 22 October 2021 | 8:51 am

Two Eastern Europeans Sentenced for Providing Bulletproof Hosting to Cyber Criminals

Two Eastern European nationals have been sentenced in the U.S. for offering "bulletproof hosting" services to cybercriminals, who used the technical infrastructure to distribute malware and attack financial institutions across the country between 2009 to 2015. Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, have been each sentenced to 24 months and 48 months in prison,

Posted on 22 October 2021 | 6:34 am

Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer

A new security weakness has been disclosed in the WinRAR trialware file archiver utility for Windows that could be abused by a remote attacker to execute arbitrary code on targeted systems, underscoring how vulnerabilities in such software could beсome a gateway for a roster of attacks. Tracked as CVE-2021-35052, the bug impacts the trial version of the software running version 5.70. "This

Posted on 22 October 2021 | 6:33 am

New infosec products of the week: October 22, 2021

Here’s a look at the most interesting product releases from the past week, featuring releases from SecLytics, SecurID, Splunk, ThreatConnect and ZeroFox. ThreatConnect launches Risk Quantifier 6.0 to bring cyber risk quantification for businesses ThreatConnect Risk Quantifier (RQ) enables companies to see the financial risks they face from cyber attacks and also prioritize investments that provide ROI. RQ’s calculations are informed by your internal environment, threat intelligence, vulnerability management, operations and response data found within … More

The post New infosec products of the week: October 22, 2021 appeared first on Help Net Security.

Posted on 22 October 2021 | 6:00 am

CDR: The secret cybersecurity ingredient used by defense and intelligence agencies

It’s very rare that the defense and intelligence community is vulnerable to file-based attacks. After all, for these organizations security is not a business case, it’s a case of national security. More commercial businesses should look to the defense and intelligence community for guidance on improving security posture. It’s not that they have the newest or most sophisticated products; government agencies focus on identifying core risk vectors, such as those created by the dangers endemic … More

The post CDR: The secret cybersecurity ingredient used by defense and intelligence agencies appeared first on Help Net Security.

Posted on 22 October 2021 | 5:30 am

Embracing secure hybrid work with four foundational IT controls

Hybrid work has become the norm for many businesses. In fact, a 2021 survey conducted by HR consulting firm Mercer found that out of a group of 510 employers with flexible work programs in place, 70% plan to adopt a hybrid work model. While the new work-from-anywhere revolution provides more flexibility for workers, it also creates real security concerns for IT teams. As organizations formalize work-from-anywhere strategies, it has become painfully evident that many time-honored … More

The post Embracing secure hybrid work with four foundational IT controls appeared first on Help Net Security.

Posted on 22 October 2021 | 5:00 am

Security changes needed to protect corporate networks from non-business IoT devices

Cyber adversaries know that one small IoT sensor can provide entry into a corporate network to launch ransomware attacks and more. According to a survey of IT decision-makers by Palo Alto Networks, 78% of respondents (among those whose organization has IoT devices connected to its network) reported an increase in non-business IoT devices on corporate networks in the last year. Smart lightbulbs, heart rate monitors, connected gym equipment, coffee machines, game consoles and even pet … More

The post Security changes needed to protect corporate networks from non-business IoT devices appeared first on Help Net Security.

Posted on 22 October 2021 | 4:30 am

GPS Daemon (GPSD) Rollover Bug

Original release date: October 21, 2021

Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021). 
 
On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive.  
 
CISA urges affected CI owners and operators to ensure systems—that use GPSD to obtain timing information from GPS devices—are using GPSD version 3.23 (released August 8, 2021) or newer.
 
For more information, see Keeping Track of Time: Network Time Protocol and a GPSD Bug.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 October 2021 | 7:36 pm

Before and After a Pen Test: Steps to Get Through It

An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can also help validate remedial

Posted on 21 October 2021 | 5:52 pm

Cisco Releases Security Updates for IOS XE SD-WAN Software

Original release date: October 21, 2021

Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 21 October 2021 | 3:46 pm

Consumer Security Firm Aura Raises $200 Million at $2.5 Billion Valuation

Aura, a Burlington, MA-based company that provides cybersecurity solutions for consumers, has announced raising $200 million in a Series F funding round.

The funding, which values Aura at $2.5 billion post money, brings the total raised by the firm to $650 million.

read more

Posted on 21 October 2021 | 3:08 pm

FiveSys Rootkit Abuses Microsoft-Issued Digital Signature

A rootkit named FiveSys is able to evade detection and slip unnoticed onto Windows users’ systems courtesy of a Microsoft-issued digital signature, according to security researchers with Bitdefender.

read more

Posted on 21 October 2021 | 2:18 pm

Product Overview: Cynet SaaS Security Posture Management (SSPM)

Software-as-a-service (SaaS) applications have gone from novelty to business necessity in a few short years, and its positive impact on organizations is clear. It’s safe to say that most industries today run on SaaS applications, which is undoubtedly positive, but it does introduce some critical new challenges to organizations.  As SaaS application use expands, as well as the number of

Posted on 21 October 2021 | 1:07 pm

Smart Security Camera Startup Rhombus Systems Raises $10 Million

Sacramento, CA-based Rhombus Systems – a provider of smart security cameras – has raised $10 million in a Series A funding round led by Cota Capital. 

read more

Posted on 21 October 2021 | 1:01 pm

Two Bulletproof Hosting Administrators Sentenced to Prison in U.S.

