Category: SecurityWeek RSS Feed

Microsoft is working on patches for a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that exposes systems to “wormable” attacks. read more   Advertise on IT Security News. Read the complete article: Microsoft Working on Patches…

Read more →

It’s Important to Enrich External Threat Intelligence With Context to Understand the Who, What, Where, When, Why and How of an Attack read more   Advertise on IT Security News. Read the complete article: Human Intelligence is Pivotal in a…

Read more →

The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that malicious actors breached its corporate network. read more   Advertise on IT Security News. Read the complete article: European Electrical Energy Organization Discloses Breach

Read more →

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, including 26 critical issues affecting Windows, Word, Dynamics Business Central, and the company’s web browsers. read more   Advertise on IT Security News. Read the complete article: Microsoft Patches 115…

Read more →

Necurs Botnet Takedown read more   Advertise on IT Security News. Read the complete article: Microsoft Cracks Infrastructure of Infamous Necurs Botnet

Read more →

A researcher has earned $55,000 from Facebook for reporting a serious vulnerability that could have been exploited by hackers to steal access tokens and hijack accounts. read more   Advertise on IT Security News. Read the complete article: Facebook Awards…

Read more →

Akamai Uses CDN Logs to Gain Insight Into the Success of Phishing Attacks read more   Advertise on IT Security News. Read the complete article: Akamai’s CDN Logs Uncover Emerging Phishing Attacks

Read more →

There’s Never a Dull Moment in the World of Security  read more   Advertise on IT Security News. Read the complete article: Never a Dull Moment – RSA Conference Afterthoughts

Read more →

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection (LVI), but the chip maker has told customers that the attack is not very practical in real world environments. read more  …

Read more →

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates. read more   Advertise on IT Security News. Read the complete article: Attacks Targeting…

Read more →

Researchers Uncover Campaign Where Attackers Are Trojanizing Multiple Hacking Tools Used by Other Attackers read more   Advertise on IT Security News. Read the complete article: Hackers Hack Hacking Tools to Hack Hackers

Read more →

A recently disclosed vulnerability affecting Zoho’s ManageEngine Desktop Central endpoint management solution is already being exploited in attacks. read more   Advertise on IT Security News. Read the complete article: Hackers Exploiting Recently Patched ManageEngine Desktop Central Vulnerability

Read more →

The City of Durham and the Durham County government in North Carolina are in the process of recovery after experiencing what appears to be a ransomware attack on March 6. read more   Advertise on IT Security News. Read the…

Read more →

New Framework Enables Deployment of Firewalls as Software-Based Platforms AT&T, Palo Alto Networks and Broadcom have been developing a framework that enables organizations to deploy firewalls as software-based platforms instead of hardware appliances. read more   Advertise on IT Security…

Read more →

Google has announced that Android and macOS users can now use more web browsers to initially register security keys to their accounts. read more   Advertise on IT Security News. Read the complete article: Google Allows Enrolling Security Keys on…

Read more →

Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors.  read more   Advertise on IT Security News. Read the complete article: Proposed Bill Seeks to Protect Researchers Disclosing…

Read more →

Federal agencies participating in the Office of Management and Budget’s (OMB) Data Center Optimization Initiative (DCOI) report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will…

Read more →

Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week. read more   Advertise on IT Security News. Read the complete article: Human-Operated Ransomware Is a Growing Threat to…

Read more →

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. read more   Advertise on IT Security News. Read the complete article: Researchers Disclose Two New…

Read more →

Australia’s privacy watchdog announced legal action against Facebook Monday for alleged “systematic failures” exposing more than 300,000 Australians to a data breach by Cambridge Analytica. read more   Advertise on IT Security News. Read the complete article: Aussie Watchdog Sues…

Read more →

Virgin Media has been accused of downplaying the recently disclosed cybersecurity incident that involved the personal information of roughly 900,000 people. read more   Advertise on IT Security News. Read the complete article: Virgin Media Accused of Downplaying Security Incident

Read more →

UNITED NATIONS (AP) — The United States, United Kingdom and Estonia accused Russia’s military intelligence Thursday of conducting cyber attacks against the Georgian government and media websites in an attempt “to sow discord and disrupt the lives of ordinary Georgians.”…

Read more →

Kaiser Permanente Ventures and Mayo Clinic Invest in Enterprise IoT Security Firm read more   Advertise on IT Security News. Read the complete article: IoT Security Firm Ordr Increases Funding to $50 Million

