Tag: SecurityWeek RSS Feed

Cyborgs, trolls and bots can fill the internet with lies and half-truths. Understanding them is key to learning how misinformation spreads online. read more   Advertise on IT Security News. Read the complete article: Cyborgs, Trolls and Bots: A Guide…

Read more →

In an attempt to improve the security of its users, the Chrome browser will soon start blocking insecure downloads on HTTPS pages, Google announced. The plan, which the Internet giant laid out this week, is expected to be completed sometime…

Read more →

Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to be a supply chain attack. read more   Advertise on IT Security News. Read the complete…

Read more →

More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway, have already taken steps to secure their deployments.  read more   Advertise on IT Security News. Read the complete…

Read more →

The U.S. Department of Justice has asked victims of the Quantum Stresser DDoS-for-hire service, whose operator was recently sentenced, to come forward. read more   Advertise on IT Security News. Read the complete article: DoJ Looking for Victims of ‘Quantum…

Read more →

A judge in Brazil’s capital on Thursday dismissed accusations that journalist Glenn Greenwald was involved in hacking phones of officials, following weeks of criticism that his prosecution would infringe on constitutional protections for the press. read more   Advertise on…

Read more →

Late last year, the news was full of stories about smart cameras that had been hacked. read more   Advertise on IT Security News. Read the complete article: Smart, or Not So Smart? What the Ring Hacks Tell Us About…

Read more →

One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could lead to code execution. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Malicious optimizer, booster, and utility applications hosted on Google Play gathered nearly half a million downloads before being taken down, Trend Micro reports. read more   Advertise on IT Security News. Read the complete article: Malicious Optimizers Hosted on Google…

Read more →

Japanese defense contractors Pasco and Kobe Steel this week disclosed cyber intrusions they suffered back in 2016 and 2018. read more   Advertise on IT Security News. Read the complete article: Japanese Defense Contractors Pasco, Kobe Steel Disclose Old Breaches

Read more →

The Iran-linked threat group know as “Charming Kitten” has been targeting journalists, political and human rights activists in a new campaign aimed at stealing email account credentials, Certfa Lab reports. read more   Advertise on IT Security News. Read the…

Read more →

Active Campaign Uses BitBucket Cloud Storage Platform to Deliver 7 Different Malware Payloads read more   Advertise on IT Security News. Read the complete article: New Campaign Leverages BitBucket to Deliver Arsenal of Malware

Read more →

Cloud security company Netskope on Thursday announced that it has raised $340 million in a Series G funding round, valuing the firm at nearly $3 billion. read more   Advertise on IT Security News. Read the complete article: Cloud Security…

Read more →

A vulnerability in the Realtek HD Audio Driver package could be abused to execute arbitrary payloads with elevated privileges on a vulnerable machine, SafeBreach Labs has discovered. Tracked as CVE-2019-19705, the vulnerability could be leveraged to evade defenses and achieve…

Read more →

US-based cyber hygiene and patch management company Automox this week announced that it has raised $30 million in a Series B funding round, which brings the total raised by the firm to $42 million. read more   Advertise on IT…

Read more →

Enterprise device security firm Forescout Technologies (NASDAQ:FSCT) announced on Thursday that it has agreed to be acquired by private equity firm Advent International in a deal valued at $1.9 billion. read more   Advertise on IT Security News. Read the…

Read more →

Gov. John Bel Edwards called on Louisiana’s local government leaders Wednesday to protect their data, reminding them of recent cyberattacks across the state and saying they’re likely to face such a strike in the future. read more   Advertise on…

Read more →

FBI Director Chris Wray said Wednesday that Russia is engaged in “information warfare” heading into the 2020 presidential election, though he said law enforcement has not seen ongoing efforts by Russia to target America’s election infrastructure. read more   Advertise…

Read more →

Google this week released Chrome 80 to the stable channel with 56 vulnerability patches and various other improvements to user security. read more   Advertise on IT Security News. Read the complete article: Chrome 80 Released With 56 Security Fixes

Read more →

A bug in the Google Takeout download service has resulted in some users’ videos being inadvertently shared with other people.  read more   Advertise on IT Security News. Read the complete article: Google Shared Private Videos With Wrong Users

