A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that’s widely used to manage the database for websites created with WordPress, Joomla, and many
Encrypting web content is nothing new: It’s been nearly 20 years since the publication of the specification for encrypting web content by running HTTP over the Transport Layer Security protocol. However, running a secure encrypted web server has gone from an option to a virtual necessity in recent years. Attackers continue to seek — and
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country’s history. Personal records of more than 20 million adults and children, both dead
Two widely used Adblocker Google Chrome extensions mimicking as — AdBlock and uBlock Origin — have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There’s no doubt web extensions add a lot of useful features to web browsers, making your online experience great
Whether organizations truly need a cybersecurity framework is one of the biggest questions that’s never really asked in information security. This is because some vendors focus on selling spot security products, an approach that doesn’t lend itself to encouraging enterprises to step back and look at security in the overall context of what they are
Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most
It’s relatively easy to manage device encryption when there are only iOS devices in a mobile fleet. Apple provides a single encryption standard across all of the iOS devices it manufactures. Android device encryption, however, depends on the version of Android the devices run, the OEM and device model, the hardware architecture and other factors.
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer
The United States government today filed a lawsuit against Edward Snowden, a former employee of the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country and leaked top-secret information about NSA’s global and domestic surveillance activities. And you would be more surprised to know the reason for this
After nine years running, DerbyCon held its ninth and final show, and attendees and a co-founder looked back on the conference and discussed plans to continue the community with smaller groups around the world. DerbyCon was one of the more popular small-scale hacker conferences held in the U.S., but organizers surprised the infosec community in
The massive data breach at Capital One – America’s seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers’ accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data.
Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company’s DNA as even ARX in their name refers to the
The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government’s
Network bridges and switches are distinctly different, serving separate functions. A bridge is a point-to-point… connection joining two LANs using the same protocol, such as Ethernet. A switch is a multiport bridge that connects multiple clients and chooses the packet path on the network. Every switch is a bridge, but bridges are not truly switches.
Good news… next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we’re excited about, but here comes the bad news… iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information. Jose Rodriguez,
It’s time for two important disciplines — business continuity and its related initiatives and cybersecurity — to collaborate better. Typically, cybersecurity and business continuity operate in different silos, but I’m keen to move them closer together, as they are both important elements of an organization’s resilience. For example, a cybersecurity event, which is initially addressed
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed “SimJacker,” the vulnerability resides in a particular piece of software, called the S@T Browser, a dynamic SIM toolkit
CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors
Keeping a unified communications environment secure is no small task as the different communications tools that comprise a UC system have their own security needs. And organizations can’t push all the security responsibilities onto their UC vendor. Organizations must take steps to lock down their networks to support unified communications security. Learn how to build
Get your update caps on. Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity. Two of the security vulnerabilities patched by the tech giant this month are listed as
In many ways, biometric authentication is superior to a traditional password due to its convenience and resistance to common attack vectors. But biometric authentication still faces its fair share of threats. If a hacker gains access to a user’s biometric data, that user can’t reset their biometrics the way they might reset a compromised password.
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language
Trustwave has launched Trustwave Fusion — a cloud-based cybersecurity platform that aims to connect enterprises and government agencies to a security cloud comprising the Trustwave data lake, Trustwave SpiderLabs, advanced analytics, actionable threat intelligence and a range of security services and products. According to Trustwave, the platform gives security teams visibility into threats, and technologies
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches
Many experts believe biometric authentication is the most convenient and secure authentication option, but IT professionals must be wary of certain flaws. The advantages of biometric authentication are intuitive and somewhat obvious: Users don’t have to remember passwords. Devices validate the user’s identity with a simple gesture, such as placing a finger on a scanner.
It’s been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here’s a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider
Security researchers discovered a set of vulnerabilities in Supermicro servers that could allow threat actors to remotely attack systems as if they had physical access to the USB ports. Researchers at Eclypsium, based in Beaverton, Ore., discovered flaws in the baseboard management controllers (BMCs) of Supermicro servers and dubbed the set of issues “USBAnywhere.” The
Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services. While manually installing it on your device, have you ever noticed what configurations these messages, technically