Read more →

Consulting giant Accenture has acquired UK-based cyber defense consultancy Context Information Security from Babcock International Group. Accenture says it’s not disclosing any financial terms, but aerospace and defense company Babcock revealed that it sold Context for £107 million, or roughly…

Read more →

To thwart increasingly dangerous cyber criminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said Wednesday. read more   Advertise…

Read more →

Facebook announced on Thursday that it has filed a lawsuit against domain registrar Namecheap and its Whoisguard privacy protection service over its refusal to provide information on a series of domains that impersonated the social media company and its services.…

Read more →

Free and open certificate authority (CA) Let’s Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. read more   Advertise on IT Security News. Read the complete article: Let’s…

Read more →

Business tools development company Zoho says it’s working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. read more   Advertise on IT Security News. Read the complete article: Zoho Working on Patch for Zero-Day Vulnerability…

Read more →

UK-based phone, TV and broadband services provider Virgin Media on Thursday admitted that it exposed the personal information of roughly 900,000 people. read more   Advertise on IT Security News. Read the complete article: Virgin Media Exposed Personal Information of…

Read more →

US lawmakers proposed legislation Thursday that could see internet companies held legally responsible for content on their platforms if they don’t do enough to police child pornography. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

ADP Security Chief Roland Cloutier Departs to Become Chief Information Security Officer (CISO) at China-owned TikTok read more   Advertise on IT Security News. Read the complete article: China’s TikTok Lures ADP Security Chief to Become New CISO

Read more →

Nearly one million domains use DMARC, but only 13% of them are configured to actually prevent email spoofing, according to a report published this week by anti-phishing solutions provider Valimail. read more   Advertise on IT Security News. Read the…

Read more →

UK Information Commissioner Fines Cathay Pacific $646,000 Over Long-Running Breach read more   Advertise on IT Security News. Read the complete article: Cathay Pacific Airways Fined Over Long-Running Breach

Read more →

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party. read more   Advertise on IT Security News. Read the complete…

Read more →

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday. read more   Advertise on IT Security News.…

Read more →

Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. read more   Advertise on IT Security News. Read the complete article: Hackers Scanning for Apache…

Read more →

Wireless carrier T-Mobile is sending notifications to its customers to inform them of a data breach that resulted in some of their personal information being compromised read more   Advertise on IT Security News. Read the complete article: T-Mobile Notifying…

Read more →

There are more than 600 legitimate Microsoft subdomains that can be hijacked and abused for phishing, malware delivery and scams, researchers warned this week. read more   Advertise on IT Security News. Read the complete article: Over 600 Microsoft Subdomains…

Read more →

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. read more   Advertise on IT Security News. Read…

Read more →

Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could be exploited remotely.  read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

MoleRATs, a politically-motivated threat actor apparently linked to the Palestinian terrorist organization Hamas, has expanded its target list to include insurance and retail industries, Palo Alto Networks’ security researchers report. read more   Advertise on IT Security News. Read the…

Read more →

The Council of the District of Columbia on Tuesday unanimously passed a bill whose goal is to expand data breach notification requirements and improve the way organizations protect personal information. read more   Advertise on IT Security News. Read the…

Read more →

What started as almost casual research in November 2019 and disclosed to various vendors as a vulnerability in November and December 2019 and January 2020 was abruptly reclassified and treated as a zero-day vulnerability on February 13, 2020. read more…

Read more →

Proper Network Sensor Placement Helps Security Analysts Focus on Events That Matter read more   Advertise on IT Security News. Read the complete article: Scouting the Adversary: Network Sensor Placement Considerations

Read more →

Free and open certificate authority (CA) Let’s Encrypt is revoking over 3 million currently-valid certificates after discovering a bug in its Certification Authority Authorization (CAA) code. read more   Advertise on IT Security News. Read the complete article: Bug Forces…

Read more →

A report published on Monday by Chinese cybersecurity firm Qihoo 360 claims that the U.S. Central Intelligence Agency (CIA) conducted an 11-year-long cyberespionage operation aimed at China’s critical industries. read more   Advertise on IT Security News. Read the complete…

Read more →

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. While Windows remains the most popular operating system used by fraudsters at 38%, the combined figures for iOS and Android are now 51% of…

Read more →

Google’s March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework.  read more   Advertise on IT Security News. Read the complete article: Google Patches Critical Remotely Exploitable Android Bug

Read more →

Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The fully automated service was designed to allow for an easy but rigorous evaluation of fuzzing research, in an attempt to boost the…

Read more →

Legal services company Epiq has taken its systems offline globally after being hit by a piece of ransomware. Epiq said on Monday that it detected the malware on its systems on February 29. The company said it had found no…

