Tag: SecurityWeek RSS Feed

Free and open certificate authority (CA) Let’s Encrypt has decided that it will not revoke one million of the certificates affected by the recent CAA recheck bug. read more   Advertise on IT Security News. Read the complete article: Let’s…

Read more →

Business tools development company Zoho says it’s working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. read more   Advertise on IT Security News. Read the complete article: Zoho Working on Patch for Zero-Day Vulnerability…

Read more →

UK-based phone, TV and broadband services provider Virgin Media on Thursday admitted that it exposed the personal information of roughly 900,000 people. read more   Advertise on IT Security News. Read the complete article: Virgin Media Exposed Personal Information of…

Read more →

US lawmakers proposed legislation Thursday that could see internet companies held legally responsible for content on their platforms if they don’t do enough to police child pornography. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

ADP Security Chief Roland Cloutier Departs to Become Chief Information Security Officer (CISO) at China-owned TikTok read more   Advertise on IT Security News. Read the complete article: China’s TikTok Lures ADP Security Chief to Become New CISO

Read more →

Nearly one million domains use DMARC, but only 13% of them are configured to actually prevent email spoofing, according to a report published this week by anti-phishing solutions provider Valimail. read more   Advertise on IT Security News. Read the…

Read more →

UK Information Commissioner Fines Cathay Pacific $646,000 Over Long-Running Breach read more   Advertise on IT Security News. Read the complete article: Cathay Pacific Airways Fined Over Long-Running Breach

Read more →

Leisure travel company Carnival Corporation has started informing customers of a data breach that occurred last year and which resulted in their personal information being accessed by a third-party. read more   Advertise on IT Security News. Read the complete…

Read more →

Most Intel chipsets released in the past five years are affected by a vulnerability that can be exploited to obtain encrypted data and compromise data protection technologies, Positive Technologies revealed on Thursday. read more   Advertise on IT Security News.…

Read more →

Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. read more   Advertise on IT Security News. Read the complete article: Hackers Scanning for Apache…

Read more →

Wireless carrier T-Mobile is sending notifications to its customers to inform them of a data breach that resulted in some of their personal information being compromised read more   Advertise on IT Security News. Read the complete article: T-Mobile Notifying…

Read more →

There are more than 600 legitimate Microsoft subdomains that can be hijacked and abused for phishing, malware delivery and scams, researchers warned this week. read more   Advertise on IT Security News. Read the complete article: Over 600 Microsoft Subdomains…

Read more →

US officials on Wednesday stepped up warnings about the potential security risks from the fast-growing, Chinese-owned TikTok as a lawmaker unveiled legislation to ban the social media app from government devices. read more   Advertise on IT Security News. Read…

Read more →

Cisco has released patches to address more than a dozen vulnerabilities across various products, including two code execution bugs in Webex Player that could be exploited remotely.  read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

MoleRATs, a politically-motivated threat actor apparently linked to the Palestinian terrorist organization Hamas, has expanded its target list to include insurance and retail industries, Palo Alto Networks’ security researchers report. read more   Advertise on IT Security News. Read the…

Read more →

The Council of the District of Columbia on Tuesday unanimously passed a bill whose goal is to expand data breach notification requirements and improve the way organizations protect personal information. read more   Advertise on IT Security News. Read the…

Read more →

What started as almost casual research in November 2019 and disclosed to various vendors as a vulnerability in November and December 2019 and January 2020 was abruptly reclassified and treated as a zero-day vulnerability on February 13, 2020. read more…

Read more →

Proper Network Sensor Placement Helps Security Analysts Focus on Events That Matter read more   Advertise on IT Security News. Read the complete article: Scouting the Adversary: Network Sensor Placement Considerations

Read more →

Free and open certificate authority (CA) Let’s Encrypt is revoking over 3 million currently-valid certificates after discovering a bug in its Certification Authority Authorization (CAA) code. read more   Advertise on IT Security News. Read the complete article: Bug Forces…

Read more →

A report published on Monday by Chinese cybersecurity firm Qihoo 360 claims that the U.S. Central Intelligence Agency (CIA) conducted an 11-year-long cyberespionage operation aimed at China’s critical industries. read more   Advertise on IT Security News. Read the complete…

