Category: SecurityWeek RSS Feed

A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Publicly available hacking tools, many of which have been developed for research and testing purposes, lower the bar for threat actors looking to target industrial control systems (ICS) and operational technology (OT) networks, FireEye warned this week. read more  …

Read more →

The COVID-19 coronavirus outbreak will likely have an impact on early-stage venture investment in cybersecurity, but investors and industry professionals are optimistic. read more   Advertise on IT Security News. Read the complete article: Impact of Coronavirus Outbreak on Early…

Read more →

General Electric (GE) revealed last week that the personal information of some employees may have been compromised as a result of a data breach suffered by Canon Business Process Services. read more   Advertise on IT Security News. Read the…

Read more →

Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers warn. read more   Advertise on IT Security News. Read the complete article: Videolabs Patches Code…

Read more →

VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete patch. However, one of the researchers who found it says the patch is “still bad.” read…

Read more →

Arkose Labs Raises $22 Million in Series B Funding read more   Advertise on IT Security News. Read the complete article: Microsoft, PayPal Invest in Anti-Fraud Startup Arkose Labs

Read more →

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files. read more   Advertise on IT Security News. Read the complete article: Critical Flaw in Adobe Creative…

Read more →

ZenKey Links Mobile Phones Directly to Carrier APIs and Avoids Users Having to Use Passwords After Authenticating a Phone read more   Advertise on IT Security News. Read the complete article: ZenKey: How Major Mobile Carriers Are Teaming Up to…

Read more →

Strategies for Evaluating Secure Remote Access Solutions for OT/ICS Networks read more   Advertise on IT Security News. Read the complete article: How to Address the Surging Need for Secure Remote Access to OT Networks

Read more →

A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals. read more   Advertise on IT Security News. Read the complete article: WPvivid Backup Plugin…

Read more →

Authorities in the United States and Europe have issued warnings of increased malicious cyber-activity related to the ongoing COVID-19 (coronavirus) pandemic. In an alert on Friday, the Federal Bureau of Investigation said that scammers are leveraging the current crisis to…

Read more →

Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles…

Read more →

A newly launched service from abuse.ch aims to make it easy for the community to share known malware samples and access additional intelligence on them.  read more   Advertise on IT Security News. Read the complete article: Abuse.ch Launches Free…

Read more →

The home confinement of hundreds of millions of people worldwide to halt coronavirus contagion has presented intelligence services with a challenge: monitoring an explosion in internet traffic, above board and not, even as their own capacity is reduced. read more…

Read more →

Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles…

Read more →

A newly launched service from abuse.ch aims to make it easy for the community to share known malware samples and access additional intelligence on them.  read more   Advertise on IT Security News. Read the complete article: Abuse.ch Launches Free…

Read more →

Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution. According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles…

Read more →

The home confinement of hundreds of millions of people worldwide to halt coronavirus contagion has presented intelligence services with a challenge: monitoring an explosion in internet traffic, above board and not, even as their own capacity is reduced. read more…

Read more →

A newly launched service from abuse.ch aims to make it easy for the community to share known malware samples and access additional intelligence on them.  read more   Advertise on IT Security News. Read the complete article: Abuse.ch Launches Free…

Read more →

The home confinement of hundreds of millions of people worldwide to halt coronavirus contagion has presented intelligence services with a challenge: monitoring an explosion in internet traffic, above board and not, even as their own capacity is reduced. read more…

Read more →

read more   Advertise on IT Security News. Read the complete article: Vulnerability Exposed Tesla Central Touchscreen to DoS Attacks

Read more →

read more   Advertise on IT Security News. Read the complete article: Vulnerability Exposed Tesla Central Touchscreen to DoS Attacks

Read more →

University of Utah Health revealed last week that it discovered unauthorized access to some employee email accounts, along with a malware infection on one of its workstations. read more   Advertise on IT Security News. Read the complete article: University…

Read more →

One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users’ credentials. read more   Advertise on IT Security News. Read the complete article: Flaw in Password…

Read more →

Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets. read more   Advertise on IT Security News. Read the complete article: Zero-Day Vulnerabilities in…

