Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows

Serverless computing adopters have little knowledge of what underlying physical hardware and software providers use to support workloads. Enterprises adopting serverless, therefore, have little knowledge about the security of those systems. The abstraction of the serverless platform requires that software teams start thinking differently. There are four major points of serverless architecture security: the platform

After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users’ passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that its G Suite platform mistakenly stored unhashed passwords of some

Elastic, the company behind the most widely used enterprise search engine ElasticSearch and the Elastic Stack, today announced that it has decided to make core security features of the Elastic Stack free and accessible to all users. ELK Stack or Elastic Stack is a collection of three powerful open source projects—Elasticsearch, Logstash, and Kibana—that many

Google has reportedly suspended all businesses with the world’s second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play

A few days before the doors opened on SAP Sapphire Now 2019, SAP customers were likely alarmed by a Reuters headline that their systems are vulnerable to hackers. The SAP exploit was not new, but the potential damage to SAP systems and data was considerable. Onapsis Inc., a Boston-based security and compliance monitoring software company,

A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement for the affected Titan Security Key dongles. In a

The German software company behind TeamViewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016, the German newspaper Der Spiegel revealed today. TeamViewer is popular remote-support software that allows you to securely share your desktop or take full control of

Stack Overflow, one of the largest question and answer site for programmers, revealed today that an unknown hacker(s) managed to gain unauthorized access to its production systems on May 11, 2019. Founded by Jeff Atwood and Joel Spolsky in 2008, Stack Overflow is the flagship site of the Stack Exchange Network. With 10 million registered

An executive order and cooperation from the Department of Commerce will effectively ban Huawei from dealing with U.S. businesses. Following months of lobbying by the White House, President Donald Trump signed an executive order late Wednesday aimed at “securing the information and communications technology and services supply chain.” In the executive order, Trump declared a

In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe for years. GozNym was created by combining two known powerful Trojans—Gozi ISFB malware,

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre

Years ago, when users required access to a specific system, application or other corporate resource, they were provided a username and password tied to the necessary access required for that specific user. While this was a viable option when the number of IT services was small, it didn’t take long before the number of accounts

Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild.

In the world of enterprise IT, it’s not uncommon for people to incorrectly refer to the terms identity management with access management while in conversation. In reality, the two terms cover completely different areas. The main reason people get confused about an identity and access management framework is that the two processes work in tandem

At the company’s I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google

The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim

The U.S. Department of Justice today announced charges against nine individuals, 6 of which are members of a hacking group called “The Community” and other 3 are former employees of mobile phone providers who allegedly helped them steal roughly $2.5 million worth of the cryptocurrency using a method known as “SIM Swapping.” According to the

Most organizations are falling behind when it comes to addressing the cybersecurity skills shortage, a new study found. And the effects of the shortage are worsening. In its third year, the study conducted by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) surveyed 267 cybersecurity professionals worldwide. The cybersecurity skills

The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by

When evaluating an identity and access management platform, the benefits far outweigh any drawbacks. That said, only a few identity and access management risks need to be considered when designing an IAM implementation and ongoing maintenance processes. For example, it’s important to note that as you begin to centralize the management of usernames and authentication

A bug bounty hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base

Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting malicious JS scripts

Cybercriminals are turning their attention away from consumers to focus on businesses, a recent report from Malwarebytes found. According to the “Cybercrime Tactics and Techniques Q1 2019” report, overall detections of enterprise security threats are rising steadily. While consumer detections declined by almost 40% from the final quarter of 2018, business detections increased by about

The saying that there are two types of organizations, those that have gotten breached and those who have but just don’t know it yet, has never been more relevant, making the sound incident response a required capability in any organization’s security stack. To assist in this critical mission, Cynet is launching a free IR tool

The Israel Defense Force (IDF) claims to have neutralized an “attempted” cyber attack by launching airstrikes on a building in Gaza Strip from where it says the attack was originated. As shown in a video tweeted by IDF, the building in the Gaza Strip, which Israeli fighter drones have now destroyed, was reportedly the headquarters

In recent years, we have seen how hackers prey on those too lazy or ignorant to install security patches, which, if applied on time, would have prevented some devastating cyber attacks and data breaches that happened in major organisations. The United States Department of Homeland Security (DHS) has ordered government agencies to more swiftly plug

Editor’s note Once considered an afterthought in software design, application security is increasingly top of mind for developers. The way applications are used these days — accessed over networks — invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to

Europol announced the shut down of two prolific dark web marketplaces—Wall Street Market and Silkkitie (also known as Valhalla)—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in western Germany has also arrested three men who were allegedly running Wall Street Market, the

Google is giving you more control over how long you want the tech company to hold on to your location history and web activity data. Google has introduced a new, easier, privacy-focused auto-delete feature for your Google account that will allow you to automatically delete your Location History and Web and App Activity data after