Read more →

Mobile payment fraud is growing, and is growing faster in the mobile ecosystem than anywhere else. While Windows remains the most popular operating system used by fraudsters at 38%, the combined figures for iOS and Android are now 51% of…

Read more →

Google’s March 2020 security updates for Android include fixes for over 70 vulnerabilities, including a critical flaw in media framework.  read more   Advertise on IT Security News. Read the complete article: Google Patches Critical Remotely Exploitable Android Bug

Read more →

Google this week announced the launch of FuzzBench, a free and open source service for evaluating fuzzers. The fully automated service was designed to allow for an easy but rigorous evaluation of fuzzing research, in an attempt to boost the…

Read more →

Legal services company Epiq has taken its systems offline globally after being hit by a piece of ransomware. Epiq said on Monday that it detected the malware on its systems on February 29. The company said it had found no…

Read more →

In my previous column, I talked about the rapidly changing geopolitical landscape and the escalation of cyberattacks on critical infrastructure. Some of you may be wondering: “Why should I care? Russia and other nation-states aren’t focused on me and my…

Read more →

Tuesday’s presidential primaries across 14 states mark the first major security test since the 2018 midterm elections, with state and local election officials saying they are prepared to deal with everything from equipment problems to false information about the coronavirus.…

Read more →

Threat actors linked to China increasingly targeted the telecommunications sector in 2019, according to endpoint security firm CrowdStrike. CrowdStrike on Tuesday published its 2020 Global Threat Report, which provides data on both state-sponsored and financially-motivated operations observed by the company…

Read more →

Foreign actors continue to attempt to interfere with the election process, multiple United States departments and agencies warned in a joint statement released ahead of Tuesday’s presidential primaries. read more   Advertise on IT Security News. Read the complete article:…

Read more →

A software engineer on trial in the largest leak of classified information in CIA history was “prepared to do anything” to betray the agency, federal prosecutors said Monday as a defense attorney argued the man had been scapegoated for a…

Read more →

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange. read more   Advertise on IT Security News.…

Read more →

If DevOps represents the union of people, process, and technology to continually provide value to customers, then DevSecOps represents the fusion of value and security provided to those same customers. read more   Advertise on IT Security News. Read the…

Read more →

Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website takeover campaign read more   Advertise on IT Security News. Read the complete article: Patches Released…

Read more →

US lawmakers have passed legislation offering $1 billion to help telecom carriers “rip and replace” equipment from Chinese tech firms Huawei and ZTE amid national security concerns. read more   Advertise on IT Security News. Read the complete article: US…

Read more →

Although businesses are increasingly at risk for cyberattacks on their mobile devices, many aren’t taking steps to protect smartphones and tablets. read more   Advertise on IT Security News. Read the complete article: Businesses at Risk for Cyberattack But Take…

Read more →

Pharmacy store chain Walgreens has started informing some users of its mobile application that their personal and health-related information may have been seen by other customers. read more   Advertise on IT Security News. Read the complete article: Walgreens Discloses…

Read more →

Software security updates NVIDIA released on Friday address multiple denial-of-service (DoS) vulnerabilities in GPU display drivers and Virtual GPU Manager software. read more   Advertise on IT Security News. Read the complete article: NVIDIA Patches DoS Flaws in GPU Driver…

Read more →

Rail contractor RailWorks Corporation is notifying employees and third-parties that it recently fell victim to a ransomware attack in which sensitive information might have been compromised. read more   Advertise on IT Security News. Read the complete article: Railroad Construction…

Read more →

Cybersecurity firm Checkpoint has created an encyclopedia of the various techniques used by malware to evade analysis. read more   Advertise on IT Security News. Read the complete article: Checkpoint Creates Encyclopedia of Malware Evasion Techniques

Read more →

US regulators moved to impose fines Friday against the nation’s four major wireless carriers for selling location data of customers without their consent. The Federal Communications Commission proposed fining T-Mobile more than $91 million; AT&T some $57 million; Verizon $48…