Read more →

Europe’s physics lab CERN on Wednesday said it had stopped using a Facebook team-chat application because of concerns about handing over data to the US tech giant. CERN said it had wound up its Facebook Workplace account on January 31…

Read more →

Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen. read more   Advertise on IT Security News. Read the complete article: Hackers Can Steal Data From Air-Gapped Computers Via…

Read more →

Reston, VA-based Leidos Holdings has announced a definitive agreement to buy the airport security and automation businesses from UK-based L3Harris for $1 billion in cash. read more   Advertise on IT Security News. Read the complete article: Leidos Buys L3Harris…

Read more →

Tens of millions of Cisco devices deployed in enterprise environments are exposed to attacks due to vulnerabilities identified by researchers in a proprietary discovery protocol they all use. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Facebook has patched a vulnerability in WhatsApp Desktop that could allow an attacker to launch cross-site scripting (XSS) attacks and access files from the victim’s system when paired with WhatsApp for iPhone. read more   Advertise on IT Security News.…

Read more →

Gap Analysis Can Serve as a Wonderful Driver for Improving Security Metrics  read more   Advertise on IT Security News. Read the complete article: Leveraging Gap Analysis to Drive Security Metrics

Read more →

Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network — regardless of whether that is a home or office. read more   Advertise…

Read more →

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country’s election infrastructure in everything from hacking to trust-eroding conspiracy theories. read more   Advertise on IT Security…

Read more →

A prosecutor told a jury at the opening of an espionage trial Tuesday that an angry CIA employee got his vengeance by committing the agency’s biggest leak of classified information ever, but a defense lawyer said her client was innocent.…

Read more →

A new Maryland bill would ask the state’s Department of Information Technology to develop a baseline plan for localities within the state to help battle cyber attacks. read more   Advertise on IT Security News. Read the complete article: Cybersecurity…

Read more →

A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system. read more   Advertise on IT Security News. Read the complete article: Sudo…

Read more →

Irish regulators have launched separate inquiries into Google and dating app Tinder over how they process user data, in a new round of regulatory scrutiny aimed at tech companies. read more   Advertise on IT Security News. Read the complete…

Read more →

Google this week released the February 2020 set of security updates for the Android operating system, which address a total of 25 vulnerabilities, including 2 rated critical severity. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Twitter unveiled a plan Tuesday to curb the spread of manipulated content including “deepfake” videos as part of a move to fight misinformation which could result in violence or other harm. read more   Advertise on IT Security News. Read…

Read more →

File hosting company Dropbox says it has awarded researchers over $1 million for vulnerabilities reported through its bug bounty program. read more   Advertise on IT Security News. Read the complete article: Dropbox Paid Out Over $1 Million Through Bug…

Read more →

Jerusalem Venture Partners Launches Cybersecurity Hub in Partnership with New York City read more   Advertise on IT Security News. Read the complete article: Israeli Venture Firm Partners With NYC to Launch Cybersecurity Accelerator

Read more →

Vulnerabilities recently patched in Mini-SNMPD could be abused for denial-of-service (DoS) attacks or to obtain sensitive information, Cisco Talos’ security researchers report. read more   Advertise on IT Security News. Read the complete article: Vulnerabilities in Mini-SNMPD Lead to DoS,…

Read more →

Twitter on Monday announced that it has suspended a large number of fake accounts that had exploited an API vulnerability to match usernames to phone numbers. read more   Advertise on IT Security News. Read the complete article: Twitter Suspends…

Read more →

Hewlett Packard Enterprise (HPE) on Monday announced that it has acquired Scytale, an identity management startup that specializes in cloud-native security and zero trust networking. read more   Advertise on IT Security News. Read the complete article: HPE Acquires Identity…

Read more →

For Cyberdefense to Progress, We Must Break Through the Cultural Barrier of Breach Disclosure Shame read more   Advertise on IT Security News. Read the complete article: Changing the Disclosure Shame Culture

Read more →

Australian transportation and logistics giant Toll Group was forced to shut down some of its online services in response to a ransomware attack and customers are not happy with the way the company has handled the incident. read more  …

