News

0 Comments
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities. A recent study on the cost of cybercrime to organizations delved into growing concerns about the gray hat hacker — a security professional who participates in black hat activities. Researchers
0 Comments
An Active Directory deployment may seem straightforward, but it takes a bit of groundwork to set up a Windows Server 2016 domain controller. Active Directory Domain Services needs to be installed and managed by an IT administrator with a background in Windows Server 2016 and Windows environments. They should research the Active Directory (AD) domain
0 Comments
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing
0 Comments
Employee monitoring to protect against data loss and misuse is becoming mandatory in more industries, but insider security is harder than ever to enforce. As more regulations around data privacy and missteps at high-profile companies generate ongoing headlines, security teams attempt to monitor insider threats without stepping into the quagmire.  Teramind, a startup in Miami
0 Comments
A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that
0 Comments
In its early days, Microsoft Windows Defender, a lightweight, antimalware tool built into Windows, faced some stigma from IT professionals who didn’t think it brought anything special to the table. The doubters did not believe that Windows Defender features could detect a lot of the malware it was exposed to. Over the years, however, from
0 Comments
A high-severity vulnerability has been discovered in 4G-based wireless 4GEE Mini modem sold by mobile operator EE that could allow an attacker to run a malicious program on a targeted computer with the highest level of privileges in the system. The vulnerability—discovered by 20-year-old Osanda Malith, a Sri Lankan security researcher at ZeroDayLab—can be exploited
0 Comments
The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with. A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer Blog on Friday. What
0 Comments
The White House published a comprehensive National Cyber Strategy detailing how the Trump administration aims to improve cybersecurity in government, critical infrastructure and the private sector, as well as tackling cybercrime and international issues. The National Cyber Strategy builds upon the cybersecurity executive order signed in May 2017 and the subsequent security audit reports submitted
0 Comments
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database
0 Comments
Atlanta-based consumer credit reporting agency Equifax has been issued a £500,000 fine by the UK’s privacy watchdog for its last year’s massive data breach that exposed personal and financial data of hundreds of millions of its customers. Yes, £500,000—that’s the maximum fine allowed by the UK’s Data Protection Act 1998, though the penalty is apparently
0 Comments
Enhanced cloud SIEM analytics in Sumo Logic’s enterprise machine data analytics platform aim to serve up security watchdog capabilities for both line-of-business and DevOps users. The addition of cloud security information and event management (SIEM) analytics capabilities to Sumo Logic’s machine data analysis platform will enable security engineers and non-IT users to detect and investigate
0 Comments
Security researchers have discovered an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices. Western Digital’s My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to
0 Comments
It’s 2008 all over again as researchers have found a way to leverage cold boot attacks against modern computers to steal sensitive data from lost or stolen devices. Olle Segerdahl and Pasi Saarinen, security consultants for F-Secure, developed the new cold boot attack method and claim it “will work against nearly all modern computers,” including
0 Comments
Did you ever wonder if your Twitter account has been hacked and who had managed to gain access and when it happened? Twitter now lets you know this. After Google and Facebook, Twitter now lets you see all the devices—laptop, phone, tablet, and otherwise—logged into your Twitter account. Twitter has recently rolled out a new
0 Comments
The Russian man who was accused of operating the infamous Kelihos botnet has finally pleaded guilty in a U.S. federal court. Peter Yuryevich Levashov, 38, of St. Petersburg, Russia, pleaded guilty on Wednesday in U.S. federal court in Connecticut to computer crime, wire fraud, conspiracy and identity theft charges. Levashov, also known by many online
0 Comments
A Windows ALPC vulnerability that has been exploited in the wild for two weeks was finally patched by Microsoft as part of the September 2018 Patch Tuesday release. The Windows Advanced Local Procedure Call (ALPC) flaw was disclosed with proof-of-concept exploit code on Aug. 27, 2018, by Twitter user SandboxEscaper. The vulnerability affects the Windows