The United States Department of Justice this week announced that two individuals involved in providing bulletproof hosting to various malware families were sentenced to prison.

read more

Posted on 21 October 2021 | 11:31 am

Former Execs of Cybersecurity Firm GigaTrust Charged With Financial Fraud

Three former executives of now defunct cybersecurity company GigaTrust have been charged for defrauding investors and lenders in a $50 million fraud scheme.

read more

Posted on 21 October 2021 | 11:17 am

US to Curb Hacking Tool Exports to Russia, China

US authorities unveiled Wednesday long-delayed new rules aimed at clamping down on export to nations like Russia and China of hacking technology amid a sharp uptick in cyberattacks globally.

The rules, which are set to go into force in 90 days, would prevent the sale of certain software or devices to a list of countries unless approved by a bureau of the Commerce Department.

read more

Posted on 21 October 2021 | 10:32 am

U.S. Government Bans Sale of Hacking Tools to Authoritarian Regimes

The U.S. Commerce Department on Wednesday announced new rules barring the sales of hacking software and equipment to authoritarian regimes and potentially facilitate human rights abuse for national security (NS) and anti-terrorism (AT) reasons. The mandate, which is set to go into effect in 90 days, will forbid the export, reexport and transfer of "cybersecurity items" to countries of "national

Posted on 21 October 2021 | 7:43 am

US judge sentences duo for roles in running bulletproof hosting service

The hosting service was used to deploy malware payloads including Zeus and the Blackhole exploit kit.

Posted on 21 October 2021 | 7:37 am

Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts

Since at least late 2019, a network of hackers-for-hire have been hijacking the channels of YouTube creators, luring them with bogus collaboration opportunities to broadcast cryptocurrency scams or sell the accounts to the highest bidder. That's according to a new report published by Google's Threat Analysis Group (TAG), which said it disrupted financially motivated phishing campaigns targeting

Posted on 21 October 2021 | 7:03 am

Google Patches 19 Vulnerabilities in Chrome 95 Browser Refresh

Google has released a new version of its flagship Chrome web browser with patches for a total of 19 vulnerabilities, including 16 reported by external researchers.

read more

Posted on 20 October 2021 | 8:02 pm

Investors Bet Big on Attempts to Solve Encryption 'Holy Grail'

News Analysis: Venture capital investors are pumping millions of dollars into privacy enhancing technology (PET) projects, betting that hardware and software innovation is finally coming together to solve one of the “holy grails” of encryption.

read more

Posted on 20 October 2021 | 3:17 pm

Query.AI Raises $15 Million in Series A Funding Round

Query.AI, a company that has developed a security investigations platform for enterprises, this week announced raising $15 million in a Series A funding round, which brings the total raised to nearly $20 million.

read more

Posted on 20 October 2021 | 3:12 pm

Google Releases Security Updates for Chrome

Original release date: October 20, 2021

Google has released Chrome version 95.0.4638.54  for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 20 October 2021 | 2:55 pm

Magnitude EK Expands Arsenal With PuzzleMaker Exploit Chain

The Magnitude exploit kit (EK) is now capable of targeting Chromium-based browsers running on Windows systems, security researchers with Avast warn.

read more

Posted on 20 October 2021 | 1:59 pm

Researchers Break Intel SGX With New 'SmashEx' CPU Attack Technique

A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense

Posted on 20 October 2021 | 1:27 pm

Threat Detection Marketplace SOC Prime Raises $11 Million

Threat detection marketplace SOC Prime this week announced that it has raised $11 million in Series A funding. To date, the company has raised a total of $11.5 million.

The new capital, the company says, will help it accelerate the adoption of its marketplace, which allows security researchers to monetize their content to help others fend off cyberattacks.

read more

Posted on 20 October 2021 | 12:53 pm

Acer Confirms Breach of Servers in Taiwan

Taiwanese tech giant Acer has confirmed that, in addition to servers in India, hackers breached some of its systems in Taiwan.

read more

Posted on 20 October 2021 | 12:34 pm

Zerodium Buying Zero-Day Exploits Targeting VPN Software

Exploit acquisition company Zerodium on Tuesday announced that it’s looking to buy zero-day exploits targeting popular VPN software.

Specifically, the company wants to acquire exploits that work against the Windows versions of the ExpressVPN, NordVPN and Surfshark applications. These VPN services have millions of users.

read more

Posted on 20 October 2021 | 11:47 am

Black market traders cash in on fake COVID-19 vaccination records

The EU vaccine passport and CDC certifications are hot ticket items.

Posted on 20 October 2021 | 11:17 am

Oracle's October 2021 CPU Includes 419 Security Patches

Oracle on Tuesday announced the release of its latest quarterly Critical Patch Update (CPU), which includes a total of 419 security patches for vulnerabilities across the company’s portfolio.