Read more →

Hackers are actively targeting a vulnerability in Linear eMerge E3 access controllers to infect the devices with malware and abuse them to launch distributed denial-of-service (DDoS) attacks, SonicWall revealed over the weekend. read more   Advertise on IT Security News.…

Read more →

Medical device company Medtronic informed customers last week that it has released patches for some cardiac device vulnerabilities disclosed in 2018 and 2019. The vendor says it takes time to develop and validate patches for such complex and safety-critical devices…

Read more →

Six individuals were arrested in the United Kingdom last week for their involvement in a bank cyber-heist and money laundering operation. read more   Advertise on IT Security News. Read the complete article: Six Arrested in UK Over Malta Bank…

Read more →

The China-linked threat group tracked as Winnti was observed using a new variant of the ShadowPad backdoor in recent attacks targeting Hong Kong universities, ESET’s security researchers report. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Over the past five years, Cyber threat intelligence (CTI) has become one of the fastest growing elements in the cybersecurity space. Gartner expects as much as $2.3 billion to spent on it by 2023. read more   Advertise on IT…

Read more →

An update announced last week by Trend Micro for its Anti-Threat Toolkit (ATTK) addresses some additional attack methods related to a vulnerability initially patched in October 2019. read more   Advertise on IT Security News. Read the complete article: Trend…

Read more →

Japanese IT and electronics company NEC Corporation has revealed that hackers had access to its network for a long time, but the incident occurred several years ago. read more   Advertise on IT Security News. Read the complete article: Japanese…

Read more →

When state election officials gathered ahead of the last presidential election, major topics were voter registration, identity theft and ballot design. This year, the main theme is election security. read more   Advertise on IT Security News. Read the complete…

Read more →

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices. OpenSK is written in Rust and it supports both FIDO U2F…

Read more →

A newly launched project wants to help inform IT security representatives and domain owners when their users fall victim to phishing. read more   Advertise on IT Security News. Read the complete article: New Project Informs Security Teams of Phished…

Read more →

read more   Advertise on IT Security News. Read the complete article: Researcher Finds Over 60 Vulnerabilities in Physical Security Systems

Read more →

The United States on Thursday welcomed the European Union’s new rules on fifth-generation internet but pressed them to go further after the bloc resisted Washington’s pressure to ban China’s Huawei directly. read more   Advertise on IT Security News. Read…

Read more →

In the sports arena, the cyber and physical worlds are converged. The NFL and Super Bowl offer excellent examples of how laced together the two are. Last year, viewers streamed the Super Bowl across 7.5 million mobile devices. The NFL…

Read more →

Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency (CISA).  read more   Advertise on IT Security News. Read the complete article:…

Read more →

Microsoft on Thursday announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution vulnerabilities. read more   Advertise on IT Security News. Read the complete article: Hackers Can Earn $20,000…

Read more →

A threat group linked to Iran has targeted a U.S.-based research company whose services are used by businesses and government organizations, cybersecurity firm Intezer reveals. read more   Advertise on IT Security News. Read the complete article: Iranian Hackers Target…

Read more →

Concentric Emerges from Stealth with AI Document Classification Product and $7.5 Million Seed Funding read more   Advertise on IT Security News. Read the complete article: AI-based Document Classification Firm Concentric Emerges From Stealth

Read more →

Popular WordPress plugin Code Snippets recently received a patch for a high-severity vulnerability that can be exploited to take control of affected websites. read more   Advertise on IT Security News. Read the complete article: Flaw in ‘Code Snippets’ Plugin…

Read more →

Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive device information and to launch denial-of-service (DoS) attacks. read more   Advertise on IT Security News.…

Read more →

The United States Department of the Interior (DOI) this week has halted the operation of unmanned aircraft systems (UAS) over cybersecurity concerns most likely related to the use of Chinese drones. read more   Advertise on IT Security News. Read…

Read more →

Many devices, including ones often found in enterprise environments, are likely still vulnerable to direct memory access (DMA) attacks, despite the fact that hardware and software vendors have implemented protections that should prevent such attacks, firmware security company Eclypsium said…

