Month: August 2021

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim’s knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS
The UK government is considering introducing new regulations for video-on-demand (VoD) services to protect users from harmful material such as misinformation. The Department of Digital, Culture, Media and Sport (DCMS) has launched a consultation on the new provisions to level the regulatory playing field between mainstream VoD services and traditional broadcasters in the UK, like
A new flaw in Microsoft Exchange Server, known as “ProxyToken,” was disclosed Monday, marking the third “proxy” vulnerability this year. The authentication bypass vulnerability, which has an identifier of CVE-2021-33766, was published by Zero Day Initiative (ZDI), Trend Micro’s vendor-agnostic bug bounty and vulnerability disclosure program. It was reported to the program in March by
Coral Capital, a Tokyo-based venture capital firm, announced today that it has closed its third fund, Coral Capital III, raising $128 million (14 billion yen). Coral Capital’s total assets under management (AUM) is now $275 million. Limited partners in the vehicle include Mizuho Bank, Mitsubishi Estate, Shinsei Bank, Pavilion Capital, Founders Found, Dai-ichi Life Insurance,
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email
The FBI has issued a warning to firms about an increasingly prolific new ransomware variant known as Hive. The Flash alert posted this week noted that the affiliate-based ransomware uses multiple mechanisms to compromise corporate networks, making it harder for defenders to mitigate. It noted that these include phishing emails with malicious attachments to gain
Alpaca said this morning that it has closed a massive $50 million Series B round of capital. TechCrunch previously covered the company’s late-2019 $6 million seed round and its late-2020 $10 million Series A. Alpaca offers equities trading software via API. The company initially allowed firms to plug into its technology, powering the trading capabilities of
What is Electronic Code Book (ECB)? Electronic Code Book (ECB) is a simple mode of operation with a block cipher that’s mostly used with symmetric key encryption. It is a straightforward way of processing a series of sequentially listed message blocks. The input plaintext is broken into numerous blocks. The blocks are individually and independently
Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers. Sounds like an exciting career, right? If the comic-book comparisons aren’t working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The
American multinational technology corporation Microsoft has warned thousands of its cloud computing customers that their data could be accessed, altered or erased, according to a report by Reuters. Customers were warned that threat actors could even delete their main database by exploiting a vulnerability in Microsoft Azure’s flagship Cosmos DB database that has been named ChaosDB. The alleged
Yifat Aran Contributor Dr. Yifat Aran is a visiting scholar at the Technion, Israel Institute of Technology, and an Assistant Professor in Haifa University Faculty of Law. She earned her JSD from Stanford Law School where her dissertation focused on equity-based compensation in Silicon Valley startups. More posts by this contributor The SEC should do
More senior adults are taking advantage of the array of wearable technology that helps them stay connected to healthcare providers and monitor their physical health and safety. But that newfound convivence comes with risk and, for many, the genuine fear of falling prey to an online hacker.   Protection + Peace of Mind  Wearable technology brings seniors both power and peace of mind. Many elderly consumers rely on wearable technology to monitor critical blood glucose levels, heart
[embedded content] When Salesforce announced its streaming platform Salesforce+, the CRM Playaz’ Paul Greenberg and Brent Leary interviewed Colin Fleming, SVP of Global Brand Experiences at the CRM company (disclosure: I work at Salesforce). Later, I asked Brent about his show on this episode of the Gang. Brent: With all the things going on with
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called “intermittent encryption.” Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that
An entertaining new campaign has been launched to combat the sea of misinformation about coronavirus vaccines on social media that was branded an “infodemic” by the World Health Organization. The Instagram-based campaign was created by healthcare agency FCB Health New York IPG and non-profit group GMHC and is fronted by drag queen and influencer Miz
Space may be the endless frontier, but here on Earth, we define space in the modern sense as something enclosed. Walls, fences and barriers enclose space, define it and make it legible. In fact, the sense of limits is so strong these days with place that we often have to add qualifiers like “open space”
A major flaw in Microsoft’s Azure Cosmos DB is putting thousands of companies at risk. In a blog post Thursday, Wiz security researchers Nir Ohfeld and Sagi Tzadik detailed how they were able to gain complete unrestricted access to the accounts and databases of several thousand Microsoft Azure customers, including Fortune 500 companies Coca-Cola and
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges. Any narrative about cybersecurity in 2020 is naturally going to focus on the COVID-19 pandemic. This once-in-a-generation crisis and the digital transformation it accelerated both broadened corporate attack surfaces
What does a company have to do to differentiate wireless earbuds in 2021? The near ubiquity of good hardware has made this an increasingly difficult question to answer. I’ve probably tested around 10 different sets of buds over the last year or so, and honestly, they were all pretty good. Companies like Nura and Nothing
The US Air Force has chosen a town nicknamed “Danger City” to be the location for the Air National Guard’s first Cyber Warfare Wing. Mansfield has around 50,000 inhabitants and is situated in the northeastern part of Ohio, midway between Columbus and Cleveland. According to local beer-maker, the Phoenix Brewing Company, the town earned its ominous nickname
With great administrative power comes great administrative responsibility. As more organizations have moved to Office 365, threat actors have also turned their focus to the collaborative cloud platform and attempt to gain admin access to the company’s tenant. The centralized admin portal in Microsoft Office 365 manages all aspects of services under the subscription, but
Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cybercriminals.   Fake Login Pages Explained   A fake login page is essentially a knock-off of