Tag: SecurityWeek RSS Feed

A hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM can be abused to access the FortiSIEM Supervisor.  read more   Advertise on IT Security News. Read the complete article: Hardcoded SSH Key Found in Fortinet SIEM…

Read more →

Portland, Oregon-based children’s clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public. read more   Advertise on IT Security News. Read the complete article: Hanna Andersson Data…

Read more →

Apple has published its latest transparency report, which provides details on the number of government requests the tech company received during the first half of 2019. read more   Advertise on IT Security News. Read the complete article: Apple Received…

Read more →

The National Institute of Standards and Technology (NIST) last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. read more   Advertise on IT Security News. Read the complete article: NIST Releases…

Read more →

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. read more   Advertise on IT Security News. Read the complete article: Citrix Releases First Patches for Critical ADC Vulnerability

Read more →

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks. Until a fix becomes available, the company has shared some workarounds and mitigations.…

Read more →

Turkish hackers claimed Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs and economy ministries, as well as the country’s stock exchange. read more   Advertise on IT Security News.…

Read more →

Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code.  read more   Advertise on IT Security News. Read the complete article: Microsoft Introduces Free Source Code Analyzer

Read more →

WeLeakInfo Website Taken Down in International Law Enforcement Operation read more   Advertise on IT Security News. Read the complete article: FBI Takes Down Site Selling Subscriptions to Stolen Data

Read more →

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered. read more   Advertise…

Read more →

Cybersecurity State Coordinator Program Would Bolster State and Local Cybersecurity Four United States Senators have introduced a bipartisan bill that would require the Department of Homeland Security (DHS) to establish a Cybersecurity State Coordinator program, with each of the 50…

Read more →

California-based data security startup Cyral emerged from stealth mode this week and announced that it has raised $11 million in a Series A funding round. The company previously received $4.1 million in an angel investment round, which brings the total…

Read more →

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency. read more   Advertise on IT Security News. Read the…

Read more →

A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards. read more   Advertise on IT Security News. Read the complete article: Hackers…

Read more →

A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. read more   Advertise on IT…

Read more →

Siemens this week addressed several vulnerabilities and warned customers about the security risks associated with the use of ActiveX in industrial products. read more   Advertise on IT Security News. Read the complete article: Siemens Warns of Security Risks Associated…

Read more →

Iran is widely expected to ramp up cyberattacks against the United States in response to the US killing of a top Iranian leader this month even as fears have receded about a military confrontation between the two countries. read more…

Read more →

Security and web performance company Cloudflare has announced a suite of services for the cyber-protection of political campaigns in the United States and worldwide. read more   Advertise on IT Security News. Read the complete article: Cloudflare Announces Free Security…

Read more →

The FBI, in a change of policy, is committing to inform state officials if local election systems have been breached, federal officials said Thursday. read more   Advertise on IT Security News. Read the complete article: FBI Plans to Notify…

Read more →

Cybersecurity firm McAfee announced on Thursday that its board of managers has appointed Peter Leav as the company’s new chief executive officer after Chris Young decided to step down. read more   Advertise on IT Security News. Read the complete…

Read more →

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows. read more   Advertise on IT Security News.…

Read more →

Facebook this week introduced a new notification to alert users when their accounts interact with a third-party application using Facebook Login. Dubbed “Login Notifications,” the new feature is meant to provide users with increased control over their data, the social…

Read more →

A researcher who discovered many vulnerabilities in Cisco’s Data Center Network Manager (DCNM) product has made public some proof-of-concept (PoC) exploits and technical details. read more   Advertise on IT Security News. Read the complete article: PoC Exploits Released for…

Read more →

Court Approves Equifax Data Breach Settlement read more   Advertise on IT Security News. Read the complete article: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement

Read more →

On January 13, 2020, a federal court approved the proposed settlement for the class action suit filed against Equifax over the massive data breach it revealed in September 2017. read more   Advertise on IT Security News. Read the complete…

Read more →

TEL AVIV, Israel (AP) — An Israeli court heard a case Thursday calling for restrictions to be slapped on NSO Group, an Israeli company that makes surveillance software that is said to have been used to target journalists and dissidents…

Read more →

Outpacing Your Security Capacity With Digital Innovation is a Formula for Disaster  read more   Advertise on IT Security News. Read the complete article: The Edge is Near. Are You Ready?

