Tag: SecurityWeek RSS Feed

Britain is expected to announce next week whether to allow China’s Huawei to develop its 5G network, an official said on Friday, setting out reasons for agreeing despite US opposition. read more   Advertise on IT Security News. Read the…

Read more →

Researchers who took part this week in the Zero Day Initiative’s Pwn2Own Miami hacking competition have earned a total of $280,000 for exploits targeting industrial control systems (ICS) and associated protocols. read more   Advertise on IT Security News. Read…

Read more →

A Russian national pleaded guilty Thursday to running a website that helped people commit more than $20 million in credit-card fraud. Aleksei Burkov, 29, of St. Petersburg, Russia, entered the plea to charges including fraud and money laundering in a…

Read more →

The privacy mechanism implemented by Apple’s Safari browser to prevent user tracking across websites is not efficient at protecting users’ privacy, Google security researchers have discovered. read more   Advertise on IT Security News. Read the complete article: Safari’s Intelligent…

Read more →

Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run. read more   Advertise on IT Security News. Read the…

Read more →

A critical vulnerability in the Cisco Firepower Management Center (FMC) could allow a remote attacker to bypass authentication and execute arbitrary actions on affected devices as administrator.  read more   Advertise on IT Security News. Read the complete article: Cisco…

Read more →

Several potentially serious vulnerabilities have been found in patient monitoring products made by GE Healthcare, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and healthcare cybersecurity firm CyberMDX revealed on Thursday. read more   Advertise on IT Security News. Read…

Read more →

Cloud security firm CloudKnox Security today announced that it has raised $12 million in a new funding round, which brings its total funding to $22.75 million.  read more   Advertise on IT Security News. Read the complete article: CloudKnox Security…

Read more →

A targeted phishing campaign against government entities in Persian Gulf and Middle East countries was detected earlier this month. The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad…

Read more →

U.N. human rights experts are asking Washington to investigate a suspected Saudi hack that may have siphoned data from the personal smartphone of Jeff Bezos, Amazon founder and owner of The Washington Post. But the forensic evidence they cite comes…

Read more →

Data security solutions provider Privafy has emerged from stealth mode with $22 million in funding, which it will use to scale product development. read more   Advertise on IT Security News. Read the complete article: Data Security Startup Privafy Emerges…

Read more →

Attacks recently identified to target a key organization in the European energy sector have employed a remote access Trojan (RAT) previously associated with Iran-linked threat actors, Recorded Future reports. read more   Advertise on IT Security News. Read the complete…

Read more →

New Vancouver Space Becomes One of Six Global Technology Centres for Mastercard read more   Advertise on IT Security News. Read the complete article: Mastercard Opens New Intelligence and Cyber Center in Vancouver, Canada

Read more →

Some of Honeywell’s MAXPRO video surveillance systems are affected by serious vulnerabilities that can be exploited by hackers to take complete control of the system, a researcher has discovered. read more   Advertise on IT Security News. Read the complete…

Read more →

The United States pressed France on Wednesday to take “strong security measures” against potential breaches from 5G services provided by Chinese telecommunications firm Huawei, saying failure to do so could imperil intelligence exchanges. read more   Advertise on IT Security…

Read more →

Security vulnerabilities in some AMD ATI Radeon graphics cards could allow attackers to remotely execute code or cause a denial of service condition, researchers from Cisco Talos have warned.  read more   Advertise on IT Security News. Read the complete…

Read more →

Wednesday is the deadline to seek cash payments and claim free services as part of Equifax’s $700 million settlement over a massive data breach. read more   Advertise on IT Security News. Read the complete article: Wednesday is Deadline for…

Read more →

Coalition, a San Francisco-based cyber insurance provider for SMBs, on Wednesday announced that it has acquired internet scanning and threat intelligence services provider BinaryEdge. Financial terms of the deal have not been disclosed. read more   Advertise on IT Security…

Read more →

Independent UN rights experts said Wednesday they had received information that Amazon owner Jeff Bezos’s phone was hacked through a WhatsApp account belonging to Saudi Crown Prince Mohammad bin Salman. read more   Advertise on IT Security News. Read the…

