Tag: SecurityWeek RSS Feed

A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation of a recently patched vulnerability. read more   Advertise on IT Security News. Read the complete…

Read more →

Cybersecurity researchers say UK-based document printing and binding company Doxzoo exposed hundreds of gigabytes of information, including documents related to the US and British military, by leaving an AWS S3 bucket unprotected. read more   Advertise on IT Security News.…

Read more →

The Russia-linked cyber-espionage group known as Pawn Storm has been leveraging hijacked email accounts to send phishing emails to potential victims, Trend Micro’s security researchers reveal. read more   Advertise on IT Security News. Read the complete article: Russian Cyberspies…

Read more →

In a campaign targeting German companies, the infamous Russia-linked threat actor known as TA505 has been using legitimate tools in addition to malware, Prevailion reports. read more   Advertise on IT Security News. Read the complete article: Russia-Linked Cybercriminals Use…

Read more →

On the second day of the Pwn2Own 2020 hacking competition, participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. read more   Advertise on IT Security News. Read the complete article: Oracle VirtualBox, Adobe…

Read more →

Amid numerous malicious attacks leveraging the current COVID-19 coronavirus crisis, security researchers have discovered an Android surveillance campaign targeting users in Libya. read more   Advertise on IT Security News. Read the complete article: Android Surveillance Campaign Leverages COVID-19 Crisis

Read more →

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library. read more   Advertise on IT Security News. Read the complete article:…

Read more →

NIST SP 800-53 Revision 5 Represents a Multi-Year Effort to Develop Next-Generation Security and Privacy Controls read more   Advertise on IT Security News. Read the complete article: NIST Updates Flagship SP 800-53 Security and Privacy Controls

Read more →

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser. The pause, the Internet giant says, was caused by an adjusted work schedule due…

Read more →

A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol (RDP) brute-forcing, Bitdefender reports. read more   Advertise on IT Security News. Read the complete article: RDP-Capable TrickBot…

Read more →

With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. read more…

Read more →

A California man has been sentenced to more than seven years in prison for hacking an Atlanta-based company and trying to extort money in exchange for the return of the company’s intellectual property. read more   Advertise on IT Security…

Read more →

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete. read more   Advertise on IT Security News. Read the complete article: Patch for Recently Disclosed VMware Fusion Vulnerability…

Read more →

On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS. read more   Advertise on IT Security News. Read the complete article: Researchers Hack…

Read more →

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating. read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

Cybercriminals have always used crises and natural disasters to fuel their social engineering activities. The COVID-19 (Coronavirus) pandemic is a massive human crisis, and criminals have been quick to take advantage. People are afraid, and fear is a primary social…

Read more →

The Cyberspace Solarium Commission (CSC) is a modern iteration of Eisenhower’s original 1953 Project Solarium. Project Solarium was tasked with developing a national strategy to contain and counter the nuclear threat from the USSR. CSC has a similar task to…

Read more →

Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. read more   Advertise on IT Security News. Read the complete article: Adobe Patches…

Read more →

Threat intelligence provider Sixgill has announced a new product that allows organizations to integrate a real-time, actionable dark web data feed into any security platform. read more   Advertise on IT Security News. Read the complete article: Sixgill Introduces Dark…

Read more →

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console (VMRC) or Horizon Client are installed. read more   Advertise on IT Security News. Read the…

Read more →

Static Passwords Are No Longer Enough to Secure Systems read more   Advertise on IT Security News. Read the complete article: The Human Element and Beyond: Why Static Passwords Aren’t Enough

Read more →

Most ransomware is deployed after hours, and usually several days after the initial compromise, newly published research from FireEye reveals. read more   Advertise on IT Security News. Read the complete article: Ransomware Is Mostly Deployed After Hours: Report

Read more →

It may look like an email from a supervisor with an attachment on the new “work from home policy.” But it could be a cleverly designed scheme to hack into your network. read more   Advertise on IT Security News.…