Read more →

A serious vulnerability affecting Apache Tomcat can be exploited to read files from a server and in some cases even to achieve remote code execution. read more   Advertise on IT Security News. Read the complete article: Apache Tomcat Affected…

Read more →

Microsoft this week announced new features in its Edge browser to prevent the download of potentially unwanted applications (PUA). read more   Advertise on IT Security News. Read the complete article: Microsoft Boosts PUA Protections in Edge

Read more →

ProtonMail on Thursday introduced a new feature designed to make it more difficult for hackers and spammers to impersonate users who have custom domain email addresses. The new feature, DKIM key management, is currently in beta and users have been…

Read more →

A British judge on Thursday paused Julian Assange‘s extradition hearing following four days of intense legal wrangling over Washington’s request for the WikiLeaks founder to stand trial there on espionage charges. read more   Advertise on IT Security News. Read…

Read more →

Free and open certificate authority Let’s Encrypt on Thursday issued its billionth certificate, four and a half years after issuing the first certificate. read more   Advertise on IT Security News. Read the complete article: Let’s Encrypt Issues Over 1…

Read more →

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company’s 2019 Product Security Report. read more   Advertise on IT Security News. Read the complete article: Intel Patched…

Read more →

Facebook on Thursday filed a federal lawsuit against oneAudience data intelligence firm over a tactic it used to gather information about users of social media platforms. read more   Advertise on IT Security News. Read the complete article: Facebook Sues…

Read more →

A Lincoln health care company has been targeted by cybercriminals, but company officials said there’s no evidence of any patient data being compromised. read more   Advertise on IT Security News. Read the complete article: Cybercriminals Target Lincoln Health Care…

Read more →

Cisco says it will release patches for wireless devices affected by the recently disclosed Wi-Fi chip vulnerability named Kr00k. The company says the flaw impacts some of its routers, firewalls, access points and phones. read more   Advertise on IT…

Read more →

Report Examines the Rise of Cybercrime Across Latin America read more   Advertise on IT Security News. Read the complete article: Inside the Rising Cybercrime Threat in Latin America

Read more →

Cisco on Wednesday released patches for 11 vulnerabilities in its products, including multiple flaws that impact Cisco UCS Manager, FXOS, and NX-OS software. read more   Advertise on IT Security News. Read the complete article: Cisco Patches Flaws in FXOS,…

Read more →

Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month. read more   Advertise on IT Security News. Read the complete article: Hackers Looking for Exchange…

Read more →

Many Vulnerabilities Found in Popular Docker Images, But Most Are Not Loaded Into Memory Cloud security company Rezilion has analyzed some of the most popular Docker container images and determined that while they include many vulnerabilities, less than half of…

Read more →

A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser. read more   Advertise on IT Security News. Read the complete article: Framework Isolates Libraries in…

Read more →

The Democratic National Committee has warned its presidential candidates to be cautious after Bernie Sanders’ campaign reported that an “impersonator” with a domain registered overseas had posed as one of its staffers and sought conversations with members of at least…

Read more →

Ever since the birth of the Next-Generation Firewall, organizations have come to expect security devices that combine a variety of critical features and functions into a single package. To meet that demand, the number of security vendors referring to their…

Read more →

A white hat hacker has earned $8,500 for a serious vulnerability that exposed the email addresses of HackerOne users. read more   Advertise on IT Security News. Read the complete article: Hacker Earns $8,500 for Vulnerability in HackerOne Platform

Read more →

In the 2016 film “Norman: The Moderate Rise and Tragic Fall of a New York Fixer”, Norman, the lead character, appears to be a successful businessman on the surface. Only after we begin to dig deeper do we learn that…

Read more →

Facebook and Google this week announced the decision to postpone this year’s BountyCon bug hunting conference due to health risks. read more   Advertise on IT Security News. Read the complete article: Facebook and Google Postpone Asia-Pacific Bug Hunting Conference

Read more →

A recently disclosed zero-day vulnerability in Zyxel network-attached storage (NAS) devices also impacts over twenty of the vendor’s firewalls. read more   Advertise on IT Security News. Read the complete article: Over 20 Zyxel Firewalls Impacted by Recent Zero-Day Vulnerability