Read more →

Hundreds of Internet-accessible, unprotected medical imaging systems expose data on millions of patients worldwide, German security firm Greenbone reveals. read more   Advertise on IT Security News. Read the complete article: Unprotected Medical Systems Expose Data on Millions of Patients

Read more →

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency. read more  …

Read more →

P&N Bank is reportedly sending out notifications to customers of a data breach that resulted in a large amount of sensitive information being compromised.  read more   Advertise on IT Security News. Read the complete article: P&N Bank Data Breach…

Read more →

The Cloud Native Computing Foundation (CNCF) this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability. read more   Advertise on IT Security News. Read the complete article: Public…

Read more →

An increasing number of companies believe they are being targeted by state-sponsored hacking groups, a new survey shows.  read more   Advertise on IT Security News. Read the complete article: Organizations Feel Threat of Nation-State Attacks, Survey Shows

Read more →

Google announced on Wednesday that it has simplified the enrollment process for its Advanced Protection Program and it now allows users to activate a security key on their iPhone. Google’s Advanced Protection Program (APP) is designed to help high-risk users…

Read more →

Attackers Evolve Quickly, and We Must Work Daily to Ensure We Are Ready for Their Next Move read more   Advertise on IT Security News. Read the complete article: Using Gap Analysis to Fix a Leaky Enterprise

Read more →

The threat actor or group behind the Satan ransomware — and probably DBGer and Lucky and possibly Iron — seems to be engaged in a new version or evolution of Satan: 5ss5c. read more   Advertise on IT Security News.…

Read more →

Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round led by Georgian Partners. read more   Advertise on IT Security News. Read the complete article: Trusona Raises…

Read more →

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability. read more   Advertise on IT Security News. Read the complete article: Vulnerabilities Found…

Read more →

Oracle has released its first Critical Patch Update (CPU) for 2020, which includes a total of 334 new security patches across multiple product families. read more   Advertise on IT Security News. Read the complete article: Oracle’s January 2020 CPU…

Read more →

SAP today released 6 Security Notes and 1 Updated Note as part of its January 2020 Security Patch Day, with all addressing Medium severity vulnerabilities.  read more   Advertise on IT Security News. Read the complete article: SAP Releases 6…

Read more →

Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices. read more   Advertise on IT Security News.…

Read more →

The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.…

Read more →

Google on Tuesday said is making progress in its quest to vanquish third-party “cookies” on its popular browser used to track people’s online activities, a focus of many privacy activists. read more   Advertise on IT Security News. Read the…

Read more →

Google Project Zero security researchers have published technical details on an iMessage vulnerability addressed last year, which could be exploited remotely to achieve arbitrary code execution.  read more   Advertise on IT Security News. Read the complete article: Google Researchers…

Read more →

As public cloud providers continue to elevate their platforms’ default enterprise protection and compliance capabilities to close gaps in their portfolio or suites of in-house integrated security products, CISOs are increasingly looking to the use and integration of threat intelligence…

Read more →

Popular dating apps like Tinder and Grindr are sharing the personal data of their users to third parties in breach of EU regulations, a Norwegian consumer rights group said Tuesday. read more   Advertise on IT Security News. Read the…

Read more →

Prime Minister Boris Johnson on Tuesday challenged US opponents of Britain’s potential decision to let China’s Huawei telecoms giant develop its 5G network to come up with a better choice. read more   Advertise on IT Security News. Read the…

Read more →

Weak security measures in place at several major wireless carriers in the United States make it easy for attackers to perform SIM swap attacks on prepaid mobile accounts, a recent study found. read more   Advertise on IT Security News.…