Read more →

The Value of Threat Intelligence Comes Down to Relevance and Accessibility read more   Advertise on IT Security News. Read the complete article: The Best Treatment Plan for Your Security Pain Starts with a Data-Driven Diagnosis

Read more →

Last year, SEO spam was the most frequently observed threat on compromised websites, according to a new report from GoDaddy-owned web security company Sucuri. read more   Advertise on IT Security News. Read the complete article: SEO Spam Dominated Website…

Read more →

LONDON (AP) — The European Union unveiled security guidelines for next generation high-speed wireless networks that stop short of calling for a ban on Huawei, in the latest setback for the U.S. campaign against the Chinese tech company. read more…

Read more →

Researchers at cybersecurity firm Qualys have identified a potentially serious vulnerability in OpenSMTPD that can allow remote command execution with elevated privileges. read more   Advertise on IT Security News. Read the complete article: Serious Vulnerability Discovered in OpenSMTPD

Read more →

Better Privacy Means Better Security, Report Shows read more   Advertise on IT Security News. Read the complete article: Investment in Privacy Pays Cybersecurity Dividends: Cisco

Read more →

Magento 2.3.4 was released this week with patches for six vulnerabilities, including three that are considered critical. The first of these severe security issues is related to deserialization of untrusted data. Tracked as CVE-2020-3716, the bug could lead to arbitrary…

Read more →

Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products. A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and…

Read more →

The United Nations has been hacked. An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says that dozens of servers were “compromised” at offices in Geneva and Vienna. read more…

Read more →

World’s First Cybersecurity Special Purpose Acquisition Company (SPAC) to Build a New Cybersecurity Platform read more   Advertise on IT Security News. Read the complete article: New Public Company SCVX Formed to Acquire Cybersecurity Firms

Read more →

Russia has blocked a second encrypted email provider, Swiss-based ProtonMail, in efforts to halt a prolonged series of anonymous bomb threats, the security service said Wednesday. The FSB security service said Russia acted against Geneva-based ProtonMail after blocking another social…

Read more →

Measurement instruments that support the Standard Commands for Programmable Instruments (SCPI) protocol are exposed to hacker attacks, cybersecurity firm Trend Micro warned on Tuesday. read more   Advertise on IT Security News. Read the complete article: Use of SCPI Protocol…

Read more →

Google claims it paid out over $6.5 million through its bug bounty programs in 2019, which brings the total awarded by the company since the launch of its first program in 2010 to more than $21 million. read more  …

Read more →

Convenience store giant Wawa Inc. said Tuesday it is responding to reports that hacked information from its customers’ credit cards may be being sold on the dark web. read more   Advertise on IT Security News. Read the complete article:…

Read more →

The Ring doorbell application for Android contains third-party trackers and sends out a large amount of personally identifiable information (PII), the Electronic Frontier Foundation (EFF) has discovered. read more   Advertise on IT Security News. Read the complete article: Ring…

Read more →

Facebook said Tuesday a new tool allowing users of the social network to view and delete data it collects from third parties is rolling out to the estimated two billion members of the leading social network worldwide. read more  …

Read more →

A vulnerability in the Zoom online meeting system could allow attackers eavesdrop on meetings and view all shared content, Check Point security researchers have discovered.  read more   Advertise on IT Security News. Read the complete article: Vulnerability Allowed Attackers…

Read more →

A recently uncovered piece of file-encrypting ransomware, which some believe may be linked to Iran, has been targeting processes and files associated with industrial control systems (ICS). read more   Advertise on IT Security News. Read the complete article: New…

Read more →

Millions of devices deployed across a wide range of sectors could be exposed to hacker attacks due to security issues associated with the use of LoRaWAN, cybersecurity firm IOActive warned on Tuesday. read more   Advertise on IT Security News.…

Read more →

The second edition of the DEF CON China hacking conference has been put on hold as the country is fighting the coronavirus outbreak.  read more   Advertise on IT Security News. Read the complete article: DEF CON China Conference Postponed…