Read more →

Attorney General William Barr vowed in an interview with The Associated Press on Tuesday that there would be swift and severe action if a foreign government is behind disinformation campaigns aimed at spreading fear in the U.S. amid the coronavirus…

Read more →

Trend Micro has patched several serious vulnerabilities in its Worry-Free Business Security, Apex One and OfficeScan products, including a couple of flaws that have been exploited in the wild. read more   Advertise on IT Security News. Read the complete…

Read more →

Researchers say two financial services companies have exposed over 500,000 sensitive legal and financial documents by storing them in an unprotected AWS S3 bucket. read more   Advertise on IT Security News. Read the complete article: Financial Services Firms Exposed…

Read more →

Thales, Telstra, Microsoft, and Arduino this week announced a partnership aimed at enabling the secure connection of IoT devices to the cloud. Delivering end-to-end connectivity between devices and cloud platforms, the solution enables “instant and standardized mutual authentication” over cellular…

Read more →

Axis Security, a company that specializes in private application access, emerged from stealth mode on Tuesday with $17 million in funding. read more   Advertise on IT Security News. Read the complete article: Private Application Access Firm Axis Security Emerges…

Read more →

Twenty-four individuals were arrested for laundering funds illegally obtained via business email compromise (BEC), romance, and retirement account scams targeting victims across the United States. The large-scale fraud operation facilitated by the arrested individuals has caused losses of more than…

Read more →

Some users have complained that the Windows security update released recently by Microsoft to patch a wormable vulnerability related to Server Message Block 3.0 (SMBv3) is causing problems. read more   Advertise on IT Security News. Read the complete article:…

Read more →

The U.S. Senate has voted to extend, rather than tweak, three surveillance powers that federal law enforcement officials use to fight terrorists, passing the bill back to an absent House and throwing the future of the authorities in doubt. read…

Read more →

A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices. read more  …

Read more →

The U.S. Department of Health and Human Services (HHS) was targeted with a distributed denial-of-service (DDoS) attack on Sunday, but the agency said it did not experience any significant disruption as a result of the incident. read more   Advertise…

Read more →

Checkmarx, a provider of tools for testing source code for security issues, announced on Monday that private equity firm Hellman & Friedman (“H&F”) has agreed to acquire a majority of the Company from Insight Partners in a deal valuing Checkmarx…

Read more →

There Are Plenty of Phish in the Sea for Commercial Phishers and Weekend Scammers Alike The phish market is open. And you don’t have to be an experienced angler to land a catch of the day. read more   Advertise…

Read more →

Organizations have fallen behind with the patching of a Microsoft Exchange Server vulnerability addressed with Microsoft’s February 2020 Patch Day updates and already targeted in attacks. read more   Advertise on IT Security News. Read the complete article: Organizations Slow…

Read more →

Cybercrime Has Gone Mainstream With All the Tools You Need Now Easily Available on the Dark Web The phish market is open. And you don’t have to be an experienced angler to land a catch of the day. read more…

Read more →

A researcher earned $6,500 from Slack last year after finding a critical vulnerability that could have been exploited to hijack Slack accounts. Researcher Evan Custodio discovered in November 2019 that the enterprise collaboration platform’s slackb.com domain was vulnerable to HTTP…

Read more →

Another COVID-19 (Coronavirus) phishing campaign has been discovered — this one apparently operated by the Pakistan-based APT36, which is thought to be nation-backed. APT36 has been active since 2016, and possibly earlier, performing cyber espionage activity against Indian defense and…

Read more →

Privacy-focused services provider Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them. read more   Advertise on IT Security…

Read more →

Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel’s CloudCNM SecuManager network management software. The vendor has confirmed the flaws and says it’s working on patches. read more   Advertise on IT Security News. Read the complete…

Read more →

The case against Nassif Sami Daher and Kamel Mohammad Rammal, two Michigan men accused of food stamp fraud, hardly seemed exceptional. But the tool that agents used to investigate them was extraordinary: a secretive surveillance process intended to identify potential…