Read more →

OneTrust, a provider of privacy and security compliance tools, has raised $210 million in Series B funding at a valuation of $2.7 billion. The Series B round was led by Coatue and Insight Partners, and combined with OneTrust’s $200 million…

Read more →

read more   Advertise on IT Security News. Read the complete article: RSA Conference 2020: Product Announcement Summary (Day 3)

Read more →

Santa Clara, Calif-based McAfee has entered into a definitive agreement to acquire Baltimore, MD-based Light Point Security. Financial details have not been disclosed, but on completion of the acquisition, the Light Point staff will join McAfee, while the Light Point…

Read more →

New scanning capabilities that Google rolled out to Gmail have resulted in an increased overall detection rate of malicious documents. read more   Advertise on IT Security News. Read the complete article: Google Boosts Detection of Malicious Documents in Gmail

Read more →

A new vulnerability, which may have affected over one billion Wi-Fi-capable devices before patches were released, could have allowed hackers to obtain sensitive information from wireless communications, cybersecurity firm ESET revealed on Wednesday. read more   Advertise on IT Security…

Read more →

The Iranian cyber-espionage group referred to as MuddyWater continues to focus on long-running operations even after a U.S. airstrike killed General Qassem Soleimani on January 2. read more   Advertise on IT Security News. Read the complete article: Iranian Cyberspies…

Read more →

read more   Advertise on IT Security News. Read the complete article: Intel Announces New Hardware-based Security Capabilities

Read more →

Russia wants to watch Americans “tear ourselves apart” as the United States heads toward elections, an FBI official warned Monday. read more   Advertise on IT Security News. Read the complete article: FBI Official: Russia Wants to See US ‘Tear…

Read more →

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, informed customers on Monday that its systems were targeted last week in a ransomware attack. RMLD says it serves over 68,000 residents in the towns of Reading, North Reading,…

Read more →

An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution. OpenSMTPD is the open source implementation of the Simple Mail Transfer Protocol (SMTP) in OpenBSD, and its portable…

Read more →

What You Need to Know to Make Sure You’re Headed in the Right Direction on Your Authentication Journey.    As Risk-Based Authentication Methods Continue to Evolve, Is It Time to Revisit Your Approach?  read more   Advertise on IT Security…

Read more →

Britain’s Financial Conduct Authority on Tuesday admitted to a data breach, in an embarrassing revelation for the regulator and its boss, who shortly takes over at the Bank of England. read more   Advertise on IT Security News. Read the…

Read more →

Mozilla has started rolling out encrypted DNS-over-HTTPS (DoH) by default for its Firefox users in the United States.  read more   Advertise on IT Security News. Read the complete article: Firefox Gets DNS-over-HTTPS as Default in U.S.

Read more →

Samsung said Tuesday that a “technical error” caused its website to display other customers’ personal information. The technology company said the error affected only its U.K. website at http://samsung.com/UK and affected fewer than 150 customers. read more   Advertise on…

Read more →

read more   Advertise on IT Security News. Read the complete article: RSA Conference 2020: Product Announcement Summary (Day 2)

Read more →

The developers of the free and open-source forum software MyBB have shared some data on the vulnerabilities patched in their product over the past years. read more   Advertise on IT Security News. Read the complete article: Over 100 Vulnerabilities…

Read more →

A threat actor — likely a state-sponsored cyberespionage group — has used a sophisticated technique to allow a piece of malware hosted on a server to communicate with command and control (C2) servers through a firewall. read more   Advertise…

Read more →

Networking devices vendor Zyxel has released patches for several network attached storage (NAS) devices to address a critical vulnerability that is already being exploited by cybercriminals. read more   Advertise on IT Security News. Read the complete article: Zyxel Patches…

Read more →

KPMG’s Take on Key Trends and Requirements for Enterprise Cybersecurity for 2020 and Beyond read more   Advertise on IT Security News. Read the complete article: KPMG on Key Cybersecurity Considerations for 2020

Read more →

With $40 million in bug bounties paid in 2019, hacker-powered bug bounty platform HackerOne nearly doubled the amount paid out in all previous years combined, reaching $82 million. read more   Advertise on IT Security News. Read the complete article:…

