News

0 Comments
On Jan. 4, 2018, Facebook CEO Mark Zuckerberg posted his New Year’s resolution, vowing to fix Facebook’s various issues with abuse, election interference and misinformation campaigns. But a timeline of events since then shows a bevy of Facebook security and data privacy issues. In February 2018, Facebook was found guilty in German and Belgian courts
0 Comments
A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail,
0 Comments
Open source and information security applications go together like peanut butter and jelly. The transparency provided by open source in infosec applications — what they monitor and how they work — is especially important for packet sniffer and intrusion detection systems (IDSes) that monitor network traffic. It may also help explain the long-running dominance of
0 Comments
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support
0 Comments
A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services on
0 Comments
Threat intelligence firm Flashpoint said dark web threats are evolving, and the company has a plan to give enterprises better visibility into such threats. The New York-based cybersecurity vendor introduced on Wednesday a new version of its Flashpoint Intelligence Platform to keep enterprise security teams better informed about dark web threats and new threat actor
0 Comments
An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy “88888 88888” customer care number, The Hacker News has learned and independently verified. Founded over two decades
0 Comments
BOSTON — Forcepoint believes it’s time for a more human-centric cybersecurity approach, and the company made a major investment to accelerate that vision. Forcepoint this week opened its new Cyber Experience Center, a 53,000-square-foot facility in Boston’s Seaport district. The center is designed educate enterprises about their current security challenges as well as promote a
0 Comments
Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party
0 Comments
Microsoft warned users of its web email services that accounts may have been compromised, and some sensitive data may have been accessed. Beginning late Friday, Microsoft sent email messages to users of Outlook, Hotmail and MSN Mail, alerting them that an unauthorized third party gained partial access to Microsoft-managed accounts between Jan. 1 and March
0 Comments
Even after Google’s security oversight over its already-huge Android ecosystem has evolved over the years, malware apps still keep coming back to Google Play Store. Sometimes just reposting an already detected malware app from a newly created Play Store account, or using other developers’ existing accounts, is enough for ‘bad-faith’ developers to trick the Play
0 Comments
Matrix—the organization behind an open source project that offers a protocol for secure and decentralized real-time communication—has suffered a massive cyber attack after unknown attackers gained access to the servers hosting its official website and data. Hackers defaced Matrix’s website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys
0 Comments
Zero trust may seem like just another security buzzword, but organizations are increasingly finding reasons to take the zero trust approach to network security. In the early days of the internet, network security professionals borrowed medieval terminology to describe network defenses: Moats, bastion hosts, perimeters, firewalls and gateways all figured into the network defender’s vocabulary.
0 Comments
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook
0 Comments
Yes, you read that right! Russia has fined Facebook with 3,000 rubles, roughly $47, for not complying with the country’s controversial Data Localization law. It’s bizarre and unbelievable, but true. In December last year, Russian Internet watchdog Roskomnadzor sent notifications to Twitter and Facebook asking them to provide information about the location of servers that
0 Comments
As endpoint threats become more sophisticated and abundant, so does the need for more advanced endpoint security tools. An organization can improve the security of its endpoints — including laptops, desktop PCs, mobile devices and servers in the data center — by using software that can rapidly detect, analyze, block and contain in-progress attacks. These