News

0 Comments
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving
0 Comments
Odds are good that the winner of this year’s RSA Conference Innovation Sandbox will be a security automation player — because almost all of the finalists for this year’s competition for “most innovative startup” highlight security automation in some form or another. As has happened almost every year since 2005, Innovation Sandbox finalists will face
0 Comments
A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying vulnerabilities,
0 Comments
VirusTotal introduced an enterprise version that provides a faster malware search feature and uses N-gram content searches to identify threats. What is an N-gram content search and why is it so important? The practice of identifying threats and sharing information about those threats with defenders was an extension of signature techniques that have long been
0 Comments
A vulnerable ConnectWise plugin led to several managed service providers being infected with GandCrab ransomware, but a new decryptor tool has provided relief for at least one of the victims. The vulnerable ConnectWise plugin was designed to sync data between the ConnectWise professional service automation software and the Kaseya VSA remote monitoring and management software.
0 Comments
A researcher recently discovered an info-stealer — dubbed Vidar — that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated? Malware infections haven’t changed much over time, even taking into
0 Comments
Google this week touted security improvements based on human help, rather than algorithm smarts alone. Google announced, in 2018, its bug bounty program — aka Vulnerability Reward Program — paid out $3.4 million in total rewards to 317 researchers who submitted issues. Those 317 researchers, from 78 different countries, earned more than 1,300 rewards, with
0 Comments
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical,
0 Comments
Twice in the last three months, Dunkin’ Donuts — currently rebranding itself as Dunkin’ — was hit with a credential stuffing attack that affected an undisclosed number of members of its DD Perks membership program. The company said one of its security vendors detected the attack and stopped most of the account intrusions, but it
0 Comments
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system. The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed
0 Comments
Machine learning has become a valuable component of network security products, but the technology is a mixed blessing. Unfortunately, hackers can also employ machine learning. Machine learning in network security separates legitimate network and application operations from attacks by building a set of rules that characterizes both activities. Meanwhile, attackers can use machine learning to
0 Comments
A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to
0 Comments
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of
0 Comments
A security researcher reported a supply chain attack that involved an official software repository for the Python programming language. How did this supply chain attack work? There isn’t a sysadmin or programmer around who hasn’t cursed a software installer or its associated instructions that overlook something that results in a failed install. The frustration of
0 Comments
The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC). Yes, infinite… like a never-ending source of money. Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to
0 Comments
Multifactor authentication products can provide significant benefits to an enterprise, but the technology is complex,… and the tools themselves can vary greatly from vendor to vendor. It’s helpful to examine sample use cases for specific tools to show how a vendor’s product can meet the multifactor authentication (MFA) needs and requirements of an enterprise. Here
0 Comments
It’s 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I’m not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives—LibreOffice and Apache OpenOffice—free, open source office software used by millions of Windows, MacOS and Linux