Read more →

European authorities managed to crack down on two cybercrime gangs responsible for stealing millions by employing SIM hijacking. read more   Advertise on IT Security News. Read the complete article: European Authorities Dismantle Two SIM Hijacking Gangs

Read more →

Three surveillance powers available to the U.S. government are set to temporarily expire Sunday after a trio of senators opposed a bipartisan House bill that would renew the authorities and impose new restrictions. read more   Advertise on IT Security…

Read more →

More than 100,000 WordPress websites were potentially affected by a series of vulnerabilities recently discovered and addressed in the Popup Builder plugin. read more   Advertise on IT Security News. Read the complete article: Flaws in Popup Builder Plugin Impacted…

Read more →

Microsoft announced this week that has deprecated Remote Desktop Connection Manager (RDCMan) due to security concerns.  read more   Advertise on IT Security News. Read the complete article: Microsoft Deprecates Remote Desktop Connection Manager

Read more →

VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. The critical flaw, tracked as CVE-2020-3947, is…

Read more →

COVID-19 (Coronavirus) themed malware attacks are now common. The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing China-based APT has…

Read more →

President Donald Trump on Thursday signed into law a bill that provides $1 billion to help small telecom providers replace equipment made by China’s Huawei and ZTE. read more   Advertise on IT Security News. Read the complete article: Trump…

Read more →

read more   Advertise on IT Security News. Read the complete article: U.S. Senators Seek to Ban TikTok on Government Devices

Read more →

House lawmakers prepared to extend surveillance authorities that expire this month, releasing legislation that represents a rare bipartisan agreement after members of both parties said they wanted to ensure the tools preserved civil liberties. read more   Advertise on IT…

Read more →

A recently discovered Android Trojan was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app. read more   Advertise on IT Security News. Read the complete…

Read more →

Currency data provider Open Exchange Rates has started informing customers that their information was likely stolen by hackers. read more   Advertise on IT Security News. Read the complete article: Currency Data Provider ‘Open Exchange Rates’ Discloses Breach

Read more →

Facebook and Twitter revealed evidence Thursday suggesting that Russian efforts to interfere in the U.S. presidential election are getting more sophisticated and harder to detect. The companies said they have removed dozens of fake accounts and pages from their services.…

Read more →

Microsoft has released out-of-band updates for Windows to patch a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that has been described as “wormable.” read more   Advertise on IT Security News. Read the complete article: Out-of-Band…

Read more →

Google has released a new software tool designed to identify potential USB keystroke injection attacks and block devices they originate from.  read more   Advertise on IT Security News. Read the complete article: Google Releases Tool to Block USB Keystroke…

Read more →

The Russia-linked threat group known as Turla was observed using two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019, ESET reports. read more   Advertise on IT Security News.…

Read more →

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Identity management firm Auth0 has launched Auth0 Signals, a collection of threat intelligence tools and capabilities designed to protect customers from identity attacks. read more   Advertise on IT Security News. Read the complete article: Auth0 Adds Threat Intelligence Tools…

Read more →

Avast this week disabled a JavaScript interpreter that is part of its antivirus product, after a security researcher discovered a vulnerability that could potentially lead to remote code execution. The JavaScript interpreter was found to run unsandboxed, thus potentially exposing…

Read more →

Facebook and other tech companies need to be regulated like the tobacco industry, warned Christopher Wylie, the whistleblower who exposed the Cambridge Analytica scandal. read more   Advertise on IT Security News. Read the complete article: Tech Must Be Treated…

Read more →

Google announced on Wednesday that it’s prepared to pay out an extra $313,337 for interesting Cloud Platform vulnerabilities submitted in 2020. read more   Advertise on IT Security News. Read the complete article: Google Offering Higher Bonuses for Cloud Platform…

Read more →

Intel this week released patches for more than two dozen vulnerabilities impacting graphics drivers, FPGA, processors NUC, BlueZ, and other products.  read more   Advertise on IT Security News. Read the complete article: Intel Patches 27 Vulnerabilities Across Product Portfolio