Read more →

Cyber threat detection provider Intezer this week announced it has raised $15 million in a Series B funding round. The New York-based cyber-security company helps organizations detect threats by revealing the “genetic” origins of software code, and also provides context…

Read more →

World Economic Forum Publishes Global Risks Report 2020 read more   Advertise on IT Security News. Read the complete article: World Economic Forum Global Risks Report Highlights Dangers of Digital innovation

Read more →

Proton Technologies, the company best known for its privacy-focused email service ProtonMail, this week announced that the source code for all of its ProtonVPN virtual private network (VPN) applications has been made public after each app underwent independent security audits.…

Read more →

Nearly 250 million Microsoft Customer Service and Support (CSS) records were found exposed to the Internet in five insecure Elasticsearch databases, Comparitech reports. read more   Advertise on IT Security News. Read the complete article: Microsoft Exposed 250 Million Customer…

Read more →

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks. read more   Advertise on IT Security News. Read the complete article: Unofficial Patch…

Read more →

California-based secure DevOps company Sysdig on Wednesday announced that it raised $70 million in a Series E funding round, which it plans on using to fuel global expansion, including through significant investments in sales and marketing. read more   Advertise…

Read more →

An anti-terrorism agent in France’s domestic intelligence service could soon face trial on charges of selling confidential data and fake IDs in the hidden corners of the internet, prosecutors say. read more   Advertise on IT Security News. Read the…

Read more →

The Saudi embassy in Washington on Tuesday dismissed suggestions the kingdom hacked the phone of Washington Post owner Jeff Bezos, as media reports linked the security breach to a WhatsApp message from an account of Crown Prince Mohammed bin Salman.…

Read more →

Hackers Can Cause Damage to Industrial Systems by Abusing Design Weaknesses read more   Advertise on IT Security News. Read the complete article: Design Weaknesses Expose Industrial Systems to Damaging Attacks

Read more →

An analysis of industrial control systems (ICS) has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage. read more   Advertise…

Read more →

Brazilian prosecutors on Tuesday accused U.S. journalist Glenn Greenwald of involvement in hacking the phones of officials involved in a corruption investigation, but said court rulings protecting free speech prevent them from bringing charges. read more   Advertise on IT…

Read more →

Developer-focused cybersecurity solutions provider Snyk today announced a $150 million funding round, at a valuation of more than $1 billion, earning the company “unicorn” status.  read more   Advertise on IT Security News. Read the complete article: Snyk is Latest…

Read more →

FireEye (NASDAQ: FEYE) on Tuesday announced that it has acquired Cloudvisory, a Dallas, Texas-based provider of tools for cloud visibility, security, and policy management.  Terms of the acquisition were not disclosed. read more   Advertise on IT Security News. Read…

Read more →

One of the most advanced phishing kits, known as 16Shop and probably developed by a group known as the Indonesian Cyber Army, has expanded its phish targets from Apple account holders and Amazon to now include PayPal. read more  …

Read more →

The US military claims to have “successfully” disrupted the online propaganda efforts of the Islamic State in a hacking operation dating back at least to 2016, according to declassified national security documents released Tuesday. read more   Advertise on IT…

Read more →

A new methodology for instigating ransomware makes use of Windows’ own Encrypting File System (EFS). EFS has been a part of Windows since Windows 2000. Unlike Windows’ BitLocker — which is a full disk encryption feature — EFS can selectively…

Read more →

Personal and corporate information was stolen from electronics and electrical equipment manufacturing company Mitsubishi Electric during a data breach that occurred last year. read more   Advertise on IT Security News. Read the complete article: Hackers Steal Employee and Corporate…

Read more →

A Georgia man has admitted in court to employing a third-party to launch a distributed denial of service (DDoS) attack. The man, Tucker Preston, 22, of Macon, Georgia, was charged with one count of damaging protected computers by transmission of…

Read more →

Trend Micro researchers have set up a factory honeypot and found that industrial organizations should be more concerned about attacks launched by profit-driven cybercriminals rather than the threat posed by sophisticated state-sponsored groups. read more   Advertise on IT Security…

Read more →

A hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM can be abused to access the FortiSIEM Supervisor.  read more   Advertise on IT Security News. Read the complete article: Hardcoded SSH Key Found in Fortinet SIEM…