Read more →

In my previous column, I talked about the rapidly changing geopolitical landscape and the escalation of cyberattacks on critical infrastructure. Some of you may be wondering: “Why should I care? Russia and other nation-states aren’t focused on me and my…

Read more →

Tuesday’s presidential primaries across 14 states mark the first major security test since the 2018 midterm elections, with state and local election officials saying they are prepared to deal with everything from equipment problems to false information about the coronavirus.…

Read more →

Threat actors linked to China increasingly targeted the telecommunications sector in 2019, according to endpoint security firm CrowdStrike. CrowdStrike on Tuesday published its 2020 Global Threat Report, which provides data on both state-sponsored and financially-motivated operations observed by the company…

Read more →

Foreign actors continue to attempt to interfere with the election process, multiple United States departments and agencies warned in a joint statement released ahead of Tuesday’s presidential primaries. read more   Advertise on IT Security News. Read the complete article:…

Read more →

A software engineer on trial in the largest leak of classified information in CIA history was “prepared to do anything” to betray the agency, federal prosecutors said Monday as a defense attorney argued the man had been scapegoated for a…

Read more →

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange. read more   Advertise on IT Security News.…

Read more →

If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers. read more   Advertise on IT Security News. Read the…

Read more →

Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website takeover campaign read more   Advertise on IT Security News. Read the complete article: Patches Released…

Read more →

US lawmakers have passed legislation offering $1 billion to help telecom carriers “rip and replace” equipment from Chinese tech firms Huawei and ZTE amid national security concerns. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

Although businesses are increasingly at risk for cyberattacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets. read more   Advertise on IT Security News. Read the complete article: Businesses at Risk for Cyberattack But Take…

Read more →

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. read more   Advertise on IT Security News. Read the complete article: Walgreens Discloses…

Read more →

Software security updates NVIDIA released on Friday address multiple denial-of-service (DoS) vulnerabilities in GPU display drivers and Virtual GPU Manager software. read more   Advertise on IT Security News. Read the complete article: NVIDIA Patches DoS Flaws in GPU Driver…

Read more →

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised. read more   Advertise on IT Security News. Read the complete article: Railroad Construction…

Read more →

Cybersecurity firm Checkpoint has created an encyclopedia of the various techniques used by malware to evade analysis. read more   Advertise on IT Security News. Read the complete article: Checkpoint Creates Encyclopedia of Malware Evasion Techniques

Read more →

US regulators moved to impose fines Friday against the nation’s four major wireless carriers for selling location data of customers without their consent. The Federal Communications Commission proposed fining T-Mobile more than $91 million; AT&T some $57 million; Verizon $48…

Read more →

A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. read more   Advertise on IT Security News. Read the complete article: Apache Tomcat Affected…

Read more →

Microsoft this week announced new features in its Edge browser to prevent the download of potentially unwanted applications (PUA). read more   Advertise on IT Security News. Read the complete article: Microsoft Boosts PUA Protections in Edge

Read more →

ProtonMail on Thursday introduced a new feature designed to make it more difficult for hackers and spammers to impersonate users who have custom domain email addresses. The new feature, DKIM key management, is currently in beta and users have been…

Read more →

A British judge on Thursday paused Julian Assange‘s extradition hearing following four days of intense legal wrangling over Washington’s request for the WikiLeaks founder to stand trial there on espionage charges. read more   Advertise on IT Security News. Read…

Read more →

Free and open certificate authority Let’s Encrypt on Thursday issued its billionth certificate, four and a half years after issuing the first certificate. read more   Advertise on IT Security News. Read the complete article: Let’s Encrypt Issues Over 1…

Read more →

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company’s 2019 Product Security Report. read more   Advertise on IT Security News. Read the complete article: Intel Patched…

Read more →

Facebook on Thursday filed a federal lawsuit against oneAudience data intelligence firm over a tactic it used to gather information about users of social media platforms. read more   Advertise on IT Security News. Read the complete article: Facebook Sues…

Read more →

A Lincoln health care company has been targeted by cybercriminals, but company officials said there’s no evidence of any patient data being compromised. read more   Advertise on IT Security News. Read the complete article: Cybercriminals Target Lincoln Health Care…

Read more →

Cisco says it will release patches for wireless devices affected by the recently disclosed Wi-Fi chip vulnerability named Kr00k. The company says the flaw impacts some of its routers, firewalls, access points and phones. read more   Advertise on IT…

Read more →

Report Examines the Rise of Cybercrime Across Latin America read more   Advertise on IT Security News. Read the complete article: Inside the Rising Cybercrime Threat in Latin America