Read more →

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems. read more…

Read more →

Mozilla is getting ready to remove support for the File Transfer Protocol (FTP) from the Firefox web browser due to security concerns. read more   Advertise on IT Security News. Read the complete article: Mozilla to Remove Support for FTP…

Read more →

An Elasticsearch instance containing over 5 billion records of data leaked in previous cybersecurity incidents was found exposed to anyone with an Internet connection, Security Discovery reports. read more   Advertise on IT Security News. Read the complete article: Unprotected…

Read more →

UK-based financial technology company Finastra is investigating a cybersecurity incident that may involve a piece of ransomware infecting some of its systems. Finastra has over 10,000 employees and it delivers financial software to more than 9,000 customers across 130 countries,…

Read more →

A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation of a recently patched vulnerability. read more   Advertise on IT Security News. Read the complete…

Read more →

Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected. read more   Advertise on IT Security News.…

Read more →

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro’s security researchers reveal. read more   Advertise on IT Security News. Read the complete article: Russian Cyberspies…

Read more →

In a campaign targeting German companies, the infamous Russia-linked threat actor known as TA505 has been using legitimate tools in addition to malware, Prevailion reports. read more   Advertise on IT Security News. Read the complete article: Russia-Linked Cybercriminals Use…

Read more →

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. read more   Advertise on IT Security News. Read the complete article: Oracle VirtualBox, Adobe…

Read more →

Amid numerous malicious attacks leveraging the current COVID-19 coronavirus crisis, security researchers have discovered an Android surveillance campaign targeting users in Libya. read more   Advertise on IT Security News. Read the complete article: Android Surveillance Campaign Leverages COVID-19 Crisis

Read more →

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library. read more   Advertise on IT Security News. Read the complete article:…

Read more →

NIST SP 800-53 Revision 5 Represents a Multi-Year Effort to Develop Next-Generation Security and Privacy Controls read more   Advertise on IT Security News. Read the complete article: NIST Updates Flagship SP 800-53 Security and Privacy Controls

Read more →

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due…

Read more →

A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol (RDP) brute-forcing, Bitdefender reports. read more   Advertise on IT Security News. Read the complete article: RDP-Capable TrickBot…

Read more →

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. read more…

Read more →

A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company’s intellectual property. read more   Advertise on IT Security…

Read more →

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete. read more   Advertise on IT Security News. Read the complete article: Patch for Recently Disclosed VMware Fusion Vulnerability…

Read more →

On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS. read more   Advertise on IT Security News. Read the complete article: Researchers Hack…

Read more →

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating. read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

Cybercriminals have always used crises and natural disasters to fuel their social engineering activities. The COVID-19 (Coronavirus) pandemic is a massive human crisis, and criminals have been quick to take advantage. People are afraid, and fear is a primary social…

Read more →

The Cyberspace Solarium Commission (CSC) is a modern iteration of Eisenhower’s original 1953 Project Solarium. Project Solarium was tasked with developing a national strategy to contain and counter the nuclear threat from the USSR. CSC has a similar task to…

Read more →

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. read more   Advertise on IT Security News. Read the complete article: Adobe Patches…

Read more →

Threat intelligence provider Sixgill has announced a new product that allows organizations to integrate a real-time, actionable dark web data feed into any security platform. read more   Advertise on IT Security News. Read the complete article: Sixgill Introduces Dark…

Read more →

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console (VMRC) or Horizon Client are installed. read more   Advertise on IT Security News. Read the…

Read more →

Static Passwords Are No Longer Enough to Secure Systems read more   Advertise on IT Security News. Read the complete article: The Human Element and Beyond: Why Static Passwords Aren’t Enough

Read more →

Most ransomware is deployed after hours, and usually several days after the initial compromise, newly published research from FireEye reveals. read more   Advertise on IT Security News. Read the complete article: Ransomware Is Mostly Deployed After Hours: Report

Read more →

It may look like an email from a supervisor with an attachment on the new “work from home policy.” But it could be a cleverly designed scheme to hack into your network. read more   Advertise on IT Security News.…

Read more →

Attorney General William Barr vowed in an interview with The Associated Press on Tuesday that there would be swift and severe action if a foreign government is behind disinformation campaigns aimed at spreading fear in the U.S. amid the coronavirus…