Read more →

Portland, Oregon-based children’s clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. Very few details of the breach have been made public. read more   Advertise on IT Security News. Read the complete article: Hanna Andersson Data…

Read more →

Apple has published its latest transparency report, which provides details on the number of government requests the tech company received during the first half of 2019. read more   Advertise on IT Security News. Read the complete article: Apple Received…

Read more →

The National Institute of Standards and Technology (NIST) last week announced version 1.0 of its Privacy Framework, a tool designed to help organizations manage privacy risks. read more   Advertise on IT Security News. Read the complete article: NIST Releases…

Read more →

Citrix has started rolling out security patches for the recently revealed Citrix Application Delivery Controller (ADC) and Citrix Gateway vulnerability. read more   Advertise on IT Security News. Read the complete article: Citrix Releases First Patches for Critical ADC Vulnerability

Read more →

Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks. Until a fix becomes available, the company has shared some workarounds and mitigations.…

Read more →

Turkish hackers claimed Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs and economy ministries, as well as the country’s stock exchange. read more   Advertise on IT Security News.…

Read more →

Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code.  read more   Advertise on IT Security News. Read the complete article: Microsoft Introduces Free Source Code Analyzer

Read more →

WeLeakInfo Website Taken Down in International Law Enforcement Operation read more   Advertise on IT Security News. Read the complete article: FBI Takes Down Site Selling Subscriptions to Stolen Data

Read more →

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered. read more   Advertise…

Read more →

Cybersecurity State Coordinator Program Would Bolster State and Local Cybersecurity Four United States Senators have introduced a bipartisan bill that would require the Department of Homeland Security (DHS) to establish a Cybersecurity State Coordinator program, with each of the 50…

Read more →

California-based data security startup Cyral emerged from stealth mode this week and announced that it has raised $11 million in a Series A funding round. The company previously received $4.1 million in an angel investment round, which brings the total…

Read more →

One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency. read more   Advertise on IT Security News. Read the…

Read more →

A total of 146 valid vulnerabilities were reported as part of the second Hack the Army bug bounty program, and more than $275,000 were paid in rewards. read more   Advertise on IT Security News. Read the complete article: Hackers…

Read more →

A computer security expert says he found that a forensic image of the election server central to a legal battle over the integrity of Georgia elections showed signs that the original server was hacked. read more   Advertise on IT…

Read more →

Siemens this week addressed several vulnerabilities and warned customers about the security risks associated with the use of ActiveX in industrial products. read more   Advertise on IT Security News. Read the complete article: Siemens Warns of Security Risks Associated…

Read more →

Iran is widely expected to ramp up cyberattacks against the United States in response to the US killing of a top Iranian leader this month even as fears have receded about a military confrontation between the two countries. read more…

Read more →

Security and web performance company Cloudflare has announced a suite of services for the cyber-protection of political campaigns in the United States and worldwide. read more   Advertise on IT Security News. Read the complete article: Cloudflare Announces Free Security…

Read more →

The FBI, in a change of policy, is committing to inform state officials if local election systems have been breached, federal officials said Thursday. read more   Advertise on IT Security News. Read the complete article: FBI Plans to Notify…

Read more →

Cybersecurity firm McAfee announced on Thursday that its board of managers has appointed Peter Leav as the company’s new chief executive officer after Chris Young decided to step down. read more   Advertise on IT Security News. Read the complete…

Read more →

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows. read more   Advertise on IT Security News.…

Read more →

Facebook this week introduced a new notification to alert users when their accounts interact with a third-party application using Facebook Login. Dubbed “Login Notifications,” the new feature is meant to provide users with increased control over their data, the social…

Read more →

A researcher who discovered many vulnerabilities in Cisco’s Data Center Network Manager (DCNM) product has made public some proof-of-concept (PoC) exploits and technical details. read more   Advertise on IT Security News. Read the complete article: PoC Exploits Released for…

Read more →

Court Approves Equifax Data Breach Settlement read more   Advertise on IT Security News. Read the complete article: Equifax Ordered to Spend $1 Billion on Data Security Under Data Breach Settlement

