Month: February 2020

0 Comments
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a
0 Comments
A new study focused on distributed denial of service (DDoS) attacks has found that pornographic websites received by far the most attacks per site last year.  To produce their “Global DDoS Threat Landscape” report, researchers at Imperva studied attack data gathered between May and December 2019. Their findings, published yesterday, reveal that websites in the adult entertainment industry received
0 Comments
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing
0 Comments
With Valentine’s Day just around the corner, the Federal Bureau of Investigation has warned Americans to be on the lookout for cyber-based romance scams. The Richmond, Virginia, branch of the FBI said criminals used the most romantic day of the year as an opportunity to con victims out of their hard-earned cash or personal data.
0 Comments
The Mirai botnet has been a constant IoT security threat since it emerged in fall 2016. The subsequent release of its source code only extended Mirai’s reach and is one of the many reasons NetScout labeled it the “king of IoT malware.” While Mirai’s distributed denial-of-service capabilities aren’t anything researchers haven’t seen before, “when wielded
0 Comments
It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can’t connect
0 Comments
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a
0 Comments
A data breach at Indian airline SpiceJet has exposed the personal information of over a million passengers. Access to the airline’s computer system was gained last month by a security researcher, who went on to report the breach to TechCrunch. Using a brute-force attack, the researcher busted into an unencrypted database backup file containing the private information of
0 Comments
Strong identity and access management procedures are critical as regulatory compliance rules and data fraud incidents persist. Yet, implementing and maintaining world-class IAM practices can be challenging as an organization’s data management needs increase in complexity. Security leaders said it becomes more challenging to maintain a strong IAM program as the complexity of the organization
0 Comments
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t participated in the growing and profitable MSSP market as it entailed massive investments in building
0 Comments
by Danny Bradbury The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report. The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which
0 Comments
Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on
0 Comments
A notorious Russian threat group famed for its devastating ransomware attacks has funded a hacking competition being run on a dark web forum.  Sodinokibi—the creators of the REvil ransomware—stumped up $15,000 in prize money for the illegal hacking contest, which requires competitors to write original articles containing proof-of-concept videos or original code.  Articles can be
0 Comments
by Paul Ducklin If there’s one open source project with an unashamedly clear focus on security, it’s the OpenBSD operating system. In its own words, its efforts “emphasize portability, standardization, correctness, proactive security and integrated cryptography.” Indeed, numerous sub-projects under the OpenBSD umbrella have become well-known cybersecurity names in their own right, notably OpenSSH –