News

0 Comments
At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked
0 Comments
Traditional network security vulnerabilities are bad enough without adding SDN security issues to the mix. But, as organizations deploy SDN, they risk exposing their networks to new types of threats and attacks, especially if they don’t have proper plans in place. A prevalent concern with SDN security focuses on the SDN controller. The controller contains
0 Comments
Has Wikileaks founder Julian Assange officially been charged with any unspecified criminal offense in the United States? — YES United States prosecutors have accidentally revealed the existence of criminal charges against Wikileaks founder Julian Assange in a recently unsealed court filing in an unrelated ongoing sex crime case in the Eastern District of Virginia. Assistant
0 Comments
Okta Inc. researchers discovered a bypass that allows threat actors to create malware that can pose as legitimate software files signed by Apple. What is this bypass and who does it affect? Because regular users sometimes find it difficult to know what is and isn’t safe on the internet or when installing software, software developers
0 Comments
Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy
0 Comments
Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results
0 Comments
Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make. Here’s what they found were the most important factors for making sure you
0 Comments
A newly discovered spam botnet targeted over 100,000 home routers through a UPnP vulnerability. According to Netlab 360 researchers Hui Wang and RootKiter, the botnet, which they’re calling “BCMUPnP_Hunter,” infected 116 different types of devices. They estimated over 100,000 IP addresses belonging to home routers with Broadcom UPnP enabled have been infected. The botnet was
0 Comments
In light of Anthem Inc. recently agreeing to pay the largest HIPAA settlement on record for the Anthem data breach that affected nearly 79 million plan members, providers must get better at controlling who has access to patient data and internal systems. That advice comes from David Harlow, a Boston healthcare lawyer and consultant. “Anthem
0 Comments
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by
0 Comments
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. “DerpTroll,” took down servers of several major gaming platforms including Electronic Arts’ Origin service,
0 Comments
Unclassified malware samples from U.S. Cyber Command will be shared with VirusTotal by the Cyber National Mission Force. VirusTotal aggregates malware and malicious URL data from antivirus products and allows anyone to submit samples for inclusion in the database. The CNMF — the action arm of Cyber Command responsible for planning and directing cyberoperations —
0 Comments
A new cybersecurity market segment has emerged in the past few years that combines “active defense” technologies with the traditional concept of honeypots or honeynets. Dubbed deception technologies, these tools can be configured to intercept attacks in progress and lure the attacker to systems and applications running expressly to keep them occupied while defenders either
0 Comments
Introduction Windows 10 is the most used OS for desktops in the world, so it’s a big target for hackers. IT professionals should get to know all the Windows 10 security tools they have at their disposal so they can protect users’ desktops. Options include native Windows 10 security tools and utilities such as Microsoft
0 Comments
A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other
0 Comments
Security researchers disclosed two vulnerabilities in Bluetooth chips that put wireless access points, medical devices and more at risk of attack. Researchers at Armis, an enterprise IoT security company based in Palo Alto, Calif., discovered two vulnerabilities in Bluetooth Low Energy (BLE) chips manufactured by Texas Instruments and have branded the flaws as Bleedingbit. Armis
0 Comments
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including
0 Comments
Apple introduces a new privacy feature for all new MacBooks that “at some extent” will prevent hackers and malicious applications from eavesdropping on your conversations. Apple’s custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook’s built-in microphone whenever the user closes the lid, the company revealed
0 Comments
Many people think of two-factor authentication as a panacea for protecting users. While 2FA does drastically improve user protections, there are still risks. Attackers recognize that every security control implemented in an enterprise comes with its own risks that need to be managed. Therefore, they have learned to attack security controls in order to compromise