Read more →

Adobe’s January 2020 Patch Tuesday updates address several vulnerabilities in the company’s Illustrator and Experience Manager products. read more   Advertise on IT Security News. Read the complete article: Adobe Patches Vulnerabilities in Illustrator, Experience Manager

Read more →

Windows 7 has reached end of life on Tuesday, January 14, 2020, but hundreds of millions of PCs worldwide still run the operating system, which likely makes them a more tempting target for malicious cyber actors. read more   Advertise…

Read more →

A phishing campaign apparently aimed at Burisma, the Ukrainian gas company that is at the center of President Donald Trump’s impeachment, has been linked by cybersecurity researchers to a hacker group believed to be working on behalf of the Russian…

Read more →

Russian spies hacked a Ukrainian energy company at the center of the impeachment trial of US President Donald Trump, a cybersecurity firm said Monday. read more   Advertise on IT Security News. Read the complete article: Russia Hacked Ukrainian Gas…

Read more →

Russian spies hacked a Ukrainian energy company at the center of the impeachment trial of US President Donald Trump, a cybersecurity firm said Monday. Russia’s GRU spy agency launched a “phishing” attack in November to access the email of Burisma…

Read more →

NortonLifeLock (NASDAQ: NLOK) announced on Monday that it has agreed to sell its ID Analytics business to LexisNexis Risk Solutions for $375 million.  read more   Advertise on IT Security News. Read the complete article: NortonLifeLock to Sell ID Analytics…

Read more →

British and American officials are meeting as U.K. Prime Minister Boris Johnson’s government prepares to decide on whether there’s a future for Chinese equipment maker Huawei in the country’s next-generation telecom networks, his spokesman said Monday. read more   Advertise…

Read more →

Intelligence Can be Aligned With Larger Objectives to Improve Decision-Making Beyond the Cybersecurity Domain read more   Advertise on IT Security News. Read the complete article: Graduation Day: From Cyber Threat Intelligence to Intelligence

Read more →

Still under development, a newly discovered information stealer is successfully targeting Internet browsers and cryptocurrency wallet applications, and most victims are apparently located in the United States. read more   Advertise on IT Security News. Read the complete article: Oski…

Read more →

Facebook last week rushed to patch a bug that exposed the accounts of individuals who manage pages, after the weakness was exploited against several high-profile pages. read more   Advertise on IT Security News. Read the complete article: Facebook Rushes…

Read more →

Exploits targeting the recent Citrix Application Delivery Controller (ADC) vulnerability have already been published online, yet security patches will not be available for at least another week. read more   Advertise on IT Security News. Read the complete article: Exploits…

Read more →

A man accused of hacking UK National Lottery accounts via credential stuffing attacks has been sentenced to nine months in prison, the UK’s National Crime Agency reported on Friday. read more   Advertise on IT Security News. Read the complete…

Read more →

Google has removed roughly 1,700 unique applications from its Google Play app store that were part of a family of potentially unwanted programs.  read more   Advertise on IT Security News. Read the complete article: Google Removes Trove of Risky…

Read more →

The FBI laid out new protocols Friday for how it conducts electronic surveillance in national security cases, responding to a Justice Department inspector general report that harshly criticized the bureau’s handling of the Russia investigation. read more   Advertise on…

Read more →

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability. read more   Advertise on IT Security News. Read the complete article:…

Read more →

The UK Data Protection Regulator (the Information Commissioner’s Office – ICO) has issued a monetary penalty of £500,000 ($654,000) against Dixon Carphone for what it describes as “multiple, systemic and serious inadequacies” in the firm’s security posture. read more  …

Read more →

An upstate New York airport and its computer management provider were attacked by ransomware over Christmas, officials said. read more   Advertise on IT Security News. Read the complete article: Christmas Ransomware Attack Hit New York Airport Servers

Read more →

A bill introduced this week by Senator Tom Cotton (R-Arkansas) would ban the sharing of intelligence with countries that use Huawei technologies in their fifth generation (5G) networks. read more   Advertise on IT Security News. Read the complete article:…