Just over half of the patches address vulnerabilities that could be exploited remotely without authentication, Oracle announced.

read more

Posted on 20 October 2021 | 11:02 am

Missouri Budget Officials Outline $50M Cost of Data Breach

Help for roughly 100,000 teachers whose Social Security numbers were made vulnerable in a massive state data breach could cost Missouri as much as $50 million, the governor’s office confirmed Tuesday.

read more

Posted on 20 October 2021 | 10:27 am

OWASP's 2021 List Shuffle: A New Battle Plan and Primary Foe

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and

Posted on 20 October 2021 | 8:16 am

LightBasin Hackers Breach at Least 13 Telecom Service Providers Since 2019

A highly sophisticated adversary named LightBasin has been identified as behind a string of attacks targeting the telecom sector with the goal of collecting "highly specific information" from mobile communication infrastructure, such as subscriber information and call metadata.  "The nature of the data targeted by the actor aligns with information likely to be of significant interest to signals

Posted on 20 October 2021 | 8:01 am

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft has published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed "TPM Carte Blanche" by Google software engineer Chris

Posted on 20 October 2021 | 7:20 am

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat

Posted on 20 October 2021 | 4:12 am

Cybersecurity Experts Warn of a Rise in Lyceum Hacker Group Activities in Tunisia

A threat actor, previously known for striking organizations in the energy and telecommunications sectors across the Middle East as early as April 2018, has evolved its malware arsenal to strike two entities in Tunisia. Security researchers at Kaspersky, who presented their findings at the VirusBulletin VB2021 conference earlier this month, attributed the attacks to a group tracked as Lyceum (aka

Posted on 20 October 2021 | 4:10 am

Oracle Releases October 2021 Critical Patch Update

Original release date: October 19, 2021

Oracle has released its Critical Patch Update for October 2021 to address 419 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Oracle October 2021 Critical Patch Update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 19 October 2021 | 7:59 pm

Oracle Critical Patch Update Advisory - October 2021

Posted on 19 October 2021 | 7:30 pm

Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine.  Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used

Posted on 19 October 2021 | 3:07 pm

FCC mulls over new rules demanding carriers block spam robot texts at network level

The proposal hones in on rising rates of robot texts.

Posted on 19 October 2021 | 11:05 am

Twitter accounts linked to cyberattacks against security researchers suspended

North Korean hackers are luring professionals with "zero-day vulnerability hype."

Posted on 19 October 2021 | 9:25 am

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on BlackMatter Ransomware

Original release date: October 18, 2021

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released joint Cybersecurity Advisory (CSA): BlackMatter Ransomware.

Since July 2021, malicious cyber actors have used BlackMatter ransomware to target multiple U.S. critical infrastructure entities, including a U.S. Food and Agriculture Sector organization. Using an analyzed sample of BlackMatter ransomware and information from trusted third parties, this CSA provides cyber actor tactics, techniques, and procedures and outlines mitigations to improve ransomware protection, detection, and response.

To reduce the risk of BlackMatter ransomware, CISA, FBI, and NSA encourage organizations to implement the recommended mitigations in the joint CSA and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.
 

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 19 October 2021 | 2:00 am

Why Database Patching Best Practice Just Doesn't Work and How to Fix It

Patching really, really matters – patching is what keeps technology solutions from becoming like big blocks of Swiss cheese, with endless security vulnerabilities punching hole after hole into critical solutions. But anyone who's spent any amount of time maintaining systems will know that patching is often easier said than done. Yes, in some instances, you can just run a command line to install

Posted on 18 October 2021 | 4:00 pm

BlackByte ransomware decryptor released

The "odd" malware avoids systems based on Russian and ex-USSR languages.

Posted on 18 October 2021 | 11:43 am

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting

Representatives from the U.S., the European Union, and 30 other countries pledged to mitigate the risk of ransomware and harden the financial system from exploitation with the goal of disrupting the ecosystem, calling it an "escalating global security threat with serious economic and security consequences."  "From malign operations against local health providers that endanger patient care, to

Posted on 18 October 2021 | 8:21 am

Is Your Data Safe? Check Out Some Cybersecurity Master Classes

Since cybersecurity is definitely an issue that’s here to stay, I’ve just checked out the recently released first episodes of Cato Networks Cybersecurity Master Class Series.  According to Cato, the series aims to teach and demonstrate cybersecurity tools and best practices; provide research and real-world case studies on cybersecurity; and bring the voices and opinions of top cybersecurity

Posted on 18 October 2021 | 7:24 am

REvil Ransomware Gang Goes Underground After Tor Sites Were Compromised

REvil, the notorious ransomware gang behind a string of cyberattacks in recent years, appears to have gone off the radar once again, a little over a month after the cybercrime group staged a surprise return following a two-month-long hiatus. The development, first spotted by Recorded Future's Dmitry Smilyanets, comes after a member affiliated with the REvil operation posted on the XSS hacking

Posted on 18 October 2021 | 7:17 am

Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021

Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup 2021, the fourth edition of the international cybersecurity contest held in the city of Chengdu, China. Targets this year included Google Chrome running on Windows 10 21H1, Apple Safari running on Macbook Pro, Adobe

Posted on 18 October 2021 | 6:50 am

Apache Releases Security Advisory for Tomcat  

Original release date: October 15, 2021

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

CISA encourages users and administrators to review Apache’s security advisory for CVE-2021-42340 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 15 October 2021 | 3:11 pm

Cyber Criminals Using Spoofed Unemployment Benefit Websites to Defraud US Public

Posted on 15 October 2021 | 2:45 pm

Critical infrastructure security dubbed 'abysmal' by researchers

Researchers find that lax ICS security is putting critical services at risk of exploitation.