Read more →

Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software. read more   Advertise on IT Security News. Read the complete article: Cisco Patches Flaws in FXOS,…

Read more →

Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month. read more   Advertise on IT Security News. Read the complete article: Hackers Looking for Exchange…

Read more →

Many Vulnerabilities Found in Popular Docker Images, But Most Are Not Loaded Into Memory Cloud security company Rezilion has analyzed some of the most popular Docker container images and determined that while they include many vulnerabilities, less than half of…

Read more →

A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser. read more   Advertise on IT Security News. Read the complete article: Framework Isolates Libraries in…

Read more →

The Democratic National Committee has warned its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least…

Read more →

Ever since the birth of the Next-Generation Firewall, organizations have come to expect security devices that combine a variety of critical features and functions into a single package. To meet that demand, the number of security vendors referring to their…

Read more →

A white hat hacker has earned $8,500 for a serious vulnerability that exposed the email addresses of HackerOne users. read more   Advertise on IT Security News. Read the complete article: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Read more →

In the 2016 film “Norman: The Moderate Rise and Tragic Fall of a New York Fixer”, Norman, the lead character, appears to be a successful businessman on the surface. Only after we begin to dig deeper do we learn that…

Read more →

Facebook and Google this week announced the decision to postpone this year’s BountyCon bug hunting conference due to health risks. read more   Advertise on IT Security News. Read the complete article: Facebook and Google Postpone Asia-Pacific Bug Hunting Conference

Read more →

A recently disclosed zero-day vulnerability in Zyxel network-attached storage (NAS) devices also impacts over twenty of the vendor’s firewalls. read more   Advertise on IT Security News. Read the complete article: Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability

Read more →

OneTrust, a provider of privacy and security compliance tools, has raised $210 million in Series B funding at a valuation of $2.7 billion. The Series B round was led by Coatue and Insight Partners, and combined with OneTrust’s $200 million…

Read more →

read more   Advertise on IT Security News. Read the complete article: RSA Conference 2020: Product Announcement Summary (Day 3)

Read more →

Santa Clara, Calif-based McAfee has entered into a definitive agreement to acquire Baltimore, MD-based Light Point Security. Financial details have not been disclosed, but on completion of the acquisition, the Light Point staff will join McAfee, while the Light Point…

Read more →

New scanning capabilities that Google rolled out to Gmail have resulted in an increased overall detection rate of malicious documents. read more   Advertise on IT Security News. Read the complete article: Google Boosts Detection of Malicious Documents in Gmail

Read more →

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday. read more   Advertise on IT Security…

Read more →

The Iranian cyber-espionage group referred to as MuddyWater continues to focus on long-running operations even after a U.S. airstrike killed General Qassem Soleimani on January 2. read more   Advertise on IT Security News. Read the complete article: Iranian Cyberspies…

Read more →

read more   Advertise on IT Security News. Read the complete article: Intel Announces New Hardware-based Security Capabilities

Read more →

Russia wants to watch Americans “tear ourselves apart” as the United States heads toward elections, an FBI official warned Monday. read more   Advertise on IT Security News. Read the complete article: FBI Official: Russia Wants to See US ‘Tear…

Read more →

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, informed customers on Monday that its systems were targeted last week in a ransomware attack. RMLD says it serves over 68,000 residents in the towns of Reading, North Reading,…

Read more →

An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution. OpenSMTPD is the open source implementation of the Simple Mail Transfer Protocol (SMTP) in OpenBSD, and its portable…

Read more →

What You Need to Know to Make Sure You’re Headed in the Right Direction on Your Authentication Journey.    As Risk-Based Authentication Methods Continue to Evolve, Is It Time to Revisit Your Approach?  read more   Advertise on IT Security…

Read more →

Britain’s Financial Conduct Authority on Tuesday admitted to a data breach, in an embarrassing revelation for the regulator and its boss, who shortly takes over at the Bank of England. read more   Advertise on IT Security News. Read the…

Read more →

Mozilla has started rolling out encrypted DNS-over-HTTPS (DoH) by default for its Firefox users in the United States.  read more   Advertise on IT Security News. Read the complete article: Firefox Gets DNS-over-HTTPS as Default in U.S.

Read more →

Samsung said Tuesday that a “technical error” caused its website to display other customers’ personal information. The technology company said the error affected only its U.K. website at http://samsung.com/UK and affected fewer than 150 customers. read more   Advertise on…

Read more →

read more   Advertise on IT Security News. Read the complete article: RSA Conference 2020: Product Announcement Summary (Day 2)

Read more →