Read more →

A group of researchers at Ruhr-Universität Bochum and NYU Abu Dhabi have discovered a new attack on 4G and 5G mobile networks that can be used to impersonate users. read more   Advertise on IT Security News. Read the complete…

Read more →

A Chrome 80 update released on Monday patches three high-severity vulnerabilities, including one that Google says has been exploited in the wild. read more   Advertise on IT Security News. Read the complete article: Google Patches Chrome Vulnerability Exploited in…

Read more →

A group of business email compromise (BEC) scammers that targeted thousands in the United States employed Google’s G Suite for their infrastructure, Agari reports. read more   Advertise on IT Security News. Read the complete article: BEC Group Abuses Google…

Read more →

read more   Advertise on IT Security News. Read the complete article: SECURITI.ai Wins RSA Conference 2020 Innovation Sandbox Contest

Read more →

The Pentagon is adopting new ethical principles as it prepares to accelerate its use of artificial intelligence technology on the battlefield. The new principles call for people to “exercise appropriate levels of judgment and care” when deploying and using AI…

Read more →

read more   Advertise on IT Security News. Read the complete article: RSA Conference 2020: Product Announcement Summary (Day 1)

Read more →

Researchers from Cisco’s Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa. read more   Advertise on IT Security News. Read the complete…

Read more →

The cost of poorly protected device identities has long been assumed, but not proven, to be large. Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to…

Read more →

Canada’s privacy watchdog on Friday announced an investigation into a US software startup reportedly capable of matching images of unknown faces to photos it mined from millions of websites and social media networks. read more   Advertise on IT Security…

Read more →

Slickwraps, a company that provides protection solutions and accessories for phones, computers and other devices, has revealed that user data was compromised recently after a third party accessed an unprotected database left accessible from the Internet. read more   Advertise…

Read more →

Cisco on Monday unveiled SecureX, a new cloud-native security platform designed to improve visibility, deliver analytics, and automate common security workflows. read more   Advertise on IT Security News. Read the complete article: Cisco Unveils SecureX Security Platform

Read more →

Honeywell has released patches for a couple of potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems. read more   Advertise on IT Security News. Read the complete article: Vulnerabilities Allow Hackers to Access Honeywell…

Read more →

The FBI on Friday arrested a man linked to former U.S. Rep. Katie Hill’s 2018 House campaign for allegedly orchestrating a series of cyberattacks on a rival candidate that shut down the campaign’s website for 21 hours. read more  …

Read more →

Just weeks into this year’s election cycle, Russia already is actively interfering in the U.S. presidential campaign in hopes of reelecting President Donald Trump, and is also trying to help the candidacy of Sen. Bernie Sanders on the Democratic side,…

Read more →

New Mexico’s attorney general sued Google Thursday over allegations the tech company is illegally collecting personal data generated by children in violation of federal and state laws. read more   Advertise on IT Security News. Read the complete article: New…

Read more →

Google has removed roughly 600 applications from Google Play for violating its ad-related policies, the Internet search giant announced this week. In addition, the company banned them from Google AdMob and Google Ad Manager, its ad monetization platforms. read more…

Read more →

Workplace experience and facility management company ISS World was hit this week by a malware attack that forced its systems offline. read more   Advertise on IT Security News. Read the complete article: Malware Attack Takes ISS World’s Systems Offline

Read more →

FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week. FireEye analyzed 1.1 million malware samples per day in 2019 and it tracked a total…

Read more →

VMware has patched serious vulnerabilities, including remote code execution and authentication bypass issues, in vRealize Operations for Horizon Adapter. read more   Advertise on IT Security News. Read the complete article: VMware Patches Serious Flaws in vRealize Operations for Horizon…

Read more →

The United States’ Defence Information Systems Agency (DISA) has started notifying people that their personal information may have been compromised as a result of a data breach that occured in 2019. read more   Advertise on IT Security News. Read…

Read more →

On August 7, 2019, a single credential stuffing attack against a financial services company recorded 55,141,782 malicious login attempts. To put that in perspective, it is more than twice the daily average (22,682,022) of credential abuse attacks detected by Akamai…

Read more →