Posted on 15 October 2021 | 2:30 pm

Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

Original release date: October 14, 2021

CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. The joint CSA provides extensive mitigations and resources to assist WWS Sector facilities in strengthening operational resilience and cybersecurity practices.

CISA has also released a Cyber Risks & Resources for the Water and Wastewater Systems Sector infographic that details both information technology and operational technology risks the WWS Sector faces and provides select resources.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 14 October 2021 | 6:57 pm

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the "hackers" and anyone who aided the publication in its "attempt to embarrass the state and sell headlines for their news outlet."

Posted on 14 October 2021 | 5:37 pm

Juniper Networks Releases Security Updates for Multiple Products

Original release date: October 14, 2021

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 14 October 2021 | 3:53 pm

How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Posted on 13 October 2021 | 2:27 pm

International cryptocurrency scam ring targets European dating app users

You might lose your money as well as your heart.

Posted on 13 October 2021 | 12:30 pm

Apple: Forcing app sideloading would turn iPhones into virus-prone 'pocket PCs'

Apple says that sideloading would undermine the "privacy and security protections" of iPhones.

Posted on 13 October 2021 | 12:07 pm

Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

Malicious NFTs could have become an attack vector for hackers trying to steal digital wallet funds.

Posted on 13 October 2021 | 10:00 am

Microsoft Releases October 2021 Security Updates

Original release date: October 12, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Posted on 12 October 2021 | 9:11 pm

Patch Tuesday, October 2021 Edition

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.

Posted on 12 October 2021 | 7:52 pm

FontOnLake malware strikes Linux systems in targeted attacks

The malware is accompanied by a rootkit to sink its claws firmly into vulnerable machines.

Posted on 11 October 2021 | 9:53 am

FBI arrests engineer for selling nuclear warship data hidden in peanut butter sandwich

A husband and wife team tried to sell critical information on US submarine nuclear reactors.

Posted on 11 October 2021 | 8:54 am

BrewDog exposed data of 200,000 shareholders for over a year

The beer's on BrewDog, too.

Posted on 8 October 2021 | 12:16 pm

No honor among thieves: One in five targets of FIN12 hacking group is in healthcare

The group strikes big game targets with annual revenues of over $6 billion.

Posted on 7 October 2021 | 4:07 pm

Former Kent police officer sentenced for downloading child sex abuse material

The disgraced officer has avoided jail.

Posted on 7 October 2021 | 7:57 am

Becoming a new chief information security officer today: The steps for success

It's no easy ride -- but here are some tips from an experienced CISO.

Posted on 6 October 2021 | 5:32 pm

Apache HTTP Server Project patches exploited zero-day vulnerability

The critical vulnerability is being actively exploited in the wild.

Posted on 6 October 2021 | 12:03 pm

Meet ESPecter: a new UEFI bootkit for cyber spying

The bootkit is able to load unsigned drivers to hijack the ESP.

Posted on 6 October 2021 | 11:06 am

Facebook whistleblower: 'Morally bankrupt' social giant will have to 'hook kids' to grow

Updated: The whistleblower has accused Facebook of putting its "astronomical profits before people."

Posted on 5 October 2021 | 3:38 pm

What Happened to Facebook, Instagram, & WhatsApp?

Facebook and its sister properties Instagram and WhatsApp are suffering from ongoing, global outages. We don't yet know why this happened, but the how is clear: Earlier this morning, something inside Facebook caused the company to revoke key digital records that tell computers and other Internet-enabled devices how to find these destinations online.

Posted on 4 October 2021 | 7:05 pm

FCC Proposal Targets SIM Swapping, Port-Out Fraud

The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target's mobile phone number and use that to wrest control over the victim's online identity.

Posted on 1 October 2021 | 3:09 pm

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.

Posted on 29 September 2021 | 12:22 pm

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website.

Posted on 28 September 2021 | 3:49 pm

Indictment, Lawsuits Revive Trump-Alfa Bank Story

In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.

Posted on 23 September 2021 | 1:53 pm

Does Your Organization Have a Security.txt File?

It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.

Posted on 20 September 2021 | 9:57 pm

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

Posted on 17 September 2021 | 1:22 am

Scammers Defraud Victims of Millions of Dollars in New Trend in Romance Scams

Posted on 16 September 2021 | 1:00 pm

The FBI Warns the Public of Counterfeit Coin Scams

Posted on 9 September 2021 | 2:00 pm

WordPress 5.8.1 Security and Maintenance Release

WordPress 5.8.1 is now available! This security and maintenance release features 60 bug fixes in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated. WordPress 5.8.1 is a short-cycle security and maintenance release. The next […]

Posted on 9 September 2021 | 3:11 am

FBI Warns about an Increase in Sextortion Complaints

Posted on 2 September 2021 | 2:00 pm

FBI Warns of a Grandparent Fraud Scheme Using Couriers

Posted on 29 July 2021 | 1:00 pm

Oracle Critical Patch Update Advisory - July 2021

Posted on 20 July 2021 | 7:30 pm

IC3 Logs 6 Million Complaints

Posted on 17 May 2021 | 6:30 pm

Scammers Target Families Who Post Missing Persons on Social Media

Posted on 14 May 2021 | 1:00 pm

WordPress 5.7.2 Security Release

WordPress 5.7.2 is now available. This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8. You can update to […]