Read more →

Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have been exploited in the wild. read more   Advertise on IT Security News. Read the complete…

Read more →

Researchers say two financial services companies have exposed over 500,000 sensitive legal and financial documents by storing them in an unprotected AWS S3 bucket. read more   Advertise on IT Security News. Read the complete article: Financial Services Firms Exposed…

Read more →

Thales, Telstra, Microsoft, and Arduino this week announced a partnership aimed at enabling the secure connection of IoT devices to the cloud. Delivering end-to-end connectivity between devices and cloud platforms, the solution enables “instant and standardized mutual authentication” over cellular…

Read more →

Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding. read more   Advertise on IT Security News. Read the complete article: Private Application Access Firm Axis Security Emerges…

Read more →

Twenty-four individuals were arrested for laundering funds illegally obtained via business email compromise (BEC), romance, and retirement account scams targeting victims across the United States. The large-scale fraud operation facilitated by the arrested individuals has caused losses of more than…

Read more →

Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0 (SMBv3) is causing problems. read more   Advertise on IT Security News. Read the complete article:…

Read more →

The U.S. Senate has voted to extend, rather than tweak, three surveillance powers that federal law enforcement officials use to fight terrorists, passing the bill back to an absent House and throwing the future of the authorities in doubt. read…

Read more →

A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices. read more  …

Read more →

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. read more   Advertise…

Read more →

Checkmarx, a provider of tools for testing source code for security issues, announced on Monday that private equity firm Hellman & Friedman (“H&F”) has agreed to acquire a majority of the Company from Insight Partners in a deal valuing Checkmarx…

Read more →

There Are Plenty of Phish in the Sea for Commercial Phishers and Weekend Scammers Alike The phish market is open. And you don’t have to be an experienced angler to land a catch of the day. read more   Advertise…

Read more →

Organizations have fallen behind with the patching of a Microsoft Exchange Server vulnerability addressed with Microsoft’s February 2020 Patch Day updates and already targeted in attacks. read more   Advertise on IT Security News. Read the complete article: Organizations Slow…

Read more →

Cybercrime Has Gone Mainstream With All the Tools You Need Now Easily Available on the Dark Web The phish market is open. And you don’t have to be an experienced angler to land a catch of the day. read more…

Read more →

A researcher earned $6,500 from Slack last year after finding a critical vulnerability that could have been exploited to hijack Slack accounts. Researcher Evan Custodio discovered in November 2019 that the enterprise collaboration platform’s slackb.com domain was vulnerable to HTTP…

Read more →

Another COVID-19 (Coronavirus) phishing campaign has been discovered — this one apparently operated by the Pakistan-based APT36, which is thought to be nation-backed. APT36 has been active since 2016, and possibly earlier, performing cyber espionage activity against Indian defense and…

Read more →

Privacy-focused services provider Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them. read more   Advertise on IT Security…

Read more →

Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel’s CloudCNM SecuManager network management software. The vendor has confirmed the flaws and says it’s working on patches. read more   Advertise on IT Security News. Read the complete…

Read more →

The case against Nassif Sami Daher and Kamel Mohammad Rammal, two Michigan men accused of food stamp fraud, hardly seemed exceptional. But the tool that agents used to investigate them was extraordinary: a secretive surveillance process intended to identify potential…

Read more →

European authorities managed to crack down on two cybercrime gangs responsible for stealing millions by employing SIM hijacking. read more   Advertise on IT Security News. Read the complete article: European Authorities Dismantle Two SIM Hijacking Gangs

Read more →

Three surveillance powers available to the U.S. government are set to temporarily expire Sunday after a trio of senators opposed a bipartisan House bill that would renew the authorities and impose new restrictions. read more   Advertise on IT Security…

Read more →

More than 100,000 WordPress websites were potentially affected by a series of vulnerabilities recently discovered and addressed in the Popup Builder plugin. read more   Advertise on IT Security News. Read the complete article: Flaws in Popup Builder Plugin Impacted…