Read more →

A bill introduced this week by Senator Tom Cotton (R-Arkansas) would ban the sharing of intelligence with countries that use Huawei technologies in their fifth generation (5G) networks. read more   Advertise on IT Security News. Read the complete article:…

Read more →

An out-of-bounds write bug in the E2fsprogs filesystem utility could lead to remote code execution, Cisco Talos security researchers reveal. read more   Advertise on IT Security News. Read the complete article: Remote Code Execution Flaw Impacts E2fsprogs Filesystem Utility

Read more →

Hackers may be able to remotely take complete control of cable modems from various manufacturers due to a critical vulnerability affecting a middleware component shipped with some Broadcom chips. read more   Advertise on IT Security News. Read the complete…

Read more →

Trend Micro’s Zero Day Initiative (ZDI) on Thursday announced the targets and prizes for the 2020 Pwn2Own competition, which is set to take place on March 18-20 in Vancouver at the CanSecWest conference. read more   Advertise on IT Security…

Read more →

Weeks after Citrix revealed a critical vulnerability impacting its Application Delivery Controller (ADC) and Gateway products, hackers have started to scan the Internet for vulnerable systems, security researchers report. read more   Advertise on IT Security News. Read the complete…

Read more →

As cars evolve into rolling mobile computers, the potential for disastrous cyber attacks has become a new road hazard. Israeli cybersecurity firm GuardKnox demonstrated the threat in a Formula 1 driving simulation at the Consumer Electronics show this week in…

Read more →

An increasing number of threat groups have been spotted targeting electric utilities in North America, industrial cybersecurity firm Dragos reported on Thursday. The company has published a new report that describes the threats faced by the electric sector in North…

Read more →

Over the past year and a half, the North Korea-linked Lazarus group has continued attacks on cryptocurrency exchanges but modified its malware and some techniques, Kaspersky reports.  read more   Advertise on IT Security News. Read the complete article: North…

Read more →

Pre-installed malware on Android phones is a growing menace — so much that on Wednesday this week, Privacy International and around 50 other international NGOs (including ACLU, EFF, Amnesty and the TOR project) sent an open letter to Google demanding…

Read more →

Welcome to 2020! It’s the “Year of the Rat” according to Chinese zodiac. It’s an Olympics year, with the Summer Games to be held in Tokyo. It’s a presidential election year in the United States. And for security professionals, it’s…

Read more →

A researcher has earned over $15,000 from PayPal for reporting a critical vulnerability that could have been exploited by hackers to obtain user email addresses and passwords. read more   Advertise on IT Security News. Read the complete article: PayPal…

Read more →

The cybercriminals behind the TrickBot malware, who are believed to be based in Russia, have been using a new PowerShell backdoor in recent attacks aimed at high-value targets, SentinelLabs revealed on Thursday. read more   Advertise on IT Security News.…

Read more →

Rockwell Automation on Wednesday announced that it has entered an agreement to acquire Israel-based cybersecurity solutions provider Avnet Data Security in an effort to expand its cybersecurity expertise. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Nepal on Wednesday deported 122 Chinese nationals who were arrested on suspicion of operating a large-scale cyber fraud operation in Kathmandu, officials said. read more   Advertise on IT Security News. Read the complete article: Nepal Deports 122 Chinese Nationals…

Read more →

Updates released by Mozilla on Wednesday for its Firefox browser address a zero-day vulnerability that has been exploited in targeted attacks. read more   Advertise on IT Security News. Read the complete article: Mozilla Patches Firefox Zero-Day Exploited in Targeted…

Read more →

The FBI asked Apple this week to help extract data from iPhones that belonged to the Saudi aviation student who investigators say fatally shot three sailors at a U.S. naval base in Florida last month. read more   Advertise on…

Read more →

Interpol announced on Wednesday that it has coordinated an international operation aimed at removing illegally installed cryptocurrency miners from routers located in Southeast Asia. read more   Advertise on IT Security News. Read the complete article: Interpol Announces Successful Operation…