Posted on 13 May 2021 | 1:04 am

Oracle Critical Patch Update Advisory - April 2021

Posted on 20 April 2021 | 7:30 pm

WordPress 5.7.1 Security and Maintenance Release

WordPress 5.7.1 is now available! This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated. WordPress 5.7.1 is a short-cycle security and maintenance release. The next […]

Posted on 15 April 2021 | 3:05 am

Rise In Use of Cryptocurrency In Business Email Compromise Schemes

Posted on 13 April 2021 | 6:35 pm

If You Make or Buy a Fake COVID-19 Vaccination Record Card, You Endanger Yourself and Those Around You, and You Are Breaking the Law

Posted on 30 March 2021 | 5:15 pm

Telephony Denial of Service Attacks Can Disrupt Emergency Call Center Operations

Posted on 17 February 2021 | 7:00 pm

Oracle Critical Patch Update Advisory - January 2021

Posted on 19 January 2021 | 7:30 pm

Iranian Cyber Actors Continue to Threaten US Election Officials

Posted on 15 January 2021 | 9:15 pm

Oracle Critical Patch Update Advisory - October 2020

Posted on 20 October 2020 | 7:30 pm

Oracle Security Alert for CVE-2020-14750 - 01 November 2020

Posted on 1 October 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2020

Posted on 14 July 2020 | 7:30 pm

Hacking Your Psyche To Prevent Isolation Fatigue

Americans have been reporting increased feelings of depression, anxiety, loneliness, and even hopelessness at least once per week since the start of ...

Posted on 29 June 2020 | 1:41 pm

Reuters goofs up, shows innocent Delhi man as wanted Indian hacker behind global spy racket

The Reuters exclusive story published early this month identified a herbal medicine business owner as a wanted hacker. He was subsequently ...

Posted on 29 June 2020 | 1:30 pm

The World's Greatest Golf Club Without the Course Has Officially Launched Hack Mulligan – Golf's ...

Stick and Hack, the World's Greatest Golf Club, Without the Course, is thrilled to announce the official launch of their comic strip Hack Mulligan, which ...

Posted on 29 June 2020 | 12:56 pm

Indian government hack exposes 80000 coronavirus patients' data

Kerala Cyber Warriors allegedly targeted Delhi government servers to highlight security pitfalls. Indian hackers claim to have accessed more than ...

Posted on 29 June 2020 | 12:44 pm

'Offensive capability': $1.3b for new cyber spies to go after hackers

State actors are trying to hack computer networks. Prime Minister Scott Morrison will on Tuesday announce the ASD will be given more than $1 billion ...

Posted on 29 June 2020 | 12:22 pm

The New World Of Enterprise Security

As more people began working from home, we saw hacking patterns change. Hackers quickly realized that people were using virtual private networks ...

Posted on 29 June 2020 | 12:00 pm

UK judge warns Assange on US extradition hearing attendance

... indictment that alleges Assange conspired with members of hacking organizations and sought to recruit hackers to provide WikiLeaks with classified ...

Posted on 29 June 2020 | 11:48 am

How to mitigate risks due to Cyber threats to optimise your insurance premium

Chief among these are exposure to very high level of cyber threats and hacking. According to Cyber Security experts, such cases have grown ...

Posted on 29 June 2020 | 11:48 am

Make your own relaxing face masks with these creative hacks

In this series, you'll learn various tips and tricks to make gardening, grilling and even sewing easier. No matter the problem, there's a Home Hack for that!

Posted on 29 June 2020 | 11:15 am

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal ...

Posted on 29 June 2020 | 11:15 am

Hacker Drains $500K From DeFi Liquidity Provider Balancer

Decentralized finance (DeFi) liquidity provider Balancer Pool admitted early Monday morning that it had fallen victim to a sophisticated hack that ...

Posted on 29 June 2020 | 11:03 am

Calls for reform grow louder as UK Computer Misuse Act turns 30

The UK's principal computer hacking law marks its 30th anniversary today (June 29), amid industry calls for a radical revamp. The Computer Misuse ...

Posted on 29 June 2020 | 11:03 am

Woman's Hack For Eating Sushi With Soy Sauce Goes Viral

Clearly, many people have never thought to do this as the video has proven a huge hit, amassing more than 2.6 million views. As tends to be the way on ...

Posted on 29 June 2020 | 11:03 am

DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About

A spat between the Balancer and STA team following the $500,000 hack suggests that the DeFi protocol was aware of the weakness. 2640 Total ...

Posted on 29 June 2020 | 10:41 am

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to ...

Posted on 29 June 2020 | 10:18 am

This Melbourne mum uses her oven to dry her laundry and it's going viral

But for those of us who aren't blessed with a dryer at home, one Melbourne mum's solution may be the life hack you never knew you needed.

Posted on 29 June 2020 | 9:45 am

Russian leader of Infraud stolen ID, credit card ring pleads guilty

... to corruption charges after being accused of being one of the leaders of a carding ring trading in stolen identities, credit cards, and hacking tools.

Posted on 29 June 2020 | 9:22 am

Mum shares genius £4 hack which makes squash last twice as long

But one woman has shared a nifty hack that helps drinks last longer. Stephanie Palin, a special needs teaching assistant from Chesire, has come up ...

Posted on 29 June 2020 | 9:00 am

Australia cyberattack exploited vulnerability usually used in cryptojacking malware attacks

The Australian Cyber Security Centre revealed that hackers exploited known vulnerabilities in the Telerik user interface. Image by Gerd Altmann from ...

