News

0 Comments
The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online
0 Comments
A Windows ALPC vulnerability that has been exploited in the wild for two weeks was finally patched by Microsoft as part of the September 2018 Patch Tuesday release. The Windows Advanced Local Procedure Call (ALPC) flaw was disclosed with proof-of-concept exploit code on Aug. 27, 2018, by Twitter user SandboxEscaper. The vulnerability affects the Windows
0 Comments
Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium shared a zero-day vulnerability that resides in the NoScript
0 Comments
Mobile spyware company mSpy has once again leaked millions of customer records to the public internet. The company develops mobile spyware that customers use to monitor the mobile device activity of their children, partners and others. Security researcher Nitish Shah discovered the mSpy leak via a public-facing database and reached out to cybersecurity journalist Brian
0 Comments
British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. So who exactly are victims? In a statement released by British Airways on Thursday, customers booking flights on its website (ba.com)
0 Comments
Listen to this podcast In this week’s Risk & Repeat podcast, SearchSecurity editors discuss the dispute between Google and Epic Games over a newly disclosed flaw in the Android version of Fortnite. Google’s public disclosure of a vulnerability in the Android version of Epic Games Inc.’s popular title “Fortnite Battle Royale” sparked a feud between
0 Comments
Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks. Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable
0 Comments
At least one malicious actor began exploiting a critical vulnerability in Apache Struts in the wild, despite a patch being issued last week. According to researchers at Volexity, a cybersecurity company based in Washington, D.C., the exploits of the Apache Struts vulnerability surfaced in the wild not long after a proof-of-concept (PoC) exploit was published
0 Comments
A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft’s Windows operating system that could help a local user or malicious program obtain system privileges on the targeted machine. And guess what? The zero-day flaw has been confirmed working on a “fully-patched 64-bit Windows 10 system.” The vulnerability
0 Comments
Google just made its Titan Security Key available on its store for $50. First announced last month at Google Cloud Next ’18 convention, Titan Security Key is a tiny USB device—similar to Yubico’s YubiKey—that offers hardware-based two-factor authentication (2FA) for online accounts with the highest level of protection against phishing attacks. Google’s Titan Security Key
0 Comments
The House Energy and Commerce Committee completed its investigation of the Common Vulnerabilities and Exposures program this week and requested “significant changes to the very foundation of the CVE program.” The investigation began in March of 2017 following media reports on extensive issues with the CVE tracking system, including long backlogs for assigning vulnerability scores.
0 Comments
George Garofano (left) The fourth celebrity hacker—who was charged earlier this year with hacking into over 250 Apple iCloud accounts belonged to Jennifer Lawrence and other Hollywood celebrities—has been sentenced to eight months in prison. Earlier this year, George Garofano, 26, of North Branford, admitted to illegally obtaining credentials of his victims’ iCloud accounts using
0 Comments
Instagram is growing quickly—and with the second most popular social media network in the world (behind just Facebook), the photo-sharing network absolutely dominates when it comes to user interactions. And with great success comes great responsibility—responsibility to keep users’ accounts safe, responsibility to fight fake accounts and news, and responsibility of being transparent. You might
0 Comments
If IT professionals can master enterprise patch management — a vital cog in any security strategy — they can address many of their security challenges. Enterprise patch management is certainly nothing new, and almost every business struggles with it in some way. Just look at any of the annual security surveys — patching, or lack
0 Comments
Enterprise file synchronization and sharing, or EFSS, technologies enable users to synchronize their files across… all their devices, including organization-issued and personally owned laptops, smartphones and tablets, and to securely share their files with other users. A secure sync-and-share service is increasingly essential to organizations that need to ensure corporate files are kept as secure
0 Comments
With cybercriminals adding more sophisticated tools and techniques to their arsenals, data breaches are increasing… year over year. And the trend looks likely to continue. As the number of records breached soars, so do the costs of dealing with them. The numbers are staggering: There were 2.6 billion records globally breached in 2017, marking an
0 Comments
Thank you for joining! Access your Pro+ Content below. March 2016 How to buy the best antimalware tools to protect endpoints Share this item with your network: Malware writers are becoming more sophisticated, increasing the threats to data privacy and security. To counter the growing risks of unauthorized access to proprietary or confidential information, the