News

0 Comments
The challenges of running an information security program can be overwhelming with so many areas to address –… from encryption, to application security to disaster recovery. The complication of compliance with regulatory requirements such as HIPAA, PCI DSS and Sarbanes-Oxley, to name a few, adds to the mix. How should security professionals organize and prioritize
0 Comments
Private equity firm Insight Partners has acquired a controlling stake in Recorded Future, a threat intelligence firm based in Somerville, Mass., for $780 million. Founded in 2009, Recorded Future employs machine learning techniques to generate threat intelligence and provide a comprehensive view of the threat landscape. Early investors in the company include Google’s venture arm,
0 Comments
Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage. Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also
0 Comments
Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on compromised
0 Comments
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse
0 Comments
It is not uncommon for a corporate perimeter security strategy to be based on a series of appliances. Intrusion prevention devices, next-generation firewalls (NGFWs) and application firewalls are part and parcel of a multi-tier security perimeter. Deploying multiple physical devices, however, can be a logistical nightmare; as a consequence, security functions are good candidates for
0 Comments
An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could
0 Comments
Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data
0 Comments
CrowdStrike and NSS Labs have officially ended their two-year legal battle with a confidential settlement agreement. CrowdStrike, an endpoint protection vendor based in Sunnyvale, Calif., issued a statement to SearchSecurity Friday saying, “CrowdStrike and NSS Labs have resolved the lawsuits between them pursuant to a confidential settlement agreement.” The CrowdStrike-NSS Labs legal battle began in
0 Comments
Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows
0 Comments
In the past, email security best practices for employees could be summarized quickly: Don’t trust email, because email is an unauthenticated, unreliable messaging service. This is still mostly true, and the same best practices for email security for employees from 1989 — use strong passwords, block spammers, don’t trust offers that are too good to
0 Comments
A few days before the doors opened on SAP Sapphire Now 2019, SAP customers were likely alarmed by a Reuters headline that their systems are vulnerable to hackers. The SAP exploit was not new, but the potential damage to SAP systems and data was considerable. Onapsis Inc., a Boston-based security and compliance monitoring software company,
0 Comments
In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe for years. GozNym was created by combining two known powerful Trojans—Gozi ISFB malware,
0 Comments
Security researchers have continued tracking WannaCry infections and have seen the ransomware spread to nearly 5 million vulnerable devices in the past two years. The initial WannaCry attacks occurred in May 2017 and caused massive damage before security researcher Marcus “MalwareTech” Hutchins inadvertently discovered a kill switch for the ransomware by registering a dummy URL
0 Comments
It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction. Out of 79 vulnerabilities, 18
0 Comments
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre
0 Comments
At the company’s I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google
0 Comments
Most organizations are falling behind when it comes to addressing the cybersecurity skills shortage, a new study found. And the effects of the shortage are worsening. In its third year, the study conducted by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) surveyed 267 cybersecurity professionals worldwide. The cybersecurity skills