Posted on 29 June 2020 | 8:37 am

Hacker Drains Over $450000 from Balancer Pools

Hacker siphoned more than $450,000 in deflationary tokens on Monday from two multi-token pools on Balancer, an automated market maker protocol.

Posted on 29 June 2020 | 8:37 am

WordPress 5.4.2 Security and Maintenance Release

WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions […]

Posted on 10 June 2020 | 7:19 pm

WordPress 5.4.1

WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next […]

Posted on 29 April 2020 | 7:56 pm

Oracle Critical Patch Update Advisory - April 2020

Posted on 14 April 2020 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2020

Posted on 14 January 2020 | 7:30 pm

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, […]

Posted on 13 December 2019 | 12:07 am

WordPress 5.2.4 Update

Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress […]

Posted on 19 November 2019 | 4:47 am

Oracle Critical Patch Update Advisory - October 2019

Posted on 15 October 2019 | 7:30 pm

WordPress 5.2.4 Security Release

WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an […]

Posted on 14 October 2019 | 9:54 pm

WordPress 5.2.3 Security and Maintenance Release

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions […]

Posted on 5 September 2019 | 1:51 am

Mitigations Against Adversarial Attacks

This is the fourth and final article in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, […]

Posted on 11 July 2019 | 6:53 am

Adversarial Attacks Against AI

This article is the third in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:52 am

Malicious Use Of AI

This article is the second in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:50 am

Bad AI

This article is the first in a series of four articles on the work we’ve been doing for the European Union’s Horizon 2020 project codenamed SHERPA. Each of the articles in this series contain excerpts from a publication entitled “Security Issues, Dangers And Implications Of Smart Systems”. For more information about the project, the publication […]

Posted on 11 July 2019 | 6:49 am

Security Issues, Dangers, And Implications of Smart Information Systems

F-Secure is participating in an EU-funded Horizon 2020 project codenamed SHERPA (as mentioned in a previous blog post). F-Secure is one of eleven partners in the consortium. The project aims to develop an understanding of how machine learning will be used in society in the future, what ethical issues may arise, and how those issues […]

Posted on 8 July 2019 | 9:19 am

Sockpuppies!

Yesterday, a colleague of mine, Eero Kurimo, told me about something odd he’d seen on Twitter. Over the past few days, a number of pictures of cute puppies had shown up on his timeline as promoted tweets. Here’s an example: “Mainostettu” is the Finnish word Twitter uses to denote that a tweet has been promoted. […]

Posted on 1 July 2019 | 8:14 am

Oracle Security Alert for CVE-2019-2729 - 18 Jun 2019

Posted on 18 June 2019 | 10:00 pm

Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections

I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case, recommendation systems on social networks. My […]

Posted on 24 May 2019 | 5:10 pm

Spam Trends: Top attachments and campaigns

Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw huge spam campaigns using ZIP […]

Posted on 8 May 2019 | 12:41 pm

Oracle Security Alert for CVE-2019-2725 - 26 Apr 2019

Posted on 26 April 2019 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2019

Posted on 16 April 2019 | 7:30 pm

Discovering Hidden Twitter Amplification

As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large amounts of data in order to […]

Posted on 3 April 2019 | 3:39 pm

Mira Ransomware Decryptor

We investigated some recent Ransomware called Mira (Trojan:W32/Ransomware.AN) in order to check if it’s feasible to decrypt the encrypted files. Most often, decryption can be very challenging because of missing keys that are needed for decryption. However, in the case of Mira ransomware, it appends all information required to decrypt an encrypted file into the […]

Posted on 1 April 2019 | 2:19 pm

A Hammer Lurking In The Shadows

And then there was ShadowHammer, the supply chain attack on the ASUS Live Update Utility between June and November 2018, which was discovered by Kaspersky earlier this year, and made public a few days ago. In short, this is how the trojanized Setup.exe works: An executable embedded in the Resources section has been overwritten by […]

Posted on 29 March 2019 | 2:12 pm

Analysis of LockerGoga Ransomware

We recently observed a new ransomware variant (which our products detect as Trojan.TR/LockerGoga.qnfzd) circulating in the wild. In this post, we’ll provide some technical details of the new variant’s functionalities, as well as some Indicators of Compromise (IOCs). Overview Compared to other ransomware variants that use Window’s CRT library functions, this new variant relies heavily […]

Posted on 27 March 2019 | 5:19 pm

Analysis Of Brexit-Centric Twitter Activity

This is a rather long blog post, so we’ve created a PDF for you to download, if you’d like to read it offline. You can download that from here. Executive Summary This report explores Brexit-related Twitter activity occurring between December 4, 2018 and February 13, 2019. Using the standard Twitter API, researchers collected approximately 24 […]

Posted on 12 March 2019 | 7:56 am

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]

Posted on 12 March 2019 | 3:34 am

Why Social Network Analysis Is Important

I got into social network analysis purely for nerdy reasons – I wanted to write some code in my free time, and python modules that wrap Twitter’s API (such as tweepy) allowed me to do simple things with just a few lines of code. I started off with toy tasks, (like mapping the time of […]