Read more →

SAP on Tuesday released 16 security notes and two updates to previously released patches as part of its March 2020 Security Patch Day, with three of the new notes rated hot news. read more   Advertise on IT Security News.…

Read more →

The US needs a top-level cybersecurity coordinator and a better strategy of “deterrence” to protect against hackers and other cyber threats, a congressionally mandated commission said Wednesday. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

Tens of vulnerabilities discovered by Cisco Talos researchers in WAGO products expose some of the company’s controllers and human-machine interface (HMI) panels to remote attacks. read more   Advertise on IT Security News. Read the complete article: Tens of Vulnerabilities…

Read more →

Mozilla this week released Firefox 74 to the stable channel with several security improvements, including patches, a new add-ons policy, improved privacy, and versions 1.0 and 1.1 of the Transport Layer Security (TLS) protocol disabled by default. read more  …

Read more →

Sunnyvale, Calif-based Arctic Wolf Networks has raised $60 million in a Series D funding round led by Blue Cloud Ventures and Stereo Capital. This brings the total raised to date to $148.2 million. read more   Advertise on IT Security…

Read more →

Match Group, the parent company of dating apps such as Tinder, on Tuesday publicly endorsed a US bill others in the tech industry fear will erode online privacy and speech in the name of fighting child abuse. read more  …

Read more →

A vulnerability in Avast’s anti-tracking solution could allow malicious actors to perform man-in-the-middle (MitM) attacks on HTTPS traffic, a security researcher has discovered. The security flaw, which impacts both Avast and AVG AntiTrack, as they share underlying code, resides in…

Read more →

Microsoft is working on patches for a critical remote code execution vulnerability in Server Message Block 3.0 (SMBv3) that exposes systems to “wormable” attacks. read more   Advertise on IT Security News. Read the complete article: Microsoft Working on Patches…

Read more →

It’s Important to Enrich External Threat Intelligence With Context to Understand the Who, What, Where, When, Why and How of an Attack read more   Advertise on IT Security News. Read the complete article: Human Intelligence is Pivotal in a…

Read more →

The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that malicious actors breached its corporate network. read more   Advertise on IT Security News. Read the complete article: European Electrical Energy Organization Discloses Breach

Read more →

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, including 26 critical issues affecting Windows, Word, Dynamics Business Central, and the company’s web browsers. read more   Advertise on IT Security News. Read the complete article: Microsoft Patches 115…

Read more →

Necurs Botnet Takedown read more   Advertise on IT Security News. Read the complete article: Microsoft Cracks Infrastructure of Infamous Necurs Botnet

Read more →

A researcher has earned $55,000 from Facebook for reporting a serious vulnerability that could have been exploited by hackers to steal access tokens and hijack accounts. read more   Advertise on IT Security News. Read the complete article: Facebook Awards…

Read more →

Akamai Uses CDN Logs to Gain Insight Into the Success of Phishing Attacks read more   Advertise on IT Security News. Read the complete article: Akamai’s CDN Logs Uncover Emerging Phishing Attacks

Read more →

There’s Never a Dull Moment in the World of Security  read more   Advertise on IT Security News. Read the complete article: Never a Dull Moment – RSA Conference Afterthoughts

Read more →

Many processors made by Intel are vulnerable to a newly disclosed type of attack named Load Value Injection (LVI), but the chip maker has told customers that the attack is not very practical in real world environments. read more  …

Read more →

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates. read more   Advertise on IT Security News. Read the complete article: Attacks Targeting…

Read more →

Researchers Uncover Campaign Where Attackers Are Trojanizing Multiple Hacking Tools Used by Other Attackers read more   Advertise on IT Security News. Read the complete article: Hackers Hack Hacking Tools to Hack Hackers

Read more →

A recently disclosed vulnerability affecting Zoho’s ManageEngine Desktop Central endpoint management solution is already being exploited in attacks. read more   Advertise on IT Security News. Read the complete article: Hackers Exploiting Recently Patched ManageEngine Desktop Central Vulnerability