Read more →

On January 13, 2020, a federal court approved the proposed settlement for the class action suit filed against Equifax over the massive data breach it revealed in September 2017. read more   Advertise on IT Security News. Read the complete…

Read more →

TEL AVIV, Israel (AP) — An Israeli court heard a case Thursday calling for restrictions to be slapped on NSO Group, an Israeli company that makes surveillance software that is said to have been used to target journalists and dissidents…

Read more →

Outpacing Your Security Capacity With Digital Innovation is a Formula for Disaster  read more   Advertise on IT Security News. Read the complete article: The Edge is Near. Are You Ready?

Read more →

Hundreds of Internet-accessible, unprotected medical imaging systems expose data on millions of patients worldwide, German security firm Greenbone reveals. read more   Advertise on IT Security News. Read the complete article: Unprotected Medical Systems Expose Data on Millions of Patients

Read more →

Several proof-of-concept (PoC) exploits have already been created — and some of them have been made public — for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency. read more  …

Read more →

P&N Bank is reportedly sending out notifications to customers of a data breach that resulted in a large amount of sensitive information being compromised.  read more   Advertise on IT Security News. Read the complete article: P&N Bank Data Breach…

Read more →

The Cloud Native Computing Foundation (CNCF) this week announced the launch of a public bug bounty program for Kubernetes, with rewards of up to $10,000 per vulnerability. read more   Advertise on IT Security News. Read the complete article: Public…

Read more →

An increasing number of companies believe they are being targeted by state-sponsored hacking groups, a new survey shows.  read more   Advertise on IT Security News. Read the complete article: Organizations Feel Threat of Nation-State Attacks, Survey Shows

Read more →

Google announced on Wednesday that it has simplified the enrollment process for its Advanced Protection Program and it now allows users to activate a security key on their iPhone. Google’s Advanced Protection Program (APP) is designed to help high-risk users…

Read more →

Attackers Evolve Quickly, and We Must Work Daily to Ensure We Are Ready for Their Next Move read more   Advertise on IT Security News. Read the complete article: Using Gap Analysis to Fix a Leaky Enterprise

Read more →

The threat actor or group behind the Satan ransomware — and probably DBGer and Lucky and possibly Iron — seems to be engaged in a new version or evolution of Satan: 5ss5c. read more   Advertise on IT Security News.…

Read more →

Passwordless multi-factor authentication technology provider Trusona this week announced it has raised $20 million as part of a Series C funding round led by Georgian Partners. read more   Advertise on IT Security News. Read the complete article: Trusona Raises…

Read more →

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability. read more   Advertise on IT Security News. Read the complete article: Vulnerabilities Found…

Read more →

Oracle has released its first Critical Patch Update (CPU) for 2020, which includes a total of 334 new security patches across multiple product families. read more   Advertise on IT Security News. Read the complete article: Oracle’s January 2020 CPU…

Read more →

SAP today released 6 Security Notes and 1 Updated Note as part of its January 2020 Security Patch Day, with all addressing Medium severity vulnerabilities.  read more   Advertise on IT Security News. Read the complete article: SAP Releases 6…

Read more →

Apple and the US government are at loggerheads for the second time in four years over unlocking iPhones connected to a mass shooting, reviving debate over law enforcement access to encrypted devices. read more   Advertise on IT Security News.…

Read more →

The U.S. National Security Agency (NSA) has informed Microsoft that Windows is affected by a potentially serious spoofing vulnerability that could allow hackers to make a malicious file appear to come from a trusted source or conduct man-in-the-middle (MitM) attacks.…

Read more →

Google on Tuesday said is making progress in its quest to vanquish third-party “cookies” on its popular browser used to track people’s online activities, a focus of many privacy activists. read more   Advertise on IT Security News. Read the…

Read more →

Google Project Zero security researchers have published technical details on an iMessage vulnerability addressed last year, which could be exploited remotely to achieve arbitrary code execution.  read more   Advertise on IT Security News. Read the complete article: Google Researchers…

Read more →

As public cloud providers continue to elevate their platforms’ default enterprise protection and compliance capabilities to close gaps in their portfolio or suites of in-house integrated security products, CISOs are increasingly looking to the use and integration of threat intelligence…