Posted on 21 February 2019 | 1:20 pm

Oracle Critical Patch Update Advisory - January 2019

Posted on 15 January 2019 | 7:30 pm

NRSMiner updates to newer version

More than a year after the world first saw the Eternal Blue exploit in action during the May 2017 WannaCry outbreak, we are still seeing unpatched machines in Asia being infected by malware that uses the exploit to spread. Starting in mid-November 2018, our telemetry reports indicate that the newest version of the NRSMiner cryptominer, […]

Posted on 3 January 2019 | 5:04 am

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version […]

Posted on 13 December 2018 | 3:13 am

Phishing Campaign targeting French Industry

We have recently observed an ongoing phishing campaign targeting the French industry. Among these targets are organizations involved in chemical manufacturing, aviation, automotive, banking, industry software providers, and IT service providers. Beginning October 2018, we have seen multiple phishing emails which follow a similar pattern, similar indicators, and obfuscation with quick evolution over the course […]

Posted on 26 November 2018 | 1:16 pm

Ethics In Artificial Intelligence: Introducing The SHERPA Consortium

In May of this year, Horizon 2020 SHERPA project activities kicked off with a meeting in Brussels. F-Secure is a partner in the SHERPA consortium – a group consisting of 11 members from six European countries – whose mission is to understand how the combination of artificial intelligence and big data analytics will impact ethics […]

Posted on 22 November 2018 | 8:25 am

Spam campaign targets Exodus Mac Users

We’ve seen a small spam campaign that attempts to target Mac users that use Exodus, a multi-cryptocurrency wallet. The theme of the email focuses mainly on Exodus. The attachment was “Exodus-MacOS-1.64.1-update.zip” and the sender domain was “update-exodus[.]io”, suggesting that it wanted to associate itself to the organization. It was trying to deliver a fake Exodus […]

Posted on 2 November 2018 | 5:56 pm

Oracle Critical Patch Update Advisory - October 2018

Posted on 16 October 2018 | 7:30 pm

Oracle Security Alert for CVE-2018-11776 - 31 August 2018

Posted on 1 September 2018 | 12:00 am

Value-Driven Cybersecurity

Constructing an Alliance for Value-driven Cybersecurity (CANVAS) launched ~two years ago with F-Secure as a member. The goal of the EU project is “to unify technology developers with legal and ethical scholars and social scientists to approach the challenge of how cybersecurity can be aligned with European values and fundamental rights.” (That’s a mouthful, right?) […]

Posted on 31 August 2018 | 1:20 pm

Taking Pwnie Out On The Town

Black Hat 2018 is now over, and the winners of the Pwnie Awards have been published. The Best Client-Side Bug was awarded to Georgi Geshev and Rob Miller for their work called “The 12 Logic Bug Gifts of Christmas.” Georgi and Rob work for MWR Infosecurity, which (as some of you might remember) was acquired by F-Secure […]

Posted on 14 August 2018 | 11:58 am

Oracle Security Alert for CVE-2018-3110 - 10 August 2018

Posted on 10 August 2018 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2018

Posted on 17 July 2018 | 7:30 pm

WordPress 4.9.7 Security and Maintenance Release

WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads […]

Posted on 5 July 2018 | 5:00 pm

Oracle Critical Patch Update Advisory - April 2018

Posted on 17 April 2018 | 7:30 pm

WordPress 4.9.5 Security and Maintenance Release

WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented […]

Posted on 3 April 2018 | 7:56 pm

WordPress 4.9.2 Security and Maintenance Release

WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for […]

Posted on 16 January 2018 | 11:00 pm

Oracle Critical Patch Update Advisory - January 2018

Posted on 16 January 2018 | 7:30 pm

WordPress 4.9.1 Security and Maintenance Release

WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's […]

Posted on 29 November 2017 | 8:33 pm

Oracle Security Alert for CVE-2017-10269 - 13 November 2017

Posted on 13 November 2017 | 7:30 pm

WordPress 4.8.3 Security Release

WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to […]

Posted on 31 October 2017 | 2:20 pm

Oracle Security Alert for CVE-2017-10151 - 27 October 2017

Posted on 27 October 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2017

Posted on 17 October 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-9805 - 22 September 2017

Posted on 22 September 2017 | 7:30 pm

WordPress 4.8.2 Security and Maintenance Release

WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this […]

Posted on 19 September 2017 | 10:17 pm

Oracle Critical Patch Update Advisory - July 2017

Posted on 18 July 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2019

Posted on 16 July 2017 | 7:30 pm

Oracle Security Alert for CVE-2017-3629

Posted on 19 June 2017 | 7:30 pm

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

Posted on 16 May 2017 | 10:39 pm

WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially […]

Posted on 15 May 2017 | 4:02 pm

Oracle Critical Patch Update Advisory - April 2017

Posted on 18 April 2017 | 7:30 pm

WordPress 4.7.3 Security and Maintenance Release

WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata.  Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect […]

Posted on 6 March 2017 | 5:53 pm

Oracle Critical Patch Update Advisory - January 2017

Posted on 17 January 2017 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2016

Posted on 18 October 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2016

Posted on 19 July 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2016

Posted on 19 April 2016 | 7:30 pm

Oracle Security Alert for CVE-2016-0636 - 23 Mar 2016

Posted on 23 March 2016 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2016

