News

0 Comments
The Meltdown and Spectre side-channel attacks that exploit weaknesses in major processors scored the top spot in two of three Pwnie Award categories — Best Privilege Escalation Bug and Most Innovative Research — but missed on the prize for the most overhyped vulnerability. The Pwnie Awards, a longtime staple of the Black Hat security conference,
0 Comments
WhatsApp, the most popular messaging application in the world, has been found vulnerable to multiple security vulnerabilities that could allow malicious users to intercept and modify the content of messages sent in both private as well as group conversations. Discovered by security researchers at Israeli security firm Check Point, the flaws take advantage of a
0 Comments
Thank you for joining! Access your Pro+ Content below. June 2016 How to find the best next-generation firewall Share this item with your network: Next-generation firewalls are integrated, hardware- or software-based, network security tools designed to detect and block sophisticated attacks. The NGFWs available on the market today can vary significantly from one another in
0 Comments
Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking site VKontakte, and
0 Comments
At RSA Conference 2018, a Kaspersky Lab researcher showed how software development kits for popular ad networks… can cause data leaks in many mobile apps. What type of user data is being exposed, and how are the SDKs causing these leaks? Companies building mobile applications, like any modern software application, use third-party libraries and software
0 Comments
A hospital in Missouri faces a lawsuit after a medical records breach occurred as a result of an email phishing scam, something that’s difficult to protect against within healthcare organizations, according to a security expert.   In January, Children’s Mercy Hospital in Kansas City, Mo., notified 63,049 individuals who were potentially affected by the medical records
0 Comments
Security researchers have discovered at least three massive malware campaigns exploiting hundreds of thousands of unpatched MikroTik routers to secretly install cryptocurrency miners on computers connected to them. In all, the malware campaigns have compromised more than 210,000 routers from Latvian network hardware provider Mikrotik across the world, with the number still increasing as of
0 Comments
Editor’s note: One of the steps that generally precedes a network-based attack is port scanning, in which a hacker… tries to discover which services are being offered in order to launch a more specific attack. This article reveals a port-scanning technique that, contrary to most other techniques, does not reveal the location of the system
0 Comments
It sounds great to be able to assess information from threats targeting organizations all around the globe and not just the ones coming directly at you. But threat intelligence tools, and the loads of data they deliver, can turn out to be about as useful as junk mail. Expensive junk mail. This handbook on global
0 Comments
Protecting the information and information assets at Fannie Mae, a primary source of financing for American mortgage lenders, is a daunting proposition. Christopher Porter, who has served as the Fannie Mae CISO since 2016, is up to the challenge. Formerly known as the Federal National Mortgage Association, Fannie Mae was founded after the Great Depression
0 Comments
Organizations have many concerns when it comes to employee travel, from reimbursements and company credit cards to hotel and flight arrangements. But IT should add mobile device security threats to the list. It’s easy for organizations with users that travel domestically or internationally to overlook mobile device security threats. These threat actors are not stereotypical
0 Comments
Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses
0 Comments
Symantec’s identity theft protection service, LifeLock, exposed millions of customers’ email addresses. According to security journalist Brian Krebs, the LifeLock vulnerability was in the company’s website, and it enabled unauthorized third parties to collect email addresses associated with LifeLock user accounts or unsubscribe users from communications from the company. Account numbers, called subscriber keys, appear
0 Comments
Researchers from Israel’s Ben-Gurion University of the Negev showed how a power cable could enable hackers to steal… data from air-gapped computers. What is this vulnerability, and how can it be exploited? PowerHammer is a proof-of-concept malware program the researchers created to take advantage of a vulnerability in power lines that enables attackers to exfiltrate
0 Comments
Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software
0 Comments
The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language,