Read more →

Popular dating apps like Tinder and Grindr are sharing the personal data of their users to third parties in breach of EU regulations, a Norwegian consumer rights group said Tuesday. read more   Advertise on IT Security News. Read the…

Read more →

Prime Minister Boris Johnson on Tuesday challenged US opponents of Britain’s potential decision to let China’s Huawei telecoms giant develop its 5G network to come up with a better choice. read more   Advertise on IT Security News. Read the…

Read more →

Weak security measures in place at several major wireless carriers in the United States make it easy for attackers to perform SIM swap attacks on prepaid mobile accounts, a recent study found. read more   Advertise on IT Security News.…

Read more →

Adobe’s January 2020 Patch Tuesday updates address several vulnerabilities in the company’s Illustrator and Experience Manager products. read more   Advertise on IT Security News. Read the complete article: Adobe Patches Vulnerabilities in Illustrator, Experience Manager

Read more →

Windows 7 has reached end of life on Tuesday, January 14, 2020, but hundreds of millions of PCs worldwide still run the operating system, which likely makes them a more tempting target for malicious cyber actors. read more   Advertise…

Read more →

A phishing campaign apparently aimed at Burisma, the Ukrainian gas company that is at the center of President Donald Trump’s impeachment, has been linked by cybersecurity researchers to a hacker group believed to be working on behalf of the Russian…

Read more →

Russian spies hacked a Ukrainian energy company at the center of the impeachment trial of US President Donald Trump, a cybersecurity firm said Monday. read more   Advertise on IT Security News. Read the complete article: Russia Hacked Ukrainian Gas…

Read more →

Russian spies hacked a Ukrainian energy company at the center of the impeachment trial of US President Donald Trump, a cybersecurity firm said Monday. Russia’s GRU spy agency launched a “phishing” attack in November to access the email of Burisma…

Read more →

NortonLifeLock (NASDAQ: NLOK) announced on Monday that it has agreed to sell its ID Analytics business to LexisNexis Risk Solutions for $375 million.  read more   Advertise on IT Security News. Read the complete article: NortonLifeLock to Sell ID Analytics…

Read more →

British and American officials are meeting as U.K. Prime Minister Boris Johnson’s government prepares to decide on whether there’s a future for Chinese equipment maker Huawei in the country’s next-generation telecom networks, his spokesman said Monday. read more   Advertise…

Read more →

Intelligence Can be Aligned With Larger Objectives to Improve Decision-Making Beyond the Cybersecurity Domain read more   Advertise on IT Security News. Read the complete article: Graduation Day: From Cyber Threat Intelligence to Intelligence

Read more →

Still under development, a newly discovered information stealer is successfully targeting Internet browsers and cryptocurrency wallet applications, and most victims are apparently located in the United States. read more   Advertise on IT Security News. Read the complete article: Oski…

Read more →

Facebook last week rushed to patch a bug that exposed the accounts of individuals who manage pages, after the weakness was exploited against several high-profile pages. read more   Advertise on IT Security News. Read the complete article: Facebook Rushes…

Read more →

Exploits targeting the recent Citrix Application Delivery Controller (ADC) vulnerability have already been published online, yet security patches will not be available for at least another week. read more   Advertise on IT Security News. Read the complete article: Exploits…

Read more →

A man accused of hacking UK National Lottery accounts via credential stuffing attacks has been sentenced to nine months in prison, the UK’s National Crime Agency reported on Friday. read more   Advertise on IT Security News. Read the complete…

Read more →

Google has removed roughly 1,700 unique applications from its Google Play app store that were part of a family of potentially unwanted programs.  read more   Advertise on IT Security News. Read the complete article: Google Removes Trove of Risky…

Read more →

The FBI laid out new protocols Friday for how it conducts electronic surveillance in national security cases, responding to a Justice Department inspector general report that harshly criticized the bureau’s handling of the Russia investigation. read more   Advertise on…

Read more →

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations that malicious hackers continue to exploit a widely known Pulse Secure VPN vulnerability. read more   Advertise on IT Security News. Read the complete article:…

Read more →