Posted on 19 January 2016 | 7:30 pm

Oracle Security Alert for CVE-2015-4852 - 10 November 2015

Posted on 10 November 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2015

Posted on 20 October 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2015

Posted on 14 July 2015 | 7:30 pm

Oracle Security Alert for CVE-2015-3456 - 15 May 2015

Posted on 15 May 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2015

Posted on 14 April 2015 | 7:30 pm

Oracle Security Alert for CVE-2016-0603 - 5 February 2016

Posted on 5 February 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2015

Posted on 20 January 2015 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2014

Posted on 14 October 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-7169 - 26 September 2014

Posted on 26 September 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2014

Posted on 15 July 2014 | 7:30 pm

Oracle Security Alert for CVE-2014-0160 - 18 April 2014

Posted on 18 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2014

Posted on 15 April 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2014

Posted on 14 January 2014 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2013

Posted on 15 October 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - July 2013

Posted on 16 July 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - June 2013

Posted on 18 June 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - April 2013

Posted on 16 April 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-1493 - 04 Mar 2013

Posted on 4 March 2013 | 7:30 pm

Updated Release of the Oracle Java SE Critical Patch Update - February 2013

Posted on 19 February 2013 | 7:30 pm

Oracle Java SE Critical Patch Update Advisory - February 2013

Posted on 1 February 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - January 2013

Posted on 15 January 2013 | 7:30 pm

Oracle Security Alert for CVE-2013-0422 - 13 Jan 2013

Posted on 13 January 2013 | 7:30 pm

Oracle Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Java SE Critical Patch Update Advisory - October 2012

Posted on 16 October 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-4681 - 30 Aug 2012

Posted on 30 August 2012 | 7:26 pm

Oracle Security Alert for CVE-2012-3132 - 10 Aug 2012

Posted on 10 August 2012 | 7:14 pm

Oracle Critical Patch Update (CPU) Advisory - July 2012

Posted on 19 July 2012 | 10:15 pm

Oracle Java SE Critical Patch Update Advisory - June 2012

Posted on 12 June 2012 | 8:00 pm

Oracle Security Alert for CVE-2012-1675

Posted on 30 April 2012 | 8:01 pm

Oracle Critical Patch Update (CPU) Advisory - April 2012

Posted on 18 April 2012 | 3:40 pm

Oracle Java SE Critical Patch Update Advisory - February 2012

Posted on 14 February 2012 | 8:00 pm

Oracle Security Alert for CVE-2011-5035

Posted on 31 January 2012 | 9:20 pm

Oracle Critical Patch Update (CPU) Advisory - January 2012

Posted on 17 January 2012 | 8:44 pm

Oracle Critical Patch Update (CPU) Advisory - October 2011

Posted on 24 October 2011 | 6:33 pm

Oracle Security Alert for CVE-2011-3192

Posted on 15 September 2011 | 9:22 pm

Oracle Critical Patch Update (CPU) Advisory - July 2011

Posted on 19 July 2011 | 10:45 pm

Oracle Java SE Critical Patch Update Advisory - June 2011

Posted on 7 June 2011 | 10:18 pm

Oracle Critical Patch Update (CPU) - April 2011

Posted on 19 April 2011 | 8:00 pm

Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011

Posted on 15 February 2011 | 10:00 pm

Oracle Critical Patch Update (CPU) - January 2011

Posted on 18 January 2011 | 7:40 pm

Oracle Critical Patch Update (CPU) - October 2010

Posted on 12 October 2010 | 4:07 pm

Oracle Critical Patch Update (CPU) - July 2010

Posted on 14 July 2010 | 7:35 pm

Oracle Critical Patch Update (CPU) - April 2010

Posted on 13 April 2010 | 9:01 pm

Oracle Security Alert for CVE-2010-0073 - February 2010

Oracle Security Alert for CVE-2010-0073

Posted on 4 February 2010 | 8:00 pm

Critical Patch Update - January 2010

Posted on 13 January 2010 | 6:05 pm

Critical Patch Update - October 2009

Posted on 20 October 2009 | 3:39 pm

Critical Patch Update - July 2009

Posted on 16 July 2009 | 1:00 am

Critical Patch Update - April 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - January 2009

Posted on 14 April 2009 | 10:40 pm

Critical Patch Update - October 2008

Posted on 15 October 2008 | 6:53 pm

Critical Patch Update - July 2008

Posted on 15 July 2008 | 8:01 pm

Critical Patch Update - April 2008

Posted on 15 April 2008 | 10:13 pm

Critical Patch Update - January 2008

Posted on 15 January 2008 | 10:55 pm

Critical Patch Update - October 2007

Posted on 16 October 2007 | 8:47 pm

Critical Patch Update - July 2007

Posted on 17 July 2007 | 8:21 pm

Critical Patch Update - April 2007

Posted on 18 April 2007 | 3:57 pm

Critical Patch Update - January 2007

Posted on 16 January 2007 | 11:35 pm

Critical Patch Update - October 2006

Posted on 17 October 2006 | 6:37 pm

Critical Patch Update - April 2006

Posted on 18 April 2006 | 8:42 pm

Critical Patch Update - January 2006

Posted on 18 January 2006 | 12:20 am

Critical Patch Update - January 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - April 2005

Posted on 18 October 2005 | 10:28 pm

Critical Patch Update - October 2005

Posted on 18 October 2005 | 10:25 pm

Critical Patch Update - July 2005

Posted on 12 July 2005 | 7:46 pm