Mozilla’s security-focused Firefox Monitor tool is expanding to be more proactive at notifying users about past data breaches, but one expert worries about the consequences. Mozilla began testing the initial integration between Firefox Monitor and Have I Been Pwned (HIBP) — a website that enables users to find out if their email addresses were in

Even in the best-case scenario, with effective network security infrastructure in place and an expert staff at the ready, network security can be a thorny task. Then, consider most organizations contend with serious resource limitations, and the picture becomes darker. As network security threats continue to evolve, here are some of the top network security

A move to a new server OS is not a light undertaking, but do the Windows Server 2019 features pack enough punch to sway enterprises to make the switch to this release or Windows Server 2016? Microsoft released Windows Server 2019, the next installment in its Long-Term Servicing Channel (LTSC), to general availability in October

Windows 10 users don’t have to wait much longer for the support of latest WPA3 Wi-Fi security standard, a new blog post from Microsoft apparently revealed. The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to

In 1999, Bruce Schneier wrote, “Complexity is the worst enemy of security.” That was 19 years ago (!) and since then, cyber security has only become more complex. Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array

It’s Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products. This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked. Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is “AMP for WP – Accelerated Mobile Pages” that lets websites

Traditional network security vulnerabilities are bad enough without adding SDN security issues to the mix. But, as organizations deploy SDN, they risk exposing their networks to new types of threats and attacks, especially if they don’t have proper plans in place. A prevalent concern with SDN security focuses on the SDN controller. The controller contains

Has Wikileaks founder Julian Assange officially been charged with any unspecified criminal offense in the United States? — YES United States prosecutors have accidentally revealed the existence of criminal charges against Wikileaks founder Julian Assange in a recently unsealed court filing in an unrelated ongoing sex crime case in the Eastern District of Virginia. Assistant

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable resource.

French President Emmanuel Macron introduced the Paris Call for Trust and Security in Cyberspace and initially received support from 50 countries, 150 companies and about 170 other organizations — but not from the U.S., China or Russia. The international cybercrime agreement was put forward as part of Paris Digital Week at the UNESCO Internet Governance

Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy

Another security vulnerability has been reported in Facebook that could have allowed attackers to obtain certain personal information about users and their friends, potentially putting the privacy of users of the world’s most popular social network at risk. Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results

Our partner Springboard, which provides online courses to help you advance your cybersecurity career with personalized mentorship from industry experts, recently researched current cybersecurity salaries and future earning potential in order to trace a path to how much money you can make. Here’s what they found were the most important factors for making sure you

A newly discovered spam botnet targeted over 100,000 home routers through a UPnP vulnerability. According to Netlab 360 researchers Hui Wang and RootKiter, the botnet, which they’re calling “BCMUPnP_Hunter,” infected 116 different types of devices. They estimated over 100,000 IP addresses belonging to home routers with Broadcom UPnP enabled have been infected. The botnet was

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it’s optional. Along with the launch of a

In light of Anthem Inc. recently agreeing to pay the largest HIPAA settlement on record for the Anthem data breach that affected nearly 79 million plan members, providers must get better at controlling who has access to patient data and internal systems. That advice comes from David Harlow, a Boston healthcare lawyer and consultant. “Anthem

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by

A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. “DerpTroll,” took down servers of several major gaming platforms including Electronic Arts’ Origin service,

Unclassified malware samples from U.S. Cyber Command will be shared with VirusTotal by the Cyber National Mission Force. VirusTotal aggregates malware and malicious URL data from antivirus products and allows anyone to submit samples for inclusion in the database. The CNMF — the action arm of Cyber Command responsible for planning and directing cyberoperations —

We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover

The Pirate Bay torrent search engine is one of the world’s most famous and best torrent sites. But it has been caught second time mining digital currencies using visitors’ computers. Like many popular torrent sites, the pirate bay also uses mining to make money without informing its users. But this time a tiny message on

Private equity investment firm Thoma Bravo has agreed to acquire Veracode for $950 million, on the same day that its parent CA Technologies were acquired by Broadcom for a reported $18.9 billion. Veracode were acquired by CA Technologies in March 2017 for $614m. Today’s Thoma Bravo announcement is expected to close in Q4 of 2018.

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the ‘Online Video‘ option in Word documents, a feature that allows

Security researchers disclosed two vulnerabilities in Bluetooth chips that put wireless access points, medical devices and more at risk of attack. Researchers at Armis, an enterprise IoT security company based in Palo Alto, Calif., discovered two vulnerabilities in Bluetooth Low Energy (BLE) chips manufactured by Texas Instruments and have branded the flaws as Bleedingbit. Armis

Joshua Adam Schulte, a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency’s history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the federal judge presiding over his case, accusing officials at

If your organization doesn’t have a cyber-resilience strategy for business continuity, it needs to get one. Andrea Sayles, general manager of IBM Business Resiliency Services, said she has found companies in general are thinking about the “when,” not the “if,” regarding a potential cyberattack. “It’s on the top of mind for every C-suite executive that