Read more →

Microsoft announced this week that has deprecated Remote Desktop Connection Manager (RDCMan) due to security concerns.  read more   Advertise on IT Security News. Read the complete article: Microsoft Deprecates Remote Desktop Connection Manager

Read more →

VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. The critical flaw, tracked as CVE-2020-3947, is…

Read more →

COVID-19 (Coronavirus) themed malware attacks are now common. The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing China-based APT has…

Read more →

President Donald Trump on Thursday signed into law a bill that provides $1 billion to help small telecom providers replace equipment made by China’s Huawei and ZTE. read more   Advertise on IT Security News. Read the complete article: Trump…

Read more →

read more   Advertise on IT Security News. Read the complete article: U.S. Senators Seek to Ban TikTok on Government Devices

Read more →

House lawmakers prepared to extend surveillance authorities that expire this month, releasing legislation that represents a rare bipartisan agreement after members of both parties said they wanted to ensure the tools preserved civil liberties. read more   Advertise on IT…

Read more →

A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app. read more   Advertise on IT Security News. Read the complete…

Read more →

Currency data provider Open Exchange Rates has started informing customers that their information was likely stolen by hackers. read more   Advertise on IT Security News. Read the complete article: Currency Data Provider ‘Open Exchange Rates’ Discloses Breach

Read more →

Facebook and Twitter revealed evidence Thursday suggesting that Russian efforts to interfere in the U.S. presidential election are getting more sophisticated and harder to detect. The companies said they have removed dozens of fake accounts and pages from their services.…

Read more →

Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that has been described as “wormable.” read more   Advertise on IT Security News. Read the complete article: Out-of-Band…

Read more →

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from.  read more   Advertise on IT Security News. Read the complete article: Google Releases Tool to Block USB Keystroke…

Read more →

The Russia-linked threat group known as Turla was observed using two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019, ESET reports. read more   Advertise on IT Security News.…

Read more →

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks. read more   Advertise on IT Security News. Read the complete article: Auth0 Adds Threat Intelligence Tools…

Read more →

Avast this week disabled a JavaScript interpreter that is part of its antivirus product, after a security researcher discovered a vulnerability that could potentially lead to remote code execution. The JavaScript interpreter was found to run unsandboxed, thus potentially exposing…

Read more →

Facebook and other tech companies need to be regulated like the tobacco industry, warned Christopher Wylie, the whistleblower who exposed the Cambridge Analytica scandal. read more   Advertise on IT Security News. Read the complete article: Tech Must Be Treated…

Read more →

Google announced on Wednesday that it’s prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020. read more   Advertise on IT Security News. Read the complete article: Google Offering Higher Bonuses for Cloud Platform…

Read more →

Intel this week released patches for more than two dozen vulnerabilities impacting graphics drivers, FPGA, processors NUC, BlueZ, and other products.  read more   Advertise on IT Security News. Read the complete article: Intel Patches 27 Vulnerabilities Across Product Portfolio

Read more →

SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news. read more   Advertise on IT Security News.…

Read more →

The US needs a top-level cybersecurity coordinator and a better strategy of “deterrence” to protect against hackers and other cyber threats, a congressionally mandated commission said Wednesday. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks. read more   Advertise on IT Security News. Read the complete article: Tens of Vulnerabilities…

Read more →

Mozilla this week released Firefox 74 to the stable channel with several security improvements, including patches, a new add-ons policy, improved privacy, and versions 1.0 and 1.1 of the Transport Layer Security (TLS) protocol disabled by default. read more  …

Read more →

Sunnyvale, Calif-based Arctic Wolf Networks has raised $60 million in a Series D funding round led by Blue Cloud Ventures and Stereo Capital. This brings the total raised to date to $148.2 million. read more   Advertise on IT Security…

Read more →

Match Group, the parent company of dating apps such as Tinder, on Tuesday publicly endorsed a US bill others in the tech industry fear will erode online privacy and speech in the name of fighting child abuse. read more  …

Read more →

A vulnerability in Avast’s anti-tracking solution could allow malicious actors to perform man-in-the-middle (MitM) attacks on HTTPS traffic, a security researcher has discovered. The security flaw, which impacts both Avast and AVG AntiTrack, as they share underlying code, resides in…

Read more →