Read more →

The City of Durham and the Durham County government in North Carolina are in the process of recovery after experiencing what appears to be a ransomware attack on March 6. read more   Advertise on IT Security News. Read the…

Read more →

New Framework Enables Deployment of Firewalls as Software-Based Platforms AT&T, Palo Alto Networks and Broadcom have been developing a framework that enables organizations to deploy firewalls as software-based platforms instead of hardware appliances. read more   Advertise on IT Security…

Read more →

Google has announced that Android and macOS users can now use more web browsers to initially register security keys to their accounts. read more   Advertise on IT Security News. Read the complete article: Google Allows Enrolling Security Keys on…

Read more →

Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors.  read more   Advertise on IT Security News. Read the complete article: Proposed Bill Seeks to Protect Researchers Disclosing…

Read more →

Federal agencies participating in the Office of Management and Budget’s (OMB) Data Center Optimization Initiative (DCOI) report that they are on track with previously announced plans to close hundreds of outdated data centers, but many of the facilities that will…

Read more →

Employing techniques usually associated with nation-state threat actors, human-operated ransomware attacks represent a growing threat to businesses, Microsoft warned last week. read more   Advertise on IT Security News. Read the complete article: Human-Operated Ransomware Is a Growing Threat to…

Read more →

Researchers have identified two new methods for attacking AMD processors, but they are not as dangerous as some of the previously disclosed CPU attacks. read more   Advertise on IT Security News. Read the complete article: Researchers Disclose Two New…

Read more →

Australia’s privacy watchdog announced legal action against Facebook Monday for alleged “systematic failures” exposing more than 300,000 Australians to a data breach by Cambridge Analytica. read more   Advertise on IT Security News. Read the complete article: Aussie Watchdog Sues…

Read more →

Virgin Media has been accused of downplaying the recently disclosed cybersecurity incident that involved the personal information of roughly 900,000 people. read more   Advertise on IT Security News. Read the complete article: Virgin Media Accused of Downplaying Security Incident

Read more →

UNITED NATIONS (AP) — The United States, United Kingdom and Estonia accused Russia’s military intelligence Thursday of conducting cyber attacks against the Georgian government and media websites in an attempt “to sow discord and disrupt the lives of ordinary Georgians.”…

Read more →

Kaiser Permanente Ventures and Mayo Clinic Invest in Enterprise IoT Security Firm read more   Advertise on IT Security News. Read the complete article: IoT Security Firm Ordr Increases Funding to $50 Million

Read more →

Consulting giant Accenture has acquired UK-based cyber defense consultancy Context Information Security from Babcock International Group. Accenture says it’s not disclosing any financial terms, but aerospace and defense company Babcock revealed that it sold Context for £107 million, or roughly…

Read more →

To thwart increasingly dangerous cyber criminals, law enforcement agents are working to “burn down their infrastructure” and take out the tools that allow them to carry out their devastating attacks, FBI Director Christopher Wray said Wednesday. read more   Advertise…

Read more →

Facebook announced on Thursday that it has filed a lawsuit against domain registrar Namecheap and its Whoisguard privacy protection service over its refusal to provide information on a series of domains that impersonated the social media company and its services.…

Read more →

Free and open certificate authority (CA) Let’s Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. read more   Advertise on IT Security News. Read the complete article: Let’s…

Read more →

Business tools development company Zoho says it’s working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. read more   Advertise on IT Security News. Read the complete article: Zoho Working on Patch for Zero-Day Vulnerability…

Read more →

UK-based phone, TV and broadband services provider Virgin Media on Thursday admitted that it exposed the personal information of roughly 900,000 people. read more   Advertise on IT Security News. Read the complete article: Virgin Media Exposed Personal Information of…

Read more →

US lawmakers proposed legislation Thursday that could see internet companies held legally responsible for content on their platforms if they don’t do enough to police child pornography. read more   Advertise on IT Security News. Read the complete article: US…

Read more →