Read more →

Software-as-a-Service (SaaS) Security and Management Platform Provider Raises $10 Million in Series A Funding read more   Advertise on IT Security News. Read the complete article: AppOmni Raises $10 Million to Help Companies Prevent Cloud Misconfigurations

Read more →

Engaging Attacker Prior to Impact Will Significantly Reduce the Overall Operational Risk of Your Networks read more   Advertise on IT Security News. Read the complete article: Engaging the Attacker Prior to Impact

Read more →

Britain on Tuesday greenlighted a limited role for Chinese telecoms giant Huawei in the country’s 5G network, but underscored that “high risk vendors” would be excluded from “sensitive” core infrastructure. read more   Advertise on IT Security News. Read the…

Read more →

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store. read more   Advertise on IT Security News. Read the complete article:…

Read more →

Cisco on Tuesday announced the launch of a security solution for the Industrial Internet of Things (IIoT) that is designed to help organizations identify threats across their IT and OT environments. read more   Advertise on IT Security News. Read…

Read more →

Intel on Monday informed customers that researchers have identified yet another speculative execution attack method that can be launched against systems that use its processors. read more   Advertise on IT Security News. Read the complete article: CacheOut/L1DES: New Speculative…

Read more →

Citrix has released the full set of patches for the recently disclosed security flaw tracked as CVE-2019-19781, but attacks on vulnerable systems are ramping up. read more   Advertise on IT Security News. Read the complete article: Attacks on ADC…

Read more →

Prosecutors in Portugal have denounced him as a criminal hacker, but his supporters describe the man behind the “Luanda Leaks” revelations as a public interest whistleblower. read more   Advertise on IT Security News. Read the complete article: Rui Pinto:…

Read more →

A German privacy watchdog says it has opened an investigation into clothing retailer H&M amid evidence that the Swedish retailer had committed “massive data protection breaches” by spying on its customer service representatives in Germany. read more   Advertise on…

Read more →

Three individuals suspected of being involved in Magecart online skimming attacks were arrested late last year in Indonesia. read more   Advertise on IT Security News. Read the complete article: Three Magecart Hackers Arrested in Indonesia

Read more →

It’s been more than three years since Russia’s sweeping and systematic effort to interfere in U.S. elections through disinformation on social media, stolen campaign emails and attacks on voting systems. U.S. officials have made advances in trying to prevent similar…

Read more →

World Economic Forum Calls for Global Collaboration to Enhance Cyber Resilience in the Aviation Industry read more   Advertise on IT Security News. Read the complete article: World Economic Forum on Securing the Aviation Industry in the Age of Convergence

Read more →

The U.S. National Security Agency (NSA) has published advice on mitigating cloud vulnerabilities. While the advice is primarily designed for government agencies and departments, it nevertheless contains good advice for any commercial organization considering or embarking on — or already…

Read more →

read more   Advertise on IT Security News. Read the complete article: Huawei and Supply Chain Security – The Great Geopolitical Debate

Read more →

A cyberattack disclosed recently by Mitsubishi Electric, which resulted in hackers gaining access to the company’s network and stealing corporate data, likely involved exploitation of a vulnerability in Trend Micro’s OfficeScan product. read more   Advertise on IT Security News.…

Read more →

Proof-of-concept (PoC) exploits have been released for two recently patched Remote Desktop Gateway vulnerabilities that can be exploited for remote code execution. read more   Advertise on IT Security News. Read the complete article: PoC Exploits Created for Recently Patched…

Read more →

Prime Minister Boris Johnson discussed telecoms security with US President Donald Trump as he prepares to announce if Britain will use China’s Huawei in its 5G networks, officials said Saturday. read more   Advertise on IT Security News. Read the…

Read more →

Cisco on Friday informed customers that it has patched a vulnerability that allowed unauthorized users to join password-protected Webex meetings. Cisco said the flaw had been exploited. read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

Cybersecurity experts said Thursday there were still many unanswered questions from an investigation commissioned by Jeff Bezos that concluded the billionaire’s cellphone was hacked, apparently after receiving a video file with malicious spyware from the WhatsApp account of Saudi Arabia’s…

Read more →