Read more →

Kuwait on Wednesday denied reports that the United States had decided to withdraw its troops from the Gulf state, saying the Twitter account of its official news agency had been hacked. read more   Advertise on IT Security News. Read…

Read more →

Google’s Project Zero has updated its vulnerability disclosure policy to keep bug reports closed for 90 days, regardless of whether a patch is out before the deadline or not.  read more   Advertise on IT Security News. Read the complete…

Read more →

Mozilla this week released Firefox 72 to the stable channel with advanced privacy protections that involve the blocking of fingerprinting scripts by default. read more   Advertise on IT Security News. Read the complete article: Firefox 72 Blocks Fingerprinting Scripts…

Read more →

Travelex, the British-based foreign currency company, will not suffer any financial impact from a cyber attack on New Year’s Eve, its parent group said Wednesday. read more   Advertise on IT Security News. Read the complete article: Travelex Says Financially…

Read more →

Threat actors tend to focus on the human element as the weakest link in the cyber-attack chain, often using stolen, weak, default, or otherwise compromised credentials to gain access to their victim’s environment. read more   Advertise on IT Security…

Read more →

BlackBerry this week announced a customizable automotive solution designed to help OEMs improve vehicle health and security. The solution aims to provide the necessary foundation to “future-proof” vehicles, as well as to help accelerate development timelines and reduce the cost…

Read more →

Las Vegas officials said Tuesday that that a cyber attack breached the city’s computer systems, but it wasn’t immediately clear if any sensitive data was compromised. read more   Advertise on IT Security News. Read the complete article: Las Vegas…

Read more →

Researchers Have Discovered Multiple Security Vulnerabilities Within the Popular TikTok Application read more   Advertise on IT Security News. Read the complete article: China-Made TikTok App Riddled With Security Holes: Researchers

Read more →

read more   Advertise on IT Security News. Read the complete article: Threat Posed by Iran to Industrial Systems After Killing of Top General

Read more →

My Apple News app recently served up some targeted marketing that really hit home. There before me was the opportunity to purchase a limited-edition 11 Herbs & Spices Firelog from KFC and Envirolog, sold through Walmart.  read more   Advertise…

Read more →

MITRE on Tuesday announced the initial release of a version of its ATT&CK knowledge base that covers the tactics and techniques used by malicious actors when targeting industrial control systems (ICS). read more   Advertise on IT Security News. Read…

Read more →

A cyber-espionage group supposedly linked to the Chinese government is targeting non-governmental organizations (NGOs) in South and East Asia, Secureworks has revealed. read more   Advertise on IT Security News. Read the complete article: Chinese Cyber-Espionage Group Targeted NGOs for…

Read more →

TEHRAN, Iran (AP) — Iran struck back at the United States for the killing of a top Iranian general early Wednesday, firing a series of surface-to-surface missiles at two Iraqi bases housing U.S. troops and warning the United States and…

Read more →

Email and data security company Mimecast on Monday announced the acquisition of threat protection solutions provider Segasec. read more   Advertise on IT Security News. Read the complete article: Mimecast Acquires Threat Protection Provider Segasec

Read more →

Pruning the Security Technology Tool Sprawl read more   Advertise on IT Security News. Read the complete article: Are Overlapping Security Tools Adversely Impacting Your Security Posture?

Read more →

An information disclosure vulnerability affecting Microsoft Access can cause sensitive data from system memory to be unintentionally saved in database files, email security company Mimecast revealed on Tuesday. read more   Advertise on IT Security News. Read the complete article:…

Read more →

In an unexpected industry twist, consulting giant Accenture (NYSE: ACN) on Tuesday announced that it has agreed to acquire Symantec’s Cyber Security Services business from Broadcom (NASDAQ: AVGO) for an undisclosed sum. read more   Advertise on IT Security News.…

Read more →

Google on Monday published the first Android security bulletin for 2020, with patches for 40 vulnerabilities, including a critical flaw in the Media framework. read more   Advertise on IT Security News. Read the complete article: Android’s January 2020 Update…

Read more →